Kubernetes Security Fundamentals (LFS460)
Seminarinformationen
Seminar - Ziel
This instructor-led course provides skills and knowledge across a broad range of best practices for securing container-based applications and Kubernetes platforms during build, deployment, and runtime.
This course exposes you to knowledge and skills needed to maintain security in dynamic, multi-project environments. This course addresses security concerns for cloud production environments and covers topics related to the security container supply chain, discussing topics from before a cluster has been configured through deployment, and ongoing, as well as agile use, including where to find ongoing security and vulnerability information. The course includes hands-on labs to build and secure a Kubernetes cluster, as well as monitor and log security events.
Teilnehmer - Zielgruppe
This course is ideal for anyone holding a CKA certification and interested in or responsible for cloud security.
Kurs - Voraussetzungen
None
Seminardauer
- 4 Tage
- 09:00 Uhr bis 17:00 Uhr
Schulungsunterlagen
Seminar-Inhalt / Agenda
Introduction
- Linux Foundation
- Linux Foundation Training
- Linux Foundation Certifications
- Linux Foundation Digital Badges
- Laboratory Exercises, Solutions and Resources
- E-Learning Course: LFS260
- Distribution Details
- LabsCloud Security Overview
- Multiple Projects
- What is Security?
- Assessment
- Prevention
- Detection
- Reaction
- Classes of Attackers
- Types of Attacks
- Attack Surfaces
- Hardware and Firmware Considerations
- Security Agencies
- Manage External Access
- LabsPreparing to Install
- Image Supply Chain
- Runtime Sandbox
- Verify Platform Binaries
- Minimize Access to GUI
- Policy Based Control
- LabsInstalling the Cluster
- Update Kubernetes
- Tools to Harden the Kernel
- Kernel Hardening Examples
- Mitigating Kernel Vulnerabilities
- LabsSecuring the kube-apiserver
- Restrict Access to API
- Enable Kube-apiserver Auditing
- Configuring RBAC
- Pod Security Policies
- Minimize IAM Roles
- Protecting etcd
- CIS Benchmark
- Using Service Accounts
- LabsNetworking
- Firewalling Basics
- Network Plugins
- iptables
- Mitigate Brute Force Login Attempts
- Netfilter rule management
- Netfilter Implementation
- nft Concepts
- Ingress Objects
- Pod to Pod Encryption
- Restrict Cluster Level Access
- LabsWorkload Considerations
- Minimize Base Image
- Static Analysis of Workloads
- Runtime Analysis of Workloads
- Container Immutability
- Mandatory Access Control
- SELinux
- AppArmor
- Generate AppArmor Profiles
- LabsIssue Detection
- Understanding Phases of Attack
- Preparation
- Understanding an Attack Progression
- During an Incident
- Handling Incident Aftermath
- Intrusion Detection Systems
- Threat Detection
- Behavioral Analytics
- LabsDomain Reviews
- Preparing for the Exam
- Labs
Closing and Evaluation Survey
Weitere Schulungen zu Thema Linux Foundation
- u.a. in Nürnberg, Berlin, Stuttgart, München, KölnThis course will teach you how to containerize, host, deploy, and configure an application in a multi-node cluster. It also serves as preparation for the Certified Kubernetes Application Developer (CKAD) exam. Starting with a simple Python script, this course will show you how ...
- u.a. in Nürnberg, Berlin, Stuttgart, München, KölnIn this course you will learn about installation of a multi-node Kubernetes cluster using kubeadm, and how to grow a cluster, choosing and implementing cluster networking, and various methods of application lifecycle management, including scaling, updates and roll-backs. The ...
- u.a. in Leipzig, München, Virtual Classroom, Offenbach, FreiburgIn this course you will learn about industry configuration best practices, the best tried-and-true optimization performance tuning tools and techniques, how to manually optimize the kernel’s behavior, tracing, profiling and instrumentation techniques across a wide range of ...
- u.a. in Frankfurt am Main, Hannover, München, Nürnberg, WienUpon mastering this material, you will be familiar with the different kinds of device drivers used under Linux, and have an introduction to many of the appropriate APIs to be used when writing a device driver. The labs for illustrating these concepts will all be performed on ...