December 2, 2019

210 words 1 min read

Shipping in Pirate-Infested Waters: Practical Attack and Defense in Kubernetes [A]

Shipping in Pirate-Infested Waters: Practical Attack and Defense in Kubernetes [A]

Kubernetes has a growing array of security controls available, but knowing where they all fit in, what the highest priorities are, and how it all helps against real attacks is still far from obvious. …

Talk Title Shipping in Pirate-Infested Waters: Practical Attack and Defense in Kubernetes [A]
Speakers Greg Castle (Kubernetes/GKE Security Tech Lead, Google), CJ Cullen (Software Engineer, Google)
Conference KubeCon + CloudNativeCon North America
Conf Tag
Location Austin, TX, United States
Date Dec 4- 8, 2017
URL Talk Page
Slides Talk Slides
Video

Kubernetes has a growing array of security controls available, but knowing where they all fit in, what the highest priorities are, and how it all helps against real attacks is still far from obvious. In this talk we’ll take a vulnerable application, exploit it, install tools, escalate privileges, propagate between containers and gain control of the cluster. At each stage of the attack we’ll demonstrate how proactive steps could have prevented these actions (or at least made them more difficult), from the container build process to writing RBAC/PodSecurity/AppArmor/Network policies, and more. Since configuration of each defence could be the subject of it’s own deep-dive talk, we’ll mainly focus on the big picture of “what” technologies you’d use to configure your cluster securely and “why”.

comments powered by Disqus