The most trusted source for computer security training, certification and research.

select a course
Global Information Assurance Certification

SANS has opened my eyes to things I never would have considered on my own research.
-Doug Wells, Media General, Inc.

SECURITY 506

Securing Linux/Unix

6 CPE Credits per day

Experience in-depth coverage of Linux and Unix security issues. Examine how to mitigate or eliminate general problems that apply to all Unix-like operating systems, including vulnerabilities in the password authentication system, file system, virtual memory system, and applications that commonly run on Linux and Unix. This course provides specific configuration guidance and practical, real-world examples, tips, and tricks.

Throughout this course, you will become skilled at utilizing freely available tools to handle security issues, including SSH, AIDE, sudo, lsof, and many others. SANS' practical approach with "hands-on" exercises every day ensures that you can start using these tools as soon as you return to work. We will also put these tools to work in a special section that covers simple Forensic techniques for investigating compromised systems.

Prerequistie
Students must possess at least a working knowledge of Unix. Most students who attend this course have a minimum of three to five years of Unix System Administration experience.

  • Who Should Attend
    • Security professionals looking to learn the basics of securing Unix operating systems
    • Experienced administrators looking for in-depth descriptions of attacks on Unix systems and how they can be prevented
    • Administrators needing information on how to secure common Internet applications on the Unix platform
    • Auditors, incident responders, and InfoSec analysts who need greater visibility into Linux and Unix security tools, procedures, and best practices
  • Sampling of Topics
    • Memory attacks, buffer overflows
    • File system attacks, race conditions
    • Trojan horse programs and rootkits
    • Monitoring and alerting tools
    • Unix logging and kernel-level auditing
    • Building a centralized logging infrastructure
    • Network security tools
    • SSH for secure administration
    • Server "lockdown" for Linux and Unix
    • Controlling root access with sudo
    • SELinux and chroot() for application security
    • DNSSEC deployment and automation
    • mod_security and Web application firewalls
    • Secure configuration of BIND, Sendmail, Apache
    • Forensic investigation

The quality of a SANS course is "exceptional" and the instructors are true experts with real experience.
-Todd Coston, Kern Community College District

Author Statement

A wise man once said, "How are you going to learn anything if you know everything already?" And yet there seems to be a quiet arrogance in the Unix community that we've figured out all of our security problems, as if to say, "Been there, done that." All I can say is that what keeps me going in the Unix field, and the security industry in particular, is that there is always something new to learn, discover, or invent. In fifteen plus years on the job, what I've learned is how much more there is that I can learn. I think this is also true for the students in my courses. I regularly get comments back from students that say things like, "I've been using Unix for 20 years, and I still learned a lot in this class." That's really rewarding.
-Hal Pomeranz

Training Events By Course

SECURITY 506 :: Securing Linux/Unix
SANS 2010 Orlando, FL March 06, 2010 - March 15, 2010
Community SANS Twin Cities 2010 St. Paul, MN March 08, 2010 - March 13, 2010
SANS OnDemand Online Training & Assessments Anytime
SANS SelfStudy Books and .MP3s Only Anytime