Course Outline

Introduction

  • Linux Foundation
  • Linux Foundation Training
  • Linux Foundation Certifications
  • Linux Foundation Digital Badges
  • Laboratory Exercises, Solutions and Resources
  • E-Learning Course: LFS260
  • Distribution Details
  • Labs

Cloud Security Overview

  • Multiple Projects
  • What is Security?
  • Assessment
  • Prevention
  • Detection
  • Reaction
  • Classes of Attackers
  • Types of Attacks
  • Attack Surfaces
  • Hardware and Firmware Considerations
  • Security Agencies
  • Manage External Access
  • Labs

Preparing to Install

  • Image Supply Chain
  • Runtime Sandbox
  • Verify Platform Binaries
  • Minimize Access to GUI
  • Policy Based Control
  • Labs

Installing the Cluster

  • Update Kubernetes
  • Tools to Harden the Kernel
  • Kernel Hardening Examples
  • Mitigating Kernel Vulnerabilities
  • Labs

Securing the kube-apiserver

  • Restrict Access to API
  • Enable Kube-apiserver Auditing
  • Configuring RBAC
  • Pod Security Policies
  • Minimize IAM Roles
  • Protecting etcd
  • CIS Benchmark
  • Using Service Accounts
  • Labs

Networking

  • Firewalling Basics
  • Network Plugins
  • iptables
  • Mitigate Brute Force Login Attempts
  • Netfilter rule management
  • Netfilter Implementation
  • nft Concepts
  • Ingress Objects
  • Pod to Pod Encryption
  • Restrict Cluster Level Access
  • Labs

Workload Considerations

  • Minimize Base Image
  • Static Analysis of Workloads
  • Runtime Analysis of Workloads
  • Container Immutability
  • Mandatory Access Control
  • SELinux
  • AppArmor
  • Generate AppArmor Profiles
  • Labs

Issue Detection

  • Understanding Phases of Attack
  • Preparation
  • Understanding an Attack Progression
  • During an Incident
  • Handling Incident Aftermath
  • Intrusion Detection Systems
  • Threat Detection
  • Behavioral Analytics
  • Labs

Domain Reviews

  • Preparing for the Exam - CKS

Requirements

Participants should have an understanding of Linux administration skills, comfortable using the command line. Must be able to edit files using a command-line text editor. Basic security knowledge.

Audience

This course is ideal for anyone holding a CKA certification and interested in or responsible for cloud security.

Experience Level: Intermediate

 28 Hours

Number of participants


Price per participant