ASR
Definition
ASR, or Attack Surface Reduction, refers to a set of security practices and technologies aimed at minimizing the number of potential entry points for attackers into a system. By reducing the attack surface, organizations can limit the opportunities for malicious actors to exploit vulnerabilities. This involves configuring systems and applications to only expose necessary services and ports, applying the principle of least privilege, and continuously monitoring for unauthorized changes.
Secure Settings Example
# Example of a secure Kubernetes PodSecurityPolicy
apiVersion: policy/v1beta1
kind: PodSecurityPolicy
metadata:
name: restricted
spec:
privileged: false
allowPrivilegeEscalation: false
runAsUser:
rule: MustRunAsNonRoot
seLinux:
rule: RunAsAny
supplementalGroups:
rule: MustRunAs
ranges:
- min: 1
max: 65535
fsGroup:
rule: MustRunAs
ranges:
- min: 1
max: 65535
volumes:
- 'configMap'
- 'emptyDir'
- 'persistentVolumeClaim'
- 'secret'
Insecure Settings Example
# Example of an insecure Kubernetes PodSecurityPolicy
apiVersion: policy/v1beta1
kind: PodSecurityPolicy
metadata:
name: permissive
spec:
privileged: true
allowPrivilegeEscalation: true
runAsUser:
rule: RunAsAny
seLinux:
rule: RunAsAny
supplementalGroups:
rule: RunAsAny
fsGroup:
rule: RunAsAny
volumes:
- '*'