Kubernetes Security Fundamentals (LFS460)のトレーニングコース

Introduction

• Linux Foundation
• Linux Foundation Training
• Linux Foundation Certifications
• Linux Foundation Digital Badges
• Laboratory Exercises, Solutions and Resources
• E-Learning Course: LFS260
• Distribution Details
• Labs

Cloud Security Overview

• Multiple Projects
• What is Security?
• Assessment
• Prevention
• Detection
• Reaction
• Classes of Attackers
• Types of Attacks
• Attack Surfaces
• Hardware and Firmware Considerations
• Security Agencies
• Manage External Access
• Labs

Preparing to Install

• Image Supply Chain
• Runtime Sandbox
• Verify Platform Binaries
• Minimize Access to GUI
• Policy Based Control
• Labs

Installing the Cluster

• Update Kubernetes
• Tools to Harden the Kernel
• Kernel Hardening Examples
• Mitigating Kernel Vulnerabilities
• Labs

Securing the kube-apiserver

• Restrict Access to API
• Enable Kube-apiserver Auditing
• Configuring RBAC
• Pod Security Policies
• Minimize IAM Roles
• Protecting etcd
• CIS Benchmark
• Using Service Accounts
• Labs

Networking

• Firewalling Basics
• Network Plugins
• iptables
• Mitigate Brute Force Login Attempts
• Netfilter rule management
• Netfilter Implementation
• nft Concepts
• Ingress Objects
• Pod to Pod Encryption
• Restrict Cluster Level Access
• Labs

Workload Considerations

• Minimize Base Image
• Static Analysis of Workloads
• Runtime Analysis of Workloads
• Container Immutability
• Mandatory Access Control
• SELinux
• AppArmor
• Generate AppArmor Profiles
• Labs

Issue Detection

• Understanding Phases of Attack
• Preparation
• Understanding an Attack Progression
• During an Incident
• Handling Incident Aftermath
• Intrusion Detection Systems
• Threat Detection
• Behavioral Analytics
• Labs

Domain Reviews

• Preparing for the Exam - CKS