146
147 147
148 148
149 149
150 150
151 151
152 152
153 153
154 154
155 155
156 156
157 157
158 158
159 159
160 160
161 161
162 162
163 163
164 164
165 165
166 166
167 167
168 168
169 169
170 170
171 171
172 172
173 173
174 174
175 175
176 176
177 177
Introduction
Right off the top, I’d like to be clear about exactly what this book is and what it’s not. Linux Security Fundamentals is a guide to security best-practices for Linux admins. It is not however a comprehensive guide to deploying secure workloads in Linux environments.
So don’t expect a lot of nuts and bolts demonstrations of complex administration tasks. We’re not even going to cover the core basics of the Linux command line. I’ll assume you’ve got all that already. This isn’t a very technical book. In fact, there may be one or two chapters that don’t even specifically mention Linux.
We won’t talk, say, about the detailed configuration settings controlling cgroups or setting up effective and bullet-proof Nagios servers–as important as they are. For that kind of detail, you can consult Chris Negus’ Linux Bible–or the Ubuntu Bible that I wrote in collaboration with Chris.
Instead, this book will quickly deliver the big-picture security knowledge that every admin should know (but often doesn’t). The trick here, is that all that knowledge will delivered within a Linux context. So, for instance, along with the big-picture stuff you can expect to learn how to install the OpenVAS vulnerability scanner, construct a firewall using iptables, or build a custom Wireguard VPN. But don’t expect to find that kind of technical detail in every chapter.
Why is a book like this necessary?
The moment we connect our phones, laptops, and servers to the internet, we’re all living in a very dangerous neighborhood. And there’s no single ‘set-it-and-forget-it’ solution that’ll reliably keep all the looming threats away. The only way you can even hope to protect yourself and your digital resources is to understand the kinds of vulnerabilities that could affect your infrastructure and the ways smart administration can maximize both harm prevention and mitigation. But there’s more. Since the IT threat landscape changes so often, you’ll also need to learn how to continuously monitor your infrastructure and keep up with developments in the technology world.
Whether you’re a professional Linux admin, a developer, a data engineer, or even just a regular technology consumer, you’ll be both safer and more effective at everything you do if you can understand and apply security best practices. And considering how Linux has come to dominate the web application, DevOps, internet of things, and mobile connectivity industries, getting security right on Linux is more critical than ever before.
Each of the book’s chapters includes review questions to thoroughly test your understanding of the services you’ve seen. The questions were designed to help you better understand and remember the content. Although the difficulty level will vary between questions, it’s all on target for the real digital world. Once you complete a chapter’s assessment, refer to Appendix for the correct answers and detailed explanations.
What Does This Book Cover?
This book covers topics you need to know to prepare for the Security Essentials certification exam.
Chapter 1: Using Digital Resources Responsibly In this chapter, you’ll learn about protecting the digital rights and privacy of people with whom you interact, including your own employees and the users of your services.
Chapter 2: What Are Vulnerabilities and Threats? Here you’ll discover the scope of the many classes of threats against your infrastructure, including digital espionage, stolen credentials, and malware.
Chapter 3: Controlling Access to Your Assets Your first line of defense against the bad guys is the outer edge of your property. So, learning to manage physical and network access to your resources is a big deal.
Chapter 4: Controlling Network Connections Before you can effectively audit and secure your networks, you’ll need to understand how IP/TCP networking actually works. This chapter will introduce you to both general networking administration and the basics of network security.
Chapter 5: Encrypting Your Data at Rest What can I say? Obscuring your important data stores from prying eyes is a critical component of security. Learn why, how, and where it should be done.
Chapter 6: Encrypting Your Moving Data In this chapter, you’ll learn about website and email encryption, along with the care and feeding of virtual private networks (VPNs).
Chapter 7: Risk Assessment You’ll never know how secure your infrastructure is until it comes under attack. Now who would you prefer launches this first attack? This is something you’d rather want to do yourself through the services of vulnerability scanners and penetration testers.
Chapter
