Zero Trust Network Security Model in Containerized Environments

The impact of cloud computing and today's business needs to be responsive and able to manage and scale increasingly complex workloads have led to the development of new cloud-native models and technologies such as microservices, containers, and orchestrators. Modern applications are built on a microservices architecture, consisting of hundreds of small services that cooperate to form a meaningful application, gaining greater efficiency in their development, maintenance, and scalability. Containers are an emerging lightweight virtualization technology adopted to encapsulate and run applications and their dependencies, improving scalability, resource consumption, and portability across different platforms. However, enterprise infrastructures where services and data reside, are becoming increasingly complex, often consisting of a combination of multiple internal networks, remote offices, mobile devices, and cloud services. This has rendered traditional perimeter-based network security solutions focused on north-south traffic inadequate, as there is no single, easily identifiable perimeter for the company, and, moreover, once attackers breach the perimeter, no further lateral movement is prevented. Containerized environments introduced further complexity since containers are ephemeral entities continuously appearing and disappearing. The proposed solution to protect workloads and resources distributed on the infrastructure is the Zero Trust security model, which assumes that all entities within the network can potentially be compromised and therefore their operations must never be implicitly trusted, and every communication must be protected regardless of network location. Implementing Zero Trust principles means that every resource must continuously undergo a security posture assessment through a Policy Enforcement Point before a request for access to a company-owned asset is granted, adopting the principle of least privilege access. The goal of this thesis was to demonstrate how Zero Trust can be achieved in Kubernetes environments, since this orchestrator represents the de-facto standard to deploy and operate containerized applications. A Proof of Concept was accomplished by implementing a microservices application through SpringBoot and then deploying it on a Kubernetes cluster. Afterwards, two possible solutions for implementing a zero-trust network were evaluated and tested: Istio Service-Mesh and a container-based NGFW. The former consists of a set of Envoy proxies injected inside Kubernetes pods as sidecars that intercept incoming and outgoing traffic and, upon directives from a control plane, are able to enforce zero-trust principles by acting as a PEP for each microservice. Istio provides strong identities to every workload with X.509 certificates, TLS communication encryption, authentication, and fine-grained authorization policies, as well as auditing features. Instead, the latter represents a security node deployed within the K8s cluster as a pod, capable of intercepting any type of traffic entering or leaving the pods, performing L-7 inspection, and possibly blocking the malicious or unauthorized one. The tests performed highlight the pros and cons of both solutions, showing how they can be configured to implement a zero-trust architecture that also impacts east-west traffic, providing better visibility into operations within the cluster, achieving network microsegmentation, and reducing the impact of a security breach by mitigating lateral movement and data leakage.