- Learn Kubernetes Security
- Kaizhe Huang Pranjal Jumde Loris Degioanni
- 319字
- 2021-06-18 18:32:35
Threat actors in Kubernetes environments
A threat actor is an entity or code executing in the system that the asset should be protected from. From a defense standpoint, you first need to understand who your potential enemies are, or your defense strategy will be too vague. Threat actors in Kubernetes environments can be broadly classified into three categories:
- End user: An entity that can connect to the application. The entry point for this actor is usually the load balancer or ingress. Sometimes, pods, containers, or NodePorts may be directly exposed to the internet, adding more entry points for the end user.
- Internal attacker: An entity that has limited access inside the Kubernetes cluster. Malicious containers or pods spawned within the cluster are examples of internal attackers.
- Privileged attacker: An entity that has administrator access inside the Kubernetes cluster. Infrastructure administrators, compromised kube-apiserver instances, and malicious nodes are all examples of privileged attackers.
Examples of threat actors include script kiddies, hacktivists, and nation-state actors. All these actors fall into the three aforementioned categories, depending on where in the system the actor exists.
The following diagram highlights the different actors in the Kubernetes ecosystem:
Figure 3.3 – Threat actors in Kubernetes environments
As you can see in this diagram, the end user generally interacts with the HTTP/HTTPS routes exposed by the ingress controller, the load balancer, or the pods. The end user is the least privileged. The internal attacker on the other hand has limited access to resources within the cluster. The privileged attacker is most privileged and has the ability to modify the cluster. These three categories of attackers help determine the severity of a threat. A threat involving an end user has a higher severity compared to a threat involving a privileged attacker. Although these roles seem isolated in the diagram, an attacker can change from an end user to an internal attacker using an elevation of privilege attack.
- 汪博士詳解PMP?模擬題(第4版)
- 新中國審計制度變遷
- 讓財報說話:世界500強CFO帶你輕松讀財報(鮮讀版)
- Azure Strategy and Implementation Guide
- Metabase Up and Running
- 財務審計實務指南
- Getting Started with Citrix VDI-in-a-Box
- 振蕩指標MACD:波段操作精解(升級版)
- IBM SPSS Modeler Cookbook
- 陜西國家統計調查市、縣優秀報告集萃(2006—2015)(上下)
- Programming Microsoft Dynamics NAV(Fifth Edition)
- 內審兵法
- PMP備考寶典:路晨帶你去通關
- 計量經濟學
- 財務會計習題集