Chap 10 - 01 - Understand Virt Essential Concepts and OS Virt Security - 07_ocred.pdf

Full Transcript

Certified Cybersecurity Technician Virtualization and Cloud Computing Exam 212-82 Container Security Threats O Image vulnerabilities O Insecure connections to O Vulnerabilities within O Image configuration defects O Stale images in registries O Embedded malware QO Insufficient authentication and Unbounded network access from containers O O QO Embedded clear text secrets Q registries authorization restrictions Use of untrusted images Copyright © by the runtime software Insecure container runtime configurations O App vulnerabilities O Rogue containers L All Rights Reserved. Reproduction is Strictly Prohibited Container Security Threats (Cont’d) Orxchestrator Threats O Unbounded administrative access O Unauthorized access Q Poorly separated inter-container network traffic O Large attack surface 0O Shared kernel 0O Host OS component vulnerabilities 0O Improper user access rights O Host OS Threats Host OS file system tampering Q Mixing of workload sensitivity levels Orchestrator node trust Copyright © by L All Rights Reserved. Reproduction is Strictly Prohibite Container Security Threats Containers are among the most important technologies in DevOps, and many organizations are adopting this technology to develop, test, package, and deploy the applications. Nevertheless. the increased use of containers is exposing companies to new security threats. Therefore, there is a need to secure containers throughout the development pipelines from these security threats. Module 10 Page 1273 Certified Cybersecurity Technician Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited. Certified Cybersecurity Technician Virtualization and Cloud Computing Exam 212-82 The threats that are associated with container ecosystems are as follows: = Image Threats o Image Vulnerabilities: Since images are static archive files consisting of components that run an application, lack of updates in the image components or the missing of critical security updates make the image vulnerable. If the version of the image that is utilized to make a container has vulnerabilities, it poses a risk to the containerized environment. Configuration Defects: In addition to software defects, the image of a container is also subject to configuration defects. For example, an image may fail to configure with a specific user account, and instead run with greater privileges than required. Embedded Malware: As an image is a collection of files that are packed together, there is a likelihood that malicious files are included in the image package intentionally or inadvertently. Such embedded malware has the same privileges as other components hosts. Embedded Clear communicate of the image Text Secrets: and could Most with other components. be used to attack other containers or applications For example, require a web secrets application to securely requires a username and password to connect to the backend database. When an application is packed into an image, these secrets get embedded into the image. This embedded clear text secret poses a security risk as a user having access to the image can parse the image to extract these secrets. Use of Untrusted Image: The use of untrusted images can introduce malware, leak data, or introduce components with vulnerabilities. It is recommended that running any image in a container from untrusted sources is avoided. = Registry Threats o] Insecure Connections to Registries: Images may contain sensitive components such as proprietary software and embedded secrets. An insecure connection to the registries can enable a man-in-the-middle attack. Stale Images in Registries: A registry contains all images that an organization deploys. Over time, it is possible that the registry contains images that are vulnerable or out-of-date. These vulnerable images would not pose a threat during their storage in the registry but can increase the likelihood of accidental deployment of the vulnerable image. Insufficient Authentication and Authorization Restrictions: Since registries contain images that may run sensitive or proprietary software, insufficient authentication and authorization expose the technical details of the application to the attacker. = Container Threats o Vulnerabilities within the Runtime Software: The attacker can exploit vulnerabilities within the runtime software to compromise it. Subsequently, the attacker can utilize Module 10 Page 1274 Certified Cybersecurity Technician Copyright © by EG-Gouncil All Rights Reserved. Reproduction is Strictly Prohibited. Certified Cybersecurity Technician Virtualization and Cloud Computing Exam 212-82 the compromised runtime software to perform other activities such as attack other containers and monitor container-to-container communication. o Unbounded Network Access from Containers: In the default state, most containers during runtime access other containers or the host OS through the network. In case a container is compromised, permitting it access to the network traffic significantly increases the risk to other containers in the environment. o Insecure Container Runtime Configurations: During container runtime, the administrator is exposed to many configurable options. The security of the system can be lowered if these options are improperly set. o App Vulnerabilities: Containers can be compromised because of flaws in an application that they run. This, however, is not a fault in the container, but rather that the vulnerabilities in compromise the container. o Rogue Containers: Rogue the application containers are within unplanned the container environment or unsanctioned containers. They originate in the development environment when the application developer creates a container to test the code. If these containers are not properly configured or are not passed through the rigors of vulnerability scanning, they can be exploited. * Orchestrator Threats o Unbounded Administrative Access: Most orchestrators are designed presuming that all the users that are