Product Description
The intention of this course is to cover the concepts, techniques and skills used to harden Linux systems. This course serves as general guidance for Debian based systems and how to install, configure and provide and overall secure environment for both desktop and server based systems.
Course benefits:
Upon completion of this course attendees will have more specific understanding of how the hardening of Linux systems work and how to apply that knowledge along with the proper tools.
Among covered topics are:
- BIOS Security
- GRUB Hardening
- NFS Security
- SSH and remote access
- FTP and HTTP configuration security
- Determining firewall configuration
Participants will have a chance to learn and practice during the course. Examples of practical topics include:
- Deploying disk encryption through LUKS
- Planning and configuring file permissions
- Setting account policies
- Configuring password policies
- Configuring FTP
- Advanced DNS configuration
- Configuring SMB, SAMBA
- SYSLOG operation and configuration
- Configuring Iptables
- Working with rules
Course general information:
DURATION: 18 hours
CPE POINTS: On completion you get a certificate granting you 18 CPE points.
Course format:
- Self-paced
- Pre-recorded
- Accessible even after you finish the course
- No preset deadlines
- Materials are video, labs, and text
- All videos captioned
What will you need?
A Debian- based client or server system
What should you know before you join?
Attendees should have a basic understanding of Linux system commands, system administration and basic security concepts.
Your instructor: Sean Oriyano
Sean Oriyano is a seasoned security professional and entrepreneur. Over the past 25 years he has divided his time between writing, research, consulting and training various organizations on both IT and security topics. As an instructor and consultant Sean has traveled worldwide sharing his knowledge as well as gaining exposure to many different environments and cultures along the way. His broad knowledge and easy to understand manner, with a healthy dose of humor, have led to him being a regularly requested instructor and public speaker.
To receive email notification about this course sign up here:
COURSE SYLLABUS
Module 1: Planning and Deploying a Secure Installation
This module will discuss the foundation of a hardened and secure Linux system which is the installation itself. The concept of this module is to plan, deploy and configure a system for a secure installation of the Linux OS.
- Determining security requirements
- BIOS Security
- Defining a partition setup
- Applying updates and patches
- A word about SELinux
The exercise in this module will walk through the installation of the Debian OS. Each of the points covered in the topics section will be covered during an actual installation within a virtual environment.
Module 2: Configuring System Security
This module will focus on post-installation tasks and option to harden a host system.
- GRUB Hardening
- Deploying disk encryption through LUKS
- Configuring the root account
- Planning and configuring file permissions
- Setting account policies
- Configuring password policies
- Configuring logging
- Auditing practices
Exercises in this chapter will focus on how to configure GRUB, Deploying disk encryption, configuring permissions and configuring logging.
Module 3: Configuring Network Services
The goal of this module is to discuss and demonstrate how to identify insecure or potentially vulnerable network services and apply various techniques designed to reduce or eliminate these issues. Covered will be common network services that may be present on servers and client systems.
- Disabling internet services
- Using TCP wrappers to access inetd services
- Identifying and disabling run-time services
- Disabling run-time services
- NFS Security
- Configuring FTP
Exercises in this module will be broken down into the following
- How to disable internet services
- Configuring TCP wrappers
- Configuring DNS
- Securing email services
- Configuring DNS servers and services
- Securing SMTP email services
- Configuring NFS Security options
- Configuring FTP services and accounts
Module 4: Securing Server Network Configuration
This module is designed to build on the concepts of the previous module by covering additional services and applications that can be utilized to secure these services. These various services represent some of the most commonly deployed, vulnerable and can be remedied through various techniques.
- SSH and remote access
- Advanced DNS configuration
- Configuring SMB, SAMBA
- SYSLOG operation and configuration
- FTP and HTTP configuration security
Exercises in this chapter cover
- Deploying and configuring SSH
- Configuring DNS security
- Configuring SMB services and testing
- Configuring and testing SYSLOG
- HTTP operation options
- SSL Configuration and deployment
Module 5: Firewall Options
This module will cover an important part of system and server management which is firewalls. This module will discuss the purpose of IPCHAINS and IPTABLES and how configure each in order to get the best configuration and security possible for a server or any system using these technologies.
- Determining firewall configuration
- Configuring Iptables
- Working with rules
- Configuring firewalls to support network services
- Configuring iptables
- Configuring ingress and egress rules
Final exam
The final exam will cover how to determine the security requirements for a given system as well as how to configure each to meet a given requirement.
QUESTIONS?
If you have any questions, please contact our eLearning Manager at [email protected].
rfling –
EXCELLENT INFO ON A TOPIC THAT’S NOT USUALLY COVERED
First off I have to say I have been a real Linux fan for about three years now. I install different distros on everything from my everyday laptop, Raspberry Pi’s to desktop machines. But not once did I ever think about “hardening” any of them. I have always thought Linux to be relatively secure…and it is however if you want to take it a step further this is a course for you.
This course does more than take you through a bunch of modules, it takes you on a journey. A journey as far as you want to take it. I still have some ground to cover in this course but since I still consider myself a bit of a “newbie” when it comes to Linux I know I can go back to learn more as my skills grow.
Just some of my highlights…
How to determine security requirements.
BIOS Security
Disk Encryption
Network Services
FTP and HTTP Configuration and even firewall configuration.
The way I learn is by doing, not by watching and the instructor does a good job with demo’s that I can actually pause the video and carry out on my own machine. He is also very easy to understand, does not speak overly fast and covers information well.
If you are interested in security like myself I highly recommend this course, not only for it’s knowledge on the front end but some of this might be very useful when I am trying to reverse engineer security measures during a pentest.
RANJITHA R –
COOL INSTRUCTOR!
It was pretty good listening to the tutor..teaches as if telling a story. Enjoyed the lessons taught. Thanks!
Max21 –
COURSE CONTENT COULD BE MORE FOCUSED
Course content could deliver better material with useful details relevant to the topics high lighted in the course. For example the Firewall section had a topic on IP Tables and then the course ended up scratching the surface with both Uncomplicated Firewall (UFW) and the GUI for UFW. Now how does this approach help a student understand how to harden LINUX with IPTables and its various complexities?