Description
The course shows how to effectively implement modern hardening frameworks and techniques for securing Linux-based (and secondarily *NIX systems) systems by keeping things manageable and at the same time avoiding the usual madness and confusion often created by MAC/hardening frameworks.
The goal of this course is to teach hands-on how to deal with every aspect of installing, configuring and maintaining hardening frameworks and learning the available techniques and administration for securing Linux systems. You'll learn the different architectures, implementation details, administration procedures and issues related to all the covered frameworks as well as acquire the proper skills for maintaining and troubleshooting the hardened environment. Special focus will be given to security monitoring and auditing, policy development and maintenance and hardening systems integration with your favourite distribution / OS.
Topics
You'll learn:
basic *NIX security concepts and techniques
security monitoring with Host Intrusion Detection Systems (HIDS)
log monitoring and correlation
swatch / tenshi / SEC / ...
file system integrity checkers
aide / samhain / osiris / ...
sensible accounts and auth token management
One Time Passwords
shell account security
extended POSIX ACLs
hardening frameworks
PaX / ASLR / Grsecurity
SELinux
RSBAC
Systrace
GCC hardening / Stack Smashing Protection
ELF hardening: PIE (Position Independent Executables) / PIC (Position Independent Code)
secure backup architectures
centralized account management with LDAP
Bonus Topic:
genuine Italian swearings to use when things go wrong! (and impress your co-workers)
Prerequisites
basic command line proficiency on *NIX systems
basic Linux/*NIX system administration skills
familiarity with Makefiles / autoconf usage and package compilation and installation
familiarity with Linux kernel configuration / compilation / installation
basic scripting skills
Prerequisite material
Each student must bring his own laptop running a recent Linux distribution, Fedora, RHE or Gentoo/Linux are the best choices but since the class will also focus on how to deal with this frameworks on any distribution we won't require any of those as long as it's a modern distribution capable of compiling without problems.
Needless to say a working network adapter (along with a IPv4 TCP/IP) stack is required.
Andrea Barisani
Andrea Barisani is a system administrator and security consultant. His professional career began 8 years ago but all really started when a Commodore-64 first arrived in his home when he was 10. Now, 16 years later, Andrea is having fun with large-scale IDS/Firewalls deployment and administration, forensic analysis, vulnerability assessment, penetration testing, security training and his Open Source projects. He eventually found that system and security administration are the only effective way to express his need for paranoia. He's currently involved with the Gentoo project managing infrastructure server security being a member of the Gentoo Security and Infrastructure Teams along with distribution development. Being an active member of the international Open Source and security community he's maintainer/author of the tenshi, ftester and openssh-lpk projects and he's been involved in the Open Source Security Testing Methodology Manual, becoming a ISECOM Core Team member. Outside the community he has been a security consultant for Italian firms and he's now the co-founder and Chief Security Engineer of Inverse Path Ltd.