intro to linux hardening talk

Viewing 9 reply threads
  • Author
    Posts
    • #7528
      rattis
      Participant

      Hey, I had a chance last week to do a talk on basic Linux hardening and how it applies to Security Distros like Backtrack. I focused on Backtrack for the Security distro part, and covered CentOS and Ubuntu (at least those were the test machines) for the general Linux part.

      It’s on Youtube: http://youtu.be/QLz0Ylpaf8w

      I’m going to go back and add notes to the slide deck probably starting next week (need something to do on the drive to Chicago for Bsides Chicago), and then paste them somewhere.

      The group I did the talk in front of was MiSec (http://www.michsec.org), a statewide attempt at creating a security comunity after the 2011 Bsides Detroit.

    • #47028
      dynamik
      Participant

      I’m still just a few minutes into it because my schedule has been insane, but you’ve done very well so far.

      Definitely let us know when the slide deck is available; that would be some great reference material.

    • #47029
      rattis
      Participant

      I need time to work on it. was going to over the weekend, but was sick. Spent most of the weekend asleep

    • #47030
      knwminus
      Participant

      Watching it now. Thanks!

    • #47031
      rattis
      Participant

      I’d be surprised if it gets picked, but just submitted the talk to Derby Con.

    • #47032
      DelimitingCharacter
      Participant

      Wasn’t Kali Linux already hardened?

      I am not that familiar with it, but its basically the same as Debian correct?

    • #47033
      rattis
      Participant

      @DelimitingCharacter wrote:

      Wasn’t Kali Linux already hardened?

      I am not that familiar with it, but its basically the same as Debian correct?

      No, Backtrack and Kali are not hardened by default. Neither is Debian.

      As Purehate (was on the Backtrack team a the time) said, it’s a security distro not a secure distro. It has well known default passwords, and known behaviors on the network.

      Pentoo claims to be harden out of the box. When I gave my talk at DerbyCon, the lead developer for Pentoo was there to make sure I knew that.

      Some people claim that securing BT / Kali makes it useless, but from my experience I have to disagree. If you can set up a reverse shell to call back to you, you can take the extra minute to set up the rules to allow it through your Netfilter (also known as IP Tables) config.

    • #47034
      DelimitingCharacter
      Participant

      What is a good beginner book for learning all this stuff about Linux and what your referring to: IP Tables and such. A good overall book to get my feet wet.
      ?

      Thanks

    • #47035
      hayabusa
      Participant

      There are quite a few books on Linux firewalls, which go into detail on iptables, etc.

      Start with something like:

      http://www.nostarch.com/firewalls.htm

      or

    • #47036
      rattis
      Participant

      Running Linux used to be a decent book to get a good foundation covered a lot of areas. So was the Unix and Linux Administration Handbook. The LPI certification in a Nutshell wasn’t too bad.

      Nixcraft is a decent website to read too.

Viewing 9 reply threads
  • You must be logged in to reply to this topic.

Copyright ©2020 Caendra, Inc.

Contact Us

Thoughts, suggestions, issues? Send us an email, and we'll get back to you.

Sending

Sign in with Caendra

Forgot password?Sign up

Forgot your details?