SEC506: Securing Linux/Unix provides in-depth coverage of Linux and Unix security issues that includes specific configuration guidance and practical, real-world examples, tips, and tricks. We examine how to mitigate or eliminate general problems that apply to all Unix-like operating systems, including vulnerabilities in the password authentication system, file system, virtual memory system, and applications that commonly run on Linux and Unix.
The course will teach you the skills to use freely available tools to handle security issues, including SSH, AIDE, sudo, lsof, and many others. SANS' practical approach uses hand-on exercises every day to ensure that you will be to use these tools as soon as you return to work. We will also put these tools to work in a special section that covers simple forensic techniques for investigating compromised systems.
- Significantly reduce the number of vulnerabilities in the average Linux/Unix system by disabling unnecessary services.
- Protect your systems from buffer overflows, denial-of-service, and physical access attacks by leveraging OS configuration settings.
- Configure host-based firewalls to block attacks from outside.
- Deploy SSH to protect administrative sessions, and leverage SSH functionality to securely automate routine administrative tasks.
- Use sudo to control and monitor administrative access.
- Create a centralized logging infrastructure with Syslog-NG, and deploy log monitoring tools to scan for significant events
- Use SELinux to effectively isolate compromised applications from harming other system services.
- Securely configure common Internet-facing applications such as Apache and BIND.
- Investigate compromised Linux/Unix systems with Sleuthkit, lsof, and other open-source tools.
- Understand attacker rootkits and how to detect them with AIDE and rkhunter/chkrootkit.
If you would like to provide feedback for this course, please e-mail the NICCS SO at NICCS@hq.dhs.gov.