Hands On Linux Security
Rik Farrow
Topic: Linux
Audience: Intermediate users
Description:
Few people enjoy learning how to swim by being tossed into the ocean, but that's what happens if a system you manage gets hacked. You often have little choice other than to reload that system, patch it, and get it running again. This two-day class gives you a chance to work with systems that have been "hacked," letting you search for hidden files or services or other evidence of the intrusion. Examples are taken from real, recent attacks on Linux systems. You will perform hands-on exercises with dual-use tools to replicate what intruders do as well as with tools dedicated to security. The tools vary from the ordinary, such as find and strings, to less familiar but very important ones, such as lsof, scanners, sniffers, and the Sleuth Kit.
The lecture portion of this class covers the background you need to understand UNIX security principles, TCP/IP, scanning, and popular attack strategies.
Day Two will explore the defenses for networks and individual systems. The class will end with a discussion of the use of patching tools for Linux, including cfengine.
Class exercises will require that you have an x86-based laptop computer that can be booted from a KNOPPIX CD. Macintosh owners interested in taking this class should contact the instructor, as a bootable KNOPPIX CD for the PPC may be provided as well if there is sufficient interest. Students will receive a version of Linux on CD that includes the tools, files, and exercises used in the course. If
you have a laptop but don't know whether it can run a bootable Linux CD (that will not have an impact on your installed hard drive or operating systems), please download a copy of KNOPPIX (knoppix.org), burn it, and try it out. KNOPPIX support for wireless is the same as common Linux kernels (not exciting), but KNOPPIX does a superb job of handling most other hardware found in laptops.
Topics include:
DAY ONE:
* Finding hidden files and evidence of intrusion
* TCP/IP and its abuses
* hping2 probes, or xprobe with ethereal again
* nmap while watching with ethereal or tcpdump
* Working with buffer-overflow exploit examples
* Apache servers and finding bugs in scripts
* John the Ripper, password cracking
DAY TWO:
* Using and modifying KNOPPIX Linux boot CD
* Elevation of privilege and suid shells
* Rootkits, and finding rootkits (chkrootkit)
* Sleuth Kit (looking at intrusion timelines)
* iptables and netfilter
* cfengine configuration
* Vulnerability scanning with nessus
Prerequisites:
Attendees should be familiar with command line UNIX/Linux
History:
DKUUG, Copenhagen, Denmark, 2003, Boston USENIX, 2004
Last change: Sep 16, 2006 04:33:24 PM
The Speaker: Rik Farrow
Location: Sedona, Arizona
Phone: 928-282-0242
Email: rik@spirit.com
Website: http://www.spirit.com/
Will travel: Anywhere
Payment required: Fees + Travel
Compensation required: $2500 per day
Other payment info: Business class airfare for overseas travel
Bio:
Rik Farrow provides UNIX and Internet security consulting and
training. He has been working with UNIX system security since 1984,
and with TCP/IP networks since 1988. He has taught for the IRS,
Department of Justice, NSA, US West, Canadian RCMP, Swedish Navy,
and for many U.S. and European user groups. Farrow also consults
with firms in the design and implementation of security applications.
He also teaches a course in NT security for UNIX sysadmins.
He is the author of UNIX System Security, published by Addison-Wesley
in 1991, and System Administrator's Guide to System V (Prentice Hall,
1989, with Rebecca Thomas). Farrow writes a column for ;login:, the
magazine of the USENIX Association, and a network security column
for Network magazine. His article on the technical details of the
Internet worm won an Excellance in Technology Communications award.
Rik lives with his wife in the high desert of Northern Arizona.
Posted: Sep 29, 2006 08:37:41 AM; Last change: Sep 29, 2006 08:52:52 AM
|
