Vendor services misconfigurations

GKE Nodepool creating nodes without Secure Boot

Risk Level

Informational (4)

Platform(s)
Compliance Frameworks

Description

Secure Boot helps ensure that the system only runs authentic software by verifying the digital signature of all boot components, and halting the boot process if signature verification fails in order to prevent an attacker that seeks to alter boot components to persist malware or root kits during system initialisation. It was detected that {GcpGkeCluster.NodePools} does not use Secure Boot feature for it's nodes.

  • Recommended Mitigation

    Ensure Secure Boot feature is enabled on all nodes. For more info: <a href="https://cloud.google.com/kubernetes-engine/docs/how-to/shielded-gke-nodes#secure_boot" target="_blank" rel="noopener noreferrer">https://cloud.google.com/kubernetes-engine/docs/how-to/shielded-gke-nodes#secure_boot</a>

Need help?

Get a free Security Risk Assessment. Start today

See Orca in action See Orca in action-> View a 10 minute recorded demo or sign up for a personalized one-on-one walk-through.