• Post category:StudyBullet-12
  • Reading time:12 mins read


Master Apparmor, Clair, Quay, Anchore, Swarm, Portainer, Rancher, KubeBench, Prometheus and more for DevOps security

What you will learn

Apply security to the main container platforms: Docker and Kubernetes

Learn best Docker security practices

Create your own rived image registry to prevent images to be accessible to the world

Review Docker Content Trust and Docker Registry

Upload images to Docker Hub, Quay and Harbor

Implement Docker daemon security

Implement AppArmor and Seccomp security profiles to provide Linux kernel enhancement features

Implement Docker Bench Security

Learn best Docker security practices

Discover Docker vulnerabilities using Clair and Anchore

Learn static security analysis tools

Explore the main Docker container threats

Learn how to create Docker secrets

Link Docker containers

Docker networking security

Manage CPU, memory and RAM performance of your containers

Administrate your Docker containers with Portainer and Rancher

Launch Kubernetes using Minikube

Apply least privilege principle to protect Kubernetes clusters

Use CIS Kubernetes Benchmark guide

Analyze security and vulnerabilities in Kubernetes pods, clusters and nodes

Monitor Kubernetes in production using Prometheus and Grafana

Description

DevSecOps stands for development, security, and operations. It’s an approach to culture, automation, and platform design that integrates security as a shared responsibility throughout the entire IT lifecycle. DevOps isn’t just about development and operations teams. If you want to take full advantage of the agility and responsiveness of a DevOps approach, IT security must also play an integrated role in the full life cycle of your apps.

This course is a complete step by step guide for implementing best security practices and tools on your DevOps framework. You will start from the very basics by exploring the DevOps architecture and how it is related to DevSecOps. The you will learn the two main container management platforms: Docker and Kubernetes. You will master container management, working with Docker files, getting and building your own container images and optimizing them.

In the rest of the sections you will master the implementation of the extra security layer on your DevOps tools. Firstly, you will learn how to use the Docker Registry and build a registry on your own. I will show you how to use Docker Content Thrust and protect your docker daemon and host by applying Apparmor and Seccomp security profiles, implementing Docker Bench Security and and auditing the your Docker host. You will also learn how to protect and analyze vulnerabilities your docker images to prevent corruption using Clair, Quay, Anchore and the CVE database. You will explore how to create and manage Docker secrets, networks and port mapping. You will be able to use security monitoring tools such as cAdvisor, Dive, Falco and administration tools such as Portainer, Rancher and Openshift.

Finally you will focus on Kubernetes Security practices. You will learn how to find, solve and prevent Kubernetes security risks and apply best security practices. I will show you how to use KubeBench and Kubernetes Dashboard to enhance your Kubernetes Security and Prometheus and Grafana to monitor and observe  our Kubernetes clusters for vulnerabilities.

Here is the complete course content by sections:

Section 1:  You will review DevSecOps challenges, methodologies, and tools to improve the security of applications. The idea of DevSecOps implement security early in the DevOps in the application design, development, and delivery processes.

Section 2: You will review main containers platforms that provide infrastructure for both the development and operations teams, like Docker and Kubernetes. We will also review  alternative tools like Podman.

Section 3: Master Docker manages images and containers, explores the main commands used for generating our images from Dockerfile, and learn how to optimize our Docker images, minimizing their size to reducing the attack surface.

Section 4: Learn security best practices and other aspects like Docker capabilities, which containers leverage in order to provide more features, such as the privileged container. Learn to create private registry to prevent your images to be accessible to the world. You will review Docker Content Trust and Docker Registry, which provide a secure way to upload our images in Docker Hub platform and other registries like Quay and Harbor.

Section 5: Docker daemon and AppArmor and Seccomp profiles, which provide kernel-enhancement features to limit system calls. Also, we will review tools like Docker bench security and Lynis, which follow security best practices in the Docker environment, and some of the important recommendations that can be followed during auditing and Docker deployment in a production environment.


