Kubernetes Security Fundamentals (LFS460)
Seminarinformationen
Seminar - Ziel
This instructor-led course provides skills and knowledge across a broad range of best practices for securing container-based applications and Kubernetes platforms during build, deployment, and runtime.
This course exposes you to knowledge and skills needed to maintain security in dynamic, multi-project environments. This course addresses security concerns for cloud production environments and covers topics related to the security container supply chain, discussing topics from before a cluster has been configured through deployment, and ongoing, as well as agile use, including where to find ongoing security and vulnerability information. The course includes hands-on labs to build and secure a Kubernetes cluster, as well as monitor and log security events.
Teilnehmer - Zielgruppe
This course is ideal for anyone holding a CKA certification and interested in or responsible for cloud security.
Kurs - Voraussetzungen
None
Seminardauer
- 4 Tage
- 09:00 Uhr bis 17:00 Uhr
Schulungsunterlagen
Seminar-Inhalt / Agenda
Introduction
- Linux Foundation
- Linux Foundation Training
- Linux Foundation Certifications
- Linux Foundation Digital Badges
- Laboratory Exercises, Solutions and Resources
- E-Learning Course: LFS260
- Distribution Details
- LabsCloud Security Overview
- Multiple Projects
- What is Security?
- Assessment
- Prevention
- Detection
- Reaction
- Classes of Attackers
- Types of Attacks
- Attack Surfaces
- Hardware and Firmware Considerations
- Security Agencies
- Manage External Access
- LabsPreparing to Install
- Image Supply Chain
- Runtime Sandbox
- Verify Platform Binaries
- Minimize Access to GUI
- Policy Based Control
- LabsInstalling the Cluster
- Update Kubernetes
- Tools to Harden the Kernel
- Kernel Hardening Examples
- Mitigating Kernel Vulnerabilities
- LabsSecuring the kube-apiserver
- Restrict Access to API
- Enable Kube-apiserver Auditing
- Configuring RBAC
- Pod Security Policies
- Minimize IAM Roles
- Protecting etcd
- CIS Benchmark
- Using Service Accounts
- LabsNetworking
- Firewalling Basics
- Network Plugins
- iptables
- Mitigate Brute Force Login Attempts
- Netfilter rule management
- Netfilter Implementation
- nft Concepts
- Ingress Objects
- Pod to Pod Encryption
- Restrict Cluster Level Access
- LabsWorkload Considerations
- Minimize Base Image
- Static Analysis of Workloads
- Runtime Analysis of Workloads
- Container Immutability
- Mandatory Access Control
- SELinux
- AppArmor
- Generate AppArmor Profiles
- LabsIssue Detection
- Understanding Phases of Attack
- Preparation
- Understanding an Attack Progression
- During an Incident
- Handling Incident Aftermath
- Intrusion Detection Systems
- Threat Detection
- Behavioral Analytics
- LabsDomain Reviews
- Preparing for the Exam
- Labs
Closing and Evaluation Survey
Weitere Schulungen zu Thema Linux Foundation
- u.a. in Nürnberg, Berlin, Stuttgart, München, KölnThis course will teach you how to containerize, host, deploy, and configure an application in a multi-node cluster. It also serves as preparation for the Certified Kubernetes Application Developer (CKAD) exam. Starting with a simple Python script, this course will show you how ...
- u.a. in Nürnberg, Berlin, Stuttgart, München, KölnIn this course you will learn about installation of a multi-node Kubernetes cluster using kubeadm, and how to grow a cluster, choosing and implementing cluster networking, and various methods of application lifecycle management, including scaling, updates and roll-backs. The ...
- u.a. in Berlin, Hamburg, Köln, Heidelberg, Virtual ClassroomIn this course you will learn about industry configuration best practices, the best tried-and-true optimization performance tuning tools and techniques, how to manually optimize the kernel’s behavior, tracing, profiling and instrumentation techniques across a wide range of ...
- u.a. in Berlin, Hamburg, Wien, Essen, DarmstadtThis instructor-led course focuses on the important tools used for debugging and monitoring the kernel, and how security features are implemented and controlled. This four day course includes extensive hands-on exercises and demonstrations designed to give you the necessary ...