CVE-2020-8554 is a vulnerability that allows Kubernetes Services to intercept cluster traffic to any IP address. Users who can manage services can exploit the vulnerability to carry out man-in-the-middle (MITM) attacks against pods and nodes in the cluster. All Kubernetes versions including the latest release (v1.20) are vulnerable to this attack. If your cluster is multi-tenant, or allows unprivileged users to create and update services, you are impacted.
Since this is a major design flaw with no fix in sight, detecting exploitation attempts of this vulnerability is critical to preventing or stopping an attack. In this webinar, we will demonstrate several ways that Calico Enterprise can help mitigate this unpatched vulnerability. You will learn:
– How you can use Calico Enterprise IDS capabilities to continuously monitor, detect, and alert on suspicious behaviors, such as (a) when a Kubernetes service is created or patched by an attacker, and (b) when an endpoint is created or patched in the cluster.
– How you can lock down your cluster and prevent the MITM attack using Calico Enterprise policy to control intra-namespace and inter-namespace traffic.
– How to deploy a zero-trust security model in the cloud using Calico Enterprise to ensure workload isolation and protection from CVE-2020-8554.