Masuk

Kubernetes Security

This course provides knowledge of best practices for securing container-based applications and Kubernetes platforms during build, deployment and runtime. This course concerns for cloud production environments and covers topics related to the security container supply chain, discussing topics from before a cluster has been configured through deployment, and ongoing, as well as agile use, including where to find ongoing security and vulnerability information. The course includes hands-on labs to build and secure a Kubernetes cluster, as well as monitor and log security events.

Audience
System Administrators, Cloud Administrators, Security Engineer, Developers

Prerequisites
Docker for Development and Operations (DO-OPS) Training, Kubernetes Administration (K9-ADM)

Outline

  • Course Introduction
  • Cloud Security Overview
  • Container Runtime Overview
  • Mitigating Kernel Vulnerabilities
  • Deploy Secure Kubernetes Cluster
  • Securing Kube API Server
  • Image Security Analysis
  • Container Security Analysis
  • Kubernetes Audit
  • Kubernetes Network Policy
  • Kubernetes Workload Considerations
  • Pod Security Policy
  • Certified Kubernetes Security Exam Preparation

Kurikulum Kursus

  • Modul 1

    Cloud Security Overview

    • What is Security?
    • Basic Principles
    • Attack Sources
    • Types of Attacks
    • The 4Cs of Security
    • NIST Cybersecurity Framework
    • CIS Benchmarks
    • kube-bench
    • High Value Asset Protection
    • Improve Security Team Culture
    • Limit Access
    • Lab 1.1 Lab Preparation
    • Lab 1.2 Deploy Kubernetes Cluster
    • Lab 1.3 kube-bench
    • Quis 1.1 Fixing Issues of API Server, Kubelet, ETCD
  • Modul 2

    Secure Kubernetes Cluster

    • Where Do Your Images Come From
    • Container Runtime
    • RuntimeClass
    • gVisor
    • Kata
    • Gatekeeper
    • Trusted Packages
    • Protect the Kernel
    • Finding Kernel Vulnerabilities
    • Secret
    • Lab 2.1 Implement Container Runtime Sandbox gVisor
    • Lab 2.2 OPA Gatekeeper
    • Quis 2.1 Container Runtime Sandbox
    • Quis 2.2 Secret
  • Modul 3

    Secure the kube-apiserver

    • Enable Audit Log
    • Configure API Auditing
    • Audit Policy
    • Role Based Access Control
    • RBAC Role and ClusterRole
    • RBAC RoleBinding
    • Pod Security Policies (PSP)
    • Identity and Access Management
    • Persistent State from etcd
    • Start Using Service Accounts
    • Create a Role
    • Bind the Role
    • Lab 3.1 Enabling API Server Auditing
    • Lab 3.2 Limiting Access Control with RBAC
    • Lab 3.3 Security Context
    • Lab 3.4 Pod Security Policies
    • Quis 3.1 Service Account
    • Quis 3.2 PodSecurityPolicy
    • Quis 3.3 Audit Logs
    • Quis 3.4 RBAC
  • Modul 4

    Networking

    • Kubernetes Network
    • Services and Firewalls
    • Terms and Expressions
    • Stateful vs Stateless
    • Several Network Plugins
    • Chains (of Rules) & Tables (of Chains)
    • Netfilter
    • Netflier (.cont)
    • Firewalld
    • Ingress Controller
    • Service Mesh
    • mTLS
    • Network Policies
    • Lab 4.1 Implement Network Security Policy
    • Lab 4.2 Configure an Ingress Controller
    • Lab 4.3 Configure mTLS (Linkerd)
    • Quis 4.1 Network Policy Default Deny
    • Quis 4.2 Network Policy Pod Restriction
    • Quis 4.3 Delete not stateless and not immutable pods
  • Modul 5

    Workload Consideration

    • Trivy
    • Falco
    • SELinux Overview & Enforcement Modes
    • Seccomp & Apparmor
    • Dockerfile Best Practices
    • Lab 5.1 Check Image Vulnerablility using Tryvy
    • Lab 5.2 Check Image Vulnerablility using Docker Scan
    • Lab 5.3 Using Falco to Monitor Audit Events
    • Quis 5.1 Trivy
    • Quis 5.2 Falco
    • Quis 5.3 AppArmor
    • Quis 5.4 Fixing Dockerfile and Manifest
    • Quis 5.5 Admission Controller
  • Modul 6

    Comprehensive Review

    • Preparing for the Exam
Level Mahir
K9SEC-2021-ESDM
9 Des. 2021 - 20 Des. 2021

Kategori

Security