CanSecWest Vancouver 2011

Site menu:

Register | Conference | Dojo | Speakers | Agenda | Past Events | Hotel & Travel | Contact

Security Masters Dojo

Advanced and intermediate security training and technology enhancement for information security professionals.

Course: Advanced Linux Hardening (and keeping your sanity)

Instructor:
Andrea Barisani <andrea@inversepath.com> (Inverse Path)
Jay Beale (Intelguardians)

Register for this course.

Description

The course shows how to effectively implement modern hardening frameworks and techniques for securing Linux-based (and secondarily *NIX systems) systems by keeping things manageable and at the same time avoiding the usual madness and confusion often created by MAC/hardening frameworks.

The goal of this course is to teach hands-on how to deal with every aspect of installing, configuring and maintaining hardening frameworks and learning the available techniques and administration for securing Linux systems. You'll learn the different architectures, implementation details, administration procedures and issues related to all the covered frameworks as well as acquire the proper skills for maintaining and troubleshooting the hardened environment. Special focus will be given to security monitoring and auditing, policy development and maintenance and hardening systems integration with your favourite distribution / OS.

PREREQUISITE WARNING Each class has prerequisites for software loads and a laptop is mandatory. These individual class guides will list material the students are expected have knowledge about coming in and software tools that need to be pre-installed before attending so you get the maximum benefit from the focused intermediate or advanced level course. Please pay particular attention to the prerequisites, as the material listed there will not be reviewed in the courses, and will be necessary to get the maximum benefit out of these educational programs.

Topics

You'll learn:

• basic *NIX security concepts and techniques
• security monitoring with Host Intrusion Detection Systems (HIDS)
• log monitoring and correlation
• swatch / tenshi / SEC / ...
• file system integrity checkers
• aide / samhain / osiris / ...
• sensible accounts and auth token management
• One Time Passwords
• shell account security
• extended POSIX ACLs
• hardening frameworks
• PaX / ASLR / Grsecurity
• SELinux
• RSBAC
• Systrace
• GCC hardening / Stack Smashing Protection
• ELF hardening: PIE (Position Independent Executables) / PIC (Position Independent Code)
• secure backup architectures
• centralized account management with LDAP

Bonus Topic:

• genuine Italian swearings to use when things go wrong! (and impress your co-workers)

Prerequisites

• basic command line proficiency on *NIX systems
• basic Linux/*NIX system administration skills
• familiarity with Makefiles / autoconf usage and package compilation and installation
• familiarity with Linux kernel configuration / compilation / installation
• basic scripting skills

Prerequisite material

• Each student must bring his own laptop running a recent Linux distribution, Fedora, RHE or Gentoo/Linux are the best choices but since the class will also focus on how to deal with this frameworks on any distribution we won't require any of those as long as it's a modern distribution capable of compiling without problems.
• Needless to say a working network adapter (along with a IPv4 TCP/IP) stack is required.

Sponsors:

More Information:

Sponsorship Information | Valid XHTML | Valid CSS

Wise words:

"Sen Sen No Waza - to strike the opponent after he has formed the intention to attack and has committed to a specific motion."

Copyright © dragostech.com inc. All Rights Reserved.