دسترسی نامحدود
برای کاربرانی که ثبت نام کرده اند
دانلود کتاب Certified Kubernetes Security Specialist (CKS) Study Guide: In-Depth Guidance and Practice
دانلود کتاب راهنمای مطالعه متخصص امنیت Kubernetes (CKS) راهنمای مطالعه: راهنمایی و تمرین عمیق
مشخصات کتاب
Certified Kubernetes Security Specialist (CKS) Study Guide: In-Depth Guidance and Practice
ویرایش: 1
نویسندگان: Benjamin Muschko
سری:
ISBN (شابک) : 1098132971, 9781098132972
ناشر: O'Reilly Media
سال نشر: 2023
تعداد صفحات: 214
زبان: English
فرمت فایل : PDF (درصورت درخواست کاربر به PDF، EPUB یا AZW3 تبدیل می شود)
حجم فایل: 5 مگابایت
قیمت کتاب (تومان) : 70,000
در صورت تبدیل فایل کتاب Certified Kubernetes Security Specialist (CKS) Study Guide: In-Depth Guidance and Practice به فرمت های PDF، EPUB، AZW3، MOBI و یا DJVU می توانید به پشتیبان اطلاع دهید تا فایل مورد نظر را تبدیل نمایند.
توجه داشته باشید کتاب راهنمای مطالعه متخصص امنیت Kubernetes (CKS) راهنمای مطالعه: راهنمایی و تمرین عمیق نسخه زبان اصلی می باشد و کتاب ترجمه شده به فارسی نمی باشد. وبسایت اینترنشنال لایبرری ارائه دهنده کتاب های زبان اصلی می باشد و هیچ گونه کتاب ترجمه شده یا نوشته شده به فارسی را ارائه نمی دهد.
توضیحاتی درمورد کتاب به خارجی
فهرست مطالب
Copyright Table of Contents Preface Who This Book Is For What You Will Learn Structure of This Book Conventions Used in This Book Using Code Examples O’Reilly Online Learning How to Contact Us Acknowledgments Chapter 1. Exam Details and Resources Kubernetes Certification Learning Path Kubernetes and Cloud Native Associate (KCNA) Kubernetes and Cloud Native Security Associate (KCSA) Certified Kubernetes Application Developer (CKAD) Certified Kubernetes Administrator (CKA) Certified Kubernetes Security Specialist (CKS) Exam Objectives Curriculum Cluster Setup Cluster Hardening System Hardening Minimize Microservice Vulnerabilities Supply Chain Security Monitoring, Logging, and Runtime Security Involved Kubernetes Primitives Involved External Tools Documentation Candidate Skills Practicing and Practice Exams Summary Chapter 2. Cluster Setup Using Network Policies to Restrict Pod-to-Pod Communication Scenario: Attacker Gains Access to a Pod Observing the Default Behavior Denying Directional Network Traffic Allowing Fine-Grained Incoming Traffic Applying Kubernetes Component Security Best Practices Using kube-bench The kube-bench Verification Result Fixing Detected Security Issues Creating an Ingress with TLS Termination Setting Up the Ingress Backend Creating the TLS Certificate and Key Creating the TLS-Typed Secret Creating the Ingress Calling the Ingress Protecting Node Metadata and Endpoints Scenario: A Compromised Pod Can Access the Metadata Server Protecting Metadata Server Access with Network Policies Protecting GUI Elements Scenario: An Attacker Gains Access to the Dashboard Functionality Installing the Kubernetes Dashboard Accessing the Kubernetes Dashboard Creating a User with Administration Privileges Creating a User with Restricted Privileges Avoiding Insecure Configuration Arguments Verifying Kubernetes Platform Binaries Scenario: An Attacker Injected Malicious Code into Binary Verifying a Binary Against Hash Summary Exam Essentials Sample Exercises Chapter 3. Cluster Hardening Interacting with the Kubernetes API Processing a Request Connecting to the API Server Restricting Access to the API Server Scenario: An Attacker Can Call the API Server from the Internet Restricting User Permissions Scenario: An Attacker Can Call the API Server from a Service Account Minimizing Permissions for a Service Account Updating Kubernetes Frequently Versioning Scheme Release Cadence Performing the Upgrade Process Summary Exam Essentials Sample Exercises Chapter 4. System