Scribd
Upload
45 views

00 Linux Hardening Training Intro

This document provides an agenda for a Linux Hardening Training. It begins with introductions and expectations from the trainer and attendees. It then discusses the training organization, breaking for meals and providing documentation. The agenda is split into four parts: discussing threats and security concepts in Part 1; Linux basics and security in Part 2; how to harden a Linux system in Part 3; and hands-on exercises to test the hardening in Part 4.

Uploaded by

Nicolas Horacio Magnano
Copyright
© © All Rights Reserved
Available Formats
Download as PDF, TXT or read online on Scribd
45 views

00 Linux Hardening Training Intro

This document provides an agenda for a Linux Hardening Training. It begins with introductions and expectations from the trainer and attendees. It then discusses the training organization, breaking for meals and providing documentation. The agenda is split into four parts: discussing threats and security concepts in Part 1; Linux basics and security in Part 2; how to harden a Linux system in Part 3; and hands-on exercises to test the hardening in Part 4.

Uploaded by

Nicolas Horacio Magnano
Copyright
© © All Rights Reserved
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 6

Linux Hardening Training

Introduction and Agenda

Internal 1
Linux Hardening Training
Introduction
Short introduction whoami and whoareyou?
What are your expectations?

What are your operating systems skills?


What are your network (infrastructure) skills?
Do you have IT-Security background?

2014-12-03 Internal 2
Linux Hardening Training
Introduction ERNW GmbH

Heidelberg based security Independent


consulting and assessment
We understand corporate
company.
Deep technical knowledge
Structured (assessment)
approach
Business reasonable
recommendations

Blog: www.insinuator.net
Conference: www.troopers.de
2014-12-03 Internal 3
Linux Hardening Training
Organizational Stuff
Todays schedule
Break, lunch and coffee
Training documents (slides as PDF)
Hands on part

2014-12-03 Internal 4
Linux Hardening Training
Agenda (1)
Part 1 Why do we need IT-Security?
Threats, assets and risks
What the hell has CIA concerning with IT-Security?
Typical attack vectors and privilege escalation

Part 2 Some Linux basics and IT-Security


Local pitfalls handling unix system permissions
Network pitfalls handling network services
Security by obscurity

2014-12-03 Internal 5
Linux Hardening Training
Agenda (2)
Part 3 How to harden my Linux
Harden the file system (permissions, links, setuid
Harden the services (correct binding, pentesting
Harden the running applications
Logging, monitoring, alarming and auditing
Advanced hardening (grsec, pax, apparmor, selinux)

Part 4 Hands on proof the hardening


Why setuid could become dangerous?
Hardlinks and how to use them for privilege escalation
Breaking the system and getting root (via web application and network service)

2014-12-03 Internal 6

You might also like