Click to order
Get lifetime access to Linux 2.0 Course
Total:
Problems with payment? Contact us in chat in the lower right corner.
By filling out this field, you agree to the offer agreement https://yodo.me/offer_en
Certified Kubernetes Security Specialist (CKS)
Certified Kubernetes Security Specialist (CKS) on practice.
Theory + practice.
Theory + practice.
$9.90
English
$39
Linux v 2.0 course is learning
in the form of a game
in the form of a game
Chat support, where there are already 756 students and analysis of all questions
Learning principle -
first practice, then theory
first practice, then theory
The aim of the course is to increase
your income in 1.5-2 times
your income in 1.5-2 times
COURSE CONTENT
CHAPTER
Introduction
- Course Introduction
- Exam Information
- Certification Details
CHAPTER
Understanding the Kubernetes Attack Surface
- The Attack
- The 4C’s of Cloud Native security
CHAPTER
Cluster Setup and Hardening
- Section Introduction
- What are CIS Benchmarks
- Lab – Run CIS Benchmark Assessment tool on Ubuntu
- CIS benchmark for Kubernetes
- Reference links
- Kube-bench
- Lab – Kube-bench
- Kubernetes Security Primitives
- Authentication
- Article on Setting up Basic Authentication
- Service Accounts
- Lab – Service Accounts
- TLS Introduction
- TLS Basics
- TLS in Kubernetes
- TLS in Kubernetes – Certificate Creation
- View Certificate Details
- Reference links
- Labs – View Certificates
- Certificates API
- Labs – Certificates API
- KubeConfig
- Labs – KubeConfig
- API Groups
- Authorization
- RBAC
- Labs – RBAC
- Cluster Roles and Role Bindings
- Labs – Cluster Roles and Role Bindings
- Kubelet Security
- Labs – Kubelet Security
- Kubectl Proxy & Port Forward
- Labs – Kubectl Proxy & Port Forward
- Kubernetes Dashboard
- Securing Kubernetes Dashboard
- Labs – Secure Kubernetes Dashboard
- Verify platform binaries before deploying
- Labs – Verify platform binaries
- Kubernetes Software Versions
- Cluster Upgrade Process
- Demo – Cluster Upgrade
- Labs – Cluster Upgrade
- Network Policy
- Developing Network Policies
- Labs – Network security policy
- Ingress
- Labs – Ingress – 1
- Ingress – Annotations and rewrite-target
- Labs – Ingress – 2
- Docker Service Configuration
- Docker – Securing the Daemon
CHAPTER
System Hardening
- Section Introduction
- Least Privilege Principle
- Minimize host OS footprint Intro
- Limit Node Access
- Lab – Limit Node Access
- SSH Hardening
- Privilege Escalation in Linux
- Lab – SSH Hardening and sudo
- Remove Obsolete Packages and Services
- Restrict Kernel Modules
- Identify and Disable Open Ports
- Lab – Identify open ports, remove packages services
- Minimize IAM roles
- Minimize external access to the network
- UFW Firewall Basics
- Lab – UFW Firewall
- Linux Syscalls
- AquaSec Tracee
- Restrict syscalls using seccomp
- Implement Seccomp in Kubernetes
- Lab – Seccomp
- AppArmor
- Creating AppArmor Profiles
- AppArmor in Kubernetes
- Linux Capabilities
- Lab – AppArmor
CHAPTER
Minimize Microservice Vulnerabilities
- Section Introduction
- Security Contexts
- Labs – Security Contexts
- Admission Controllers
- Labs – Admission Controllers
- Validating and Mutating Admission Controllers
- Labs – Validating and Mutating Admission Controllers
- Pod Security Policies
- Labs – PSP
- Open Policy Agent (OPA)
- Labs – OPA
- OPA in Kubernetes
- Labs – OPA in Kubernetes
- OPA Gatekeeper in Kubernetes
- Manage Kubernetes secrets
- Lab – Manage Kubernetes secrets
- Container Sandboxing
- gVisor
- kata Containers
- Runtime Classes
- Using Runtimes in Kubernetes
- Lab – Using Runtimes in Kubernetes
- One way SSL vs Mutual SSL
- Implement pod to pod encryption by use of mTLS
CHAPTER
Supply Chain Security
- Section Introduction
- Minimize base image footprint
- Image Security
- Labs – Image Security
- Whitelist Allowed Registries – Image Policy Webhook
- Labs – Whitelist Allowed Registries – ImagePolicyWebhook
- Use static analysis of user workloads (e.g.Kubernetes resources, Docker files)
- Labs – kubesec
- Scan images for known vulnerabilities (Trivy)
- Labs – Trivy
CHAPTER
Monitoring, Logging and Runtime Security
- Section Introduction
- Perform behavioral analytics of syscall process
- Falco Overview and Installation
- Use Falco to Detect Threats
- Falco Configuration Files
- Labs – Use Falco to Detect Threats
- Mutable vs Immutable Infrastructure
- Ensure Immutability of Containers at Runtime
- Labs – Ensure Immutability of Containers at Runtime
- Use Audit Logs to monitor access
- Labs – Use Audit Logs to monitor access
CHAPTER
Mock Exams
Mock Exams
Learn how to secure container-based applications and Kubernetes clusters. No prior security basics required. We cover security from the absolute basics. (CKA is a pre-requisite for CKS exams).
$9.9
Certified Kubernetes Security Specialist (CKS)
+ Digital certificate of completion
