David Clinton - Linux Security Fundamentals

18 Index

19 End User License Agreement

1 Chapter 3 Figure 3.1 The stages involved in booting a (Linux) computer using UEFIFigure 3.2 A typical account entry within a password managerFigure 3.3 The results of an email search of the HIBP databaseFigure 3.4 The results of a search of the HIBP database for a password stringFigure 3.5 Permission levels assigned to users and a user groupFigure 3.6 A simplified illustration of the contents of a TCP data packet including metadat...Figure 3.7 A typical network setup where a firewall device stands between the internet and ...Figure 3.8 An AWS EC2 security group permitting SSH and browser (HTTP) traffic into the res...

2 Chapter 4 Figure 4.1 A typical example of IP address allocations within a private subnetFigure 4.2 A NAT server translating IP addresses and managing traffic between local and pub...Figure 4.3 The Wireshark “home” screen showing links to all the networks available to the s...Figure 4.4 The results of a typical network scan shown in Wireshark

3 Chapter 5 Figure 5.1 A typical symmetric encryption and decryption processFigure 5.2 The recipient’s public key is used to encrypt and later decrypt a file with the ...Figure 5.3 The sender’s public key is used to encrypt and later decrypt a file with the use...Figure 5.4 The step-by-step representation of a blockchain transaction

4 Chapter 6 Figure 6.1 The successful SSL Report on the TLS configuration for the bootstrap-it.comwebs...Figure 6.2 The conversation between a client browser and a TLS-powered web serverFigure 6.3 Installation instructions on the Certbot websiteFigure 6.4 A typical VPN running through a secure tunnel connection

5 Chapter 7 Figure 7.1 The NVD DashboardFigure 7.2 A layered diagram of NVD-related tools

6 Chapter 8 Figure 8.1 Some output from the dmesgcommand on a Linux Ubuntu 18.04 system. Exciting read...

7 Chapter 9 Figure 9.1 Public-facing web servers are allowed fairly open access from public networks, w...Figure 9.2 A common dual-firewall DMZ setupFigure 9.3 A bastion host is a server placed within a DMZ through which remote admins can a...Figure 9.4 The VirtualBox network adapter configuration dialog box

1 Cover

2 Table of Contents

3 Introduction

1 i

2 ii

3 iii

4 v

5 xiii

6 xiv

7 xv

8 1

9 2

10 3

11 4

12 5

13 6

14 7

15 8

16 9

17 10

18 11

19 12

20 13

21 15

22 16

23 17

24 18

25 19

26 20

27 21

28 22

29 23

30 24

31 25

32 26

33 27

34 28

35 29

36 30

37 31

38 33

39 34

40 35

41 36

42 37

43 38

44 39

45 40

46 41

47 42

48 43

49 44

50 45

51 46

52 47

53 48

54 49

55 50

56 51

57 52

58 53

59 54

60 55

61 56

62 57

63 59

64 60

65 61

66 62

67 63

68 64

69 65

70 66

71 67

72 68

73 69

74 70

75 71

76 72

77 73

78 74

79 75

80 76

81 77

82 78

83 79

84 81

85 82

86 83

87 84

88 85

89 86

90 87

91 88

92 89

93 90

94 91

95 93

96 94

97 95

98 96

99 97

100 98

101 99

102 100

103 101

104 102

105 103

106 104

107 105

108 106

109 107

110 108

111 109

112 110

113 111

114 112

115 113

116 114

117 115

118 116

119 117

120 118

121 119

122 120

123 121

124 122

125 123

126 125

127 126

128 127

129 128

130 129

131 130

132 131

133 132

134 133

135 134

136 135

137 136

138 137

139 138

140 139

141 140

142 141

143 143

144 144

145 145

146 146

147 147

148 148

149 149

150 150

151 151

152 152

153 153

154 154

155 155

156 156

157 157

158 158

159 159

160 160

161 161

162 162

163 163

164 164

165 165

166 166

167 167

168 168

169 169

170 170

171 171

172 172

173 173

174 174

175 175

176 176

177 177

Right off the top, I’d like to be clear about exactly what this book is and what it’s not. Linux Security Fundamentals is a guide to security best-practices for Linux admins. It is not however a comprehensive guide to deploying secure workloads in Linux environments.

So don’t expect a lot of nuts and bolts demonstrations of complex administration tasks. We’re not even going to cover the core basics of the Linux command line. I’ll assume you’ve got all that already. This isn’t a very technical book. In fact, there may be one or two chapters that don’t even specifically mention Linux.

We won’t talk, say, about the detailed configuration settings controlling cgroups or setting up effective and bullet-proof Nagios servers–as important as they are. For that kind of detail, you can consult Chris Negus’ Linux Bible–or the Ubuntu Bible that I wrote in collaboration with Chris.

Instead, this book will quickly deliver the big-picture security knowledge that every admin should know (but often doesn’t). The trick here, is that all that knowledge will delivered within a Linux context. So, for instance, along with the big-picture stuff you can expect to learn how to install the OpenVAS vulnerability scanner, construct a firewall using iptables, or build a custom Wireguard VPN. But don’t expect to find that kind of technical detail in every chapter.

Why is a book like this necessary?

The moment we connect our phones, laptops, and servers to the internet, we’re all living in a very dangerous neighborhood. And there’s no single ‘set-it-and-forget-it’ solution that’ll reliably keep all the looming threats away. The only way you can even hope to protect yourself and your digital resources is to understand the kinds of vulnerabilities that could affect your infrastructure and the ways smart administration can maximize both harm prevention and mitigation. But there’s more. Since the IT threat landscape changes so often, you’ll also need to learn how to continuously monitor your infrastructure and keep up with developments in the technology world.

Whether you’re a professional Linux admin, a developer, a data engineer, or even just a regular technology consumer, you’ll be both safer and more effective at everything you do if you can understand and apply security best practices. And considering how Linux has come to dominate the web application, DevOps, internet of things, and mobile connectivity industries, getting security right on Linux is more critical than ever before.

Each of the book’s chapters includes review questions to thoroughly test your understanding of the services you’ve seen. The questions were designed to help you better understand and remember the content. Although the difficulty level will vary between questions, it’s all on target for the real digital world. Once you complete a chapter’s assessment, refer to Appendix for the correct answers and detailed explanations.

This book covers topics you need to know to prepare for the Security Essentials certification exam.

Chapter 1: Using Digital Resources ResponsiblyIn this chapter, you’ll learn about protecting the digital rights and privacy of people with whom you interact, including your own employees and the users of your services.