Skip to content

Connect from proxy server

Info

ID: MS-TA9024
Tactic: Defense Evasion
MITRE technique: T1090

Attackers may use proxy servers to hide their origin IP. Specifically, attackers often use anonymous networks such as TOR for their activity. This can be used for communicating with the applications themselves or with the API server.

Mitigations

ID Mitigation Description
MS-M9002 Restrict access to the API server using IP firewall Restrict access to the API server from known IP addresses
MS-M9014 Network Segmentation Limit network access from known proxy networks.
MS-M9021 Restrict the usage of unauthenticated APIs in the cluster Restrict unauthenticated API to the Kubernetes API server.
MS-M9009 Require Strong Authentication to Services Limit usage of kubeconfig authentication to the API server