Module Title: dgt_sys04 – Security
Overview:
The “dgt_sys04 – Security” module is designed to equip students with advanced knowledge and practical skills in securing Linux-based systems. The curriculum focuses on critical security practices that ensure the integrity, confidentiality, and availability of system resources. This comprehensive module combines theoretical concepts with hands-on exercises to provide a robust understanding of Linux security.
module Objectives:
By the end of this module, participants will be able to:
- Understand the fundamental principles of Linux security.
- Implement and manage SELinux policies effectively, ensuring it is always enabled for optimal system protection.
- Configure and manage iptables to create secure network environments through firewall rules.
- Harden SSH daemon configurations to mitigate common vulnerabilities.
- Disable password-based logins in favor of more secure authentication methods.
- Change the default SSH port to reduce unauthorized access attempts.
- Implement SSH key-based authentication for enhanced security.
module Modules:
- Introduction to Linux Security
- Overview of threats and vulnerabilities specific to Linux systems.
-
Importance of maintaining a secure system environment.
-
SELinux Fundamentals
- Introduction to SELinux Security-Enhanced Linux.
- The significance of enabling SELinux for enforcing access controls.
-
Practical exercises in configuring and troubleshooting SELinux policies.
-
Networking Security with iptables
- Basics of network packet filtering and the role of iptables.
- Crafting rules to protect against common network-based attacks.
-
Hands-on lab sessions to design a secure firewall setup.
-
Securing SSH Services
- Understanding potential vulnerabilities in SSH daemons.
- Configurations for hardening SSH, including disabling password authentication.
- Changing the default SSH port and its implications on security.
-
Implementing SSH key-based authentication methods.
-
Passwordless Authentication Strategies
- Exploring alternatives to traditional password logins.
- Step-by-step guide to generating and deploying SSH keys.
-
Best practices for managing public and private keys securely.
-
Advanced Security Measures
- Additional security enhancements such as fail2ban and auditing tools.
- Monitoring and logging techniques to detect suspicious activities.
- Continuous improvement strategies for maintaining system security.
Target Audience:
This module is ideal for IT professionals, system administrators, network engineers, and cybersecurity enthusiasts who are responsible for managing Linux-based systems. It assumes a basic understanding of Linux administration.
Prerequisites:
– Familiarity with Linux command-line interface.
– Basic knowledge of networking concepts.
– Understanding of SSH fundamentals.
module Format:
The module will be delivered through interactive lectures, hands-on labs, and real-world case studies. Participants will have access to virtual lab environments for practical exercises.
Assessment:
Participants understanding and skills will be evaluated through quizzes, lab assignments, and a final project that involves securing a Linux system based on the principles taught in the module.
Join us for “dgt_sys04 – Sicurezza” to elevate your expertise in Linux security and ensure robust protection for your systems!
The students can push their exercises to the Academy DevOps & SRE GIT project. For this module, create a folder with your username as its name in the following subfolder: https://github.com/Garanti-Del-Talento/gdt_academy