Certified Kubernetes Security Specialist (CKS)
This class prepares students for the Certified Kubernetes Security Specialist (CKS) exam. Kubernetes is a Cloud Orchestration Platform providing reliability, replication, and stability while maximizing resource utilization for applications and services. By the conclusion of this hands-on, vendor agnostic training you will be equipped with a thorough understanding of cloud security fundamentals, along with the knowledge, skills and abilities to secure a Kubernetes cluster, detect threats, and properly resolve a security catastrophe. This course includes hands-on instruction which develops skills and knowledge for securing container-based applications and Kubernetes platforms, during build, deployment, and runtime. We prioritize covering all objectives and concepts necessary for passing the Certified Kubernetes Security Specialist (CKS) exam. You will be provided the components necessary to assemble your own high availability Kubernetes environment and harden it for your security needs.
Course Objectives
In this course, students will learn and practice essential Kubernetes concepts and tasks in the following sections:
- Cloud Security Fundamentals Cluster Hardening System Hardening Minimize Microservice Vulnerabilities Supply Chain Security Disaster Recovery Secure Back
- up and Restore
Agenda
- Underlying Infrastructure
- Using Vim
- Tmux
- Basic Principles
- Threat Analysis
- Approach
- CIS Benchmarks
- Kubernetes Architecture
- Pods and the Control Plane
- Kubernetes Security Concepts
- Configure Network Plugin Requirements
- Kubeadm Basic Cluster
- Installing Kubeadm
- Join Node to Cluster
- Kubeadm Token
- Manage Kubeadm Tokens
- Kubeadm Cluster Upgrade
- Configuring the kube-apiserver
- Enable Audit Logging
- Falco
- Deploy Falco to Monitor System Calls
- Enable Pod Security Policies
- Encrypt Data at Rest
- Encryption Configuration
- Benchmark Cluster with Kube-Bench
- Kube-Bench
- ETCD Isolation
- ETCD Disaster Recovery
- ETCD Snapshot and Restore
- Purge Kubeadm
- 3Purge Kubeadm
- Container Essentials
- Secure Containers
- Creating a Docker Image
- Scanning with Trivy
- Trivy
- Snyk Security
- Kubernetes the Alta3 Way
- Deploy Kubernetes the Alta3 Way
- Validate your Kubernetes Installation
- Sonobuoy K8s Validation Test
- Kubectl get and sorting
- kubectl get
- kubectl describe
- Labels
- Labels and Selectors
- Annotations
- Insert an Annotation
- Scan a Running Container
- Tracee
- Security Contexts for Pods
- Understanding Security Contexts
- AppArmor Profiles
- AppArmor
- Isolate Container Kernels
- gVisor
- Pod Security Policies
- Deploy a PSP
- Pod Security Standards
- Enable PSS
- Admission Controller
- Create a LimitRange
- Open Policy Agent
- Policy as Code
- Deploy Gatekeeper
- Contexts
- Contexts
- Authentication and Authorization
- Role Based Access Control
- Role Based Access Control
- RBAC Distributing Access
- Service Accounts
- Limit Pod Service Accounts
- Secrets
- Create and Consume Secrets
- Hashicorp Vault
- Deploy Vault
- Networking Plugins
- NetworkPolicy
- Deploy a NetworkPolicy
- mTLS
- Linkerd
- mTLS with istio
- istio
- Active Threat Analysis
- Host Intrusion Detection
- Deploy OSSEC
- Network Intrusion Detection
- Deploy Suricata
- Physical Intrusion Detection
- Harsh Reality of Security
- Deploy a Response Plan
- Kasten K10 Backups
- Deploy K10
FREE
Interested in course?
Course Type: Instructor Led