Mediaboss Marketing

The NSA released its Kubernetes Hardening Guidelines almost a year ago and made updates to it this March. The purpose of the document is to provide an overview of what Kubernetes users need to do to ensure security. As described within, the report is designed to help organizations handle Kubernetes-associated risks and enjoy the benefits of using this technology.

The guidelines are extensive; a 66 page document. There are some main categories that are covered throughout including pod security, network separation and hardening, authentication and authorization, audit logging, threat detection, upgrading and application security.

Within each section, the NSA outlines advice. For example, it explains that to ensure pod security, you should use containers built to run applications as non-root users. It says, By default, many container services run as the privileged root user, and applications execute inside the container as root despite not requiring privileged execution. Preventing root execution by using non-root containers or a rootless container engine limits the impact of a container compromise.

Another example is around locking down access. It says, [Role-based access control] RBAC, enabled by default, is one method to control access to cluster resources based on the roles of individuals within an organization. RBAC can be used to restrict access for user accounts and service accounts.

The list is extensive, which can feel overwhelming and might leave you wondering whether the NSAs advice is truly important or if its just overkill.

The CNCF says in its 2021 annual report that the usage of Kubernetes is continuing to grow and reached its highest level ever, with 96% of organizations using or evaluating the technology. However, security continues to be top of mind for organizations. In a Red Hat report, 94% of respondents stated they have experienced a security incident in their Kubernetes and container environments during the last 12 months.

Companies want to use and are adopting Kubernetes, but security must be a top priority. By producing this guide, the NSA is essentially endorsing the technology. It sees the value of using Kubernetes but wants it done securely. This is huge for the cloud-native landscape and for Kubernetes adoption. The guidelines provide not only U.S. federal organizations a path to secure usage of Kubernetes, but any company that wants to use the technology, too.

So, the next logical question is how to tick the boxes on the guide? With approximately 20 different requirements around the five categories, it can seem like a big undertaking.

The first step to complying with the guide is to understand your Kubernetes environment. For example, how many clusters do you have? Do you have any containers running as root? Do you have role-based access control in place? And are you doing all of this consistently? Many of the issues around Kubernetes involve a lack of visibility into the environment and ability to understand if policies are being implemented habitually.

Unfortunately for many organizations running environments with three or more clusters, it is too hard to answer this question. The genius of a Kubernetes environment is its ephemeral nature; the downside is things are constantly changing.

DevOps teams wanting to implement NSA hardening guidelines should spend time auditing their environment for misconfigurations. Many organizations fall into the trap of doing this manually but should look to tools that automatically scan clusters and infrastructure-as-code for misconfiguration and vulnerabilities.

Once a Kubernetes environment is understood, how do you achieve compliance? First, DevOps teams should look for tools that help them enable developers to use Kubernetes safely. This is where Kubernetes guardrails come into play. Guardrails enable DevOps teams to turn policy from a piece of paper into a safety net. Instead of moving to production with a manual review, guardrails can be put in place to guide the entire development life cycle. Developers can ensure container security configuration is set, for example, before it ever gets to production. It helps to free up DevOps time and enables developers to ship applications faster.

Next, by combining automated scans with guardrails, teams can document their journey to compliance. It becomes a much easier process as unknowns in Kubernetes become knowns.

Understanding the importance of the NSA hardening guidelines and knowing how to implement them are two different things. In my next article, Ill dig into some specific examples around the five main categories of the report.

Related

Here is the original post:
What Are the NSA K8s Guidelines and Why Should You Care? - Container Journal

Stringent National Security Act (NSA) and the Gangsters Act were invoked on Thursday against the main accused and four others in the case of the June 3 violence in Kanpurs Beckonganj area following a protest against remarks by a BJP leader about Prophet Mohammad.

Officials said that Hayat Zafar Hashmi, the main accused in the case, has been booked under the NSA, while four others, including Mukhtar Ahmad Baba, the owner of city-based restaurant chain Baba Biryani, have been booked under the Gangsters Act.

The Kanpur Police have registered three FIRs in connection with the violence and arrested 60 people so far.

Kanpur Police Commissioner Vijay Singh Meena said, On June 3, an incident happened in Kanpur and an attempt was made to disturb communal harmony. Taking swift action, the police have so far arrested 60 people. In continuation of that, the main accused who provided funding for the violence and gathered people in an attempt to disturb peace have been booked under the Gangsters Act.

