Change Location × Usa, Nigeria

    Recent Locations

      3-Day Docker and Kubernetes Security Hardening in Silicon Valley in Usa


      • 3-Day Docker and Kubernetes Security Hardening in Silicon Valley Photo #1
      1 of 1
      December 17, 2019

      Tuesday   9:00 AM

      2885 Lakeside Drive, Santa Clara , ***Location may change***
      Usa, California

      Map
      Performers:
      • No Performers Listed
      EVENT DETAILS
      3-Day Docker and Kubernetes Security Hardening in Silicon Valley

      This course teaches microservices application Security with Docker and Kubernetes. You will learn how to secure micro-services applications developed with Docker and Kubernetes. You will learn how to handle the challenges of container security and be able to select the right tools to help with that challenge. This course is a combination of Concepts and hand-on workshop. At the end of the training course, attendees will know how to secure Docker, Kubernetes infrastructure, be able to select the right security tools and technologies from the CNCF landscape and be able to secure microservice applications in a production environment. WHO SHOULD ATTEND? Security Architects Application Architects Systems Administrators DevOps Systems engineers System integrators COURSE OBJECTIVES By the end of the training, participants will be able to: Understand cloud native application Landscape and Security Tools Secure a Docker Infrastructure Secure a Kubernetes Infrastructure Understand Best practices for securing Production docker/Kubernetes Use CIS Benchmarks for securing Docker/Kubernetes PREREQUISITES The following will be an advantage: Previous experience with Docker/Kubernetes Concepts Having attended the Kubernetes Administration course or Kubernetes 1-Day Course will be advantageous Previous knowledge of cloud computing concepts Basic/Advanced knowledge of Linux is recommended 3-Day Curriculum DAY1: DOCKER SECURITY Introduction to Docker/Kubernetes Architectures Overview of Docker/Kubernetes Security framework Secure your Docker Images Build (best Practices) Implementing strategies to prevent Container breakout         Namespaces to limit what a container can do       Restrict Linux capabilities       Enable SELinux       Enable AppArmor       Utilize Seccomp to restrict syscalls       Configure Cgroups Other Docker security Measures      Use a minimal Host OS      Update system patches      Conduct security auditing and compliance checks      Network security: AT rest and in motion  network encryption Container Private Registry The Update Framework: Notary The Update Framework: TUF   DAY 2: SECURING KUBERNETES CLUSTER  Secure the Control Plane Protect the API Server Protect the Controller manager Secure external ports Protect the Scheduler Limit/restrict console access TLS Certificates Secure the Data Plane Restrict Kubelet permissions Kubelet Hardening AAA (Authentication, Authorization and Admission Controllers) User and Service accounts Authentication with Tokens, Certificates, Password Authentication with LDAP, OpenID Connect RBACs (roles, clusterrole, role binding and cluster role bindings) Kubernetes communication security: certificates Kubernetes ConfigMaps and Secrets   DAY 3: SECURING KUBERNETES OBJECTS AND PRODUCTION BEST PRACTICES Pod Level Security Kubernetes security Context Pod Security Policy (PSP) Introduction to Kubernetes Network Interface (CNI) CNI Network Policies Enforce isolation by application / service Production Security Tips and Best Practices Protect worker nodes from host privilege escalations, suspicious processes or file system activity Capture packets for security events Quarantine or remediate compromised containers Scan containers & hosts for vulnerabilities Alert, log, and respond in real-time to security incidents Authentication and Authorization Monitor containers for suspicious process or file system activity Monitor system container connections and processes in production Checks for your production ready cluster Monitor and Inspect network connections for application attacks Discussion of commercial/Open source Security applications Secure your infrastructure with Istio Service Mesh CIS Benchmarks Course roundup  

      Categories: Science

      Event details may change at any time, always check with the event organizer when planning to attend this event or purchase tickets.