Kubernetes Security Fundamentals (LFS460)

This instructor-led course provides skills and knowledge across a broad range of best practices for securing container-based applications and Kubernetes platforms during build, deployment, and runtime.

Includes

    4 days of Instructor-led class time
    Hands-on Labs & Assignments
    Resources & Course Manual
    Certificate of Completion
    Digital Badge
    12 Months of Access to Online Course
    Registration for CKS exam

Audience:

This course is ideal for anyone holding a CKA certification and interested in or responsible for cloud security.

What you`ll learn:

This course exposes you to knowledge and skills needed to maintain security in dynamic, multi-project environments. This course addresses security concerns for cloud production environments and covers topics related to the security container supply chain, discussing topics from before a cluster has been configured through deployment, and ongoing, as well as agile use, including where to find ongoing security and vulnerability information. The course includes hands-on labs to build and secure a Kubernetes cluster, as well as monitor and log security events.

What it prepares you for:

This course is designed as preparation for the Certified Kubernetes Security Specialist (CKS) exam and will substantially increase students’ ability to become certified.

Course content:

Introduction

  • Linux Foundation
  • Linux Foundation Training
  • Linux Foundation Certifications
  • Linux Foundation Digital Badges
  • Laboratory Exercises, Solutions and Resources
  • E-Learning Course: LFS260
  • Platform Details

Cloud Security Overview

  • Multiple Projects
  • What is Security?
  • Assessment
  • Prevention
  • Detection
  • Reaction
  • Classes of Attackers
  • Types of Attacks
  • Attack Surfaces
  • Hardware and Firmware Considerations
  • Security Agencies
  • Manage External Access
  • Labs

Preparing to Install

  • Image Supply Chain
  • Runtime Sandbox
  • Verify Platform Binaries
  • Minimize Access to GUI
  • Policy Based Control
  • Labs

Installing the Cluster

  • Update Kubernetes
  • Tools to Harden the Kernel
  • Kernel Hardening Examples
  • Mitigating Kernel Vulnerabilities
  • Labs

Securing the kube-apiserver

  • Restrict Access to API
  • Enable Kube-apiserver Auditing
  • Configuring RBAC
  • Pod Security Policies
  • Minimize IAM Roles
  • Protecting etcd
  • CIS Benchmark
  • Using Service Accounts
  • \Labs

Networking

  • Firewalling Basics
  • Network Plugins
  • iptables
  • Mitigate Brute Force Login Attempts
  • Netfilter rule management
  • Netfilter Implementation
  • nft Concepts
  • Ingress Objects
  • Pod to Pod Encryption
  • Restrict Cluster Level Access
  • Labs

Workload Considerations

  • Minimize Base Image
  • Static Analysis of Workloads
  • Runtime Analysis of Workloads
  • Container Immutability
  • Mandatory Access Control
  • SELinux
  • AppArmor
  • Generate AppArmor Profiles
  • Labs

Issue Detection

  • Understanding Phases of Attack
  • Preparation
  • Understanding an Attack Progression
  • During an Incident
  • Handling Incident Aftermath
  • Intrusion Detection Systems
  • Threat Detection
  • Behavioral Analytics
  • Labs

Domain Reviews

  • Preparing for the Exam
  • Labs

Closing and Evaluation Survey

  • Evaluation Survey

 

Other relevant courses

2 days
Classroom
2 days
Classroom