As we continue the study guide for the Certified Kubernetes Security Specialist (CKS) program, be sure to check out the information and content breakdown from our previous CKS posts:
This blog references tools to set up a Kubernetes version 1.19 cluster and review the CKS – Cluster Setup section. There is the ability to create a Kubernetes cluster from our GitHub repository using Terraform and Rancher Kubernetes Engine (RKE) in Google Cloud Platform (GCP) or Amazon Web Services (AWS). This cluster environment will help to simulate a real Kubernetes environment instead of a local cluster. To get the cluster up and running, follow the readme.md that outlines what applications you will need and the repository’s general structure.
Section 5: Supply Chain Security
- Minimize base image footprint
- Secure your supply chain: whitelist allowed registries, sign and validate images
- Use static analysis of user workloads (e.g. Kubernetes resources, Dockerfiles)
- Scan images for known vulnerabilities
This section takes up 20% of the overall point total, and it is reasonable to assume 3-5 questions revolving around supply chain security. Each of the questions will also need to be completed in about 5-6 minutes on average during the exam. Below is an overview of the various concepts that the CKS will highlight in the supply chain security section.
Office Hours: Certified K8s Security Specialist (CKS) Exam
Thursday, January 21, 2021
1pm PT | 4pm ET
Core Concepts and Topics
Regardless of how this is implemented in the test, minimizing your base images is always a good idea to decrease the attack surface for your containers. Always make sure only to include the packages that are necessary for each containerized application. When choosing a base image, note how well maintained the image is and its default installed software. In the exam, I expect you will have the option of selecting from a range of base images and choosing their defaults. There may be a question that requires using Trivy to view CVEs related to a base image and then prioritizing image selection accordingly. As a core concept, image scanning and minimizing your images is a handy way to lower the attack surface within your cluster.
Secure your supply chain: whitelist allowed registries, sign and validate images
Securing the images that are allowed to run in your cluster is essential. Also, you will need to verify that the pulled image is from the correct source. The ImagePolicyWebhook admission controller will allow you to set up rules around what images should be allowed within the cluster. An example rule the admission controller could monitor is not allowing any image with the tag `latest`. You will most likely have to connect the ImagePolicyWebhook with a previously setup webhook server during the exam.
Use static analysis of user workloads (e.g. Kubernetes resources, Dockerfiles)
Static analysis might be the most straightforward concept outline in this course. You will need to vet the configuration of Kubernetes YAML files and Dockerfiles and fix any security issues. This includes setting secure base images, removing unnecessary packages, stopping containers from using elevated privileges, and removing the ability to ssh into a container. When hardening Kubernetes resources, look for elevated privileges, security contexts that allow for a UID of 0, and host volumes that should not be mounted.
Scan images for known vulnerabilities
I mentioned container scanning in the previous section, and it would seem there is some crossover between these two topics. Out of the open-source tools that are allowed, Trivy is the only one focused on container scanning. You are also allowed to use the GitHub documentation during the exam, so it’s worth bookmarking the quick start documentation.
The StackRox CKS study guide contains a list of more resources and the ability to create a Kubernetes 1.19 cluster. In the GitHub repository, six folders contain mock exam questions and answers. Make sure to star and watch the repository for new updates as you begin your quest to becoming a Certified Kubernetes Security Specialist.
Is your business effected by Cyber Crime?
If a cyber crime or cyber attack happens to you, you need to respond quickly. Cyber crime in its several formats such as online identity theft, financial fraud, stalking, bullying, hacking, e-mail fraud, email spoofing, invoice fraud, email scams, banking scam, CEO fraud. Cyber fraud can lead to major disruption and financial disasters. Contact Digitpol’s hotlines or respond to us online.
Digitpol’s Cyber Crime Investigation Unit provides investigative support to victims of cyber crimes. Digitpol is available 24/7. https://digitpol.com/cybercrime-investigation/
UK +44 20 8089 9944