3-Day Docker and Kubernetes Security Hardening in Dallas, Cloud Technology Experts, Tuesday, 19. February 2019

This course teaches microservices application Security with Docker and Kubernetes. You will learn how to secure micro-services applications developed with Docker and Kubernetes. You will learn how to handle the challenges of container security and be able to select the right tools to help with that challenge.
This course is a combination of Concepts and hand-on workshop.
At the end of the training course, attendees will know how to secure Docker, Kubernetes infastructure, be able to select the right security tools and technologies from the CNCF landscape and be able to secure  microservice applications in a production environment.

Security Architects
Application Architects
Systems Administrators
Systems engineers
System integrators

By the end of the training, participants will be able to:

Understand cloud native application Landscape and Security Tools
Secure a Docker Infrastructure
Secure a Kubernetes Infrasturcture
Undertand Best practices for securing Production docker/Kubernetes
Use CIS Benchmarkes for securing Docker/Kubernetes

The following will be an advantage:

Previous experience with Docker/Kubernetes Concepts
Having attended the Kubernetes Administration course or Kubernetes 1-Day Course will be advantageus
Previous knowledge of cloud computing concepts
Basic/Advanced knowledge of Linux is recommended

3-Day Curriculum

Introduction to Docker/Kubernetes Architectures
Overview of Docker/Kubernetes Security framework
Secure your Docker Images Build (best Practices)
Implementing strategies to prevent Container breakout  

      Namespaces to limit what a container can do
      Restrict Linux capabilities
      Enable SELinux
      Enable AppArmor
      Utilize Seccomp to restrict syscalls
      Configure Cgroups

Other Docker security Measures

     Use a minimal Host OS
     Update system patches
     Conduct security auditing and compliance checks
     Network security: AT rest and in motion  network encryption

Container Private Registry
The Update Framework: Notary
The Update Framework: TUF


 Secure the Control Plane

Protect the API Server
Protect the Controller manager
Secure external ports
Protect the Scheduler
Limit/restrict console access
TLS Certificates

Secure the Data Plane

Restrict Kubelet permissions
Kubelet Hardening

AAA (Authentication, Authorization and Admission Controllers)

User and Service accounts
Authentication with Tokens, Certificates, Password
Authentication with LDAP, OpenID Connect
RBACs (roles, clusterrole, role binding and cluster role bindings)
Kubernetes communication security: certificates
Kubernetes ConfigMaps and Secrets


Pod Level Security

Kubernetes security Context
Pod Security Policy (PSP)

Introduction to Kubernetes Network Interface (CNI)

CNI Network Policies
Enforce isolation by application / service

Production Security Tips and Best Practices

Protect worker nodes from host privilege escalations, suspicious processes or file system activity
Capture packets for security events
Quarantine or remediate compromised containers
Scan containers & hosts for vulnerabilities
Alert, log, and respond in real-time to security incidents
Authentication and Authorization
Monitor containers for suspicious process or file system activity
Monitor system container connections and processes in production
Checks for your production ready cluster
Monitor and Inspect network connections for application attacks

Discussion of commercial/Open source Security applications
Secure your infrastructure with Istio Service Mesh
CIS Benchmarks
Course roundup

3-Day Docker and Kubernetes Security Hardening in Dallas

Find more events around you
Get event recommendations based on your Facebook taste. Get it now!Show me the suitable events for meNot now