Certified Kubernetes Security Specialist (CKS)
E-Learning
Description
This class prepares students for the Certified Kubernetes Security Specialist (CKS) exam. Kubernetes is a Cloud Orchestration Platform providing reliability, replication, and stability while maximizing resource utilization for applications and services. By the conclusion of this hands-on, vendor agnostic training you will be equipped with a thorough understanding of cloud security fundamentals, along with the knowledge, skills and abilities to secure a Kubernetes cluster, detect threats, and properly resolve a security catastrophe. This course includes hands-on instruction which develops skills and knowledge for securing container-based applications and Kubernetes platforms, during build, deployment, and runtime. We prioritize covering all objectives and concepts necessary for passing
This class prepares students for the Certified Kubernetes Security Specialist (CKS) exam. Kubernetes is a Cloud Orchestration Platform providing reliability, replication, and stability while maximizing resource utilization for applications and services. By the conclusion of this hands-on, vendor agnostic training you will be equipped with a thorough understanding of
cloud security fundamentals, along with the knowledge, skills and abilities to secure a Kubernetes cluster, detect threats, and properly resolve a security catastrophe. This course
includes hands-on instruction which develops skills and knowledge for securing container-based applications and Kubernetes platforms, during build, deployment, and runtime. We prioritize
covering all objectives and concepts necessary for passing the Certified Kubernetes Security Specialist (CKS) exam. You will be provided the components necessary to assemble your own
high availability Kubernetes environment and harden it for your security needs.
In this course, students will learn and practice essential Kubernetes concepts and tasks in the following sections:
Cloud Security Fundamentals
Cluster Hardening
System Hardening
Minimize Microservice Vulnerabilities
Supply Chain Security
Disaster Recovery
Secure Back-up and Restore
Security Professionals working with Kubernetes Clusters
Container Orchestration Engineers
DevOps Professionals
| Lesson Id | Title | Description |
|---|---|---|
| 1 | Learning Your Environment |
Underlying Infrastructure Using Vim Tmux |
| 2 | Cloud Security Primer |
Basic Principles Threat Analysis Approach CIS Benchmarks |
| 3 | Securing your Kubernetes Cluster |
Kubernetes Architecture Pods and the Control Plane Kubernetes Security Concepts |
| 4 | Install Kubernetes using kubeadm |
Configure Network Plugin Requirements Kubeadm Basic Cluster Installing Kubeadm Join Node to Cluster Kubeadm Token Manage Kubeadm Tokens Kubeadm Cluster Upgrade |
| 5 | Securing the kube-apiserver |
Configuring the kube-apiserver Enable Audit Logging Falco Deploy Falco to Monitor System Calls Enable Pod Security Policies Encrypt Data at Rest Encryption Configuration Benchmark Cluster with Kube-Bench Kube-Bench |
| 6 | Securing ETCD |
ETCD Isolation ETCD Disaster Recovery ETCD Snapshot and Restore |
| 7 | Purge Kubernetes |
Purge Kubeadm 3Purge Kubeadm |
| 8 | Image Scanning |
Container Essentials Secure Containers Creating a Docker Image Scanning with Trivy Trivy Snyk Security |
| 9 | Manually Installing Kubernetes |
Kubernetes the Alta3 Way Deploy Kubernetes the Alta3 Way Validate your Kubernetes Installation Sonobuoy K8s Validation Test |
| 10 | Kubectl (Optional) |
Kubectl get and sorting kubectl get kubectl describe |
| 11 | Labels (Optional) |
Labels Labels and Selectors Annotations Insert an Annotation |
| 12 | Securing your Application |
Scan a Running Container Tracee Security Contexts for Pods Understanding Security Contexts AppArmor Profiles AppArmor Isolate Container Kernels gVisor |
| 13 | Pod Security |
Pod Security Policies Deploy a PSP Pod Security Standards Enable PSS |
| 14 | Open Policy Agent (OPA) |
Admission Controller Create a LimitRange Open Policy Agent Policy as Code Deploy Gatekeeper |
| 15 | User Administration |
Contexts Contexts Authentication and Authorization Role Based Access Control Role Based Access Control RBAC Distributing Access Service Accounts Limit Pod Service Accounts |
| 16 | Securing Secrets |
Secrets Create and Consume Secrets Hashicorp Vault Deploy Vault |
| 17 | Securing the Network |
Networking Plugins NetworkPolicy Deploy a NetworkPolicy mTLS Linkerd mTLS with istio istio |
| 18 | Threat Detection |
Active Threat Analysis Host Intrusion Detection Deploy OSSEC Network Intrusion Detection Deploy Suricata Physical Intrusion Detection |
| 19 | Disaster Recovery |
Harsh Reality of Security Deploy a Response Plan Kasten K10 Backups Deploy K10 |
Self-Paced
Free
This course includes: :
Full lifetime access