Back to All Events

Advanced Linux Hardening (and keeping your sanity)


  • secwest.net Vancouver Canada (map)

Description

The course shows how to effectively implement modern hardening frameworks and techniques for securing Linux-based (and secondarily *NIX systems) systems by keeping things manageable and at the same time avoiding the usual madness and confusion often created by MAC/hardening frameworks.

The goal of this course is to teach hands-on how to deal with every aspect of installing, configuring and maintaining hardening frameworks and learning the available techniques and administration for securing Linux systems. You'll learn the different architectures, implementation details, administration procedures and issues related to all the covered frameworks as well as acquire the proper skills for maintaining and troubleshooting the hardened environment. Special focus will be given to security monitoring and auditing, policy development and maintenance and hardening systems integration with your favourite distribution / OS.

Topics

You'll learn:

  • basic *NIX security concepts and techniques

  • security monitoring with Host Intrusion Detection Systems (HIDS)

  • log monitoring and correlation

    • swatch / tenshi / SEC / ...

  • file system integrity checkers

    • aide / samhain / osiris / ...

  • sensible accounts and auth token management

  • One Time Passwords

  • shell account security

  • extended POSIX ACLs

  • hardening frameworks

    • PaX / ASLR / Grsecurity

    • SELinux

    • RSBAC

    • Systrace

  • GCC hardening / Stack Smashing Protection

  • ELF hardening: PIE (Position Independent Executables) / PIC (Position Independent Code)

  • secure backup architectures

  • centralized account management with LDAP

Bonus Topic:

  • genuine Italian swearing to use when things go wrong! (and impress your co-workers)

Prerequisites

  • basic command line proficiency on *NIX systems

  • basic Linux/*NIX system administration skills

  • familiarity with Makefiles / autoconf usage and package compilation and installation

  • familiarity with Linux kernel configuration / compilation / installation

  • basic scripting skills

Prerequisite material

  • Each student must bring his own laptop running a recent Linux distribution, Fedora, RHE or Gentoo/Linux are the best choices but since the class will also focus on how to deal with this frameworks on any distribution we won't require any of those as long as it's a modern distribution capable of compiling without problems.

  • Needless to say a working network adapter (along with a IPv4 TCP/IP) stack is required.

 

Instructor: Andrea Barisani

No Bio.