BROWSE COLLECTIONS
DISCOVER
MY BOOKING MY BOOKING
LOGIN
CONCERTS FESTIVALS SPORTS NIGHTLIFE THEATER

3-Day Docker And Kubernetes Security Hardening In Austin

Wednesday, 27 Jan 2021 @ 9:00 AM Past Event
3-Day Docker and Kubernetes Security Hardening in Austin
{"https:\/\/d2gbxgj0zxdpzt.cloudfront.net\/cityscape_event_36_c-2.jpg":"eschipul^:^http:\/\/www.flickr.com\/photos\/eschipul\/5731580765\/^:^https:\/\/creativecommons.org\/licenses\/by-sa\/2.0\/"}
Photo: eschipul
This course teaches microservices application Security with Docker and Kubernetes. You will learn how to secure micro-services applications developed with Docker and Kubernetes. You will learn how to handle the challenges of container security and be able to select the right tools to help with that challenge.

This course is a combination of Concepts and hand-on workshop.

At the end of the training course, attendees will know how to secure Docker, Kubernetes infrastructure, be able to select the right security tools and technologies from the CNCF landscape and be able to secure microservice applications in a production environment.

WHO SHOULD ATTEND?

Security Architects

Application Architects

Systems Administrators

DevOps

Systems engineers

System integrators

COURSE OBJECTIVES

By the end of the training, participants will be able to:

Understand cloud native application Landscape and Security Tools

Secure a Docker Infrastructure

Secure a Kubernetes Infrastructure

Understand Best practices for securing Production docker/Kubernetes

Use CIS Benchmarks for securing Docker/Kubernetes

PREREQUISITES

The following will be an advantage:

Previous experience with Docker/Kubernetes Concepts

Having attended the Kubernetes Administration course or Kubernetes 1-Day Course will be advantageous

Previous knowledge of cloud computing concepts

Basic/Advanced knowledge of Linux is recommended

3-Day Curriculum

DAY1: DOCKER SECURITY

Introduction to Docker/Kubernetes Architectures

Overview of Docker/Kubernetes Security framework

Secure your Docker Images Build (best Practices)

Implementing strategies to prevent Container breakout

Namespaces to limit what a container can do

Restrict Linux capabilities

Enable SELinux

Enable AppArmor

Utilize Seccomp to restrict syscalls

Configure Cgroups

Other Docker security Measures

Use a minimal Host OS

Update system patches

Conduct security auditing and compliance checks

Network security: AT rest and in motion network encryption

Container Private Registry

The Update Framework: Notary

The Update Framework: TUF

DAY 2: SECURING KUBERNETES CLUSTER

Secure the Control Plane

Protect the API Server

Protect the Controller manager

Secure external ports

Protect the Scheduler

Limit/restrict console access

TLS Certificates

Secure the Data Plane

Restrict Kubelet permissions

Kubelet Hardening

AAA (Authentication, Authorization and Admission Controllers)

User and Service accounts

Authentication with Tokens, Certificates, Password

Authentication with LDAP, OpenID Connect

RBACs (roles, clusterrole, role binding and cluster role bindings)

Kubernetes communication security: certificates

Kubernetes ConfigMaps and Secrets

DAY 3: SECURING KUBERNETES OBJECTS AND PRODUCTION BEST PRACTICES

Pod Level Security

Kubernetes security Context

Pod Security Policy (PSP)

Introduction to Kubernetes Network Interface (CNI)

CNI Network Policies

Enforce isolation by application service

Production Security Tips and Best Practices

Protect worker nodes from host privilege escalations, suspicious processes or file system activity

Capture packets for security events

Quarantine or remediate compromised containers

Scan containers & hosts for vulnerabilities

Alert, log, and respond in real-time to security incidents

Authentication and Authorization

Monitor containers for suspicious process or file system activity

Monitor system container connections and processes in production

Checks for your production ready cluster

Monitor and Inspect network connections for application attacks

Discussion of commercial/Open source Security applications

Secure your infrastructure with Istio Service Mesh

CIS Benchmarks

Course roundup
Have an issue with this listing? Report it here.
0
0
X
playlist Close
arrow
Click
- Playlist
Click Click
Click