interacting with them are administrators. In most cases, a single orchestrator runs many applications, each managed by different teams. If access to a user or group is not scoped to their requirements, then a malicious user can affect the functionality of different containers managed by the orchestrator. o Unauthorized Access: The orchestrators have their authentication directory service, which could be separated from other directories of an organization, leading to orphan accounts in orchestrator. These accounts are highly privileged, and their compromise can subsequently lead to system-wide compromise. The data storage volumes of a container are managed by the orchestration tool. Many organizations encrypt the stored data to prevent unauthorized access. o Poorly Separated Inter-Container Network Traffic: The network traffic between each node is routed through a virtual overlay network, which is managed orchestrator and is obscure to network security and management tools. o Mixing of Workload Sensitivity Levels: The orchestrators' primary focus by the is to enhance the density of workloads. By default, the orchestrator places the workloads of different sensitivities on the same host. For example, in a default state, the orchestrator may place a container running a public-facing web server and another processing financial data on the same host because the host has more available resources Due at the time of deployment. to the mixing of workload sensitivity levels, the container processing financial data can be easily compromised. Module 10 Page 1275 Certified Cybersecurity Technician Copyright © by EG-Gouncil All Rights Reserved. Reproduction is Strictly Prohibited. Certified Cybersecurity Technician Virtualization and Cloud Computing o Exam 212-82 Orchestrator Node Trust: Maintaining trust between the nodes in an environment is crucial. As the orchestrator is the foundational node, if the configuration of the orchestrator is weak, it can expose the orchestrator as well as other components of the container technology to increased risk. = Host OS Threats o Large Attack Surface: The attack surface of the host OS is the collection of all possible points through which the adversary can attempt to gain access to and exploit the host OS vulnerabilities. A large attack surface increases the potential for an attacker to gain running on that host. access to and compromise the host OS and the containers Shared Kernel: Compared to general-purpose OSes, container-specific OSes have a smaller attack surface area. However, a container has only software-level isolation of resources, surface. and the Host OS Component usage of a shared kernel increases the inter-object attack Vulnerabilities: Vulnerabilities of the host OS components impact all the containers and applications running on the host. Improper User Access Rights: An organization can be at risk when users sign in directly on the host to manage containers. Improper user access rights not only affect the host system but also all other containers present in it. Host OS File System Tampering: If the configuration of a container is not secure, it exposes the host volumes to significant risk of file tampering. Host OS file system tampering affects the stability and security of the host and other containers running on it. Module 10 Page 1276 Certified Cybersecurity Technician Copyright © by EG-Council All Rights Reserved. Reproduction is Strictly Prohibited. Certified Cybersecurity Technician Virtualization and Cloud Computing Exam 212-82 Docker Security Threats Escapin ping Gaining of root access on the host server by user with access to a container Cross-Container Attacks Gaining access to a container and utilizing it to attack other containers of the same host or within the local network.. Examples: DDoS Attacks, malicious (remote) access, unpatched exploits Inter-Container Attacks Gaining unauthorized access to a single container Docker Registry Attacks Gaining access to the docker registry Copyright © by L All Rights Reserved. Reproduction is Strictly Prohibited. Docker Security Threats There are specific parts of the Docker infrastructure following are common Docker security threats. = = that are vulnerable to attacks. The Escaping: In this Docker-specific security threat, the adversary escapes the container and gains root access on the host server. The attacker then attempts to compromise other machines within the local network. The following factors may facilitate container breakouts: O Insecure defaults and weak configuration. o Information disclosure. O Weak network defaults. o Working with the root user (UID 0). o Mounting host directories inside containers. Cross-Container Attacks: In this type of attack, the adversary gains access to a container and utilizes it to attack other containers of the same host or within the local network. Cross-container attacks lead to DoS attacks (e.g. XML bombs), ARP spoofing and stealing of credentials, compromising of the sensitive container, etc. The following are common causes for cross-container attacks: O Weak network defaults. e} Weak cgroup restrictions. O Working with the root user (UIDO). Module 10 Page 1277 Certified Cybersecurity Technician Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited. Certified Cybersecurity Technician Virtualization and Cloud Computing = Exam 212-82 Inner-Container Attacks: in this attack, the attacker gains unauthorized access to a single container. The potential causes for inner-container attacks are: = o Overage software. o Exposure to insecure/untrusted networks. o Use of large base images. o Weak application security. o Working with the root user (UID 0) Docker Registry Attacks o Image forgery: In an image forgery attack, the adversary gains access to the registry server and tampers the Docker image. o Replay Attack: In this type of attack, the adversary gains access to the registry server and provides outdated content. Module 10 Page 1278 Certified Cybersecurity Technician Copyright © by EG-Gouncil All Rights Reserved. Reproduction is Strictly Prohibited.