- Learn Kubernetes Security
- Kaizhe Huang Pranjal Jumde Loris Degioanni
- 319字
- 2021-06-18 18:32:35
Threat actors in Kubernetes environments
A threat actor is an entity or code executing in the system that the asset should be protected from. From a defense standpoint, you first need to understand who your potential enemies are, or your defense strategy will be too vague. Threat actors in Kubernetes environments can be broadly classified into three categories:
- End user: An entity that can connect to the application. The entry point for this actor is usually the load balancer or ingress. Sometimes, pods, containers, or NodePorts may be directly exposed to the internet, adding more entry points for the end user.
- Internal attacker: An entity that has limited access inside the Kubernetes cluster. Malicious containers or pods spawned within the cluster are examples of internal attackers.
- Privileged attacker: An entity that has administrator access inside the Kubernetes cluster. Infrastructure administrators, compromised kube-apiserver instances, and malicious nodes are all examples of privileged attackers.
Examples of threat actors include script kiddies, hacktivists, and nation-state actors. All these actors fall into the three aforementioned categories, depending on where in the system the actor exists.
The following diagram highlights the different actors in the Kubernetes ecosystem:
Figure 3.3 – Threat actors in Kubernetes environments
As you can see in this diagram, the end user generally interacts with the HTTP/HTTPS routes exposed by the ingress controller, the load balancer, or the pods. The end user is the least privileged. The internal attacker on the other hand has limited access to resources within the cluster. The privileged attacker is most privileged and has the ability to modify the cluster. These three categories of attackers help determine the severity of a threat. A threat involving an end user has a higher severity compared to a threat involving a privileged attacker. Although these roles seem isolated in the diagram, an attacker can change from an end user to an internal attacker using an elevation of privilege attack.
- Microsoft Dynamics GP 2016 Cookbook
- 中國新股民必讀手冊(2015年最新版)
- 金融科技(FinTech)發展的國際經驗和中國政策取向(中國金融四十人論壇書系)
- Metabase Up and Running
- Business Intelligence with MicroStrategy Cookbook
- Learning Informatica PowerCenter 9.x
- Microsoft System Center Data Protection Manager 2012 SP1
- Salesforce Essentials for Administrators
- 新編統計學
- Tableau:Creating Interactive Data Visualizations
- 陜西國家統計調查市、縣優秀報告集萃(2006—2015)(上下)
- Minitab Cookbook
- 公司內部審計
- Business Intelligence Cookbook:A Project Lifecycle Approach Using Oracle Technology
- 看穿一切數字的統計學