It is important to find a way hardening your computer against runtime threats. Fortunately, there are plenty of resources available to help you get started. This article discusses some of the issues that you might face and provides recommendations to help you deal with them.
Problems
One of the more interesting tasks involved in running a modern day container cluster is defending against malware laden containers – and it is no small feat. In particular, applications that attempt to modify the container filesystem will have their work cut out for them. Fortunately, the NSA and CISA have provided a helpful checklist and checklist to help mitigate the risks associated with running a micro-services based container environment. The list is not exhaustive, but it should provide a solid foundation on which to build your container ecosystem. A good start is to implement a standardised set of best practices that can be refactored and re-evaluated when a new threat erupts.
Recommendations
Hardening against runtime threats means ensuring that your code is not susceptible to exploits. This can be done by separating parts of your application into multiple processes, using a low-level mechanism to restrict privileges, and decomposing your application into several components. You should also review your applications for vulnerabilities and update their dependencies to avoid introducing vulnerabilities.
It is important to protect your container images and your runtime from security loopholes. There are several methods for doing this, including dependency scanning, limiting access to running containers, and running the container inside a hypervisor. You can also use package management tools to provide warnings about problematic dependencies.
An application’s components should be separated from one another, and if they have a common interface, they should be granted different capabilities. This will reduce the risk of a flaw affecting all of the components. If some components require elevated privileges, you can limit them to run on a separate machine or on the same server.
References
References for hardening against runtime threats include memory protections and the use of return oriented programming techniques. These measures can limit the ability of an attacker to change the control of a mutable object during the course of a method. Other methods of limiting a container’s execution include preventing tampering with the container’s file system. The NSA/CISA Kubernetes Hardening Guidance highlights the need to use readOnlyRootFileSystem as a way to limit the damage of container tampering.
The NSA/CISA Kubernetes hardening guidance also recommends the use of tmpfs volume mounts to limit the read/write activity of an application. This will also help prevent crash situations. Having a read-only filesystem is also recommended to protect against anomalous behavior or post-exploitation activities.
In addition, it is advisable to separate programmatic interfaces from ease-of-use features, such as the ability to perform actions without a user’s input. While these can provide valuable convenience, they are not always appropriate for use in programming.
