Presentation is loading. Please wait.

Presentation is loading. Please wait.

© ITT Educational Services, Inc. All rights reserved. IS3440 Linux Security Unit 1 Introduction to Linux Security.

Published byBertram Bryan Modified over 8 years ago

Similar presentations

Presentation on theme: "© ITT Educational Services, Inc. All rights reserved. IS3440 Linux Security Unit 1 Introduction to Linux Security."— Presentation transcript:

1 © ITT Educational Services, Inc. All rights reserved. IS3440 Linux Security Unit 1 Introduction to Linux Security

2 © ITT Educational Services, Inc. All rights reserved.Page 2 IS3440 Linux Security Class Agenda 3/16/16  Introduction  Course Syllabus.  Learning Objectives  Lesson Presentation and Discussions.  Discussion on Assignments.  Discussion on Lab Activities.  Break Times as per School Regulations.

3 © ITT Educational Services, Inc. All rights reserved.Page 3 IS3440 Linux Security Course Syllabus  Introduction of Course Syllabus. Course Summary Lab Infrastructure (Mock) Course Plan Evaluation Academic integrity  Discussion and questions about syllabus.  Send me email: Name, phone number and a reliable email address.

4 © ITT Educational Services, Inc. All rights reserved.Page 4 IS3440 Linux Security Name: Williams Obinkyereh Bachelor of Science in Statistics (BSc Stats) Master of Science in Information Technology (MSc IT) Post Masters of Advanced Studies in Software Engineering. DSC (Doctor of Computer Science) Ongoing Contacts: Phone: 612-516-9712 Email: obinkytt@yahoo.co.ukobinkytt@yahoo.co.uk

5 © ITT Educational Services, Inc. All rights reserved.Page 5 IS3440 Linux Security Learning Objective  Identify threats to the Linux operating system and other open source applications.

6 © ITT Educational Services, Inc. All rights reserved.Page 6 IS3440 Linux Security Key Concepts  Open source software security considerations  Impact of laws and regulations on a security policy  Threats to the seven domains of an information technology (IT) infrastructure  Standard methodologies for testing vulnerabilities on Linux and open source applications  Linux in the emerging virtual machine (VM) market

7 © ITT Educational Services, Inc. All rights reserved.Page 7 IS3440 Linux Security Linux Security  No Software is 100% security proof  Secure system should not be connected to a network  But Users need to connect network to do their work  How do we minimize security in Linux

8 © ITT Educational Services, Inc. All rights reserved.Page 8 IS3440 Linux Security CIA  Confidentiality: Is legal requirement  On Linux confidentiality can be protected in many include: Password, storage devices and file system encryption  Possession or control-Data is not recurred unless we have possession and control over it

9 © ITT Educational Services, Inc. All rights reserved.Page 9 IS3440 Linux Security CIA - Cont  Integrity is achieved by the use of encryption keys. I.e.  PGP (Pretty Good Privacy) and GPG (GNU Privacy Guard)  Authentication is to verity that communication, a user or data is genuine  Availability and Utility describe how to use a system all the time without data lost.  Linux can run for years without stopping and initial password to reboot may be lost.

10 © ITT Educational Services, Inc. All rights reserved.Page 10 IS3440 Linux Security Security Model Frameworks  ISO 17799  CISSP  NIST  ISO 27001  OSSTMM  CMMI

11 © ITT Educational Services, Inc. All rights reserved.Page 11 IS3440 Linux Security OSSTMM  Open Source Security Testing Methodology Manual  Which assets can be access at what time to force the maximum security risk?  Under what circumstances do we find the most weaknesses?  When do we most likely to put confidentiality, integrity and availability to the test?

12 © ITT Educational Services, Inc. All rights reserved.Page 12 IS3440 Linux Security Purpose of OSSTMM  Provide a scientific methodology for the accurate of testing operational security in a consistent and reliable way.  Provide guidelines which, when followed correctly, will allow the analyst to perform a certified OSSTMM audit.

