Keep Hackers Out of Your Cluster with These 5 Simple Tricks - Christophe Tafani-Dereeper & Frederic Baguelin, Datadog
Abstract
Many options are available to increase the security posture of a Kubernetes cluster. But which ones to prioritize, and why? In this talk, we take a data-based and threat-informed approach to prioritizing security investments. We start by describing the attacks we’ve seen over the past year on a network of Docker and Kubernetes honeypots we’ve deployed publicly-facing on the internet, mimicking the Docker API, Kubernetes API server, and Kubelet API to catch what attackers are doing in the wild. Then, we review several high-profile container escape vulnerabilities and how they’ve been exploited in the wild. Based on this, we list the most common ways attackers attempt to deploy malicious workloads, backdoor a cluster, or escape containers—and what are the most effective and “bang for your buck” security mechanisms that you can implement in your own cluster.