Any container security and orchestration program must take into account the security and risks of the creation and contents of the containers themselves. There are several container security best practices and criteria by which to analyze the program, including the foundational elements of host security, the platform security elements, and the elements of the container and orchestrator itself.
When addressing the security of containers and container orchestration, it’s important to take a holistic approach that encompasses the architecture, deployment, and production of your applications.
Security considerations should include
- Malicious/compromised containers
- Local network attacks
- External network attacks
- Malicious developers/users
- Configuration best practices
- Secrets management
- Container delivery
- Role-based access control analysis
- Comprehensive, context-specific attack scenario analysis
Attack scenarios to consider should include
- Malicious entities on public network
- Malicious entities on adjacent network
- Malicious insiders/developers
- Malicious/compromised application containers
- Containers to host
- Containers to network
- Containers to container
- Namespace to namespace
- Cluster to cluster
To track and organize these scenarios, it’s beneficial to create an attack matrix. The Kubernetes attack matrix, for example, includes factors such as initial access, execution, persistence, privilege escalation, defense evasion, credential access, discovery, lateral movement, and impact.