title
Please take a moment to fill out this form. We will get back to you as soon as possible.
All fields marked with an asterisk (*) are mandatory.
Zero Trust Security with SPIFFE and SPIRE (LFS482)
Duration
3
Course
LNX-LFS482
Available Formats
Classroom Training, Online Training
Course Description
Overview
This course discusses the patterns and practices necessary for the adoption of Zero Trust Networking, as well as Zero Trust networking implementation models, use cases, scenarios, and outcomes enabled by open source software. You will install, make changes to, and operate SPIFFE and SPIRE deployments and harden your organization’s security postures by operationalizing a “least privilege” authorization model.Objectives
Upon completion, you’ll be able to plan and implement a Zero Trust security roadmap tailored to your organization, identify security gaps and configure features and functions in an existing infrastructure and application platform environment, and much more.
Audience
This course is designed for developers, system administrators, security professionals, and architects involved in designing, deploying, and operating medium to large microservice-based systems.
Prerequisites
-
Students should have practical experience with cloud computing platforms, deploying and managing Kubernetes clusters, and be familiar with Linux systems and command-line operations.
Topics
Introduction
- Linux Foundation
- Linux Foundation Training
- Linux Foundation Certifications
- Linux Foundation Digital Badges
- Laboratory Exercises, Solutions and Resources
- Things Change in Linux and Open Source Projects
- Distribution Details
- Labs
- Introduction and Course Flow
- Overview
- Prerequisite Skills and Knowledge
- Course Goals and Objectives
- Course Flow
- Acknowledgments
- Objectives
- Introduction to Zero Trust
- Overview
- Evolution of the Perimeter
- Evolution of the Threat Landscape
- Tenets of Trust
- Implicit vs. Explicit Trust
- What is Zero Trust?
- The Kautz Triangle
- Zero Trust Architecture (ZTA)
- Policy Decision Points (PDP)
- Policy Enforcement Points (PEP)
- NIST SP 800-207 Models
- NIST SP 800 207 Tenets
- Cryptography Fundamentals
- Overview
- Symmetric Cryptography
- Hash Functions
- Asymmetric Cryptography
- Asymmetric Cryptography - Use Cases
- Models of Trust
- Public Key Infrastructure (PKI)
- Lab 1: Getting Hands on with PKI
- Authentication, Identity Documents and Authorization
- Overview
- Core Identity Concepts
- Identity and Authentication
- Authentication and Authorization Protocols
- Authorization
- Module Summary
- Knowledge Test
- Objectives
- Introduction to SPIFFE/SPIRE
- Overview
- SPIFFE
- SPIRE
- Benefits of SPIFFE and SPIRE
- SPIFFE Concepts
- Overview
- Core SPIFFE Concepts
- Workloads
- SPIFFE IDs
- Trust Domains
- SPIFFE Verifiable Identity Documents (SVIDs)
- X509-SVID
- JWT-SVID
- SPIFFE Workload API
- Trust Bundles
- JWK Set
- Federation
- SPIRE Components
- Overview
- SPIRE Architecture
- SPIRE Plugin Architecture
- SPIRE Server
- SPIRE Agent
- Node Attestation
- Workload Attestation
- Key Manager
- SPIRE Federation Endpoint API
- Use Cases for SPIRE
- Authenticating Two Workloads Using JWT-based Authentication
- Getting Started with SPIRE
- Lab 2: Installing and Configuring SPIRE from Binaries
- Module Summary
- Knowledge Test
- Objectives
- Configuring SPIRE
- Overview
- SPIRE Server and Agent Configuration
- Configure an external Data Store
- Configure an external Key Management System
- Configure an Upstream Authority
- Node Attestation
- Workload Attestation
- Telemetry on SPIRE
- SPIRE Federation Configuration
- Managing Registration Entries
- Overview
- Options for Managing Registration Entries
- Deploying SPIRE
- Lab 3: Setup SPIRE on Kubernetes with Kind
- Module Summary
- Knowledge Test
- Objectives
- Managing SVIDS
- Overview
- Options for Retrieving SVIDs
- Lab 4: Getting SVIDS with SPIFFE-Helper
- SVID Operations with Client Libraries
- Overview
- Integrating Applications with SPIFFE
- go-spiffe
- java-spiffe
- Unofficial Client Libraries
- HTTP Proxy Integration
- Using the Workload API with go-spiffe
- Lab 5: Using the Workload API with go-spiffe
- Module Summary
- Knowledge Test
- Objectives
- Introduction to Authorization
- Overview
- What is AuthZ?
