We provide virtual course about Kubernetes Security Fundamentals (LFS460). This instructor-led course provides skills and knowledge across a broad range of best practices for securing container-based applications and Kubernetes platforms during build, deployment, and runtime.
What you will learn:
This course exposes you to knowledge and skills needed to maintain security in dynamic, multi-project environments. This course addresses security concerns for cloud production environments and covers topics related to the security container supply chain, discussing topics from before a cluster has been configured through deployment, and ongoing, as well as agile use, including where to find ongoing security and vulnerability information.
The course includes hands-on labs to build and secure a Kubernetes cluster, as well as monitor and log security events.This course is designed as preparation for the Certified Kubernetes Security Specialist (CKS) exam and will substantially increase students’ ability to become certified.
Course outline:
Module 1 - Introduction:
• Linux Foundation
• Linux Foundation Training
• Linux Foundation Certifications
• Linux Foundation Digital Badges
• Laboratory Exercises, Solutions and Resources
• E-Learning Course: LFS260
• Platform Details
Module 2 - Cloud Security Overview:
• Multiple Projects
• What is Security
• Assessment
• Prevention
• Detection
• Reaction
• Classes of Attackers
• Types of Attacks
• Attack Surfaces
• Hardware and Firmware Considerations
• Security Agencies
• Manage External Access
• Labs
Module 3 - Preparing to Install:
• Image Supply Chain
• Runtime Sandbox
• Verify Platform Binaries
• Minimize Access to GUI
• Policy Based Control
• Labs
Module 4 - Installing the Cluster:
• Update Kubernetes
• Tools to Harden the Kernel
• Kernel Hardening Examples
• Mitigating Kernel Vulnerabilities
• Labs
Module 5 - Securing the kube-apiserver:
• Restrict Access to API
• Enable Kube-apiserver Auditing
• Configuring RBAC
• Pod Security Policies
• Minimize IAM Roles
• Protecting etcd
• CIS Benchmark
• Using Service Accounts
• \Labs
Module 6 - Networking:
• Firewalling Basics
• Network Plugins
• iptables
• Mitigate Brute Force Login Attempts
• Netfilter rule management
• Netfilter Implementation
• nft Concepts
• Ingress Objects
• Pod to Pod Encryption
• Restrict Cluster Level Access
• Labs
Module 7 - Workload Considerations:
• Minimize Base Image
• Static Analysis of Workloads
• Runtime Analysis of Workloads
• Container Immutability
• Mandatory Access Control
• SELinux
• AppArmor
• Generate AppArmor Profiles
• Labs
Module 8 - Issue Detection:
• Understanding Phases of Attack
• Preparation
• Understanding an Attack Progression
• During an Incident
• Handling Incident Aftermath
• Intrusion Detection Systems
• Threat Detection
• Behavioral Analytics
• Labs
Module 9 - Domain Reviews:
• Preparing for the Exam
• Labs
Module 10 - Closing and Evaluation Survey:
• Evaluation Survey
Includes:
• 4 days of Instructor-led class time
• Hands-on Labs & Assignments
• Resources & Course Manual
• Certificate of Completion
• Digital Badge
• 12 Months of Access to Online Course
• Registration for CKS exam
Target audience:
This course is ideal for anyone holding a CKA certification and interested in or responsible for cloud security
Language:
• English course material, english speaking instructor