Vincent Ruijter & Valentine Mairet

Workshop Title:

A Monitoring Platform for Kubernetes Cluster Security

Abstract:

Kubernetes is an open-source system for the deployment, scaling, and management of containerized applications. Common implementations of Kubernetes are not secure by default and a lot of information about the hardening of Kubernetes intrinsic security is not known to the public. Since version 1.7 though, the security level has increased and the common security risks have been mitigated. More information about Kubernetes attack and defense methodologies has become available. However, none of these published resources lay the focus on the logging mechanisms of Kubernetes and the possibility for detection of active threats.

During this talk, a combination of existing tools is presented for the creation of a centralized logging system for Kubernetes instances. This system serves as a visualization tool for the monitoring of intracluster activity and detection of potentially malicious events. The talk contains several demonstrations, where attacks are conducted against a Kubernetes instance, which are made visible in the Kubernetes Security Dashboard (K8SD).
All project material is to be released open-source after the talk, such that organizations and individuals that require visibility over their Kubernetes infrastructure can use and adapt these tools to suit their own needs.

Bio:

Vincent Ruijter:Pacifistic Internetveapon @ KPN (Royal Dutch Telco) CERT, who thinks he knows Linux. Moderator @ null Amsterdam chapter, with an endless curiosity for all things binary. Knows how to quit Vi ^[ESC!wqwq:wq!

Valentine Mairet:Star Wars fan @ KPN (Royal Dutch Telco) REDteam, who doesn't like anything but Rock'n'Roll. Helps out with hardwear.io and likes to "cat all the files"! If she can paint it, she'll hack it.