Dive deep into the Kubernetes CVE-2018-1002105, one of the most severe security vulnerabilities in Kubernetes history, in this 38-minute conference talk by DevSecOps expert Ian Coldwater. Explore the inner workings of the Kubernetes backend, including aggregated API servers, kubelet API, and permissions for namespace-constrained users. Understand how the vulnerability functions, the potential risks of leaving it unpatched, and witness a live hacking demonstration showcasing its ease of exploitation. Learn about the moving parts within a Kubernetes cluster that can create vulnerable contexts, and gain practical advice on mitigation strategies and cluster protection. The talk covers the severity scores, attack vectors, and the Twistlock demo, while also discussing the broader implications for Kubernetes security. Discover the importance of defense in depth, dependency management, and staying up-to-date with patches. Gain insights into the Kubernetes postmortem process, improved communication strategies, and valuable resources for admins. Conclude with an understanding of the changes implemented and their impact on Kubernetes security.
Overview
Syllabus
Introduction
Who am I
What was Kubernetes 100105
It was big news
Severity Scores
What was it
What it allowed
The bad news
How did it work
Moving parts in Kubernetes
Kubernetes Control Plane
API Server
Reverse Proxy Routing
Attack vectors
Risks
Twistlock Demo
Exploits
Diff
Mitigations
What can we learn
Defense in Depth
Watch your dependencies
Keep up to date
Kubernetes postmortem
Communicate better
Resources
Is it still affected
If you are an admin
The first time
Why did it take until December
What is a backend server
TCP Connection Reuse
The Fallout
Whats Changed
Wrap Up
Taught by
Docker
