What to bring:
Each student will practice the techniques learned on their own Black Hat -provided Linux system. A shared Solaris machine will also be available for Solaris practice. Students are welcome to harden their own laptop systems as well, in preparation for the hostile networks that can often be found at security conferences.
|
Out of the box, most operating systems are sitting ducks. Within six months of release, they tend to become rather crackable. Further, it only gets worse as the operating system ages. For instance, a default server install of Red Hat 6.2 averages a life expectancy of only 72 hours, according to the Honeynet Project. You don't have to stand for this kind of weakness, though.
This fast-paced, hands-on course, 'Securing Solaris and Locking Down Linux,' will teach you how to protect a system from compromise. You'll learn how the attacks work and how to use hard-core hardening to defeat the bulk of them. You'll learn how to take your machines to a state of minimum necessary risk.
This course teaches you how to tighten all major aspects of the operating system for security, balacing this with with the purpose of the system and the needs of your organization. You'll learn how to tune kernel and operating system parameters, deactivate components, and tighten the components that remain. You'll examine major server applications tightening, including Apache, Sendmail, WU-FTPd, vsftpd, and BIND. Along the way, you'll understand how external and internal attackers use privilege escalation and how you can lessen their odds of gaining root. You'll also learn to apply key security concepts, from defense-in-depth to least privilege to risk evaluation, to determine what actions you should take and in what order of priority.
What You Will Learn:
Students will gain a general understanding of how to harden systems to prevent or contain a system compromise. While we work on Linux and Solaris, the material does apply broadly to all Unix variants.
Students will leave this course with the ability to:
- Configure Solaris and Linux for much greater resilience to attack.
- Understand each Solaris and Linux network service and be capable of judging which can or cannot be safely restricted or deactivated.
- Understand each Solaris and Linux boot script and be capable of judging which scripts can or cannot be safely deactivated.
- Audit the Solaris and Linux file permissions and Set-UID/GID programs to combat compromise and escape privilege escalation.
- Understand and set kernel and operating system variables for best security
- Configure BIND DNS servers to greater resistance to attack.
- Configure Apache Web servers for greater resistance to attack.
- Configure Sendmail Mail servers for greater resistance to attack.
- Configure WU-FTPd FTP servers for greater resistance to attack.
- Configure vsftpd FTP servers for greater resistance to attack.
- Configure POP and IMAP servers for greater resistance to attack.
- Audit systems with free tools to find better security settings, including Bastille, Titan and the Center for Internet Security's tools
- Configure a Linux-based firewall
This course targets system or network administrators and security admins/auditors with an understanding of Unix commands and basic operating system functions. While others are welcome, complete lack of familiarity is too great a burden to overcome in a two day class.
Each student will practice the techniques learned on their own Black Hat -provided Linux system. A shared Solaris machine will also be available for Solaris practice. Students are welcome to harden their own laptop systems as well, in preparation for the hostile networks that can often be found at security conferences.
Who Should Attend:
System administrators, security administrators, security auditors. Unix box owners. Anyone who has a vested interest in keeping their systems from being compromised.
Course Length: 2 days
Cost: US $2000 before July 1, 2004 or US $2200 after July 1, 2004
NOTE: this is a two day course. A Certificate of Completion will be offered.
REGISTER NOW
|
Trainer:
|
Jay Beale is a security specialist focused on host lockdown and security audits. He is the Lead Developer of the Bastille project, which creates a hardening script for Linux, HP-UX, and Mac OS X, a member of the Honeynet Project, and a core participant in the Center for Internet Security. A frequent conference speaker and trainer, Jay speaks and trains at the Black Hat and LinuxWorld conferences, among others. A senior research scientist with the George Washington University Cyber Security Policy and Research Institute, Jay makes his living as a security consultant through Baltimore-based JJBSec, LLC, reachable via www.jjbsec.com.
Jay writes the Center for Internet Security's Unix host security tool, currently in use worldwide by organizations from the Fortune 500 to the Department of Defense. He maintains the Center's Linux Security benchmark document and, as a core participant in the non-profit Center's Unix team, is working with private enterprises and US agencies to develop Unix security standards for industry and government.
Aside from his CIS work, Jay has written a number of articles and book chapters on operating system security. He is a columnist for Information Security Magazine and previously wrote a number of articles for SecurityPortal.com and SecurityFocus.com. He authored the Host Lockdown chapter in 'Unix Unleashed,' served as the security author for 'Red Hat Internet Server' and co-authored 'Snort 2.0 Intrusion Detection.' Jay's currently finishing the Addison Wesley book, 'Locking Down Linux.'
Formerly, he served as the Security Team Director for MandrakeSoft, helping set company strategy, design security products, and pushing security into the third largest retail Linux distribution. He now works to further the goal of improving operating system security. To read Jay's past articles and learn about his past and future conference talks, take a look at his site at www.bastille-linux.org/jay.
|