Hardening Minimizing the Host OS Footprint Scenario: An Attacker Exploits a Package Vulnerability Disabling Services Removing Unwanted Packages Minimizing IAM Roles Scenario: An Attacker Uses Credentials to Gain File Access Understanding User Management Understanding Group Management Understanding File Permissions and Ownership Minimizing External Access to the Network Identifying and Disabling Open Ports Setting Up Firewall Rules Using Kernel Hardening Tools Using AppArmor Using seccomp Summary Exam Essentials Sample Exercises Chapter 5. Minimizing Microservice Vulnerabilities Setting Appropriate OS-Level Security Domains Scenario: An Attacker Misuses root User Container Access Understanding Security Contexts Enforcing the Usage of a Non-Root User Setting a Specific User and Group ID Avoiding Privileged Containers Scenario: A Developer Doesn’t Follow Pod Security Best Practices Understanding Pod Security Admission (PSA) Enforcing Pod Security Standards for a Namespace Understanding Open Policy Agent (OPA) and Gatekeeper Installing Gatekeeper Implementing an OPA Policy Managing Secrets Scenario: An Attacker Gains Access to the Node Running etcd Accessing etcd Data Encrypting etcd Data Understanding Container Runtime Sandboxes Scenario: An Attacker Gains Access to Another Container Available Container Runtime Sandbox Implementations Installing and Configuring gVisor Creating and Using a Runtime Class Understanding Pod-to-Pod Encryption with mTLS Scenario: An Attacker Listens to the Communication Between Two Pods Adopting mTLS in Kubernetes Summary Exam Essentials Sample Exercises Chapter 6. Supply Chain Security Minimizing the Base Image Footprint Scenario: An Attacker Exploits Container Vulnerabilities Picking a Base Image Small in Size Using a Multi-Stage Approach for Building Container Images Reducing the Number of Layers Using Container Image Optimization Tools Securing the Supply Chain Signing Container Images Scenario: An Attacker Injects Malicious Code into a Container Image Validating Container Images Using Public Image Registries Scenario: An Attacker Uploads a Malicious Container Image Whitelisting Allowed Image Registries with OPA GateKeeper Whitelisting Allowed Image Registries with the ImagePolicyWebhook Admission Controller Plugin Implementing the Backend Application Configuring the ImagePolicyWebhook Admission Controller Plugin Static Analysis of Workload Using Hadolint for Analyzing Dockerfiles Using Kubesec for Analyzing Kubernetes Manifests Scanning Images for Known Vulnerabilities Summary Exam Essentials Sample Exercises Chapter 7. Monitoring, Logging, and Runtime Security Performing Behavior Analytics Scenario: A Kubernetes Administrator Can Observe Actions Taken by an Attacker Understanding Falco Installing Falco Configuring Falco Generating Events and Inspecting Falco Logs Understanding Falco Rule File Basics Overriding Existing Rules Ensuring Container Immutability Scenario: An Attacker Installs Malicious Software Using a Distroless Container Image Configuring a Container with a ConfigMap or Secret Configuring a Read-Only Container Root Filesystem Using Audit Logs to Monitor Access Scenario: An Administrator Can Monitor Malicious Events in Real Time Understanding Audit Logs Creating the Audit Policy File Configuring a Log Backend Configuring a Webhook Backend Summary Exam Essentials Sample Exercises Appendix A. Answers to Review Questions Chapter 2, “Cluster Setup” Chapter 3, “Cluster Hardening” Chapter 4, “System Hardening” Chapter 5, “Minimize Microservice Vulnerabilities” Chapter 6, “Supply Chain Security” Chapter 7, “Monitoring, Logging, and Runtime Security” Index About the Author Colophon