Those booked under the Gangsters Act are Haji Mohammad Wasi, Mukhtar Ahmad Baba, Akeel Khichdi and Shafiq. District Magistrate Vishak G said, A report was received from the Kanpur Police Commissioner about the main accused Hayat Zafar Hashmi. An order was passed to invoke Section 3(2) of the National Security Act against him on Thursday.

The police said that Hashmi, who is the chief of a local outfit, Maulana Mohammad Ali Jauhar Fans Association, is the main accused in the violence, while the others were involved in the conspiracy leading to the incident.

According to the MMA Jauhar Fans Associations Facebook account, the outfit was founded in 2007 by Hashmi with the aim of raising voice for social and civic problems like water supply, power crisis, roads and traffic issues.

Mukhtar Baba, who is accused of financing Hashmi, was arrested on June 21.

A week later, at least three outlets of Baba Biryani in the city were sealed by the administration stating that samples collected from them allegedly failed the quality test in an Agra laboratory. Haji Mohammad Wasi, a city-based realtor, was also arrested for allegedly funding Hashmi.

Several of his properties are under the scanner of the Kanpur Development Authority (KDA) and notices have been served on at least nine buildings belonging to him. The police had said that Wasi was one of the main conspirators and during questioning of several accused it came to light that he played a vital role in the violence. Wasis son Abdul Rehman was also arrested in the same case.

View post:
Kanpur violence: NSA, Gangster's Act invoked against main accused, 4 others - The Indian Express

A group known as Arewa Youth Assembly (AYA) has called for the resignation of Babagana Monguno, national security adviser (NSA), over the insecurity in the country.

Mohammed Danlami, spokesman of the group, in a statement on Monday said the NSA has run out of ideas in tackling the security challenges in the country, and therefore should resign or be sacked by the president.

The Arewa Youth Assembly shares in the pain and agony of the immediate families and friends of those in captivity and pray God to intervene through His supernatural power and set them free, Danlami said.

The AYA notes that the growing audacity of non state actors which led to the invasion of Kuje Maximum Prison, Abuja which led to the release of numerous arrested Boko Haram Commanders shows that even Mr President in the Presidential Villa is not safe, it is just a matter of time, these ragtag elements will draw inspiration from the Afghanistan Terrorist and take over leadership of our country.

We have observed that this insult to our country sovereignty would not have been possible if the National Security Adviser, who is supposed to guide Mr President had not run out of ideas.

Since Mongunos appointment over seven years, we strongly believe that the man has run out of steam and does not have anything new to offer, hence, the honourable thing for him to do is to pack his luggage and return to his retirement destination, where he fails to, Mr. President should urgently sack him and get him replaced.

The youths will not participate in activities in the build up to 2023 general elections and the election proper if our brothers and sisters in captivity are not released.

Also most of our Local Government Areas and communities that are now under the control of either Ansaru terrorists in North Central and North West or ISWAP in North East should be recovered.

In other words, politicians are only welcome to our region, when we have every reason to believe that our forests are free from bandits and terrorist.

The assembly strongly believes that if the amount of monies budgeted for security and defence were deployed for such purposes, the terrorists in our bushes would not have been able to withstand our armed forces for three days.

View post:
'He has run out of ideas' -- CSO demands Monguno's resignation as NSA - TheCable

FROM permanent pasture to herbal leys, the options now available for the countrys sheep farmers when it comes to managing their grassland are numerous and can be confusing.

To support sheep farmers through these difficult decisions the NSA is launching its new Grassland Trail at this months NSA Sheep Event.

As input prices increase, the new feature at the event, taking place on Wednesday, July 27, at the Three Counties Showground, Worcestershire, will provide plentiful advice so farmers are able to explore ways they can optimise their grasslands for efficient and profitable sheep production.

The trail will offer visitors the chance to speak to grassland specialists, join practical workshops delivered by nutrition and grass seed companies or listen to leading industry experts debate the future role of grasslands in carbon sequestration. Topics covered will include soil health, multi-species swards, parasite control and water management.

NSA chief executive officer Phil Stocker said: All at NSA are very excited to be able to welcome visitors to this new feature at NSA Sheep Event. Its launch could not come at a more important time as farmers seek methods to make the most from their grasslands under current pressures from rising input costs but also at a time when the importance of grasslands in the climate change debate must be highlighted both to farmers and the wider public.

The NSA Grassland Trail has been created as part of NSAs involvement in the EU-funded E-Organic Erasmus project and aims to offer advice to farmers on how to integrate sustainable farming practices into their future management systems, taking proactive steps to tackle current and future challenges.

A number of workshops will also be on offer providing farmers with some hands on advice to take home. A series of competitions is run throughout the day, providing entertainment and encouraging the next generation of sheep farmers, while a sheepdog sale is always a big draw for visitors.

