Linux Security Overview, ISSA-PS 2003

This was a two hour[1] presentation given at the ISSA Pugent Sound meeting in July, 2003. At the previous meeting, I asked members what they'd like to learn, and this presentation was tailored to cover the topics that were most frequently requested.

There were many folks who were very unfamilar to how Unix-like systems work at all, so the first two parts concentrate on Linux security for the uninitiated.

Part one, automated hardening.
The use of Bastille Linux.

Part two, manual hardening
Identifying and shutting down network services manually from the command line.

Part three, advanced kernel security
Standard kernel-level security (traditional root vs capabilities), use of Lcap to remove capabilities from the kernel at run time, and alternate security models such as LIDS (Linux Intrusion Detection System) and Systrace.

NOTES:

[1] Normally there are two talks at ISSA, one vendor and one non-vendor. The vendor cancelled at the last minute, so I took over all two hours. Lucky for me, given that I always want to cover far more than I should...

Also, for the several people who enquired after the talk, yes, I am always open to doing Linux/Unix security consulting. If you're interested, just drop me a line.

Page 1 Page 2 Page 3 Page 4 Page 5 Page 6 Page 7 Page 8 Page 9 Page 10 Page 11 Page 12 Page 13 Page 14 Page 15 Page 16 Page 17 Page 18 Page 19 Page 20 Page 21 Page 22 Page 23 Page 24 Page 25 Page 26 Page 27 Page 28 Page 29 Page 30 Page 31 Page 32 Page 33 Page 34 Page 35 Page 36 Page 37 Page 38 Page 39 Page 40 Page 41 Page 42 Page 43 Page 44 Page 45 Page 46 Page 47 Page 48 Page 49 Page 50 Page 51 Page 52 Page 53 Page 54 Page 55 Page 56 Page 57 Page 58 Page 59

Copyright 2003, Bri Hatch of Onsight, Inc.

Presented at ISSA Puget Sound, 2003.

Presentation created using vim and MagicPoint.