Connect from proxy server
Info
ID: MS-TA9024
Tactic: Defense Evasion
MITRE technique: T1090
Attackers may use proxy servers to hide their origin IP. Specifically, attackers often use anonymous networks such as TOR for their activity. This can be used for communicating with the applications themselves or with the API server.
Mitigations
ID | Mitigation | Description |
---|---|---|
MS-M9002 | Restrict access to the API server using IP firewall | Restrict access to the API server from known IP addresses |
MS-M9014 | Network Segmentation | Limit network access from known proxy networks. |
MS-M9021 | Restrict the usage of unauthenticated APIs in the cluster | Restrict unauthenticated API to the Kubernetes API server. |
MS-M9009 | Require Strong Authentication to Services | Limit usage of kubeconfig authentication to the API server |