CKS (Certified Kubernetes Security Specialist)

🌐 training.linuxfoundation.org

Linked to Kubernetes Security Essentials (LFS260).

Cloud Security

• Platform AbstRaction for SECurity (PARSEC) (book)
• Computer Security Resource Center Publications web page
• National Vulnerability Database (NVD) is a service provided by the National Institute of Standards and Technology (NIST), a US government physical sciences laboratory which also hosts the Computer Security Resource Center (CSRC), where Federal Information Processing Standards (FIPS) and Special Publications (SP) documents can be found, among others.
• National Checklist Program Repository page
• Center for Internet Security (CIS) is a non-profit organization working to share cybersecurity best practices, information, and tools
• CIS Benchmarks
• CIS-CAT Pro, which can be run on a system to compare and report back conformance to best practices
• kube-bench
• Homeland Security, Cybersecurity Directives lists Binding Operational Directives (BOD) for federal agencies
  • BOD 18-02: Securing High Value Assets

Installation Preparations

• Grafeas project
• gvisor
• Kata Containers
• PouchContainer
• Firecracker
• UniK
• Runtime Class
• The Update Framework (TUF)
• Uptane
• Notary

Secure the kube-apiserver

• Center for Internet Security (CIS)
• Docker Bench
• TOMOYO
• Smack (Simplified Mandatory Access Control Kernel)
• SELinux User's and Administrator's Guide
• Bane
• Advanced Intrusion Detection Environment (AIDE)
• Tripwire
• OSSEC

Other resources

• walidshaari/Certified-Kubernetes-Security-Specialist

Preparation

• AppArmor
• Two security issues with Dockerfile (one is user) and Deployment
• look at pod images and scan with try, selecting high vulnerabities
• Falco