Certified Kubernetes Security Specialist (CKS)

Course Code: cks

Duration: 21 hours

Prerequisites:

CKA（認證 Kubernates 管理員）認證

觀眾

Kubernetes 從業者

Overview:

Kubernetes 是一个开源系统，用于自动部署、扩展和管理容器化应用程序。

Certified Kubernetes Security Specialist (CKS) 是一项基于实际操作能力的认证考试，旨在测试考生在模拟的真实环境中对 Kubernetes 和云安全的了解。

这种以讲师为主导的现场培训（现场或远程）针对 Kubernetes 希望准备 CKS 考试的从业者。

在本次培训结束时，参与者将了解如何在应用程序生命周期的不同阶段（构建、部署和运行时）保护 Kubernetes 环境和基于容器的应用程序。

课程形式

互动讲座和讨论。
大量的练习和练习。
在现场实验室环境中动手实施。

课程自定义选项

如需申请本课程的定制培训，请联系我们进行安排。

Course Outline:

介紹

群集設置

使用網路安全策略限制群集級別訪問
使用 CIS 基準測試查看 Kubernetes 個元件（etcd、kubelet、kubedns、kubeapi）的安全配置
正確設置具有安全控制的 Ingress 物件
保護節點元數據和端點
盡量減少對 GUI 元素的使用和訪問
在部署之前驗證平臺二進位檔

集群強化

限制對 Kubernetes API 的訪問
使用基於角色的訪問控制將風險降至最低
謹慎使用服務帳戶，例如禁用預設值，盡量減少對新創建的帳戶的許可權
經常更新 Kubernetes

系統強化

最大限度減少主機作業系統佔用空間（減少攻擊面）
最小化 IAM 角色
盡量減少對網路的外部訪問
適當使用內核強化工具，如 AppArmor、seccomp

最大限度減少微服務漏洞

設置適當的操作系統級安全域，例如使用 PSP、OPA、安全上下文
管理 Kubernetes 機密
在多租戶環境（例如 gvisor、kata 容器）中使用容器運行時沙盒
使用 mTLS 實現 Pod 到 Pod 加密

Supply Chain Security

最大限度減少基礎映像佔用空間
保護您的供應鏈：將允許的映射註冊表列入白名單，簽署和驗證映射
對使用者工作負載（例如 kubernetes 資源、docker 檔）進行靜態分析
掃描映像以查找已知漏洞

監控、日誌記錄和運行時安全性

在主機和容器級別對系統調用進程和文件活動執行行為分析，以檢測惡意活動
檢測物理基礎架構、應用、網路、數據、使用者和工作負載中的威脅
檢測攻擊的所有階段，無論攻擊發生在哪裡以及傳播方式如何
對環境中的不良行為者進行深入的分析調查和識別
確保容器在運行時的不可變性
使用審核日誌監視訪問

總結和結論

Sites Published:

United Arab Emirates - Certified Kubernetes Security Specialist (CKS)

Qatar - Certified Kubernetes Security Specialist (CKS)

Egypt - Certified Kubernetes Security Specialist (CKS)

Saudi Arabia - Certified Kubernetes Security Specialist (CKS)

South Africa - Certified Kubernetes Security Specialist (CKS)

Brasil - Certified Kubernetes Security Specialist (CKS)

Canada - Certified Kubernetes Security Specialist (CKS)

中国 - Certified Kubernetes Security Specialist (CKS)

香港 - Certified Kubernetes Security Specialist (CKS)

澳門 - Certified Kubernetes Security Specialist (CKS)

台灣 - Certified Kubernetes Security Specialist (CKS)

USA - Certified Kubernetes Security Specialist (CKS)

Österreich - Certified Kubernetes Security Specialist (CKS)

Schweiz - Certified Kubernetes Security Specialist (CKS)

Deutschland - Certified Kubernetes Security Specialist (CKS)

Czech Republic - Certified Kubernetes Security Specialist (CKS)

Denmark - Certified Kubernetes Security Specialist (CKS)

Estonia - Certified Kubernetes Security Specialist (CKS)

