Training Catalog‎ > ‎

5 Day Linux Security For IT Managers and System Administrators

Linux Security for IT Managers and System Administrators

Length: 5 Days

Type: Hands-On

Target Audience: System Administrators and IT managers, Integrators and Field Support/Application Engineers  interested in understanding and hardening their deployed Linux based products (Servers, IoT end-points)


As Linux (and its derivatives) have proven to be the most deployed Operating System on the planet and outside of it, it does not come free of risks. Moreover, given its roots as a General Purpose Operating System, some tradeoffs must be made between security and usability. In addition to that, being an ever evolving Open-Source ecosystem, it’s hard to keep track of the latest tools, latest bug fixes, latest bugs introduced, and best practices and configuration options. In this intensive Hands-On course, targeted mainly towards System Administrators and Field support engineers, you will learn to analyze and mitigate the risks involved with your Linux product.


Course Outline:

  • Introduction to Security

    • Legacy and modern threats

    • Physical and Hardware Security

    • Cyber Security terminology

    • Real-time attack map demonstration. Why and who should be worried.

    • Present-time attack vectors

    • Present-time defense solutions

  • Linux Startup and monitoring

    • The Linux boot sequence: from power on to login

    • Linux logging, syslog, kernel audit, system component log reports

    • Linux networking and monitoring tools

    • Auditing and detection

    • Service management and configuration (initd/upstart/systemd)

    • User management in Linux, the root user and sudo-ers.

    • Introduction to on host and on network firewalls and Intrusion Detection Systems

  • Binary level and OS level Security

    • The Gnu Compiler Collection (GCC) framework.

    • Binary exploitation: Buffer Overflow, Format string errors, integer overflow

    • Shellcode techniques: Constructions and identification

    • Heap overflows and heap spraying techniques

    • Kernel Vulnerabilities and bugs, reacting to such

    • GCC binary code protection techniques and flags

    • Kernel and userspace process level protection: ASLR, PIE, DEP

  • Access Control

    • Discretionary Access Control (DAC)

    • Permission system, privilege escalation, setuid/setguid exploitation techniques

    • Linux Capabilities

    • Mandatory Access Control (MAC), domain specific policy enforcement

    • Access Control Lists (ACL)

    • SELinux , Mandatory Access Control (MAC) and domain specific policy enforcement

    • SELinux MAC alternatives and relaxations: AppArmor, SMACK

    • Linux resource and user monitoring

    • Off device access: Forensics tools and anti-forensics techniques

  • Applied Cryptography

    • Cryptography goals: Authentication, Integrity, Encryption.

    • Symmetric and Asymmetric cipher suites

    • Random numbers, Pseudo Random Number Generation

    • Key generation techniques and trade-offs

    • Software vs. Hardware based techniques

    • Cryptography libraries

    • System wide Trusted Execution Environment/Platform Module integration

    • File system encryption, trusted boot

    • The openssl and openssh frameworks

    • Java* security, keytool, jarsigner and the Java Cryptography Extensions (optional)

    • Passwords generation and  biometric authentication

    • Network tools

  • System Level Network Security

    • Network privacy dangers: Packet sniffers and interceptors. MITM attacks

    • Certificate Authority (CA) Chain of trust: A solution and the introduced problems

    • Secure communication with TLS/SSL

    • Encrypted network privacy dangers: Sniffers and interceptors. MITM attacks

    • Application network security constraints, and attack scenarios

    • Application CA management, trusted certificate and pinning techniques

    • IP layer security, VPN and IPSEC tools.

    • Network Services security, local and remote servers.

    • Remote invocation, sniffing and mapping tools

    • DOS (Denial of Service) attacks, bugs and mitigation techniques.

  • Linux Hardening

    • The hardening lifecycle: Configuring, auditing, detecting, mitigating, patching

    • Firewalls and packet filtering: Nftables, netfilter, iptables

    • Intrusion Detection/Prevention Systems (IDS/IPS): Snort, Suricata, OSSEC

    • Linux Kernel configuration hardening

    • Linux service configuration hardening

    • Package sources and component selection

    • Advanced Linux configuration tools, procfs, sysfs, debugfs

    • Linux service selection and hardening

    • Apache and Nginx web server hardening

    • Linux user management

    • Filesystem selection: confidentiality, integrity, and performance considerations.

    • sysfs access restrictions

    • MAC policies and strategy

    • Software patches and update policies. Support channel strategies.

    • Virtualization and light virtualization: Virtual Machines,  namespaces, containers.

    • Honeypot techniques

  • Introduction to Malware Analysis

    • Testing environment considerations, Virtual Machine detection techniques

    • Malware terminology

    • Malware mutation, obfuscation, packaging

    • Malware classification and research strategy: Fingerprint, instrument, reverse.

    • Fingerprinting techniques

    • Behavioral (Dynamic) analysis techniques, Process and OS instrumentation

    • Static analysis techniques, reverse engineering

    • Taking it from here: Going beyond the intro

  • Introduction to Android Security

    • The Android init process and comparison to Linux

    • Android security model and comparison to Linux

    • SELinux implementation in Android

    • Chain of trust model and certificate attacks

    • Binary exploitation attacks

    • Taking it from here: Going beyond the intro

Comments