In-person + Virtual
16 -20 May
Learn More and Register to Attend

The Sched app allows you to build your schedule but is not a substitute for your event registration. You must be registered for KubeCon + CloudNativeCon Europe 2022 to participate in the sessions. If you have not registered but would like to join us, please go to the event registration page to purchase a registration.

Please note: This schedule is automatically displayed in Central European Summer Time (UTC +2). To see the schedule in your preferred timezone, please select from the drop-down menu to the right, above "Filter by Date." The schedule is subject to change.
Back To Schedule
Friday, May 20 • 16:55 - 17:30
Three Surprising K8s Networking “Features” and How to Defend Against Them - James Cleverley-Prance, ControlPlane

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

Feedback form is now closed.

Kubernetes' networking model simplifies the user experience, but abstractions can introduce and hide complexity under the hood. This talk challenges perceived trust boundaries in Kubernetes networking and demonstrates some non-obvious and counter-intuitive behaviours. Left unchecked, these issues can mean Kubernetes clusters present a wider attack surface than may be immediately evident. The talk will cover: * The external attack surface of a Kubernetes node * Enumerating externally available cluster information * Exploiting Linux networking to access internal pods and services * Misusing CNI configurations to access internal pods and services You will gain an understanding of these attacks and how to use them, learn mitigation strategies and pragmatic defences, and be able to protect your clusters to avoid compromise.

Click here to view captioning/translation in the MeetingPlay platform!

avatar for James Cleverley-Prance

James Cleverley-Prance

Security Engineer, ControlPlane
James works as a Cloud Native Security Engineer at ControlPlane. In his day to day, he focuses on static and dynamic security assessments covering cloud native, infrastructure as code, policy as code, CI/CD, and architecture appraisals. He specialises in offensive security, Kubernetes... Read More →

Friday May 20, 2022 16:55 - 17:30 CEST
Auditorium 1A | Event Center Feria Valencia