13 © ITT Educational Services, Inc. All rights reserved.Page 13 IS3440 Linux Security Security  OSSTMM defines Security as a function of a separation.  Separation between an asset and any threats exists or it does not  3 logical and proactive ways to create separation 1. Move the asset to create a physical or logical barrier between it and the threats. 2. Change the threat to a harmless state. 3. Destroy the threat.

14 © ITT Educational Services, Inc. All rights reserved.Page 14 IS3440 Linux Security High standard security tests  When to test is as important as what and why to test.  Do sweat the small stuff, because it’s all small stuff.  Do make more with less.  Don’t underestimate the importance of the Security Policy in any form.  What they get is all about how you give it.

15 © ITT Educational Services, Inc. All rights reserved.Page 15 IS3440 Linux Security Guidelines of OSSTMM  1. The test was conducted thoroughly.  2. The test included all necessary channels.  3. The posture for the test complied with the law.  4. The results are measurable in a quantifiable way.  5. The results are consistent and repeatable.  6. The results contain only facts as derived from the tests themselves.

16 © ITT Educational Services, Inc. All rights reserved.Page 16 IS3440 Linux Security Linux in the Seven Domains  User domain  Workstation domain  Local area network (LAN) domain  Wide area network (WAN) domain

17 © ITT Educational Services, Inc. All rights reserved.Page 17 IS3440 Linux Security Linux in the Seven Domains (Continued)  LAN-to-WAN domain  Remote access domain  System domain

18 © ITT Educational Services, Inc. All rights reserved.Page 18 IS3440 Linux Security Open Source Productivity Applications  Firefox Web browser  OpenOffice.org suite  Thunderbird e-mail client  Scribus desktop publishing  Kino video editor

19 © ITT Educational Services, Inc. All rights reserved.Page 19 IS3440 Linux Security Defining the Security Framework Frameworks to Choose From  National Institute of Standards and Technology (NIST)  Certified Information Systems Security Professional (CISSP) 10 Domains  International Organization for Standardization (ISO) 17799 and ISO 27001  Open Source Security Testing Methodology Manual (OSSTMM) Key Questions to Consider  What are the critical assets and threat agents?  Who would a system compromise impact?  Where are the critical assets located?  When have past security breaches in the industry occurred?  How does legislation and regulations mandate policy? Framework Selection

20 © ITT Educational Services, Inc. All rights reserved.Page 20 IS3440 Linux Security Responsibilities of a Linux System Administrator  System availability and performance  User access and denial  Maintenance of the integrity of operating system, application, storage files, resources, and data transmission

21 © ITT Educational Services, Inc. All rights reserved.Page 21 IS3440 Linux Security Tasks of a Linux System Administrator  Tuning performance and making upgrades  Configuring and restoring system  Managing user and group accounts  Deploying, logging, and monitoring  Documenting configurations and processes

22 © ITT Educational Services, Inc. All rights reserved.Page 22 IS3440 Linux Security Linux in the Market: Quick Facts  Over 90% of the world’s super computers run on Linux.  The servers of New York Stock Exchange and Google run on Linux.  Red Hat and Novell are the top commercial Linux vendors for enterprises.  Linux is predicted to have a 33% smartphone share by 2015.

23 © ITT Educational Services, Inc. All rights reserved.Page 23 IS3440 Linux Security VM A VM can be a:  Hardware VM or Hypervisor Type1—runs on native machines Type2—runs on host operating systems as guest  Application VM Java VM and Dalvik VM Adobe Flash Player

24 © ITT Educational Services, Inc. All rights reserved.Page 24 IS3440 Linux Security Advantages of a Hypervisor  Saves money on hardware and power  Well-positioned for bastion hosts  Makes better use of hardware resources  Easier to manage

25 © ITT Educational Services, Inc. All rights reserved.Page 25 IS3440 Linux Security Linux in the VM Market  Linux provides a scalable, robust solution to scale many servers in a VM environment without the additional licensing costs.  The relative small size of Linux allows for many instances of VMs to run.  The Linux kernel 2.6.20 has virtualization capabilities built-in with Kernel-based VM (KVM).

