-1

Let's say a hacker found a way to execute a vulnerability in my container and he can execute any code there (for example he has upload a bash file with HTTP protocoll). Let's make it more dangerous: his bash file is executed with root permissions.

I'm wondering how can I prevent him to do any action there. Does blocking all output connections in a firewall outside of the container (on kubernates layer for example) do the job?

He will not be able to set up any connection to his machine: SSL, websocket connection, nor any any other connection initialized from the container.

He will not get any output information from his bash file so he will be completely blind. The worst thing he will be able to do is rm -rf /<any standard unix directory>, but if each file is processed in a separate sandbox container all others upload processes won't be affected.

What do you think? What other options do you see?

Simon
  • 109
  • 2
  • Many organizations block outbound-initiated connections from servers unless there is a firewall rule or an exception added to a proxy to allow it. Are you saying this server allows completely unrestricted outgoing connections? If so, then yes, it would benefit from *not* doing that. – Greg Askew Mar 27 '23 at 10:48

1 Answers1

1

No. That will merely block outgoing connections. As your server is serving some content, it more or less has to allow either incoming or outgoing connections. Either can be used by attackers - albeit in different fashions.

If you block both incoming and outgoing connections, it will generally improve security monumentally, but it will have a somewhat measurable impact on usability as well.

Your question is showing a common misunderstanding. Security is not pushing a button. If it was, everyone would push that button. Security is a process to stay in front of attackers. Generally Defence in Depth is a good idea - have multiple barriers.

Blocking outgoing connections may lessen the impact, as it disallows an attacker to use the machine as a jump host - but it won't impede gaining access.

The same goes for sandboxing and using destroyable containers: gaining access is still possible, but you have reduced impact - at least if the isolation holds. It's not unheard of to escalate out of a container. There's of course mitigations you can do to reduce the attack surface, such as rootless dockers. But it's ultimately back to defence in depth: figure out attacks, implement mitigations, lather, rinse, repeat.

vidarlo
  • 6,654
  • 2
  • 18
  • 31