/
Ensure Basic Authentication is disabled on Kubernetes Engine Clusters

Ensure Basic Authentication is disabled on Kubernetes Engine Clusters

Owned by Solomon F Prophete
Oct 23, 2020
1 min read

Description: 

Basic authentication allows a user to authenticate to the cluster with a username and password and it is stored in plain text without any encryption. Disabling Basic authentication will prevent attacks like brute force. Its recommended to use either client certificate or IAM for authentication.



Solution: 

Plaintext username/password must be disabled. Use client-certificate policy as stipulated above.



Reference: 

https://cloud.google.com/kubernetes-engine/docs/concepts/security-overview

Related content

Ensure Kubernetes Cluster is created with Client Certificate enabled
Ensure Kubernetes Cluster is created with Client Certificate enabled
CUIT CyberSecurity
More like this
Ensure Master authorized networks is set to Enabled on Kubernetes Engine Clusters
Ensure Master authorized networks is set to Enabled on Kubernetes Engine Clusters
CUIT CyberSecurity
More like this
Ensure Legacy Authorization is set to Disabled on Kubernetes Engine Clusters
Ensure Legacy Authorization is set to Disabled on Kubernetes Engine Clusters
CUIT CyberSecurity
More like this
Ensure Pod Security Policy controller is enabled on the Kubernetes Engine Clusters
Ensure Pod Security Policy controller is enabled on the Kubernetes Engine Clusters
CUIT CyberSecurity
More like this
Ensure Network policy is enabled on Kubernetes Engine Clusters
Ensure Network policy is enabled on Kubernetes Engine Clusters
CUIT CyberSecurity
More like this
Ensure default Service account is not used for Project access in Kubernetes Clusters
Ensure default Service account is not used for Project access in Kubernetes Clusters
CUIT CyberSecurity
More like this