Må vi gemme en cookie?

Vi bruger cookies for at forbedre din oplevelse af vores hjemmeside, målrette indhold samt statistik. Læs mere om cookies

Kurser

Kursusadministration

Brug for hjælp?

  • Gregersensvej 8
  • 2630 Taastrup
Google MapsApple MapsRejseplanen
  • Forskerparken Fyn, Forskerparken 10F
  • 5230 Odense M
Google MapsApple MapsRejseplanen
  • Teknologiparken Kongsvang Allé 29
  • 8000 Aarhus C
Google MapsApple MapsRejseplanen
  • NordsøcentretPostboks 104
  • 9850Hirtshals
Google MapsApple MapsRejseplanen
  • Gammel Ålbovej 1
  • 6092Sønder Stenderup
Google MapsApple MapsRejseplanen

Masterclass: Customized Linux Training

Kurset er for dig som arbejder på Linux Operation System og som ved, hvor vigtig cybersecurty er og hvordan man beskytter infrastruktur mod forskellige trusler. Kurset består af korte præsentationer om diskuterede problemer og over 80% vil være hands-on.

Kurset er deep dive med praksis, efterfulgt af 3 ugers fri labs adgang.

Undervisningen foregår på engelsk.

Indhold

Module 1: Securing User Accounts
  • Advanced sudo tricks:
  • * Sudo timer
  • * Shell escapes attacks
  • * Preventing users from running certain programs
  • Password policy
  • Brute force attacks and prevention
  • Security banners
Module 2: Firewalls
  • Advanced network scanning and services enumeration with NMAP
  • Extend NMAP with custom scripts
  • Protect your network with: iptables, ufw, firewalls
  • Extend your firewall with Netfilter
  • Intrusion detection and log analysis with PSAD
Module 3: Hardening SSH
  • Attacking SSH
  • How hackers can use your SSH server to attack others
  • SSH Protocol version
  • Choosing the right ciphers
  • Prevent Root Login
  • Securing SFTP
Module 4: Encryption
  • Offline attacks on your systems
  • Problems with email security
  • How hackers can compromise your environment by stealing your backups
  • Say hello to PGP: encryption and signing Differences between symmetric and asymmetric encryption
  • Encrypting backups with gnupg and tar
  • Encrypting partitions with LUKS
  • VeraCrypt for multi OS support
Module 5: Mandatory Access Control
  • Local Privilege Escalation by:
  • - SUID and SGID binaries
  • - Wrong permissions
  • - Not properly securing partitions
  • File permissions and ownership
  • Configure partitions to prevent SUID and SGID binaries
  • Using extended file attributes to protect sensitive files
  • Linux shell codes
Module 6: Access Control List and Shared Directory Management
  • Possible attacks on shared folders
  • User group management
  • Deep drive into access control lists
  • ACL considerations for backups
Module 7: SELinux and AppArmor
  • SELinux benefits
  • Setting security contexts for files and folders
  • Troubleshooting with set troubleshoot
  • SELinux Policies
  • Stopping attacks with SELinux
  • AppArmor benefits
  • AppArmor profiles
  • AppArmor utilities
  • Stopping attacks with AppArmor
Module 8: Antivirus scanning
  • Antivirus defenses with ClamAV
  • Fight against malware with Maldet
  • Rootkit hunter
Module 9: Auditing
  • Configure audit deamon
  • Create audit rules
  • Using ausearch and aureport
  • Detect attacks internal and external attacks with auditing
Module 10: Linux Configuration Checks
  • Install and configure OpenSCAP
  • Scan and remediate your system with OpenSCAP
  • SCAP Workbench
  • Check your system with Lynis for auditing, hardening and compliance
Module 11: Vulnerability Scanning
  • Check your SSL Setup with SSLScan
  • Searching vulnerabilities on web servers
  • Scanning for vulnerabilities with OpenVAS
Module 12: Intrusion Detection
  • Network intrusion detection
  • Host based intrusion detection
Module 13: Ensure secure boot process
  • Possible attacks during boot process
  • Protect BIOS / UEFI
  • Protect GRUB2 boot loader
Module 14: Attacking and protecting additional services
  • Attacking and protecting DNS
  • DNSSEC configuration
  • Attacking and protecting mail servers
  • Additional protection for web servers: Apache and Nginx
  • Attack and defend MySQL / Maria DB databases
Module 15: CIS Top 10 Controls
  • Inventory and Control of Hardware Assets
  • Inventory and Control of Software Assets
  • Continuous Vulnerability Management
  • Controlled Use of Administrative Privileges
  • Secure Configuration for Hardware and Software on all devices
  • Maintenance, Monitoring and Analysis of Audit Logs
  • Email and Web Browser Protections
  • Malware Defenses
  • Limitation and Control of Network Ports, Protocols, and Services
  • Data Recovery Capabilities
  • Discussion of remaining 10 CIS Controls
Module 16: Central management of whole environment
  • Ansible for central management
  • Configure access for ansible on servers
  • Ansible playbooks and roles
Module 17: OpenStack Security Checklist
  • (demo-packed presentation)
  • Secure communication
  • API Endpoints configuration recommendation
  • Identity
  • Secure dashboard configuration
  • Compute security checklist
  • Block and image storage
  • Shared filesystem
  • Object storage
  • Secrets management
  • Monitoring and logging

CPE Point (Continuing professional education)

It will be possible to earn CPE points after completion this course.

Underviser

Krystian Zieja NY
Krystian Zieja is a professional Infrastructure and Database Consultant with over 15 years of extensive experience in designing IT solutions. His practice spans from teaching Oracle Courses in OAI at University, to providing services for big public and consulting companies serving clients from four continents. Being a holder of numerous IT certificates such as OCP, MCSE, MCDBA and CISP, he is highly skilled in management as well as in programming SQL and NOSQL databases.

Har du faglige spørgsmål, så kontakt:
Andre kigger også på