Certified Kubernetes Security Specialist (CKS)

Course Code: cks

Duration: 21 hours

Prerequisites:

CKA（认证 Kubernates 管理员）认证

观众

Kubernetes 从业者

Overview:

Kubernetes 是一个开源系统，用于自动部署、扩展和管理容器化应用程序。

Certified Kubernetes Security Specialist (CKS) 是一项基于实际操作能力的认证考试，旨在测试考生在模拟的真实环境中对 Kubernetes 和云安全的了解。

这种以讲师为主导的现场培训（现场或远程）针对 Kubernetes 希望准备 CKS 考试的从业者。

在本次培训结束时，参与者将了解如何在应用程序生命周期的不同阶段（构建、部署和运行时）保护 Kubernetes 环境和基于容器的应用程序。

课程形式

互动讲座和讨论。
大量的练习和练习。
在现场实验室环境中动手实施。

课程自定义选项

如需申请本课程的定制培训，请联系我们进行安排。

Course Outline:

介绍

群集设置

使用网络安全策略限制群集级别访问
使用 CIS 基准测试查看 Kubernetes 个组件（etcd、kubelet、kubedns、kubeapi）的安全配置
正确设置具有安全控制的 Ingress 对象
保护节点元数据和端点
尽量减少对 GUI 元素的使用和访问
在部署之前验证平台二进制文件

集群强化

限制对 Kubernetes API 的访问
使用基于角色的访问控制将风险降至最低
谨慎使用服务帐户，例如禁用默认值，尽量减少对新创建的帐户的权限
经常更新 Kubernetes

系统强化

最大限度减少主机操作系统占用空间（减少攻击面）
最小化 IAM 角色
尽量减少对网络的外部访问
适当使用内核强化工具，如 AppArmor、seccomp

最大限度减少微服务漏洞

设置适当的操作系统级安全域，例如使用 PSP、OPA、安全上下文
管理 Kubernetes 机密
在多租户环境（例如 gvisor、kata 容器）中使用容器运行时沙盒
使用 mTLS 实现 Pod 到 Pod 加密

Supply Chain Security

最大限度减少基础映像占用空间
保护您的供应链：将允许的映像注册表列入白名单，签署和验证映像
对用户工作负载（例如 kubernetes 资源、docker 文件）进行静态分析
扫描映像以查找已知漏洞

监控、日志记录和运行时安全性

在主机和容器级别对系统调用进程和文件活动执行行为分析，以检测恶意活动
检测物理基础架构、应用、网络、数据、用户和工作负载中的威胁
检测攻击的所有阶段，无论攻击发生在哪里以及传播方式如何
对环境中的不良行为者进行深入的分析调查和识别
确保容器在运行时的不可变性
使用审核日志监视访问

总结和结论

Sites Published:

United Arab Emirates - Certified Kubernetes Security Specialist (CKS)

Qatar - Certified Kubernetes Security Specialist (CKS)

Egypt - Certified Kubernetes Security Specialist (CKS)

Saudi Arabia - Certified Kubernetes Security Specialist (CKS)

South Africa - Certified Kubernetes Security Specialist (CKS)

Brasil - Certified Kubernetes Security Specialist (CKS)

Canada - Certified Kubernetes Security Specialist (CKS)

中国 - Certified Kubernetes Security Specialist (CKS)

香港 - Certified Kubernetes Security Specialist (CKS)

澳門 - Certified Kubernetes Security Specialist (CKS)

台灣 - Certified Kubernetes Security Specialist (CKS)

USA - Certified Kubernetes Security Specialist (CKS)

Österreich - Certified Kubernetes Security Specialist (CKS)

Schweiz - Certified Kubernetes Security Specialist (CKS)

Deutschland - Certified Kubernetes Security Specialist (CKS)

Czech Republic - Certified Kubernetes Security Specialist (CKS)

Denmark - Certified Kubernetes Security Specialist (CKS)

Estonia - Certified Kubernetes Security Specialist (CKS)

Finland - Certified Kubernetes Security Specialist (CKS)

