Description

Duration

5 Days

30 CPD hours

This course is intended for

Security Professionals working with Kubernetes Clusters
Container Orchestration Engineers
DevOps Professionals

Overview

In this course, students will learn and practice essential Kubernetes concepts and tasks in the following sections:
Cloud Security Fundamentals
Cluster Hardening
System Hardening
Minimize Microservice Vulnerabilities
Supply Chain Security
Disaster Recovery
Secure Back-up and Restore

This class prepares students for the Certified Kubernetes Security Specialist (CKS) exam. Kubernetes is a Cloud Orchestration Platform providing reliability, replication, and stabilitywhile maximizing resource utilization for applications and services. By the conclusion of this hands-on, vendor agnostic training you will be equipped with a thorough understanding ofcloud security fundamentals, along with the knowledge, skills and abilities to secure a Kubernetes cluster, detect threats, and properly resolve a security catastrophe. This courseincludes hands-on instruction which develops skills and knowledge for securing container-based applications and Kubernetes platforms, during build, deployment, and runtime. We prioritizecovering all objectives and concepts necessary for passing the Certified Kubernetes Security Specialist (CKS) exam. You will be provided the components necessary to assemble your ownhigh availability Kubernetes environment and harden it for your security needs.

Learning Your Environment

Underlying Infrastructure

Using Vim

Tmux

Cloud Security Primer

Basic Principles

Threat Analysis

Approach

CIS Benchmarks

Securing your Kubernetes Cluster

Kubernetes Architecture

Pods and the Control Plane

Kubernetes Security Concepts

Install Kubernetes using kubeadm

Configure Network Plugin Requirements

Kubeadm Basic Cluster

Installing Kubeadm

Join Node to Cluster

Kubeadm Token

Manage Kubeadm Tokens

Kubeadm Cluster Upgrade

Securing the kube-apiserver

Configuring the kube-apiserver

Enable Audit Logging

Falco

Deploy Falco to Monitor System Calls

Enable Pod Security Policies

Encrypt Data at Rest

Encryption Configuration

Benchmark Cluster with Kube-Bench

Kube-Bench

Securing ETCD

ETCD Isolation

ETCD Disaster Recovery

ETCD Snapshot and Restore

Purge Kubernetes

Purge Kubeadm

3Purge Kubeadm

Image Scanning

Container Essentials

Secure Containers

Creating a Docker Image

Scanning with Trivy

Trivy

Snyk Security

Manually Installing Kubernetes

Kubernetes the Alta3 Way

Deploy Kubernetes the Alta3 Way

Validate your Kubernetes Installation

Sonobuoy K8s Validation Test

Kubectl (Optional)

Kubectl get and sorting

kubectl get

kubectl describe

Labels (Optional)

Labels

Labels and Selectors

Annotations

Insert an Annotation

Securing your Application

Scan a Running Container

Tracee

Security Contexts for Pods

Understanding Security Contexts

AppArmor Profiles

AppArmor

Isolate Container Kernels

gVisor

Pod Security

Pod Security Policies

Deploy a PSP

Pod Security Standards

Enable PSS

Open Policy Agent (OPA)

Admission Controller

Create a LimitRange

Open Policy Agent

Policy as Code

Deploy Gatekeeper

User Administration

Contexts

Contexts

Authentication and Authorization

Role Based Access Control

Role Based Access Control

RBAC Distributing Access

Service Accounts

Limit Pod Service Accounts

Securing Secrets

Secrets

Create and Consume Secrets

Hashicorp Vault

Deploy Vault

Securing the Network

Networking Plugins

NetworkPolicy

Deploy a NetworkPolicy

mTLS

Linkerd

mTLS with istio

istio

Threat Detection

Active Threat Analysis

Host Intrusion Detection

Deploy OSSEC

Network Intrusion Detection

Deploy Suricata

Physical Intrusion Detection

Disaster Recovery

Harsh Reality of Security

Deploy a Response Plan

Kasten K10 Backups

Deploy K10

Course Images

Certified Kubernetes Security Specialist (CKS)

By Nexus Human

Booking options

Highlights

Description

About The Provider

Tags

Reviews