dgt_sys04 – Security

Module Title: dgt_sys04 – Security


Overview:
The “dgt_sys04 – Security” module is designed to equip students with advanced knowledge and practical skills in securing Linux-based systems. The curriculum focuses on critical security practices that ensure the integrity, confidentiality, and availability of system resources. This comprehensive module combines theoretical concepts with hands-on exercises to provide a robust understanding of Linux security.

module Objectives:
By the end of this module, participants will be able to:

  1. Understand the fundamental principles of Linux security.
  2. Implement and manage SELinux policies effectively, ensuring it is always enabled for optimal system protection.
  3. Configure and manage iptables to create secure network environments through firewall rules.
  4. Harden SSH daemon configurations to mitigate common vulnerabilities.
  5. Disable password-based logins in favor of more secure authentication methods.
  6. Change the default SSH port to reduce unauthorized access attempts.
  7. Implement SSH key-based authentication for enhanced security.

module Modules:

  1. Introduction to Linux Security
  2. Overview of threats and vulnerabilities specific to Linux systems.
  3. Importance of maintaining a secure system environment.

  4. SELinux Fundamentals

  5. Introduction to SELinux Security-Enhanced Linux.
  6. The significance of enabling SELinux for enforcing access controls.
  7. Practical exercises in configuring and troubleshooting SELinux policies.

  8. Networking Security with iptables

  9. Basics of network packet filtering and the role of iptables.
  10. Crafting rules to protect against common network-based attacks.
  11. Hands-on lab sessions to design a secure firewall setup.

  12. Securing SSH Services

  13. Understanding potential vulnerabilities in SSH daemons.
  14. Configurations for hardening SSH, including disabling password authentication.
  15. Changing the default SSH port and its implications on security.
  16. Implementing SSH key-based authentication methods.

  17. Passwordless Authentication Strategies

  18. Exploring alternatives to traditional password logins.
  19. Step-by-step guide to generating and deploying SSH keys.
  20. Best practices for managing public and private keys securely.

  21. Advanced Security Measures

  22. Additional security enhancements such as fail2ban and auditing tools.
  23. Monitoring and logging techniques to detect suspicious activities.
  24. Continuous improvement strategies for maintaining system security.

Target Audience:
This module is ideal for IT professionals, system administrators, network engineers, and cybersecurity enthusiasts who are responsible for managing Linux-based systems. It assumes a basic understanding of Linux administration.

Prerequisites:
– Familiarity with Linux command-line interface.
– Basic knowledge of networking concepts.
– Understanding of SSH fundamentals.

module Format:
The module will be delivered through interactive lectures, hands-on labs, and real-world case studies. Participants will have access to virtual lab environments for practical exercises.

Assessment:
Participants understanding and skills will be evaluated through quizzes, lab assignments, and a final project that involves securing a Linux system based on the principles taught in the module.

Join us for “dgt_sys04 – Sicurezza” to elevate your expertise in Linux security and ensure robust protection for your systems!
The students can push their exercises to the Academy DevOps & SRE GIT project. For this module, create a folder with your username as its name in the following subfolder: https://github.com/Garanti-Del-Talento/gdt_academy