🦝 Canals and Bridges: Using Amsterdam’s Transit System To Secure K8s Networks

The presentation discusses how to secure a Kubernetes network by identifying components, boundaries, and threats, triaging issues, and implementing regular maintenance.

• Identify the components, boundaries, and threats of the network
• Triage security issues based on complexity, threat, and impact
• Implement regular maintenance and security game days
• Useful tools are available to help secure the network

The speaker uses a risk register as a common way to log security issues that could be retriaged and picked up at any time. The register includes a sentence that suggests how the risk is being managed, which allows for future evaluation.

Amsterdam has over 1200 bridges crossing the city's many canals and waterways. The web of bridges and canals continues to be used to move people and resources through the city, and has also aided in its defence. This complex lattice of connected components could be likened to a complex Kubernetes network. In this talk we will use Amsterdam’s city structure to visualize the benefits and challenges involved with security a k8s network. We will talk about how to get to know a network; perform a threat model and use the findings to plan and implement a strong security strategy. This talk will share useful network monitoring tools (eBPF anyone?!), important methods for planning a security strategy, go over how to make the most of NetworkPolicies and of course cover the cloud security basics. Attendees will leave this talk feeling ready (and pumped) to try out several strategies for evaluating and implementing security measures for their Kubernetes networks.