Alina Swietochowska | 26 January 2012
Apparently, there can never be too much said about computer security, and so we thought we’d chip in, constructively. The best manner for us, is to offer a new course – this time, one that focuses on handling various security techniques in Linux.
One could argue that security of an operating system is a self professing technology strand in that unlike most IT concepts and applications, the vast range of security related products and tools have no purpose other than allow other products and tools function in peace.
Just like a 5-lever lock requirement placed on households by insurance companies, IT vendors come up with numerous solutions to comply with the security related industry standards. In turn, the end users (all of us, from individuals to corporate) secure their equipment, or at least try to appear to have done so.
Those that use computers casually, for their private needs, will most likely use a solution or product recommended by the vendor. However, IT professionals must be able to assess their requirement fully, and arrive at the solution based on educated and exact analysis. To achieve that, they need to have appropriate background understanding of risks and the ability to apply fitting solution to mitigate those risks.
Industry certification for security, such as (ISC)², or Cisco certifications do exist, and they are excellent in formalising the approach to securing a particular technology area. But certification should not be the aim in itself. For an administrator to apply an apt solution, he must be aware of the infrastructure (invariably comprising an extensive range of products) and its implications on corporate security.
This necessitates a broader understanding of security solutions. Typically, one starts by getting to grips with the basics of Information Security issues, models and standards, closely followed by the basics about cryptography, authentication (perhaps as provided by QASECFUND, Security Information Fundamentals course).
But after that, one needs to identify information and facts for the particular technology in use. Well, we have just released a new course to help with tackling the typical system security features in Linux. Rather proud of the little course. It has very little redundant information. It deals with many topics generally ignored elsewhere, for example SELinux. It doesn't patronise going through the basics covered in just about any generic security training offerings. Instead, looking through Linux intrinsic security features, techniques, tools and utilities. While this is not a forensics level course, we hope it will fill a gap between the fundamentals that one can pick up through a variety of educational programs and the concluding security job requirement.
So, let me introduce the QALXSEC, Securing a Linux Server course, now running in a centre near you... ;-).