+91 8130811549
[email protected]
          
          
          
          
          
          
             

Certified K8S Security Specialist

1.  Cluster Setup

  • Overview of CIS Benchmarks for Hardening
  • Kubernetes CIS Benchmarks
  • Our Lab Architecture
  • ETCD Security Guidelines
  • Configuring ETCD Binaries
  • Asymmetric Key Encryption
  • Revising SSL/TLS
  • Certificate Authority
  • In-Transit Encryption with HTTPS
  • Certificate Based Authentication
  • Client Authentication in ETCD
  • API Server Security Guidelines
  • Data Encryption at ETCD
  • Overview of Encryption Providers
  • Transpot Security for API Server
  • Integration with systemd
  • Access Control
  • Downsides of Static Token Authentication
  • Implementing X509 Client Authentication
  • Downsides of X509 Client Authentication
  • Overview of OIDC Authentication
  • RBAC Authorization
  • Implementing Auditing
  • Setting up kubeadm cluster
  • Revising Taints and Tolerations
  • Kubelet Security
  • Verifying Platform Binaries

3. Minimize Microservice Vulnerabilities

  • Admission Controllers
  • Security Contexts
  • Revising Privileged Container
  • Running Privileged PODS in Kubernetes
  • Hack Misconfigured Cluster
  • POD Security Policies
  • Pod Security Policy Workflow
  • Implementing Restrictive Policy
  • PSP Security Consideration – Volumes
  • PSP Security Considerations – Host PID
  • POD Security Policy and Controllers
  • ImagePullPolicy in Kubernetes
  • Admission Controller – AlwaysPullImages
  • Admission Controller – ImagePolicyWebhook
  • Custom WebHook Integration with Admission Controller
  • Overview of Kubernetes Secrets
  • Mounting Secrets in Pods

2. Cluster Hardening

  • Creating User for RBAC
  • Role Based Access Controls (RBAC)
  • ClusterRole and ClusterRoleBinding
  • Revising Ingress
  • Ingress Resource and Ingress Controllers
  • Creating Ingress and Ingress Controller
  • Ingress Security
  • Service Accounts
  • Service Account Security
  • Upgrading kudeadm Clusters

4. System Hardening

  • Overview of AppArmor
  • Integration of AppArmor with Kubernetes
  • OCI and Container Runtimes
  • Configuring containerd and runc
  • Container Runtime Interface
  • Container Runtime Sandboxes
  • Implementing RunTimeClass – gVisor
  • Kubeadm and Calcio
  • Understanding Network Policies

5. Supply Chain Security

  • Vulnerability, Exploit and Payload
  • Container Security Scanning
  • Scan images for known vulnerabilities
  • Scanning K8s Clusters for Security Best Practices
  • Static Analysis

6. Monitoring, Logging and Runtime Security

  • Overview of Falco
  • Introduction to Sysdig
  • Creating Custom Falco Rules
  • Falco Rule Writing – Exam Perspective
  • Audit Logging In-Detail
  • Immutability at Container Runtime
Menu