Session Name: Secure Your Prometheus Server From Indiscreet Eyes or Die by Metrics
Prometheus has become the standard for monitoring Kubernetes services. It comes with a set of helpful exporters, and Kubernetes offers several metrics endpoints directly through the API. These features enable monitoring and troubleshooting of most situations that SREs face on a daily basis. But, what if an attacker accesses your Prometheus server? How much information can they get for fingerprinting the cluster? Kernel versions, IP addresses, instance types, library versions…the list goes on and on.
In this session, you will learn the best practices on how to secure your Prometheus server from curious eyes and what could be the consequences of not implementing them.
Miguel is a student for life with a passion for innovation. He has spoken at several cyber-security conferences, including HITB, RootedCon, TheStandoff, and Codemotion. Miguel spent the last six years working in security research at big tech companies. In addition to contributing his own open-source projects. Now he is a Security Content Engineer at Sysdig.