Ip spoofing attack in AKS

Tanul 1,251 Reputation points
2020-09-12T08:47:40.543+00:00

Hello,

We are thinking to enable authorized IP ranges in aks to expose service only to my organisation.

If we do not add application gateway or maximum we can add the small sku of app gateway then what are the chances that our service is safe from IP spoofing attacks.

Does microsoft handles it at their level or not. Is the IP range whitelisting is enough or do we need to add any other resource to save ourselves from such attacks.

I would be grateful if someone can suggest few opensource solutions as well.

Thank you

Azure DDos Protection
Azure DDos Protection
An Azure service that provides defense against distributed denial-of-service (DDoS) attacks.
63 questions
Azure Firewall
Azure Firewall
An Azure network security service that is used to protect Azure Virtual Network resources.
566 questions
Azure Application Gateway
Azure Application Gateway
An Azure service that provides a platform-managed, scalable, and highly available application delivery controller as a service.
957 questions
Azure Kubernetes Service (AKS)
Azure Kubernetes Service (AKS)
An Azure service that provides serverless Kubernetes, an integrated continuous integration and continuous delivery experience, and enterprise-grade security and governance.
1,855 questions
Accepted answer
  1. VipulSparsh-MSFT 16,231 Reputation points Microsoft Employee
    2020-09-14T07:09:27.413+00:00

    @Tanul Thanks for reaching out. Azure has an integrated high-level security system to protect the customers from different network attack and malicious activity.

    The IP spoofing protection also included in the whole system by applying the ACL to allow only Microsoft trusted IP being routed within Azure backbone network.

    You can read more about it here : https://learn.microsoft.com/en-us/azure/security/fundamentals/production-network#connection-to-production-network-and-associated-firewalls

    You can also have Azure DDos protection plan which you can read here : https://learn.microsoft.com/en-us/azure/virtual-network/ddos-protection-overview

    -----------------------------------------------------------------------------------------------------------------

    If the suggested response helped you resolve your issue, please do not forget to accept the response as Answer and "Up-Vote" for the answer that helped you for benefit of the community.

0 additional answers

Sort by: Most helpful
Most helpful Newest Oldest