1.2.16 Ensure that the --insecure-bind-address argument is not set

Information

Do not bind the insecure API service.

If you bind the apiserver to an insecure address, basically anyone who could connect to it over the insecure port, would have unauthenticated and unencrypted access to your master node. The apiserver doesn't do any authentication checking for insecure binds and traffic to the Insecure API port is not encrypted, allowing attackers to potentially read sensitive data in transit.

Solution

None.

Impact:

Connections to the API server will require valid authentication credentials.

See Also

https://workbench.cisecurity.org/benchmarks/19464

Item Details

Category: SYSTEM AND SERVICES ACQUISITION

References: 800-53|SA-15, CSCv7|9.2

Plugin: OpenShift

Control ID: 53e36f8fb0d9d90f3cdb51c68a85e2a8f430a0346952134aa02fcde3a6e22d0c