Best practice of K8s security monitoring under zero trust strategy, 해시게임 Overview of new risks and requirements for cloud-native architecture.
Security Risk Overview
The traditional network security architecture concept is a boundary-based security architecture.
When an enterprise builds a network security system, the first thing to do is to find the security boundary.
Divide the network into different areas such as external networks and internal networks.
Then deploy firewall, intrusion detection, WAF, and other products on the border.
However, this network security architecture is based on the assumption that the internal network is more secure than the external network.
To a certain extent, the trust in the people, devices, and systems in the intranet is preset,
Neglect to strengthen intranet security measures.
Once criminals break through the enterprise’s border security protection and enter the intranet,
It will be like entering no man’s land, and there will be serious consequences.
In addition, the hypothesis that the insiders are 100% safe is also invalid.
As we can see from the Global Report on the Cost of Insider Threats,
Both the number of insider threats and the cost of threats are on the rise.
With the deep integration of new technologies and businesses such as cloud computing, big data, the Internet of Things, and mobile office,
The network security boundary is also gradually becoming more blurred,
The traditional border security protection concept faces huge challenges.
Taking office network security as an example, it has gradually changed from only supporting the connection of internal network devices of the company.
Developed to use an office computer to connect remotely through a VPN,
Even the advent of mobile offices makes it possible to access personal devices such as personal mobile phones.
In this context, Zero Trust Architecture (ZTA) came into being.
It breaks the traditional authentication, namely trust boundary protection, static access control, network-centric, and other protection ideas.
Establish a set of identity-centric, continuous authentication, dynamic access control, auditing, and monitoring as a chain,
With the minimization of real-time authorization as the core and the multi-dimensional trust algorithm as the basis,
A dynamic security architecture that authenticates to the end.
We know that Kubernetes dominates the container orchestration market,
The user base is increasing year by year.
K8s provides powerful operation and maintenance deployment, elastic scaling, and fault recovery capabilities.
It greatly facilitates the development and management of distributed systems,
But the security issues that follow are also more prominent.
According to the Containers and Kubernetes Security Landscape Report, threats to cloud-native applications are increasing,
Only 6% have not experienced a security incident related to containers or K8s.
At the same time, it also pointed out that nearly 70% of security risks are caused by human misconfiguration,
In addition, runtime security and security incidents caused by major security vulnerabilities are also important factors.
The “China Cloud Native User Survey Report” also supports that container security has become the biggest concern of user applications.
63% of users believe container security is an urgent need,
A large number of users reported that the implementation of network security technology is difficult and complex.
In addition, the monitoring system and log system are not perfect, so it is difficult to carry out effective security monitoring.
It can be seen from the above report that K8s security issues will be distributed in all stages of the entire life cycle.
Some common security risks are container image vulnerabilities or vulnerabilities caused by abuse of image warehouses;
The large-scale deployment of containers makes it difficult to detect security problems;
K8s core component vulnerability threat, multiple high-risk vulnerabilities broke out;
Improper cluster configuration and even some default configurations have security risks;
There is no clear network boundary, network isolation problem;
The larger the attack surface, the more difficult it is to monitor and protect, Best practice of K8s security monitoring under zero trust strategy.
Therefore, we urgently need to establish a comprehensive security system,
Covers all stages of the entire container lifecycle.
During construction: Build business systems based on secure mirror warehouses and security mirrors with minimal permissions, and fix known vulnerabilities in a timely manner.
When deploying: deploy in accordance with K8s best practices and fix misconfigurations.
Runtime: Continuously monitor security threats and respond in a timely manner.
The picture above shows the security system provided by Alibaba Cloud Container Service for Kubernetes.
It can be seen that building a complete security system from bottom to top needs to cover three dimensions: infrastructure security, trusted software supply chain, and runtime security.
Infrastructure security: guide security deployment based on CIS Kubernetes benchmark;
Rely on the K8s security system to establish a fine-grained access control mechanism.
Trusted software supply chain: Detect known security vulnerabilities through image scanning;
Ensure the security of the image source and not be tampered with through the image signature;
Through DevSecOps integration, the security shift to the left is realized, and it is deeply integrated with quality actions such as development, testing, and operation and maintenance.
Runtime security: PodSecurityPolicy is used to perform security verification for container deployment,
effectively constraining the behavioral security of applications at runtime;
Security configuration inspection during application runtime;
Continuous ubiquitous runtime security monitoring mechanism and abnormal event alarm notification mechanism to ensure timely detection and resolution of security incidents;
Choose a security sandbox to provide a stronger isolation environment.
We found that the above security system can echo the idea of ”never trust, always verify” of the zero trust strategy.
K8s trust boundary, Best practice of K8s security monitoring under zero trust strategy
In order to better understand the security risks of the K8s system,
Next, we analyze from the perspective of K8s internal and external network boundaries.
Among them, the red curve part can be regarded as the subsystem of the independent boundary.
Container image: The main security attack points involved are the image repository and the image itself.
Among them, the use of untrusted image repositories or tampered container images can lead to malicious code execution.
K8s control plane: It involves the API Server, scheduler, and controller-manager core components of K8s.
Among them, API Server is the K8s system management and control entrance, which is the key attack target.
In addition, the security of the call chain between core components is equally important.
K8s data plane: Involves Ingress Controller and Service. Ingress is the port exposed by internal services, and the risk of being attacked is high.
On-node runtime security: involves kubelet, Kube-proxy, and the container runtime environment,
Risks such as runtime container override or container escape need to be avoided.
There are many sources of K8s security attacks, including external control plane attacks,
It could also be a data plane attack from external traffic,
It may even be malicious attacks or misoperations from internal members.
Therefore, the attack surface of K8s is very wide and protection is difficult. In order to better protect the safe operation of K8s,
It is necessary to propose a protection system that combines policy protection and monitoring protection.
This article will focus on monitoring and protection, and will gradually introduce how to use the observability platform in a complex distributed containerized environment.
Continuously monitor the K8s cluster to detect abnormal API access events, abnormal traffic, abnormal configuration, abnormal logs, and other behaviors in a timely manner.
And combined with a reasonable alarm strategy to establish a more active security defense system.
