Skip to content

Network Access

It is good security practice to prevent your containers from communicating with the internet by default.

However, some evals may require internet access (e.g. to install packages or research topics). The built-in Helm chart allows you to specify a list of domains that your containers can access.

Cilium

The built-in Helm chart uses Cilium Network Policies to restrict network access.

Cilium has tooling to observe network requests, such as Hubble. Though note from the limitations section that domain names will not be shown when using the built-in Helm chart due to how DNS resolution is handled.

See the limitations section for how Cilium may make certain Cyber misuse evals harder or impossible to solve.