cutimage - Fotolia
Container orchestration systems at risk by being web-accessible
Security researchers found tens of thousands of container orchestration systems accessible via the web, which in itself puts those dashboards at risk of attack.
Researchers found more than 21,000 container orchestration systems are at risk simply because they are accessible via the web.
Security researchers from Lacework, a cloud security vendor based in Mountain View, Calif., searched for popular container orchestration systems, like Kubernetes, Docker Swarm, Mesosphere and OpenShift, and they found tens of thousands of administrator dashboards were accessible on the internet. According to Lacework's report, this exposure alone could leave organizations at risk because of the "potential for attack points caused by poorly configured resources, lack of credentials and the use of nonsecure protocols."
"There are typically two critical pieces to managing these systems. First is a web UI and associated APIs. Secondly, an administrator dashboard and API are popular because they allow users to essentially run all aspects of a container cluster from a single interface," Lacework's researchers wrote in its report. "Access to the dashboard gives you top-level access to all aspects of administration for the cluster it is assigned to manage, [including] managing applications, containers, starting workloads, adding and modifying applications, and setting key security controls."
Dan Hubbard, chief security architect at Lacework, said these cloud container orchestration systems represent a significant change from traditional security.
"In the old data center days, it was easy to set policy around who could access admin consoles, as you would simply limit it to your corporate network and trusted areas. The cloud, combined with our need to work from anywhere, changes this dramatically, and there are certainly use cases to allow remote administration over the internet," Hubbard said via email. "That said, it should be done in a secure way. Extra security measures like multifactor authentication, enforced SSL, [role-based access controls], a proxy in front of the server to limit access or a 'jump server' are all ways to do this. This is something that security needs to be aware of."
Lacework reported that more than 300 of the exposed container orchestration systems' dashboards did not have credentials implemented to limit access, and "38 servers running healthz [web application health and security checker] live on the Internet with no authentication whatsoever were discovered."
Hubbard added that "these sites had security weaknesses that could have enabled hackers to either attack directly these nodes or provide hackers with information that would allow them to attack more easily the company owning these nodes."
However, despite warning of potential risks to these container orchestration systems, Hubbard and Lacework could not expand on specific threats facing any of the nearly 22,000 accessible dashboards described in the report.
"Technically, they are all connected to the internet and their ports are open, so attackers can gain privileged access or discover information about the target," Hubbard said. "With respect to flaws, we did not perform any password cracking or dictionary attacks against the machines or vulnerability scans. However, we did notice that a lot of the machines had other services open besides the container orchestration, and that certainly increases the attack surface."