Linux Security Fundamentals

Linux Security Fundamentals provides basic foundational concepts of securing a Linux environment. The focus is the digital self-defense of an individual user. This includes a general understanding of major threats against individual computing systems, networks, services and identity as well as approaches to prevent and mitigate them. This book is useful for anyone considering a career as a Linux administrator or for those administrators who need to learn more about Linux security issues. Topics include: Security Concepts Encryption Node, Device and Storage Security Network and Service Security Identity and Privacy Readers will also have access to Sybex's superior online interactive learning environment and test bank, including chapter tests, a practice exam, electronic flashcards, a glossary of key terms.

Table of Contents:
Introduction xiii Chapter 1 Using Digital Resources Responsibly 1 Protecting Personal Rights 2 Protecting Digital Privacy 4 What is Personal Data? 4 Where Might My Personal Data Be Hanging Out? 4 What Are My Responsibilities as a Site Administrator? 6 Can Escaped Genies Be Forced Back into Their Bottles? 6 What Can I Do as a User? 7 Establishing Authenticity 7 Think About the Source 8 Be Aware of Common Threat Categories 8 Summary 9 Back to the Basics 10 Review Questions 11 Chapter 2 What Are Vulnerabilities and Threats? 15 The Basics: What Are We Trying to Accomplish Here? 16 What Are Vulnerabilities and Threats? 17 What Can Be Exploited? 17 Who’s Doing the Exploiting? 18 Why Do They Attack? 19 Common Vulnerabilities 20 Software Vulnerabilities 20 Hardware Vulnerabilities 21 Bioware Vulnerabilities 21 Digital Espionage 21 USB Devices 21 Backdoors 22 Wireless Entry Points 22 Stolen Credentials 23 Data Breaches 23 Identity Theft (Besides Breaches) 24 Malware 24 Network-Based Attacks 25 Man-in-the-Middle Attacks 25 Denial-of-Service and Distributed Denial-of-Service Attacks 26 Network Routing Attacks 26 Summary 26 Back to the Basics 27 Review Questions 28 Chapter 3 Controlling Access to Your Assets 33 Controlling Physical Access 34 Understanding Your Devices 34 Protecting Your Devices 36 Managing Authentication Through Effective Password Use 38 Managing Authorization Through Permissions 44 Controlling Network Access 45 Firewalls 45 Virus and Malware Protection 48 Educating Your Users 49 Controlling Software Sources 50 PC Software Repositories 51 Mobile Package Management 51 Summary 52 Back to the Basics 52 Review Questions 54 Chapter 4 Controlling Network Connections 59 Understanding Network Architecture 60 The Transmission Control Protocol 60 The Internet Protocol 61 Understanding the Domain Name System 64 Auditing Networks 65 Network Auditing Tools 66 Automating Audits 70 Securing Networks 71 Patch Your Software 71 Physically Secure Your Infrastructure 73 Secure Your Network Behavior 73 Other Stuff 74 Summary 74 Back to the Basics 75 Review Questions 76 Chapter 5 Encrypting Your Data at Rest 81 What is Encryption? 82 Encryption Usage Patterns 85 What Should You Encrypt? 85 Understanding Hashing vs. Encryption 86 What Are Blockchains? 86 Encryption Technologies 87 Summary 89 Back to the Basics 89 Review Questions 90 Chapter 6 Encrypting Your Moving Data 93 Website Encryption 94 Why You Should Use Encryption 95 How Website Encryption Works 96 Generating Certificates 98 Email Encryption 99 GNU Privacy Guard 100 Does Gmail Encrypt Your Emails? 100 Working with VPN Connections and Software Repositories 100 Securing Your Actions Using VPNs 101 Securing Transfers from Software Repositories 104 Summary 105 Back to the Basics 105 Review Questions 106 Chapter 7 Risk Assessment 109 Conducting Open Source Intelligence Gathering 111 Accessing Public Vulnerability Databases 112 Vulnerability Data Frameworks 112 Vulnerability Data Formats 113 Vulnerability Data Metrics 114 Vulnerability Data Management Tools 114 Conducting Vulnerability Scans 115 Conducting Penetration Tests 117 Attack Vectors 118 Tooling Frameworks 118 Follow-Up 119 Summary 119 Back to the Basics 120 Review Questions 121 Chapter 8 Configuring System Backups and Monitoring 125 Why You Need to Get Backups Right the First Time 127 Appreciating the Risks 128 Spreading Your Backups Across Multiple Sites 129 Testing Your Backups 130 Meeting Regulatory Compliance 131 Backup Types 132 Incremental Backups 132 Differential Backups 133 Backup Life Cycles 133 Multitier Backups 133 Multisite Storage Solutions 134 Disaster Recovery Planning 134 Configuring Monitoring and Alerts 135 Working with System Logs 135 Intrusion Detection 136 Summary 137 Back to the Basics 138 Review Questions 139 Chapter 9 Resource Isolation Design Patterns 143 Configuring Network Firewalling 145 Balancing Public and Private Networks 145 Building Isolated Development Environments 147 Working with Sandbox Environments 148 Use Cases for Sandboxes 148 Sandbox Designs 149 Controlling Local System Access 150 Configuring Mandatory Access Controls 150 Setting Usage Quotas 151 Summary 152 Back to the Basics 152 Review Questions 153 Appendix Answers to Review Questions 155 Chapter 1: Using Digital Resources Responsibly 156 Chapter 2: What are Vulnerabilities and Threats? 157 Chapter 3: Controlling Access to Your Assets 158 Chapter 4: Controlling Network Connections 160 Chapter 5: Encrypting Your Data at Rest 161 Chapter 6: Encrypting Your Moving Data 162 Chapter 7: Risk Assessment 163 Chapter 8: Configuring System Backups and Monitoring 165 Chapter 9: Resource Isolation Design Patterns 166 Index 167

About the Author :
David Clinton is a Linux server admin and Amazon Web Services solutions architect who has worked with IT infrastructure in both academic and enterprise environments. He has created video courses teaching AWS and Linux administration, server virtualization, and IT security for Pluralsight. He has also written or cowritten a dozen technology books, including AWS Certified Solutions Architect Study Guide: Associate (SAA-C01) Exam, Second Edition, and AWS Certified Cloud Practitioner Study Guide: Foundational (CLF-C01) Exam.