Question

How to identify Internet accessible nodes and container pods ( inbound from internet)?

  • 5 September 2023
  • 1 reply
  • 228 views

Hi,

Looking for some advice.

Basically with-in lacework kubernetes , looking to see which pods & nodes are accessible from internet ( inbound from internet). What i found so far is we can use 

Resources → Kubernetes → Pod Network → External connections . You can select all columns and download a CSV. 

There is a similar view for actual nodes as well. Node→ Kubernetes → Node Network → Node External Connections 

I am not 100% sure if this is accurate. Also this does not tell what ports are open for inbound connections ( some of the ports listed are >65k which seems to be odd as well)

Wondering if anyone had figured out the correct way to “Identify Internet accessible nodes and container pods ( inbound from internet)?”.

 

Thanks in advance

Agent

Linux 6.6X

Platform

Using Lacework/Operationalizing

Cloud

GCP


1 reply

Hi!

We have a new feature called “Attack Path Analysis”, part of which does exactly this - identifying Internet exposed instances based on your cloud configuration. It’s currently in Public Preview for GCP - reach out to your account team if you’d like it enabled on your account!

Please see our announcement in Release Notes here: 

https://docs.lacework.net/releases/2023-08-platform-releases 

and the general documentation here:

 https://docs.lacework.net/console/attack-path-analysis-overview#about-attack-paths

Best regards,

Alex

Reply