Get Instant Notification of New Courses on our Telegram channel.


Section 6: Here you will learn best practices for building container images securely. We will review some open source tools, such as Clair and Anchore, to discover vulnerabilities in container images by learning static analysis tools that analyze the different layers that compose an image. As a result, developers will be able to detect vulnerabilities in container applications before uploading them to production.

Section 7: You will learn about the main Docker container threats, the main vulnerabilities we can find in Docker images, and some services and tools for getting information about these vulnerabilities. As a result, developers will have the capacity to obtain details about vulnerabilities in container applications.

Section 8: Learn Docker secrets and the essential components of Docker networking, including how we can communicate with and link Docker containers. We will also review other concepts like port mapping, which Docker uses for exposing the TCP ports that provide services from the container to the host so that users accessing the host can access a container’s services.

Section 9: It is important to define a comprehensive strategy to monitor your Docker infrastructure with a native collection source for events, statistics, configurations, and records and provide views on the performance of the CPU, memory, and network containers.

Section 10: Learn some of the open source tools available for Docker container administration, such as Portainer, Rancher, and Openshift.

Section 11: Kubernetes architecture, components, objects, and networking model. We will also review different tools for working with Kubernetes, explaining minikube as the main tool for deploying a cluster.

Section 12: Kubernetes security and best practices for securing components and pods by applying the principle of least privilege in Kubernetes.

Section 13: Kubernetes security and Kubernetes bench for security project to execute controls documented in CIS Kubernetes Benchmark guide. We will also review main security projects for analyzing security in Kubernetes components and more critical vulnerabilities discovered in Kubernetes in the last few years.

Section 14: Review production capabilities when running Kubernetes. We will first analyze observability and monitoring in the context of Kubernetes, and then we will review Kubernetes dashboard for getting metrics in your cluster. You will look at the Kubernetes stack for observability and monitoring with Prometheus and Grafana.

English
language

Content

Introduction

Course Notes & Source Code

DevOps Architecture

Introducing DevOps in IT Delivery
Creating a Basic Architecture
DevOps Components

DevSecOps Architecture

Intro to DevSecOps Ecosystem
DevSecOps Pipeline
Applying DevSecOps to AWS, Azure and Google Claud
Deployment and Industry Security Frameworks

Container Platforms

Docker Containers
Working with Docker
Podman and Container Management
Kubernetes

Managing Containers and Docker Images

Managing Docker Images
Dockerfile Commands
Managing Docker containers
Optimizing Docker Images

Docker Security

Docker Security Principals
Docker Capabilities
Docker Content Thrust
Docker Registry

Docker Host Decurity

Daemin Security
Apparmor and Seccomp Profiles
Docker Bench Security

Docker Images Security

Docker Hub Repository and Security Scanning
Scanning Docker Images with Clair and Quay
Analyzing Docker Images with Anchore

Auditing and Analyzing Vulnerabilities in Docker Containers

Docker Threats and Attacks
CVE in Docker Images

Managing Docker Secrets and Networks

Managing Secrets in Docker
Container Networking and Managing in Docker
Containers Communication and Port Mapping
Creating and Managing Docker Networks

Docker Container Monitoring

Container Metrics and events
Performance Monitoring

Docker Container Administration

Administration with Portainer
Administration with Rancher

Kubernetes Architecture

Kubernetes Architecture
Kubernetes Objects
Tools for Deploying Kubernetes

Kubernetes Security

Introduction to Kubernetes Security
Kubernetes Security Best Practices
Analyzing Kubernetes Components Security

Auditing and Analyzing Vulnerabilities in Kubernetes

KubeBench Security
Kubernetes Security Projects and Kubesec
Analyzing Kubernetes Vulnerabilities with CVEs

Monitoring Kubernetes

Kubernetes Dashboard and Cluster
Enhancing Observability with Prometheus
Collecting and Exploring Matrices with Grafina