26 © ITT Educational Services, Inc. All rights reserved.Page 26 IS3440 Linux Security VMLicensingVendor VirtualBoxDual open source and commercial Sun/Oracle VMware serverCommercialVMware XenOpen source and commercial Citrix Popular VM Software Used with Linux

27 © ITT Educational Services, Inc. All rights reserved.Page 27 IS3440 Linux Security Summary In this presentation, the following concepts were covered:  Linux in the seven domains and various open source productivity applications  Facts about the use of Linux in the market  Responsibilities and tasks of a Linux system administrator  Process to define a security framework  Linux in the VM market and various VM software used with Linux

28 © ITT Educational Services, Inc. All rights reserved.Page 28 IS3440 Linux Security Assignments and Lab  Discussion 1.1 Securing a Linux System  Lab 1.2 Install a Core Linux Operating System on a Server  Lab is in the lab manual on line  Project Title  Linux-Based Web Application Infrastructure

Download ppt "© ITT Educational Services, Inc. All rights reserved. IS3440 Linux Security Unit 1 Introduction to Linux Security."

Similar presentations

Cybersecurity Training in a Virtual Environment By Chinedum Irrechukwu.

Cybersecurity Training in a Virtual Environment By Chinedum Irrechukwu.
Network+ Guide to Networks, Fourth Edition

Network+ Guide to Networks, Fourth Edition
Smart Grid - Cyber Security Small Rural Electric George Gamble Black & Veatch

Smart Grid - Cyber Security Small Rural Electric George Gamble Black & Veatch
Security Controls – What Works

Security Controls – What Works
1 ITC242 – Introduction to Data Communications Week 12 Topic 18 Chapter 19 Network Management.

1 ITC242 – Introduction to Data Communications Week 12 Topic 18 Chapter 19 Network Management.
© 2006 IBM Corporation Introduction to z/OS Security Lesson 9: Standards and Policies.

© 2006 IBM Corporation Introduction to z/OS Security Lesson 9: Standards and Policies.
Understanding Networks I. Objectives Compare client and network operating systems Learn about local area network technologies, including Ethernet, Token.

Understanding Networks I. Objectives Compare client and network operating systems Learn about local area network technologies, including Ethernet, Token.
© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Security Policies and Implementation Issues.

© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company All rights reserved. Security Policies and Implementation Issues.
Barracuda Networks Confidential1 Barracuda Backup Service Integrated Local & Offsite Data Backup.

Barracuda Networks Confidential1 Barracuda Backup Service Integrated Local & Offsite Data Backup.
© 2010 VMware Inc. All rights reserved VMware ESX and ESXi Module 3.

© 2010 VMware Inc. All rights reserved VMware ESX and ESXi Module 3.
Developing a Security Policy Chapter 2. Learning Objectives Understand why a security policy is an important part of a firewall implementation Determine.

Developing a Security Policy Chapter 2. Learning Objectives Understand why a security policy is an important part of a firewall implementation Determine.
5205 – IT Service Delivery and Support

5205 – IT Service Delivery and Support
VMware vCenter Server Module 4.

VMware vCenter Server Module 4.
Virtual Machine Management

Virtual Machine Management
Hands-On Microsoft Windows Server 2008 Chapter 1 Introduction to Windows Server 2008.

Hands-On Microsoft Windows Server 2008 Chapter 1 Introduction to Windows Server 2008.
Real Security for Server Virtualization Rajiv Motwani 2 nd October 2010.

Real Security for Server Virtualization Rajiv Motwani 2 nd October 2010.
SEC835 Database and Web application security Information Security Architecture.

SEC835 Database and Web application security Information Security Architecture.
Storage Security and Management: Security Framework

Storage Security and Management: Security Framework
Network+ Guide to Networks, Fourth Edition Chapter 1 An Introduction to Networking.

Network+ Guide to Networks, Fourth Edition Chapter 1 An Introduction to Networking.

Similar presentations

Ads by Google