This class prepares students for the Certified Kubernetes Security Specialist (CKS) exam. Kubernetes is a Cloud Orchestration Platform providing reliability, replication, and stability while maximizing resource utilization for applications and services. By the conclusion of this hands-on, vendor agnostic training you will be equipped with a thorough understanding of cloud security fundamentals, along with the knowledge, skills and abilities to secure a Kubernetes cluster, detect threats, and properly resolve a security catastrophe. This course includes hands-on instruction which develops skills and knowledge for securing container-based applications and Kubernetes platforms, during build, deployment, and runtime. We prioritize covering all objectives and concepts necessary for passing the Certified Kubernetes Security Specialist (CKS) exam. You will be provided the components necessary to assemble your own high availability Kubernetes environment and harden it for your security needs.

starstarstarstarstar

* Actual course outline may vary depending on offering center. Contact your sales representative for more information.

Learning Objectives

In this course, students will learn and practice essential Kubernetes concepts and tasks in the following sections:
Cloud Security Fundamentals
Cluster Hardening
System Hardening
Minimize Microservice Vulnerabilities
Supply Chain Security
Disaster Recovery
Secure Back-up and Restore

1

  • LEARNING YOUR ENVIRONMENT

  • Underlying Infrastructure

    Using Vim

    Tmux

2

  • CLOUD SECURITY PRIMER

  • Basic Principles

    Threat Analysis

    Approach

    CIS Benchmarks

3

  • SECURING YOUR KUBERNETES CLUSTER

  • Kubernetes Architecture

    Pods and the Control Plane

    Kubernetes Security Concepts

4

  • INSTALL KUBERNETES USING KUBEADM

  • Configure Network Plugin Requirements

    Kubeadm Basic Cluster

    Installing Kubeadm

    Join Node to Cluster

    Kubeadm Token

    Manage Kubeadm Tokens

    Kubeadm Cluster Upgrade

5

  • SECURING THE KUBE-APISERVER

  • Configuring the kube-apiserver

    Enable Audit Logging

    Falco

    Deploy Falco to Monitor System Calls

    Enable Pod Security Policies

    Encrypt Data at Rest

    Encryption Configuration

    Benchmark Cluster with Kube-Bench

    Kube-Bench

6

  • SECURING ETCD

  • ETCD Isolation

    ETCD Disaster Recovery

    ETCD Snapshot and Restore

7

  • PURGE KUBERNETES

  • Purge Kubeadm

    3Purge Kubeadm

8

  • IMAGE SCANNING

  • Container Essentials

    Secure Containers

    Creating a Docker Image

    Scanning with Trivy

    Trivy

    Snyk Security

9

  • MANUALLY INSTALLING KUBERNETES

  • Kubernetes the Alta3 Way

    Deploy Kubernetes the Alta3 Way

    Validate your Kubernetes Installation

    Sonobuoy K8s Validation Test

10

  • KUBECTL (OPTIONAL)

  • Kubectl get and sorting

    kubectl get

    kubectl describe

11

  • LABELS (OPTIONAL)

  • Labels

    Labels and Selectors

    Annotations

    Insert an Annotation

12

  • SECURING YOUR APPLICATION

  • Scan a Running Container

    Tracee

    Security Contexts for Pods

    Understanding Security Contexts

    AppArmor Profiles

    AppArmor

    Isolate Container Kernels

    gVisor

13

  • POD SECURITY

  • Pod Security Policies

    Deploy a PSP

    Pod Security Standards

    Enable PSS

14

  • OPEN POLICY AGENT (OPA)

  • Admission Controller

    Create a LimitRange

    Open Policy Agent

    Policy as Code

    Deploy Gatekeeper

15

  • USER ADMINISTRATION

  • Contexts

    Contexts

    Authentication and Authorization

    Role Based Access Control

    Role Based Access Control

    RBAC Distributing Access

    Service Accounts

    Limit Pod Service Accounts

16

  • SECURING SECRETS

  • Secrets

    Create and Consume Secrets

    Hashicorp Vault

    Deploy Vault

17

  • SECURING THE NETWORK

  • Networking Plugins

    NetworkPolicy

    Deploy a NetworkPolicy

    mTLS

    Linkerd

    mTLS with istio

    istio

18

  • THREAT DETECTION

  • Active Threat Analysis

    Host Intrusion Detection

    Deploy OSSEC

    Network Intrusion Detection

    Deploy Suricata

    Physical Intrusion Detection

19

  • DISASTER RECOVERY

  • Harsh Reality of Security

    Deploy a Response Plan

    Kasten K10 Backups

    Deploy K10

Audience

Security Professionals working with Kubernetes Clusters Container Orchestration Engineers DevOps Professionals

Language

English

Prerequisites

This course is intended for students who have experience with the core components of Kubernetes. It is suggested that students take the Certified Kubernetes Administrator course prior to taking the Certified Kubernetes Security Specialist course. However, instructors will always strive to assure every student gains a very thorough understanding of the material covered, regardless of the students’ prior experience. Furthermore, this course has already taken into consideration the attendance of less experienced learners. Finally, experience and knowledge of Linux fundamentals is strongly recommended.

$2,395

Length: 5.0 days (40 hours)

Level:

Not Your Location? Change

Course Schedule:

Schedule select
13
Nov
Monday
10:00 AM ET -
6:00 PM ET
Filling Fast
Available
Loading...