Greece - Certified Kubernetes Security Specialist (CKS)

Magyarország - Certified Kubernetes Security Specialist (CKS)

Ireland - Certified Kubernetes Security Specialist (CKS)

Luxembourg - Certified Kubernetes Security Specialist (CKS)

Latvia - Certified Kubernetes Security Specialist (CKS)

España - Certified Kubernetes Security Specialist (CKS)

Italia - Certified Kubernetes Security Specialist (CKS)

Lithuania - Certified Kubernetes Security Specialist (CKS)

Nederland - Certified Kubernetes Security Specialist (CKS)

Norway - Certified Kubernetes Security Specialist (CKS)

Portugal - Certified Kubernetes Security Specialist (CKS)

România - Certified Kubernetes Security Specialist (CKS)

Sverige - Certified Kubernetes Security Specialist (CKS)

Türkiye - Certified Kubernetes Security Specialist (CKS)

Malta - Certified Kubernetes Security Specialist (CKS)

Belgique - Certified Kubernetes Security Specialist (CKS)

France - Certified Kubernetes Security Specialist (CKS)

日本 - Certified Kubernetes Security Specialist (CKS)

Australia - Certified Kubernetes Security Specialist (CKS)

Malaysia - Certified Kubernetes Security Specialist (CKS)

New Zealand - Certified Kubernetes Security Specialist (CKS)

Philippines - Certified Kubernetes Security Specialist (CKS)

Singapore - Certified Kubernetes Security Specialist (CKS)

Thailand - Certified Kubernetes Security Specialist (CKS)

Vietnam - Certified Kubernetes Security Specialist (CKS)

India - Certified Kubernetes Security Specialist (CKS)

Argentina - Certified Kubernetes Security Specialist (CKS)

Chile - Certified Kubernetes Security Specialist (CKS)

Costa Rica - Certified Kubernetes Security Specialist (CKS)

Ecuador - Certified Kubernetes Security Specialist (CKS)

Guatemala - Certified Kubernetes Security Specialist (CKS)

Colombia - Certified Kubernetes Security Specialist (CKS)

México - Certified Kubernetes Security Specialist (CKS)

Panama - Certified Kubernetes Security Specialist (CKS)

Peru - Certified Kubernetes Security Specialist (CKS)

Uruguay - Certified Kubernetes Security Specialist (CKS)

Venezuela - Certified Kubernetes Security Specialist (CKS)

Polska - Certified Kubernetes Security Specialist (CKS)

United Kingdom - Certified Kubernetes Security Specialist (CKS)

South Korea - Certified Kubernetes Security Specialist (CKS)

Pakistan - Certified Kubernetes Security Specialist (CKS)

Sri Lanka - Certified Kubernetes Security Specialist (CKS)

Bulgaria - Certified Kubernetes Security Specialist (CKS)

Bolivia - Certified Kubernetes Security Specialist (CKS)

Indonesia - Certified Kubernetes Security Specialist (CKS)

Kazakhstan - Certified Kubernetes Security Specialist (CKS)

Moldova - Certified Kubernetes Security Specialist (CKS)

Morocco - Certified Kubernetes Security Specialist (CKS)

Tunisia - Certified Kubernetes Security Specialist (CKS)

Kuwait - Certified Kubernetes Security Specialist (CKS)

Oman - Certified Kubernetes Security Specialist (CKS)

Slovakia - Certified Kubernetes Security Specialist (CKS)

Kenya - Certified Kubernetes Security Specialist (CKS)

Nigeria - Certified Kubernetes Security Specialist (CKS)

Botswana - Certified Kubernetes Security Specialist (CKS)

Slovenia - Certified Kubernetes Security Specialist (CKS)

Croatia - Certified Kubernetes Security Specialist (CKS)

Serbia - Certified Kubernetes Security Specialist (CKS)

Bhutan - Certified Kubernetes Security Specialist (CKS)

Nepal - Certified Kubernetes Security Specialist (CKS)

Uzbekistan - Certified Kubernetes Security Specialist (CKS)