Loading…
Tuesday, November 19 • 11:50am - 12:25pm
CAP_NET_RAW and ARP Spoofing in Your Cluster: It's Going Downhill From Here - Liz Rice, Aqua Security

Sign up or log in to save this to your schedule and see who's attending!

Feedback form is now closed.
Did you know that by default, your applications running in Kubernetes can open raw network sockets? This talk demonstrates how, in the right circumstances, the CAP_NET_RAW capability that allows this can be abused by a compromised application.

* ARP spoofing: pretending to represent the wrong IP address
* If the app can ARP spoof the IP address of the DNS service, this potentially lets it spoof DNS addresses: pretending to represent the wrong domain name

Sounds bad, doesn't it?

These attacks, and their consequences, will be demonstrated live, along with preventative measures that you can take to ensure they aren't happening on your cluster.

This talk explains CAP_NET_RAW and spoofing, but the audience is expected to be comfortable with Kubernetes concepts like pod specs and admission controllers.

Speakers
avatar for Liz Rice

Liz Rice

VP Open Source Engineering, Aqua Security
Liz Rice heads the Open Source team at container security specialists Aqua Security, working on projects including kube-hunter, kube-bench and kubectl-who-can. She is chair of the CNCF's Technical Oversight Committee, and was Co-Chair of KubeCon + CloudNativeCon in 2018. She has... Read More →



Tuesday November 19, 2019 11:50am - 12:25pm
Room 11AB - San Diego Convention Center Upper Level