This instructor-led course provides skills and knowledge across a broad range of best practices for securing container-based applications and Kubernetes platforms during build, deployment, and runtime.
Includes:
4 days of Instructor-led class time
Hands-on Labs & Assignments
Resources & Course Manual
Certificate of Completion
Digital Badge
12 Months of Access to Online Course
Registration for CKS exam
Audience:
This course is ideal for anyone holding a CKA certification and interested in or responsible for cloud security.
What you`ll learn:
This course exposes you to knowledge and skills needed to maintain security in dynamic, multi-project environments. This course addresses security concerns for cloud production environments and covers topics related to the security container supply chain, discussing topics from before a cluster has been configured through deployment, and ongoing, as well as agile use, including where to find ongoing security and vulnerability information. The course includes hands-on labs to build and secure a Kubernetes cluster, as well as monitor and log security events.
What it prepares you for:
This course is designed as preparation for the Certified Kubernetes Security Specialist (CKS) exam and will substantially increase students’ ability to become certified.
Course content:
Introduction
Linux Foundation
Linux Foundation Training
Linux Foundation Certifications
Linux Foundation Digital Badges
Laboratory Exercises, Solutions and Resources
E-Learning Course: LFS260
Platform Details
Cloud Security Overview
Multiple Projects
What is Security?
Assessment
Prevention
Detection
Reaction
Classes of Attackers
Types of Attacks
Attack Surfaces
Hardware and Firmware Considerations
Security Agencies
Manage External Access
Labs
Preparing to Install
Image Supply Chain
Runtime Sandbox
Verify Platform Binaries
Minimize Access to GUI
Policy Based Control
Labs
Installing the Cluster
Update Kubernetes
Tools to Harden the Kernel
Kernel Hardening Examples
Mitigating Kernel Vulnerabilities
Labs
Securing the kube-apiserver
Restrict Access to API
Enable Kube-apiserver Auditing
Configuring RBAC
Pod Security Policies
Minimize IAM Roles
Protecting etcd
CIS Benchmark
Using Service Accounts
\Labs
Networking
Firewalling Basics
Network Plugins
iptables
Mitigate Brute Force Login Attempts
Netfilter rule management
Netfilter Implementation
nft Concepts
Ingress Objects
Pod to Pod Encryption
Restrict Cluster Level Access
Labs
Workload Considerations
Minimize Base Image
Static Analysis of Workloads
Runtime Analysis of Workloads
Container Immutability
Mandatory Access Control
SELinux
AppArmor
Generate AppArmor Profiles
Labs
Issue Detection
Understanding Phases of Attack
Preparation
Understanding an Attack Progression
During an Incident
Handling Incident Aftermath
Intrusion Detection Systems
Threat Detection
Behavioral Analytics
Labs
Domain Reviews
Preparing for the Exam
Labs
Closing and Evaluation Survey
Evaluation Survey