Finland - Certified Kubernetes Security Specialist (CKS)

Greece - Certified Kubernetes Security Specialist (CKS)

Magyarország - Certified Kubernetes Security Specialist (CKS)

Ireland - Certified Kubernetes Security Specialist (CKS)

Luxembourg - Certified Kubernetes Security Specialist (CKS)

Latvia - Certified Kubernetes Security Specialist (CKS)

España - Certified Kubernetes Security Specialist (CKS)

Italia - Certified Kubernetes Security Specialist (CKS)

Lithuania - Certified Kubernetes Security Specialist (CKS)

Nederland - Certified Kubernetes Security Specialist (CKS)

Norway - Certified Kubernetes Security Specialist (CKS)

Portugal - Certified Kubernetes Security Specialist (CKS)

România - Certified Kubernetes Security Specialist (CKS)

Sverige - Certified Kubernetes Security Specialist (CKS)

Türkiye - Certified Kubernetes Security Specialist (CKS)

Malta - Certified Kubernetes Security Specialist (CKS)

Belgique - Certified Kubernetes Security Specialist (CKS)

France - Certified Kubernetes Security Specialist (CKS)

日本 - Certified Kubernetes Security Specialist (CKS)

Australia - Certified Kubernetes Security Specialist (CKS)

Malaysia - Certified Kubernetes Security Specialist (CKS)

New Zealand - Certified Kubernetes Security Specialist (CKS)

Philippines - Certified Kubernetes Security Specialist (CKS)

Singapore - Certified Kubernetes Security Specialist (CKS)

Thailand - Certified Kubernetes Security Specialist (CKS)

Vietnam - Certified Kubernetes Security Specialist (CKS)

India - Certified Kubernetes Security Specialist (CKS)

Argentina - Certified Kubernetes Security Specialist (CKS)

Chile - Certified Kubernetes Security Specialist (CKS)

Costa Rica - Certified Kubernetes Security Specialist (CKS)

Ecuador - Certified Kubernetes Security Specialist (CKS)

Guatemala - Certified Kubernetes Security Specialist (CKS)

Colombia - Certified Kubernetes Security Specialist (CKS)

México - Certified Kubernetes Security Specialist (CKS)

Panama - Certified Kubernetes Security Specialist (CKS)

Peru - Certified Kubernetes Security Specialist (CKS)

Uruguay - Certified Kubernetes Security Specialist (CKS)

Venezuela - Certified Kubernetes Security Specialist (CKS)

Polska - Certified Kubernetes Security Specialist (CKS)

United Kingdom - Certified Kubernetes Security Specialist (CKS)

South Korea - Certified Kubernetes Security Specialist (CKS)

Pakistan - Certified Kubernetes Security Specialist (CKS)

Sri Lanka - Certified Kubernetes Security Specialist (CKS)

Bulgaria - Certified Kubernetes Security Specialist (CKS)

Bolivia - Certified Kubernetes Security Specialist (CKS)

Indonesia - Certified Kubernetes Security Specialist (CKS)

Kazakhstan - Certified Kubernetes Security Specialist (CKS)

Moldova - Certified Kubernetes Security Specialist (CKS)

Morocco - Certified Kubernetes Security Specialist (CKS)

Tunisia - Certified Kubernetes Security Specialist (CKS)

Kuwait - Certified Kubernetes Security Specialist (CKS)

Oman - Certified Kubernetes Security Specialist (CKS)

Slovakia - Certified Kubernetes Security Specialist (CKS)

Kenya - Certified Kubernetes Security Specialist (CKS)

Nigeria - Certified Kubernetes Security Specialist (CKS)

Botswana - Certified Kubernetes Security Specialist (CKS)

Slovenia - Certified Kubernetes Security Specialist (CKS)

Croatia - Certified Kubernetes Security Specialist (CKS)

Serbia - Certified Kubernetes Security Specialist (CKS)

Bhutan - Certified Kubernetes Security Specialist (CKS)

Nepal - Certified Kubernetes Security Specialist (CKS)

Uzbekistan - Certified Kubernetes Security Specialist (CKS)