Prevent Embarrassing Cluster Takeovers with This One Simple Trick! - Daniele de Araujo dos Santos & Shane Lawrence, Shopify
Abstract
Most cyber attacks and data breaches are caused by misconfigured settings, insecure defaults, and overly permissive controls. To avoid business impact, financial penalties, and embarrassment, we need to identify common mistakes and implement measures to prevent them without adding undue friction for developers. In this talk, Dani and Shane will demonstrate simple ways that malicious actors can exploit common misconfigurations in workloads to gain unauthorized access without relying on sophisticated attacks or 0-day vulnerabilities. They’ll show how to avoid these risks using Kubeaudit, an open source scanner developed by their team at Shopify that provides a user-friendly way to detect and automatically mitigate configuration risks. They’ll also discuss some of the challenges they’ve faced securing 1,000,000 running pods along with configuration files in a GitHub org with 15,000 repos. Attendees will learn a number of mistakes that could put their clusters at risk. They’ll see how to detect and resolve these issues, without needing expert knowledge, while keeping developers happy.