...
- Draft: The ONAP Security sub-committee is working on the recommendation
- Recommended: The ONAP security sub-committee agrees that this is a recommendation
- Approved: The recommendation is approved by the TSC.
Some known threats in Micro Service architectures :
- Credential stealing and then used get the high level prilvileges:
- Attacker analyzes the container images to steal secrets such as SSH private keys, X.509v3 certificate private keys, passwords etc...
- Attacker analyzes the captured traffic among services to steal secrets such as passwords and other secrets.
- Attacker analyzes environment variables (to containers) via orchestrator log files to steal password and other secrets.
- Attacker getting hold of default credentials or weak passwords
- Denial Of Service Attacks:
- Attacker bombards the container services with new connections, leading to large number forked processes and threads leading to resource issues on other workloads (containers) in the system.
- Attacker exploiting the container to get access to Kernel.
- Tampering of images (ONAP container images)
- Attacker keeping tampered images with similar looking name in the registry, leading to running containers from attacker images.
Typical vulnerabilities are:
- Secrets/passwords/sensitive-data in images.
- Unchanged default passwords
- Weak passwords
- Unsecured communication
- Usage of environment variables to pass sensitive information
- Poor Security configuration
- Vulnerable system software and libraries
Mitigation techniques are:
- Host operating system (Not valid if ONAP is being installed in Hyperscale data centers) - Hardened operating system, Vulnerability scanning, Trusted computing infrastructure
- Containers images:
- Only have required software packages.
- No password, secrets, private key in the image.
- Vulnerable scanning and ensuring only patched versions of the packages are used.
- Trusted image repository / Image signing by VNF vendors.
- Container image download
- Secure communication with repositories
- Verifying the signature of images before they are launched.
- Periodic check for patched container images from the repository.
- Container run time
- Secret Management
- Mutual TLS for network security
- IPSEC for network security
- Syscall white listing, MAC (Mandatory Access Control)
- Usage of cgroups for resource isolation for all shared resources.
- Monitoring of system call usage
- Immutable - No run time patches to the packages. Always download full container image.
The main captured topics are are (Main focus areas):
- ONAP Credential Management & Secret Management
- static code scanning
- Image signing/verification
2 ONAP Credential Management.
...
- The credential management solution MUST be able to interact with existing credential creation and validation schemes
- The following types of certificates SHOULD be supported by ONAP:
- a, b, c, ...
- Securing the private keys - CA private keys shall be secured using HSMs (e.g PKCS11 secure generation and storage of private key)
- Usage of certificate identity wherever possible(binding an identity to a credential using the X.509v3 certificate)
...