Back
Information Technology
Certified Kubernetes Security Specialist (CKS)
What You'll Learn
In this course, students will learn and practice essential Kubernetes concepts and tasks in the following sections:
Cloud Security Fundamentals
Cluster Hardening
System Hardening
Minimize Microservice Vulnerabilities
Supply Chain Security
Disaster Recovery
Secure Back-up and Restore
Description
This class prepares students for the Certified Kubernetes Security Specialist (CKS) exam. Kubernetes is a Cloud Orchestration Platform providing reliability, replication, and stability
while maximizing resource utilization for applications and services. By the conclusion of this hands-on, vendor agnostic training you will be equipped with a thorough understanding of
cloud security fundamentals, along with the knowledge, skills and abilities to secure a Kubernetes cluster, detect threats, and properly resolve a security catastrophe. This course
includes hands-on instruction which develops skills and knowledge for securing container-based applications and Kubernetes platforms, during build, deployment, and runtime. We prioritize
covering all objectives and concepts necessary for passing
Who Should Attend
Security Professionals working with Kubernetes Clusters
Container Orchestration Engineers
DevOps Professionals
Course Overview
This class prepares students for the Certified Kubernetes Security Specialist (CKS) exam. Kubernetes is a Cloud Orchestration Platform providing reliability, replication, and stability while maximizing resource utilization for applications and services. By the conclusion of this hands-on, vendor agnostic training you will be equipped with a thorough understanding of
cloud security fundamentals, along with the knowledge, skills and abilities to secure a Kubernetes cluster, detect threats, and properly resolve a security catastrophe. This course
includes hands-on instruction which develops skills and knowledge for securing container-based applications and Kubernetes platforms, during build, deployment, and runtime. We prioritize
covering all objectives and concepts necessary for passing the Certified Kubernetes Security Specialist (CKS) exam. You will be provided the components necessary to assemble your own
high availability Kubernetes environment and harden it for your security needs.
Course Prerequisites
No results found.
Course Agenda
19 Title
Course Agenda
1
Learning Your Environment
Underlying Infrastructure
Using Vim
Tmux
Using Vim
Tmux
2
Cloud Security Primer
Basic Principles
Threat Analysis
Approach
CIS Benchmarks
Threat Analysis
Approach
CIS Benchmarks
3
Securing your Kubernetes Cluster
Kubernetes Architecture
Pods and the Control Plane
Kubernetes Security Concepts
Pods and the Control Plane
Kubernetes Security Concepts
4
Install Kubernetes using kubeadm
Configure Network Plugin Requirements
Kubeadm Basic Cluster
Installing Kubeadm
Join Node to Cluster
Kubeadm Token
Manage Kubeadm Tokens
Kubeadm Cluster Upgrade
Kubeadm Basic Cluster
Installing Kubeadm
Join Node to Cluster
Kubeadm Token
Manage Kubeadm Tokens
Kubeadm Cluster Upgrade
5
Securing the kube-apiserver
Configuring the kube-apiserver
Enable Audit Logging
Falco
Deploy Falco to Monitor System Calls
Enable Pod Security Policies
Encrypt Data at Rest
Encryption Configuration
Benchmark Cluster with Kube-Bench
Kube-Bench
Enable Audit Logging
Falco
Deploy Falco to Monitor System Calls
Enable Pod Security Policies
Encrypt Data at Rest
Encryption Configuration
Benchmark Cluster with Kube-Bench
Kube-Bench
6
Securing ETCD
ETCD Isolation
ETCD Disaster Recovery
ETCD Snapshot and Restore
ETCD Disaster Recovery
ETCD Snapshot and Restore
7
Purge Kubernetes
Purge Kubeadm
3Purge Kubeadm
3Purge Kubeadm
8
Image Scanning
Container Essentials
Secure Containers
Creating a Docker Image
Scanning with Trivy
Trivy
Snyk Security
Secure Containers
Creating a Docker Image
Scanning with Trivy
Trivy
Snyk Security
9
Manually Installing Kubernetes
Kubernetes the Alta3 Way
Deploy Kubernetes the Alta3 Way
Validate your Kubernetes Installation
Sonobuoy K8s Validation Test
Deploy Kubernetes the Alta3 Way
Validate your Kubernetes Installation
Sonobuoy K8s Validation Test
10
Kubectl (Optional)
Kubectl get and sorting
kubectl get
kubectl describe
kubectl get
kubectl describe
11
Labels (Optional)
Labels
Labels and Selectors
Annotations
Insert an Annotation
Labels and Selectors
Annotations
Insert an Annotation
12
Securing your Application
Scan a Running Container
Tracee
Security Contexts for Pods
Understanding Security Contexts
AppArmor Profiles
AppArmor
Isolate Container Kernels
gVisor
Tracee
Security Contexts for Pods
Understanding Security Contexts
AppArmor Profiles
AppArmor
Isolate Container Kernels
gVisor
13
Pod Security
Pod Security Policies
Deploy a PSP
Pod Security Standards
Enable PSS
Deploy a PSP
Pod Security Standards
Enable PSS
14
Open Policy Agent (OPA)
Admission Controller
Create a LimitRange
Open Policy Agent
Policy as Code
Deploy Gatekeeper
Create a LimitRange
Open Policy Agent
Policy as Code
Deploy Gatekeeper
15
User Administration
Contexts
Contexts
Authentication and Authorization
Role Based Access Control
Role Based Access Control
RBAC Distributing Access
Service Accounts
Limit Pod Service Accounts
Contexts
Authentication and Authorization
Role Based Access Control
Role Based Access Control
RBAC Distributing Access
Service Accounts
Limit Pod Service Accounts
16
Securing Secrets
Secrets
Create and Consume Secrets
Hashicorp Vault
Deploy Vault
Create and Consume Secrets
Hashicorp Vault
Deploy Vault
17
Securing the Network
Networking Plugins
NetworkPolicy
Deploy a NetworkPolicy
mTLS
Linkerd
mTLS with istio
istio
NetworkPolicy
Deploy a NetworkPolicy
mTLS
Linkerd
mTLS with istio
istio
18
Threat Detection
Active Threat Analysis
Host Intrusion Detection
Deploy OSSEC
Network Intrusion Detection
Deploy Suricata
Physical Intrusion Detection
Host Intrusion Detection
Deploy OSSEC
Network Intrusion Detection
Deploy Suricata
Physical Intrusion Detection
19
Disaster Recovery
Harsh Reality of Security
Deploy a Response Plan
Kasten K10 Backups
Deploy K10
Deploy a Response Plan
Kasten K10 Backups
Deploy K10