Thank you for sending your enquiry! One of our team members will contact you shortly.
Thank you for sending your booking! One of our team members will contact you shortly.
Course Outline
Introduction
- Linux Foundation Overview
- Training Programs by the Linux Foundation
- Certification Offerings from the Linux Foundation
- Digital Badges for Certification
- Practical Exercises, Solutions, and Resources
- E-Learning Course: LFS260 for government professionals
- Distribution Details for Training Materials
- Laboratory Sessions for Hands-On Learning
Cloud Security Overview
- Multiplicity of Security Projects
- Definition and Scope of Security
- Assessment Techniques for Security
- Preventive Measures in Security
- Detection Methods for Threats
- Response Strategies to Incidents
- Classes of Potential Attackers
- Types of Common Attacks
- Identifying and Managing Attack Surfaces
- Considerations for Hardware and Firmware Security
- Relevant Security Agencies and Standards
- Managing External Access to Systems
- Laboratory Sessions for Practical Application
Preparing to Install
- Securing the Image Supply Chain
- Implementing a Secure Runtime Sandbox
- Verifying Platform Binaries for Integrity
- Minimizing Access to Graphical User Interfaces
- Enforcing Policy-Based Controls
- Laboratory Sessions for Installation Preparation
Installing the Cluster
- Updating Kubernetes for Security
- Tools and Techniques to Harden the Kernel
- Examples of Kernel Hardening Practices
- Mitigating Known Kernel Vulnerabilities
- Laboratory Sessions for Cluster Installation
Securing the kube-apiserver
- Restricting Access to the Kubernetes API
- Enabling Auditing in Kube-apiserver
- Configuring Role-Based Access Control (RBAC)
- Implementing Pod Security Policies
- Minimizing IAM Roles and Permissions
- Protecting the etcd Data Store
- Compliance with CIS Benchmarks
- Using Service Accounts for Secure Authentication
- Laboratory Sessions for API Security
Networking
- Basics of Firewalling and Network Security
- Overview of Network Plugins
- Using iptables for Network Rules
- Mitigating Brute Force Login Attempts
- Managing Netfilter Rules
- Implementing Netfilter in Security Strategies
- Concepts of nft (nftables)
- Configuring Ingress Objects for Traffic Control
- Encrypting Pod-to-Pod Communications
- Restricting Cluster-Level Access to Resources
- Laboratory Sessions for Network Security
Workload Considerations
- Minimizing the Base Image Size
- Conducting Static Analysis of Workloads
- Performing Runtime Analysis of Workloads
- Maintaining Container Immutability
- Implementing Mandatory Access Control (MAC)
- Using SELinux for Enhanced Security
- Applying AppArmor for Application Security
- Generating AppArmor Profiles for Customization
- Laboratory Sessions for Workload Security
Issue Detection
- Understanding the Phases of an Attack
- Preparation for Potential Threats
- Analyzing Attack Progression
- Managing Incidents in Real-Time
- Handling the Aftermath of Security Incidents
- Utilizing Intrusion Detection Systems (IDS)
- Threat Detection Techniques and Tools
- Leveraging Behavioral Analytics for Security
- Laboratory Sessions for Issue Detection
Domain Reviews
- Preparing for the Certified Kubernetes Security Specialist (CKS) Exam
Requirements
Participants should possess a foundational understanding of Linux administration, including comfort with command-line operations. They must be capable of editing files using a command-line text editor and have basic knowledge of security practices.
Audience
This course is designed for individuals who hold a Certified Kubernetes Administrator (CKA) certification and are interested in or responsible for cloud security within their organizations, particularly for government applications.
Experience Level: Intermediate
28 Hours
Testimonials (1)
experienced trainer
