1

When I have a kubertenes cluster deployed in the same network, inside my org, with firewall rules and control access in place, what would be de reason for encrypting comunications between pods?

I having a discusion for implementing TLS Side car pattern and i really want to know if is necesary, so far the only argument is to avoid malicius people inside my organization tryinng to do sniffing.

Can help me out what are the valid bussiness scenarios?

Regni
  • 11
  • 3
  • we enabled mTLS for couple of clients of ours because they are PCI compliant and by law they must encrypt all communication within the cluster. So, sometimes it is a business requirement, rather then a security decision. – suren Dec 27 '20 at 11:54

2 Answers2

1

It's part of a defense-in-depth strategy. If one of your pods is compromised, it gets harder to exploit that by reading traffic. It might be compromised by insiders or external attackers.

Read access tokens might be used for replay attacks.

Well if this is "necessary" probably depends on your requirements. It might not get you immediate business benefits. However, "just" reading data can already be a serious security breach.

That being said, using service meshes like Istio it is relatively easy to implement mutual TLS between services.

Also, Istio provides more security features then just encrypting communication between pods. It also uses the concept of identity and makes it possible to specify authorization rules on the level of services instead of IP addresses (which might be hard to manage).

In addition to security benefits, Istio can also provide other features like advanced traffic management or features which make it possible to move common cross-cutting concerns like metrics, tracing, CORS policies, JWT validation into the mesh.

Those may provide more tangible benefits for application developers and maintainers (compared to security, which might be only relevant once it is compromised...)

user140547
  • 7,750
  • 3
  • 28
  • 80
  • I know Istio and Service Mesh from Red Hat, and it is really cool, a lot of features to de couple responsabilities from the development, BUT! I just want to have a concrete answer when some ask what are we solving in the security side. Sorry but saying "we are preventing bad people doing bad things" it just sound too ambiuous to me – Regni Dec 24 '20 at 02:00
  • I have updated the answer. Well just reading unauthorized traffic in itself can already be a serious security breach if it is confidential data... – user140547 Dec 24 '20 at 08:56
0

Network layer is never assumed to be trustworthy. How do you know what is installed on the computers and mobile phones connected to your network? It could be spyware sniffing network traffic. For a spyware to sniff on network traffic, it does not need to be installed on the computers communicating, it can be (in some common network topologies) installed on a mobile phone connected onto WiFi of the same organization.

FlatAssembler
  • 667
  • 7
  • 30