3-Day Docker and Kubernetes Security Hardening in Miami

This course teaches microservices application Security with Docker and Kubernetes. You will learn how to secure micro-services applications developed with Docker and Kubernetes. You will learn how to handle the challenges of container security and be able to select the right tools to help with that challenge.

This course is a combination of Concepts and hand-on workshop.

At the end of the training course, attendees will know how to secure Docker, Kubernetes infrastructure, be able to select the right security tools and technologies from the CNCF landscape and be able to secure microservice applications in a production environment.

WHO SHOULD ATTEND?

• Security Architects
• Application Architects
• Systems Administrators
• DevOps
• Systems engineers
• System integrators

COURSE OBJECTIVES

By the end of the training, participants will be able to:

• Understand cloud native application Landscape and Security Tools
• Secure a Docker Infrastructure
• Secure a Kubernetes Infrastructure
• Understand Best practices for securing Production docker/Kubernetes
• Use CIS Benchmarks for securing Docker/Kubernetes

PREREQUISITES

The following will be an advantage:

• Previous experience with Docker/Kubernetes Concepts
• Having attended the Kubernetes Administration course or Kubernetes 1-Day Course will be advantageous
• Previous knowledge of cloud computing concepts
• Basic/Advanced knowledge of Linux is recommended

3-Day Curriculum

DAY1: DOCKER SECURITY

• Introduction to Docker/Kubernetes Architectures
• Overview of Docker/Kubernetes Security framework
• Secure your Docker Images Build (best Practices)
• Implementing strategies to prevent Container breakout
• Namespaces to limit what a container can do
• Restrict Linux capabilities
• Enable SELinux
• Enable AppArmor
• Utilize Seccomp to restrict syscalls
• Configure Cgroups

• Other Docker security Measures
• Use a minimal Host OS
• Update system patches
• Conduct security auditing and compliance checks
• Network security: AT rest and in motion network encryption
• Container Private Registry
• The Update Framework: Notary
• The Update Framework: TUF

DAY 2: SECURING KUBERNETES CLUSTER

• Secure the Control Plane
• Protect the API Server
• Protect the Controller manager
• Secure external ports
• Protect the Scheduler
• Limit/restrict console access
• TLS Certificates
• Secure the Data Plane
• Restrict Kubelet permissions
• Kubelet Hardening
• AAA (Authentication, Authorization and Admission Controllers)
• User and Service accounts
• Authentication with Tokens, Certificates, Password
• Authentication with LDAP, OpenID Connect
• RBACs (roles, clusterrole, role binding and cluster role bindings)
• Kubernetes communication security: certificates
• Kubernetes ConfigMaps and Secrets

DAY 3: SECURING KUBERNETES OBJECTS AND PRODUCTION BEST PRACTICES

• Pod Level Security
• Kubernetes security Context
• Pod Security Policy (PSP)
• Introduction to Kubernetes Network Interface (CNI)
• CNI Network Policies
• Enforce isolation by application / service
• Production Security Tips and Best Practices
• Protect worker nodes from host privilege escalations, suspicious processes or file system activity
• Capture packets for security events
• Quarantine or remediate compromised containers
• Scan containers & hosts for vulnerabilities
• Alert, log, and respond in real-time to security incidents
• Authentication and Authorization
• Monitor containers for suspicious process or file system activity
• Monitor system container connections and processes in production
• Checks for your production ready cluster
• Monitor and Inspect network connections for application attacks
• Discussion of commercial/Open source Security applications
• Secure your infrastructure with Istio Service Mesh
• CIS Benchmarks
• Course roundup