intro to linux hardening talk

This topic contains 9 replies, has 5 voices, and was last updated by  rattis 4 years, 4 months ago.

  • Author
    Posts
  • #7528
     rattis 
    Participant

    Hey, I had a chance last week to do a talk on basic Linux hardening and how it applies to Security Distros like Backtrack. I focused on Backtrack for the Security distro part, and covered CentOS and Ubuntu (at least those were the test machines) for the general Linux part.

    It’s on Youtube: http://youtu.be/QLz0Ylpaf8w

    I’m going to go back and add notes to the slide deck probably starting next week (need something to do on the drive to Chicago for Bsides Chicago), and then paste them somewhere.

    The group I did the talk in front of was MiSec (http://www.michsec.org), a statewide attempt at creating a security comunity after the 2011 Bsides Detroit.

  • #47028
     dynamik 
    Participant

    I’m still just a few minutes into it because my schedule has been insane, but you’ve done very well so far.

    Definitely let us know when the slide deck is available; that would be some great reference material.

  • #47029
     rattis 
    Participant

    I need time to work on it. was going to over the weekend, but was sick. Spent most of the weekend asleep

  • #47030
     knwminus 
    Participant

    Watching it now. Thanks!

  • #47031
     rattis 
    Participant

    I’d be surprised if it gets picked, but just submitted the talk to Derby Con.

  • #47032
     DelimitingCharacter 
    Participant

    Wasn’t Kali Linux already hardened?

    I am not that familiar with it, but its basically the same as Debian correct?

  • #47033
     rattis 
    Participant

    @delimitingcharacter wrote:

    Wasn’t Kali Linux already hardened?

    I am not that familiar with it, but its basically the same as Debian correct?

    No, Backtrack and Kali are not hardened by default. Neither is Debian.

    As Purehate (was on the Backtrack team a the time) said, it’s a security distro not a secure distro. It has well known default passwords, and known behaviors on the network.

    Pentoo claims to be harden out of the box. When I gave my talk at DerbyCon, the lead developer for Pentoo was there to make sure I knew that.

    Some people claim that securing BT / Kali makes it useless, but from my experience I have to disagree. If you can set up a reverse shell to call back to you, you can take the extra minute to set up the rules to allow it through your Netfilter (also known as IP Tables) config.

  • #47034
     DelimitingCharacter 
    Participant

    What is a good beginner book for learning all this stuff about Linux and what your referring to: IP Tables and such. A good overall book to get my feet wet.
    ?

    Thanks

  • #47035
     hayabusa 
    Participant

    There are quite a few books on Linux firewalls, which go into detail on iptables, etc.

    Start with something like:

    http://www.nostarch.com/firewalls.htm

    or

  • #47036
     rattis 
    Participant

    Running Linux used to be a decent book to get a good foundation covered a lot of areas. So was the Unix and Linux Administration Handbook. The LPI certification in a Nutshell wasn’t too bad.

    Nixcraft is a decent website to read too.

You must be logged in to reply to this topic.

Copyright ©2019 Caendra, Inc.

Contact Us

Thoughts, suggestions, issues? Send us an email, and we'll get back to you.

Sending

Sign in with Caendra

Forgot password?Sign up

Forgot your details?