Network misconfigurations

ACK cluster without network policy enabled

Platform(s)
Compliance Frameworks
  • AliCloud CIS
  • ,
  • CCPA
  • ,
  • cis_8
  • ,
  • CPRA
  • ,
  • ISO 27701
  • ,
  • iso_27001_2022
  • ,
  • iso_27002_2022
  • ,
  • mpa
  • ,
  • New Zealand Information Security Manual
  • ,
  • NIST 800-171
  • ,
  • NIST 800-190
  • ,
  • NIST 800-53
  • ,
  • PDPA

Description

Alibaba Cloud Container Service for Kubernetes (ACK) is a managed service compatible with Kubernetes to help users manage their containerized applications. It was detected that the Kubernetes cluster {AliCloudAckCluster} doesn't have network policy enabled. Pods in a Kubernetes cluster can communicate with one another by default which poses risks in production environments. A network policy allows you to control how pod groups can communicate with one another and with other network endpoints. Note, Kubernetes network policies are supported only by the Terway network plugin.