- AuthN vs AuthZ
- Authorization Models
- Policy Languages and Tools
- Overview
- Policy Engines
- Overview
- What is a Policy Engine?
- Use Cases for Policy Engines
- Open Policy Agent (OPA)
- Overview
- What is OPA?
- OPA Architecture
- Managing OPA Policies
- Introduction to Rego
- OPA Use Cases
- OPA Integrations
- Extending OPA
- Lab 6: Navigating Basic Authorization with Open Policy Agent
- Additional Policy Engines & DSLs
- Overview
- Kyverno
- Envoy as a PEP
- Module Summary
- Knowledge Test
- Objectives
- AuthZ for the SPIRE Server
- Overview
- SPIRE Policy Engine
- Network AuthZ
- Overview
- SPIRE Does Not Provide a solution to AuthZ
- Building an AuthZ Architecture
- Overview
- Combining Workload Identity and Policy Engines
- Service Mesh
- Overview
- Service Mesh Architecture
- Benefits of a Service Mesh Architecture
- Open Source Projects
- Zero Trust in Service Mesh
- Overview
- NIST SP 800-207a
- Multi-Cloud Zero Trust Architecture (ZTA)
- Lab 7: Integrating SPIRE with OPA and Envoy
- Designing the SPIFFE ID Schema
- Overview
- SPIFFE ID Schema
- Extending the SPIFFE ID Schema
- AuthZ Strategy
- SPIRE and OIDC
- Overview
- SPIRE and OIDC Authentication
- Federation with OIDC-Provider Systems
- Lab 08: OpenID Connect Discovery
- Module Summary
- Course Flow
- Knowledge Test
- Objectives
- Scaling and Growing SPIRE
- High Availability (HA)
- Lab 9: Deploying SPIRE in High Availability Mode
- SPIRE Architectures Continued
- Single Trust Domain Deployment
- Nested SPIRE
- Lab 10: Advanced Configuration 1 - Nested SPIRE
- Federated SPIRE
- Lab 11: Advanced Configuration 2 - Federated SPIRE
- Deployment Sizing Considerations
- Module Summary
- Knowledge Test
- Objectives
- Day Two Operations
- Overview
- Upgrading SPIRE
- Upgrading SPIRE
- Monitoring SPIRE
- Logging in SPIRE
- Disaster Recovery
- Overview
- Server Failure
- Database Failure
- Key Material Compromise
- Lab 12: Day Two Operations for SPIRE
- Resources
- What Can Help, and Where to Look
- Module Summary
- Knowledge Test
- Objectives
- Open Source Integrations
- Overview
- Delivering SPIFFE identities
- AuthZ/AuthN
- Supply Chain Security
- Other Open Source Projects
- Vendor integrations
- Overview
- AWS App Mesh
- Google Cloud
- Summary of SPIRE Integrations
- Lab 13: Cilium with SPIRE
- Module Summary
- Knowledge Test
Related Courses
-
RHEL SELinux Policy Administration
OSUN-429- Duration: 3 Days
- Delivery Format: Classroom Training, Online Training
- Price: 1,755.00 USD
-
Microsoft Security Operations Analyst
MOC-SC-200T00- Duration: 4 Days
- Delivery Format: Classroom Training, Online Training
- Price: 2,380.00 USD
Self-Paced Training Info
Learn at your own pace with anytime, anywhere training
- Same in-demand topics as instructor-led public and private classes.
- Standalone learning or supplemental reinforcement.
- e-Learning content varies by course and technology.
- View the Self-Paced version of this outline and what is included in the SPVC course.
- Learn more about e-Learning
Course Added To Shopping Cart
bla
bla
bla
bla
bla
bla
Self-Paced Training Terms & Conditions
??spvc-wbt-warning??
Exam Terms & Conditions
??exam-warning??
??group-training-form-area??
??how-can-we-help-you-area??
??personalized-form-area??
??request-quote-area??
Sorry, there are no classes that meet your criteria.
Please contact us to schedule a class.
STOP! Before You Leave
Save 0% on this course!
Take advantage of our online-only offer & save 0% on any course !
Promo Code skip0 will be applied to your registration
Nothing yet
Purchase Information
??elearning-coursenumber?? ??coursename??
View Cart
title
Please take a moment to fill out this form. We will get back to you as soon as possible.
All fields marked with an asterisk (*) are mandatory.