Ensure protocols are explicitly declared where possible for Istio Services

MEDIUM

Description

Protocols are not explicitly declared for Istio Services. If protocol cannot be determined automatically, all traffic is treated as plain TCP traffic which is not the most secure protocol.

Remediation

Protocols can be specified manually in the Service definition. This can be configured in two ways:

By the name of the port: name: [-].
In Kubernetes 1.18+, by the appProtocol field: appProtocol: .

References:
https://istio.io/latest/docs/ops/configuration/traffic-management/protocol-selection/
https://kubernetes.io/docs/concepts/services-networking/service/

Policy Details

Rule Reference ID: AC_K8S_0119

CSP: Kubernetes

Remediation Available: No

Domain: Security Best Practices

Resource: kubernetes_istio_service

Resource Category: Virtual Network

Resource Type: Istio

Frameworks

GDPR
HIPAA
NIST-800-171
NIST-800-53
NIST-CSF
PCI-DSSv3.2.1
PCI-DSSv4.0

Detections

Analytics