C-0054 - Cluster internal networking

Cluster internal networking

Framework

MITRE, NSA, ArmoBest

Description of the the issue

Kubernetes networking behavior allows traffic between pods in the cluster as a default behavior. Attackers who gain access to a single container may use it for network reachability to another container in the cluster.

Related resources

namespaces, networkpolicies

What does this control test

Check for each namespace if there is a network policy defined.

Remediation

Define Kubernetes network policies or use alternative products to protect cluster network.

Example

No example


Did this page help you?