AKS cluster should have Network Policy configured
Severity | Exploitability | Providers | Categories |
---|---|---|---|
HIGH | MEDIUM | Azure | NETWORK |
Description
Using Azure Kubernetes Service (AKS), you can set a Network Policy to define rules for ingress and egress traffic between pods in a cluster. By default, all ingress and egress traffic to and from pods.
Impact
Potential data exposure | Visible in logs | User interaction required | Privileges required |
---|---|---|---|
True | False | False | False |
Without a Network Policy configured, AKS clusters are at risk of Distributed Denial-of-Service (DDoS). It may also be a risk of data exposure, if bruteforce attack is conducted.
Remediation guidelines
Configure a Network Policy for AKS clusters, so that only known pods, namespaces and IPs are allowed.