...
- Draft: The ONAP Security sub-committee is working on the recommendation
- Recommended: The ONAP security sub-committee agrees that this is a recommendation
- Approved: The recommendation is approved by the TSC.
Some known threats in Micro Service architectures :
- Credential stealing and then used get the high level prilvileges:
- Attacker analyzes the container images to steal secrets such as SSH private keys, X.509v3 certificate private keys, passwords etc...
- Attacker analyzes the captured traffic among services to steal secrets such as passwords and other secrets.
- Attacker analyzes environment variables (to containers) via orchestrator log files to steal password and other secrets.
- Attacker getting hold of default credentials or weak passwords
- Denial Of Service Attacks:
- Attacker bombards the container services with new connections, leading to large number forked processes and threads leading to resource issues on other workloads (containers) in the system.
- Attacker exploiting the container to get access to Kernel.
- Tampering of images (ONAP container images)
- Attacker keeping tampered images with similar looking name in the registry, leading to running containers from attacker images.
Typical vulnerabilities are:
- Secrets/passwords/sensitive-data in images.
- Unchanged default passwords
- Weak passwords
- Unsecured communication
- Usage of environment variables to pass sensitive information
- Poor Security configuration
- Vulnerable system software and libraries
Mitigation techniques are:
The main captured topics are are:
...