$2,300

3-Day Docker and Kubernetes Security Hardening

Event Information

Share this event

Date and Time

Location

Location

Cloud Technology Experts

14330 Midway Road

#STE 211

Dallas, TX 75244

View Map

Refund Policy

Refund Policy

Refunds up to 7 days before event

Event description

Description

This course teaches microservices application Security with Docker and Kubernetes. You will learn how to secure micro-services applications developed with Docker and Kubernetes. You will learn how to handle the challenges of container security and be able to select the right tools to help with that challenge.

This course is a combination of Concepts and hand-on workshop.

At the end of the training course, attendees will know how to secure Docker, Kubernetes infastructure, be able to select the right security tools and technologies from the CNCF landscape and be able to secure microservice applications in a production environment.

WHO SHOULD ATTEND?

  • Security Architects

  • Application Architects

  • Systems Administrators
  • DevOps

  • Systems engineers

  • System integrators


COURSE OBJECTIVES

By the end of the training, participants will be able to:

  • Understand cloud native application Landscape and Security Tools

  • Secure a Docker Infrastructure

  • Secure a Kubernetes Infrasturcture

  • Undertand Best practices for securing Production docker/Kubernetes

  • Use CIS Benchmarkes for securing Docker/Kubernetes

PREREQUISITES

The following will be an advantage:


3-Day Curriculum

DAY1: DOCKER SECURITY

  • Introduction to Docker/Kubernetes Architectures
  • Overview of Docker/Kubernetes Security framework
  • Secure your Docker Images Build (best Practices)
  • Implementing strategies to prevent Container breakout
    • Namespaces to limit what a container can do
    • Restrict Linux capabilities
    • Enable SELinux
    • Enable AppArmor
    • Utilize Seccomp to restrict syscalls
    • Configure Cgroups
  • Other Docker security Measures
    • Use a minimal Host OS
    • Update system patches
    • Conduct security auditing and compliance checks
    • Network security: AT rest and in motion network encryption
  • Container Private Registry
  • The Update Framework: Notary
  • The Update Framework: TUF

DAY 2: SECURING KUBERNETES CLUSTER

  • Secure the Control Plane
    • Protect the API Server
    • Protect the Controller manager
    • Secure external ports
    • Protect the Scheduler
    • Limit/restrict console access
    • TLS Certificates
  • Secure the Data Plane
    • Restrict Kubelet permissions
    • Kubelet Hardening
  • AAA (Authentication, Authorization and Admission Controllers)
    • User and Service accounts
    • Authentication with Tokens, Certificates, Password
    • Authentication with LDAP, OpenID Connect
    • RBACs (roles, clusterrole, role binding and cluster role bindings)
    • Kubernetes communication security: certificates
    • Kubernetes ConfigMaps and Secrets

DAY 3: SECURING KUBERNETES OBJECTS AND PRODUCTION BEST PRACTICES

  • Pod Level Security
    • Kubernetes security Context
    • Pod Security Policy (PSP)
  • Introduction to Kubernetes Network Interface (CNI)
    • CNI Network Policies
    • Enforce isolation by application / service
  • Production Security Tips and Best Practices
    • Protect worker nodes from host privilege escalations, suspicious processes or file system activity
    • Capture packets for security events
    • Quarantine or remediate compromised containers
    • Scan containers & hosts for vulnerabilities
    • Alert, log, and respond in real-time to security incidents
    • Authentication and Authorization
    • Monitor containers for suspicious process or file system activity
    • Monitor system container connections and processes in production
    • Checks for your production ready cluster
    • Monitor and Inspect network connections for application attacks
  • Discussion of commercial/Open source Security applications
  • Secure your infrastructure with Istio Service Mesh
  • CIS Benchmarks
  • Course roundup
Share with friends

Date and Time

Location

Cloud Technology Experts

14330 Midway Road

#STE 211

Dallas, TX 75244

View Map

Refund Policy

Refunds up to 7 days before event

Save This Event

Event Saved