Linux Security For IT Managers and System Administrators

Rating:
1 vote, average: 5.00 out of 51 vote, average: 5.00 out of 51 vote, average: 5.00 out of 51 vote, average: 5.00 out of 51 vote, average: 5.00 out of 5
Loading...
Please Log in or register to rate

Linux Security For IT Managers and System Administrators

SEC-304

As Linux (and its derivatives) have proven to be the most deployed Operating System on the planet and outside of it, it does not come free of risks. Moreover, given its roots as a General Purpose Operating System, some tradeoffs must be made between security and usability. In addition to that, being an ever evolving Open-Source ecosystem, it’s hard to keep track of the latest tools, latest bug fixes, latest bugs introduced, and best practices and configuration options.
In this intensive Hands-On course, targeted mainly towards System Administrators and Field support engineers, you will learn to analyze and mitigate the risks involved with your Linux product.

Target Audience

System Administrators and IT managers, Integrators and Field Support/Application Engineers interested in understanding and hardening their deployed Linux based products (Servers, IoT end-points)

Course Topics

Introduction to Security:

Legacy and modern threats
Physical and Hardware Security
Cyber Security terminology
Real-time attack map demonstration. Why and who should be worried
Present-time attack vectors
Present-time defense solutions

Linux Startup and monitoring:

The Linux boot sequence: from power on to login
Linux logging, syslog, kernel audit, system component log reports
Linux networking and monitoring tools
Auditing and detection
Service management and configuration (initd/upstart/systemd)
User management in Linux, the root user and sudo-ers
Introduction to on host and on network firewalls and Intrusion Detection Systems

Binary level and OS level Security:

The Gnu Compiler Collection (GCC) framework
Binary exploitation: Buffer Overflow, Format string errors, integer overflow
Shellcode techniques: Constructions and identification
Heap overflows and heap spraying techniques
Kernel Vulnerabilities and bugs, reacting to such
GCC binary code protection techniques and flags
Kernel and userspace process level protection: ASLR, PIE, DEP

Access Control:

Discretionary Access Control (DAC)
Permission system, privilege escalation, setuid/setguid exploitation techniques
Linux Capabilities
Mandatory Access Control (MAC), domain specific policy enforcement
Access Control Lists (ACL)
SELinux , Mandatory Access Control (MAC) and domain specific policy enforcement
SELinux MAC alternatives and relaxations: AppArmor, SMACK
Linux resource and user monitoring
Off device access: Forensics tools and anti-forensics techniques

Applied Cryptography:

Cryptography goals: Authentication, Integrity, Encryption
Symmetric and Asymmetric cipher suites
Random numbers, Pseudo Random Number Generation
Key generation techniques and trade-offs
Software vs. Hardware based techniques
Cryptography libraries
System wide Trusted Execution Environment/Platform Module integration
File system encryption, trusted boot
The openssl and openssh frameworks
Java* security, keytool, jarsigner and the Java Cryptography Extensions (optional)
Passwords generation and  biometric authentication
Network tools

System Level Network Security:

Network privacy dangers: Packet sniffers and interceptors. MITM attacks
Certificate Authority (CA) Chain of trust: A solution and the introduced problems
Secure communication with TLS/SSL
Encrypted network privacy dangers: Sniffers and interceptors. MITM attacks
Application network security constraints, and attack scenarios
Application CA management, trusted certificate and pinning techniques
IP layer security, VPN and IPSEC tools.
Network Services security, local and remote servers.
Remote invocation, sniffing and mapping tools
DOS (Denial of Service) attacks, bugs and mitigation techniques.

Linux Hardening:

The hardening lifecycle: Configuring, auditing, detecting, mitigating, patching
Firewalls and packet filtering: Nftables, netfilter, iptables
Intrusion Detection/Prevention Systems (IDS/IPS): Snort, Suricata, OSSEC
Linux Kernel configuration hardening
Linux service configuration hardening
Package sources and component selection
Advanced Linux configuration tools, procfs, sysfs, debugfs
Linux service selection and hardening
Apache and Nginx web server hardening
Linux user management
Filesystem selection: confidentiality, integrity, and performance considerations
sysfs access restrictions
MAC policies and strategy
Software patches and update policies. Support channel strategies
Virtualization and light virtualization: Virtual Machines, namespaces, containers
Honeypot techniques

Introduction to Malware Analysis:

Testing environment considerations, Virtual Machine detection techniques
Malware terminology
Malware mutation, obfuscation, packaging
Malware classification and research strategy: Fingerprint, instrument, reverse
Fingerprinting techniques
Behavioral (Dynamic) analysis techniques, Process and OS instrumentation
Static analysis techniques, reverse engineering
Taking it from here: Going beyond the intro

Introduction to Android Security:

The Android init process and comparison to Linux
Android security model and comparison to Linux
SELinux implementation in Android
Chain of trust model and certificate attacks
Binary exploitation attacks
Taking it from here: Going beyond the intro

Detailed Course Outline
© Copyright - Skilit - Site by Dweb