|What to bring:
Students are encouraged to bring Unix enabled laptop, this course will focus on recent versions of Solaris 7.x and Red Hat Linux 7.x, though the material applies broadly to all Unix variants.
Out of the box, most operating systems are sitting ducks. Within six months of release, they tend to become rather crackable. Further, it only gets worse as the operating system ages. For instance, a default server install of Red Hat 6.2 averages a life expectancy of only 72 hours, according to the Honeynet Project. You don't have to stand for this kind of weakness, though.
This fast-paced, live demonstration course, 'Securing Solaris and Locking Down Linux,' will teach you how to protect a system from compromise. You'll learn how the attacks work and how to use hard-core hardening to defeat the bulk of them. You'll learn how to take your machines to a state of minimum necessary risk.
This course teaches you how to tighten all major aspects of the operating system for security, with a balance toward the purpose of the system and the needs of your organization. You'll learn how to tune kernel and operating system parameters, deactivate components, and tighten the components that remain. You'll examine major server applications tightening, including Apache, Sendmail, WU-FTPd, vsftpd, and BIND. You'll be introduced to secure alternatives to each of these, including Postfix and djbdns. Along the way, you'll understand how external and internal attackers use privilege escalation and how you can lessen their odds of gaining root. You'll also learn to apply key security concepts, from defense-in-depth to least privilege to risk evaluation, to determine what actions you should take and in what order of priority.
What You Will Learn:
Students will gain a general understanding of how to harden systems to prevent or contain a system compromise. Specifically, students will leave this course with the ability to:
- Configure Solaris and Linux for much greater resilience to attack.
- Understand each Solaris and Linux network service and be capable of judging which can or cannot be safely restricted or deactivated.
- Understand each Solaris and Linux boot script and be capable of judging which scripts can or cannot be safely deactivated.
- Audit the Solaris and Linux file permissions and Set-UID/GID programs to combat compromise and escape privilege escalation.
- Understand and set kernel and operating system variables for best security
- Configure BIND DNS servers to greater resistance to attack.
- Replace BIND with the security-driven alternative djbdns.
- Configure Apache Web servers for greater resistance to attack.
- Configure Sendmail Mail servers for greater resistance to attack.
- Replace Sendmail with the security-driven alternative Postfix.
- Configure WU-FTPd FTP servers for greater resistance to attack.
- Configure vsftpd FTP servers for greater resistance to attack.
- Configure POP and IMAP servers for greater resistance to attack.
- Audit systems with free tools to find better security settings.
- Configure a host-based firewall on Linux and Solaris
This course targets system or network administrators and security admins/auditors with an understanding of Unix commands and basic operating system functions. While others are welcome, complete lack of familiarity is too great a burden to overcome in a two day class.
This engaging, interactive course invites participants to bring a Unix-enabled laptop to harden on the fly. For the sake of simplicity, this course will focus on recent versions of Solaris 2.x and Red Hat Linux 8.x /9.x, though the material applies broadly to all Unix variants.
Who Should Attend:
System administrators, security administrators, security auditors. Unix box owners. Anyone who has a vested interest in keeping their systems from being compromised
Course Length: 2 days
Cost: US $1600 before September 5, 2003 or US $1800 after September 5, 2003
NOTE: this is a two day course. A Certificate of Completion will be offered.
Jay Beale is a security specialist focused on host lockdown and security audits. He is the Lead Developer of the Bastille project, which creates a hardening script for Linux, HP-UX, and Mac OS X, a member of the Honeynet Project, and a core participant in the Center for Internet Security. A frequent conference speaker and trainer, Jay speaks and trains at the Black Hat and LinuxWorld conferences, among others. A senior research scientist with the George Washington University Cyber Security Policy and Research Institute, Jay makes his living as a security consultant through Baltimore-based JJBSec, LLC, reachable via www.jjbsec.com.
Jay writes the Center for Internet Security's Unix host security tool, currently in use worldwide by organizations from the Fortune 500 to the Department of Defense. He maintains the Center's Linux Security benchmark document and, as a core participant in the non-profit Center's Unix team, is working with private enterprises and US agencies to develop Unix security standards for industry and government.
Aside from his CIS work, Jay has written a number of articles and book chapters on operating system security. He is a columnist for Information Security Magazine and previously wrote a number of articles for SecurityPortal.com and SecurityFocus.com. He authored the Host Lockdown chapter in 'Unix Unleashed,' served as the security author for 'Red Hat Internet Server' and co-authored 'Snort 2.0 Intrusion Detection.' Jay's currently finishing the Addison Wesley book, 'Locking Down Linux.'
Formerly, he served as the Security Team Director for MandrakeSoft, helping set company strategy, design security products, and pushing security into the third largest retail Linux distribution. He now works to further the goal of improving operating system security. To read Jay's past articles and learn about his past and future conference talks, take a look at his site at www.bastille-linux.org/jay.