Autoplay
Autocomplete
Previous Lesson
Complete and Continue
Certified Kubernetes Security Specialist (CKS)
Introduction
Course Introduction (8:55)
Exam Information (1:46)
Join our Slack Channel
Understanding the Kubernetes Attack Surface
The Attack (8:06)
The 4C's of Cloud Native security (3:12)
Cluster Setup and Hardening
Section Introduction (1:14)
Course Resources
What are CIS Benchmarks (5:52)
Lab - Run CIS Benchmark Assessment tool on Ubuntu
CIS benchmark for Kubernetes (2:40)
Kube-bench (1:14)
Lab - Kube-bench
Kubernetes Security Primitives (3:18)
Authentication (5:34)
Service Accounts (8:01)
Lab - Service Accounts
TLS Introduction (1:28)
TLS Basics (20:03)
TLS in Kubernetes (7:48)
TLS in Kubernetes - Certificate Creation (10:54)
View Certificate Details (4:30)
Labs - View Certificates
Certificates API (6:06)
Labs - Certificates API
KubeConfig (8:31)
Labs - KubeConfig
API Groups (5:52)
Authorization (7:30)
RBAC (4:28)
Labs - RBAC
Cluster Roles and Role Bindings (4:33)
Labs - Cluster Roles and Role Bindings
Kubelet Security (14:47)
Labs - Kubelet Security
Kubectl Proxy & Port Forward (6:48)
Labs - Kubectl Proxy & Port Forward
Kubernetes Dashboard (6:12)
Securing Kubernetes Dashboard (1:38)
Labs - Secure Kubernetes Dashboard
Verify platform binaries before deploying (2:11)
Labs - Verify platform binaries
Kubernetes Software Versions (2:54)
Cluster Upgrade Process (11:10)
Demo - Cluster Upgrade (11:37)
Labs - Cluster Upgrade
Network Policy (7:51)
Developing Network Policies (11:35)
Labs - Network security policy
Ingress (22:33)
Labs - Ingress - 1
Ingress - Annotations and rewrite-target
Labs - Ingress - 2
Docker Service Configuration (6:57)
Docker - Securing the Daemon (7:25)
Feedback
System Hardening
Section Introduction (1:30)
Least Privilege Principle (5:15)
Minimize host OS footprint Intro (0:50)
Limit Node Access (5:47)
Lab - Limit Node Access
SSH Hardening (5:48)
Privilege Escalation in Linux (3:05)
Lab - SSH Hardening and sudo
Remove Obsolete Packages and Services (2:55)
Restrict Kernel Modules (2:31)
Identify and Disable Open Ports (2:29)
Lab - Identify open ports, remove packages services
Minimize IAM roles (5:46)
Minimize external access to the network (2:12)
UFW Firewall Basics (5:54)
Lab - UFW Firewall
Linux Syscalls (4:20)
AquaSec Tracee (3:20)
Restrict syscalls using seccomp (8:36)
Implement Seccomp in Kubernetes (7:50)
Lab - Seccomp
AppArmor (4:08)
Creating AppArmor Profiles (5:11)
AppArmor in Kubernetes (2:43)
Linux Capabilities (4:04)
Lab - AppArmor
Feedback
Minimize Microservice Vulnerabilities
Section Introduction (0:53)
Security Contexts (1:51)
Labs - Security Contexts
Admission Controllers (8:06)
Labs - Admission Controllers
Validating and Mutating Admission Controllers (10:25)
Labs - Validating and Mutating Admission Controllers
Pod Security Policies (7:38)
Labs - PSP
Open Policy Agent (OPA) (9:48)
Labs - OPA
OPA in Kubernetes (9:45)
Labs - OPA in Kubernetes
OPA Gatekeeper in Kubernetes
Manage Kubernetes secrets (5:38)
A note on Secrets
Lab - Manage Kubernetes secrets
Container Sandboxing (6:52)
gVisor (4:55)
kata Containers (2:24)
Runtime Classes (3:17)
Using Runtimes in Kubernetes (2:23)
Lab - Using Runtimes in Kubernetes
One way SSL vs Mutual SSL (4:37)
Implement pod to pod encryption by use of mTLS (6:34)
Feedback
Supply Chain Security
Section Introduction (0:30)
Minimize base image footprint (7:24)
Image Security (4:43)
Labs - Image Security
Whitelist Allowed Registries - Image Policy Webhook (5:16)
Labs - Whitelist Allowed Registries - ImagePolicyWebhook
Use static analysis of user workloads (e.g.Kubernetes resources, Docker files) (2:46)
Labs - kubesec
Scan images for known vulnerabilities (Trivy) (8:33)
Labs - Trivy
Feedback
Monitoring, Logging and Runtime Security
Section Introduction (0:50)
Perform behavioral analytics of syscall process (4:46)
Falco Overview and Installation (2:53)
Use Falco to Detect Threats (8:39)
Falco Configuration Files (6:54)
Labs - Use Falco to detect threats
Mutable vs Immutable Infrastructure Mutable vs Immutable Infrastructure (4:49)
Ensure Immutability of Containers at Runtime (5:18)
Lab - Ensure Immutability of Containers at Runtime
Use Audit Logs to monitor access (10:17)
Labs - Use Audit Logs to monitor access
Feedback
Mock Exams
Mock Exams Introduction
Mock Exam 1
Mock Exam 2
Mock Exam 3
Labs - Validating and Mutating Admission Controllers
Lesson content locked
If you're already enrolled,
you'll need to login
.
Enroll in Course to Unlock