c.system-hardening.md

System Hardening (15%)

The "system hardening" section is all about making sure the computers running the Kubernetes cluster are as secure as possible. We'll talk about things that are really important in Linux, like turning off certain services and getting rid of unnecessary software, handling user and group accounts, blocking off ports, and setting up firewalls. Plus, we'll dive into tools for making the Linux kernel tougher, which help limit what a program running in a container can do on the computer itself.

• Minimizing the host OS footprint

• Minimizing IAM roles

• Minimizing external access to the network

• Using kernel hardening tools like AppArmor and seccomp

  • AWS > Security best practices in IAM

  • GCP - Using IAM securely

  • Azure > Best practices for Azure RBAC

  • Kubernetes Documentation > Concepts > Services, Load Balancing, and Networking > Network Policies

  • Kubernetes Documentation > Tutorials > Security > Restrict a Container's Access to Resources with AppArmor

  • Kubernetes Documentation > Tutorials > Security > Restrict a Container's Syscalls with seccomp

  • AppArmor Documentation