Container Security - What Matters

Container environments under Kubernetes are generally considered secure, yet effective security still requires attention. Burning or lost containers in rough seas are among the unwanted but not unrealistic scenarios in maritime freight shipping. Therefore, safety is paramount in seafaring. Improved cargo monitoring and increasingly precise weather forecasts make container shipping safer.

The same applies to containers in IT - as a new way of deploying and managing applications, but also bringing specific security requirements. Overall, containerization offers some advantages for security. However, it is crucial to consider the considerable complexity and potential security vulnerabilities of containers. Based on this, suitable measures can be taken to ensure effective security.

The Benefits of Containers: Concept and Reality

The benefits of containers are conceptually rooted in isolation, portability, monitoring, and automation. However, containers with typically highly distributed environments and large clusters, can also pose security risks. Regular updates are important to keep containers at a high-security level. Clusters running on an end-of-life version must be avoided. Poor network configuration can also make Kubernetes environments vulnerable to unauthorized access. Already, individual nodes with outdated operating systems or a targeted denial-of-service attack can endanger several or even all deployed machines.

Since containers are frequently started and stopped, monitoring them is not straightforward. Firewalls, standard in conventional IT environments, are not suitable for container domains.
The lack of effective container isolation opens up pathways for attackers to compromise sensitive data, processes, or access privileges. However, the most common security issues when deploying a Kubernetes instance are easily avoidable.

Key Functions of a Kubernetes Security Tool

Proactive vulnerability management can significantly reduce the risk of security breaches. A possible attack path in the production environment is the code. To protect it, policies such as enforcing TLS, restriction of Kubelet permissions, blocking unused ports, and regular scans and tests are proven effective. Digital signatures ensure that the code is trustworthy. A corresponding tool should also make configuration problems visible beyond the code. Part of security management is also to prevent incoming and outgoing data connections to insecure services.

A security risk is running the applications from untrusted registries, as this can facilitate malware attacks or unauthorized access through backdoors. Therefore, it is advisable to minimize the attack surface and restrict potential attack vectors. This also means avoiding unnecessary packages, libraries, and shells in development, limiting permissions to the minimum necessary, and loading “secrets” only for specific tasks. Applications in the cluster should be isolated, with resources and teams separated by namespaces.

Network segmentation can prevent lateral movement within a cluster. This should be done before production, as Kubernetes’ default network settings do not restrict communication. Incoming and outgoing connections should be precisely defined and routed through policies. Similarly, access should be restricted through namespaces and meticulously configured role-based access controls (RBAC).

The Kubernetes API is the centerpiece of the entire system, through which all internal and external clients connect and communicate with Kubernetes. The Kubernetes API Server and other Kubernetes components can have vulnerabilities and pose attack surfaces during runtime. In the worst-case scenario, compromised containers must be isolated quickly and replaced with “clean” containers while the attack is analyzed and stopped.

Trust is good, control is better

In general, it is advisable to keep the Kubernetes environment lean and to scan operating systems, images, and all external sources thoroughly for security vulnerabilities. For external sources, it is always a case of: Trust is good, control is better. Therefore, it is also necessary to limit privileges to a minimum and never run application processes as root. A read-only root filesystem prevents attacks based on software installation or filesystem changes. Integrated image scans and security tests in the CI/CD pipeline complement the security package.

Administrators must also ensure that only authorized, compliant images enter the environment to limit the risk of running containers with vulnerable or malicious code. Images from dubious sources are risky, so only approved images should enter the CI/CD pipeline. Risk management is supplemented by integrated control mechanisms in Kubernetes. For example, the security context can be configured to restrict pod access. Proactive monitoring is crucial to keep track of process activities, all services, and external communication.

The use of a comprehensively automated platform for deploying and managing clusters is advisable to operate a container environment under Kubernetes securely - even in rough seas.

Marko Mudrinić

Marko Mudrinić

Senior Software Engineer