Certified Kubernetes Security Specialist Masterclass
- Description
- Curriculum
- FAQ
- Reviews
Cluster Setup
-
Use Network security policies to restrict cluster level access
-
Use CIS benchmark to review the security configuration of Kubernetes components (etcd, kubelet, kubedns, kubeapi)
-
Properly set up Ingress objects with security control
-
Protect node metadata and endpoints
-
Minimize use of, and access to, GUI elements
-
Verify platform binaries before deploying
Cluster Hardening
-
Restrict access to Kubernetes API
-
Use Role Based Access Controls to minimize exposure
-
Exercise caution in using service accounts e.g. disable defaults, minimize permissions on newly created ones
-
Update Kubernetes frequently
System Hardening
-
Minimize host OS footprint (reduce attack surface)
-
Minimize IAM roles
-
Minimize external access to the network
-
Appropriately use kernel hardening tools such as AppArmor, seccomp
Minimize Microservice Vulnerabilities
-
Setup appropriate OS level security domains
-
Manage Kubernetes secrets
-
Use container runtime sandboxes in multi-tenant environments (e.g. gvisor, kata containers)
-
Implement pod to pod encryption by use of mTLS
Supply Chain Security
-
Minimize base image footprint
-
Secure your supply chain: whitelist allowed registries, sign and validate images
-
Use static analysis of user workloads (e.g.Kubernetes resources, Docker files)
-
Scan images for known vulnerabilities
Monitoring, Logging and Runtime Security
-
Perform behavioral analytics of syscall process and file activities at the host and container level to detect malicious activities
-
Detect threats within physical infrastructure, apps, networks, data, users and workloads
-
Detect all phases of attack regardless where it occurs and how it spreads
-
Perform deep analytical investigation and identification of bad actors within environment
-
Ensure immutability of containers at runtime
-
Use Audit Logs to monitor access
-
1CKS Exam Strategy, Tips & TricksVideo lesson
-
2Trivy IntroductionVideo lesson
-
3Trivy - Scan PodsVideo lesson
-
4Extract Secrets & Save to a FileVideo lesson
-
5gVisor DemoVideo lesson
-
6CIS Benchmarks for Hardening a Kubernetes ClusterVideo lesson
-
7Fix Dockerfile and Deployment.yaml for any security vulnerabilitiesVideo lesson
-
8Enable AuditingVideo lesson
-
9FalcoVideo lesson
-
10AppArmorVideo lesson
-
11Gatekeeper or Open Policy AgentVideo lesson
-
12PodSecurityPolicyVideo lesson
-
13Fix Incorrectly Specified ServiceAccount in a Pod, Create Role, Rolebinding etc.Video lesson
-
14Fix Overly Permissive Permissions for Pod's SA & Create SA, Role, RolebindingsVideo lesson
-
15Scenario Based Question - Admission Controller - Image ScannerVideo lesson
-
16Scenario Based Question - Network Policies - 1Video lesson
-
17Scenario Based Question - Network Policies - 2Video lesson
-
18Scenario Based Question - Verify Platform BinariesVideo lesson
-
19Read Kubernetes Secrets from ETCDVideo lesson
-
20Create & Secure an IngressVideo lesson
External Links May Contain Affiliate Links read more