Back to all scenarios
Scenario #263
Security
Kubernetes v1.21, Azure AKS

Unrestricted Network Policies Allowing Lateral Movement

Lack of restrictive network policies permitted lateral movement within the cluster after a pod compromise.

Find this helpful?
What Happened

An attacker compromised a pod and, due to unrestricted network policies, was able to move laterally within the cluster, accessing other pods and services.

Diagnosis Steps
  • 1Reviewed network policy configurations.
  • 2Identified absence of restrictions between pods.
  • 3Traced unauthorized access patterns in network logs.
Root Cause

Inadequate network segmentation due to missing or misconfigured network policies.

Fix/Workaround
• Implemented network policies to restrict inter-pod communication.
• Segmented the network based on namespaces and labels.
• Monitored network traffic for unusual patterns.
Lessons Learned

Proper network segmentation is crucial to contain breaches and prevent lateral movement.

How to Avoid
  • 1Define and enforce strict network policies.
  • 2Regularly audit network configurations and traffic patterns.
Previous ScenarioNext Scenario