Cyber Security
Infrasturcutre
Embedded Files
Lecture 09: Infrastructure Security
Lecture 09: Infrastructure Security
Alerting system
Alerting system
Purpose
Purpose
CPU and Memory alerting is not only about performance monitoring but also a security defense mechanism. Abnormal usage patterns often signal attacks, compromised containers, or misconfigurations.
Mechanisms in OpenShift
Mechanisms in OpenShift
Resource Quotas & Limits
Each Pod/Container is assigned a request (minimum needed) and a limit (maximum allowed).
Prevents noisy-neighbor issues and malicious overconsumption (e.g., internal DoS).
Prometheus + Alertmanager (Built-in)
Collects metrics from Kubelet and cAdvisor.
Example Alerts:
Pod CPU usage > 90% for 5 min.
Node Memory usage > 80%.
Containers running without defined limits.
Node Problem Detector
Detects kernel issues, memory leaks, hung processes at OS level.
Grafana Dashboards (Visualization)
Visualize CPU/Memory trends and detect anomalies faster.
Security Use Cases
Security Use Cases
Cryptomining detection: Sudden CPU spikes from compromised Pods.
Memory DoS: A malicious Pod consumes all memory, crashing nodes.
Policy enforcement: Ensuring no workloads bypass defined limits (compliance control).
Early incident response: Alerts trigger automated remediation (e.g., pod eviction, scaling, or security investigation).
Best Practice: Treat resource monitoring alerts as part of your DiD: Defense in Depth strategy. Integrate alerts with SIEM/SOC workflows to correlate with other security signals.
Hardening Model
Hardening Model
Utilize secretmaps for secrets
Regularly backup etcd
Test disaster recovery procedures
Integrate with SEIM
Disable SSH root access
Separate staging and production
PIM(Privilege Identity Management)
PIM(Privilege Identity Management)
Definition:
Security process for managing the lifecycle and policies of privileged identities — creation, approval, expiration, and governance.
Focus: Identity governance and policy enforcement.
Top 10 Best Practices for PIM
Top 10 Best Practices for PIM
Define clear privileged identity policies and ownership.
Enable just-in-time identity activation with auto-expiry.
Require multi-factor authentication before activating privileged roles.
Integrate with directory services (AD, Azure AD) for centralized control.
Use role-based access control (RBAC) to manage privileged identities.
Log and audit all privileged identity assignments.
Enforce time-bound access for temporary roles.
Regularly review privileged identity assignments.
Automate approval workflows for role activation.
Conduct periodic compliance reporting for governance.
PAM (Privilege access management)
PAM (Privilege access management)
Definition:
Security discipline that controls, monitors, and secures access to critical systems and accounts (admin, root, service accounts, etc.).
Top 10 Best Practices for PAM
Top 10 Best Practices for PAM
Inventory all privileged accounts across systems, apps, and devices.
Apply least privilege — give only the necessary access, nothing more.
Use strong authentication (MFA, biometrics) for privileged sessions.
Centralize credential storage in a secure vault.
Rotate and randomize passwords automatically after each use.
Monitor and record privileged sessions for auditing.
Control just-in-time (JIT) access — grant access only when needed.
Segment networks to limit lateral movement.
Enforce approval workflows for high-risk privileged actions.
Regularly review and remove unused privileged accounts.
Dr. Ghoniem Lawaty
Tech Evangelist @TechHuB Egypt
Page updated
Google Sites
Report abuse