the most trusted source for computer security training, certification and research
select a course
Global Information Assurance Certification

Excellent, relevant, immediately useful information. I can't wait to get back to the office to try it out.
-Steve Zehl, USGS

SECURITY 506

Securing Unix/Linux

6 CPE Credits per day

Experience in-depth coverage of Unix security issues. Examine how to mitigate or eliminate general problems that apply to all Unix-like operating systems including vulnerabilities in the password authentication system, file system, virtual memory system, and in common network protocols such as NFS, NIS, and the Unix RPC mechanism. Learn the exact steps necessary to secure the two most common Unix flavors-- Solaris and Linux-- and get specific advice for securing some of the most common Internet services on the Unix platform, including Apache, WU-FTPD, Sendmail, and BIND.

Throughout this course, you will become skilled at utilizing freely available tools to handle security issues, including SSH, AIDE, sudo, lsof, and many others. SANS' practical approach with "hands-on" exercises every day ensures that you can start using these tools as soon as you return to work. We will also put these tools to work in a special section that covers simple Forensic techniques for investigating compromised systems.

PREREQUISITE

Students must possess at least a working knowledge of Unix. Most students who attend the track have a minimum of 3-5 years of Unix System Administration experience. To test your knowledge see our Unix Knowledge Quiz at http://www.sans.org/training/unix_quiz.php .

  • Who Should Attend
    • Security professionals looking to learn the basics of securing Unix operating systems
    • Experienced administrators looking for in-depth descriptions of attacks on Unix systems and how they can be prevented
    • Administrators needing information on how to secure common Internet applications on the Unix platform
    • Administrators looking for an introduction to best-of-breed hardening and testing tools
  • Sampling of Topics
    • Network-Based Attacks
    • Memory Attacks, Buffer Overflows
    • File System Attacks, Race Conditions
    • Trojan Horse Programs and Rootkits
    • Monitoring and Alerting Tools
    • Network Security Tools
    • SSH for Secure Administration
    • Forensic Investigation
    • Unix Logging and Kernel-Level Auditing
    • Network Time Protocol
    • Constructing Secure Solaris and Linux Hosts
    • Secure Configuration of BIND, Sendmail, Apache

It was, overall, the most in-depth training on securing Windows I've attended!
-Matt Hurst, Madison City Schools

Author Statement

A wise man once said, "How are you going to learn anything if you know everything already?" And yet there seems to be a quiet arrogance in the Unix community that we've figured out all of our security problems, as if to say, "Been there, done that." All I can say is that what keeps me going in the Unix field, and the security industry in particular, is that there is always something new to learn, discover, or invent. In fifteen plus years on the job, what I've learned is how much more there is that I can learn. I think this is also true for the students in my courses. I regularly get comments back from students that say things like, "I've been using Unix for 20 years and I still learned a lot in this class." That's really rewarding.
-HAL POMERANZ