For more information, visit http://www.sheepevent.org.uk.

See more here:
Grassland options will be explored at NSA Sheep Event | Darlington and Stockton Times - Darlington and Stockton Times

Cybersecurity experts are raising concerns about an individual on a hacker forum claiming to have access to 50 American companies through an unnamed managed service provider (MSP).

MSPs are paid to manage IT infrastructure and provide support, typically by smaller organizations lacking their own IT departments. In recent years they have been singled out by cybersecurity agencies as potentially vulnerable access points for hackers to exploit.

Harlan Carvey, senior incident responder at cybersecurity firm Huntress, told The Record that on July 18 someone with the handle Beeper had posted in Russian on exploit[.]in asking for help monetizing access to a managed service provider.

Looking for a Partner for MSP processing. I have access to the MSP panel of 50+ companies. Over 100 ESXi, 1,000+ servers I want to work qualitatively, but I do not have enough people, the translated message said.

In terms of preparation, only little things are left, so my profit share will be high. Please send me a message for more details and suggestions.

Several cybersecurity experts have shared the message on Twitter and other social media sites warning of the potential fallout from the kind of access the hacker purportedly has.

Carvey said it appears that the hacker gained access to an MSPs management system and has already done some of the initial legwork.

It sounds as if theyre claiming to have done some pre-work, perhaps something like identifying an account with a high privilege level. As a result, anyone who takes them up on their offer isnt going to have to do much heavy lifting to achieve whatever their goals may be, Carvey said.It doesnt appear that theres any data involved at this point, per se. Intent isnt clear at this point, and it may depend upon who responds to the ad. The original poster does seem to be offering to answer questions and provide additional details.

Carvey added that based on the typical customer base he sees for MSPs, personal details, business data and healthcare information could be at risk.

Some online noted that Kansas City-based MSP NetStandard announced on Wednesday morning that their hosted environment had been hit by a cyberattack. The company did not respond to requests for comment but told customers they discovered the attack on Tuesday and are working to isolate the threat and minimize impact.

MyAppsAnywhere services, which include Hosted GP, Hosted CRM, Hosted Exchange, and Hosted Sharepoint, will be offline until further notice, the company said.

At this point, no additional information on the extent of the impact nor time to resolution can be provided. We are engaged with our cybersecurity insurance vendor to identify the source of the attack and determine when the environment can be safely brought back online.

The cybersecurity authorities of the U.K. (NCSC-UK), Australia (ACSC), Canada (CCCS), New Zealand (NCSC-NZ), and the United States (FBI, CISA and NSA) warned in May that hackers and APT groups have stepped up their targeting of MSPs in their efforts to exploit provider-customer network trust relationships.

Two of the most prominent hacks from the last two years involved popular MSPs SolarWinds and Kaseya and caused widespread damage due to the access they have to hundreds of companies and government agencies.

The CISA alert noted that government agencies are aware of reports of an increase in malicious cyber activity targeting MSPs, adding that they expect this trend to continue.

As this joint advisory makes clear, malicious cyber actors continue to target managed service providers, which can significantly increase downstream risk to the businesses and organizations they support why its critical that MSPs and their customers take action to protect their networks, said CISA Director Jen Easterly.

Managed service providers make attractive targets for malicious actors to scale their attacks. MSPs and their customers should use these recommendations for handling the shared responsibilities of securing sensitive data. https://t.co/pZPluNVLQr

The agencies provided a range of recommendations to MSPs, such as hardening defenses against password spraying and phishing by potential attackers.

Former Obama administration cybersecurity commissioner Tom Kellermann, who now serves as head of cybersecurity strategy at VMware, previously told The Record that cybercrime cartels have studied the interdependencies of financial institutions and have a better understanding of which MSPs are used.

In turn, these organizations are targeted and hacked to island hop into banks. Rogue nation states love this method of cyber-colonization, Kellermann explained, referring to an attack that targets a third party in order to gain access to another entity. VMware has found that such attacks have increased 58% over the past year.

I am concerned that as geopolitical tension metastasizes in cyberspace, these attacks will escalate and Russian cyber-spies will use this stratagem to deploy destructive malware across entire customer bases of MSP, he said.

Jonathan has worked across the globe as a journalist since 2014. Before moving back to New York City, he worked for news outlets in South Africa, Jordan and Cambodia. He previously covered cybersecurity at ZDNet and TechRepublic.

See the original post here:
Experts warn of hacker claiming access to 50 U.S. companies through breached MSP - The Record by Recorded Future