SSH server running inside container
Info
ID: MS-TA9010
Tactic: Execution
MITRE technique:
SSH server that is running inside a container may be used by attackers. If attackers gain valid credentials to a container, whether by brute force attempts or by other methods (such as phishing), they can use it to get remote access to the container by SSH.
Mitigations
| ID | Mitigation | Description |
|---|---|---|
| MS-M9015 | Avoid Running Management Interface on Containers | Avoid running SSH daemon on containers |
| MS-M9014 | Network Segmentation | Limit network access to containers |
| MS-M9011 | Restrict Container Runtime using LSM | Limit which process can open network socket on a container. |