C-0054 - Cluster internal networking
Cluster internal networking
Framework
MITRE, ArmoBest, NSA, YAML-scanning, AllControls
Severity
Low
Description of the the issue
Kubernetes networking behavior allows traffic between pods in the cluster as a default behavior. Attackers who gain access to a single container may use it for network reachability to another container in the cluster.
Related resources
namespaces, networkpolicies
What does this control test
Check for each namespace if there is a network policy defined.
Remediation
Define Kubernetes network policies or use alternative products to protect cluster network.
Example
No example
Updated about 2 months ago
Did this page help you?