Additional Security Resources
The course is part of this learning path
I hope you enjoyed this course and learned a lot along the way. I did my best to stay focused on issues that were specific to the Linux operating system and pointed out some of the most common Linux security concerns and how to address them. However, I realize that no matter how much material I include in this course, there will always be certain areas that each student wishes I had spent more time on, or provided even greater details on. Also, I know there will be some of you who are not only interested in Linux security, but also in broader topics like network security or information security in general. That's why I've put together this section of the course. In it I will start off by directing you to some additional resources that are Linux specific. If you take Linux security seriously and want to stay on top of the latest findings, you'll want to take special note of these resources. Next, I'll be sharing some resources with you that go beyond just Linux security. These resources will be of interest to those of you who want to explore information security in greater detail, and the broader implications of information security. I put together a list of Linux hardening guides that you can read online or download, they're located at LinuxtTrainingAcademy.com/hardening. I'll also include this list in the course downloads. The Center for Internet Security publishes hardening guides, which they call benchmarks. You can find their guides at benchmarks.cisecurity.org. They provide guides for many of the most popular Linux distributions, including Amazon's Linux distro, CentOS, Debian, Red Hat, Slackware, SUSE and Ubuntu. The first few guides on that list are from CIS. Fedora published a security guide that you can find online at docs.fedoraproject.org. It covers Fedora 19, and I couldn't find a newer version of the guide for their later releases of Fedora, but if you're running Fedora it may be worth checking out. The next hardening guide on the list applies to all Linux distributions, it's a checklist provided by the SANS Institute. Their website is located at sans.org. Red Hat has also published security guides for their distributions, you can find them on Red Hat's website at access.redhat.com. If you're using CentOS, you can follow these Red Hat guides as well. Other organizations have released security guides for Red Hat. We've already talked about the CIS benchmarks, however, the Defense Information Systems Agency, or DISA, has also released guides for Red Hat. Their guides are called STIGs, which stand for Security Technical Implementation Guides. The National Security Agency also released a guide for Red Hat, but it's fairly old, because it's for Fed Hat 5. You can find their Red Hat guide among other guides that they've released for other operating systems at their website at nsa.gov. The Global Information Assurance Certification created a Red Hat installation hardening checklist. Their website is located giac.org. SUSE has published guides for their SUSE Linux Enterprise Server Distributions, and you can find them on their website at suse.com. Ubuntu has some security hardening documentation located at help.ubuntu.com. Now that you have a hardening guide for your distribution, you need to keep up with the latest security issues for your distribution. Each distro typically has an email list that you can subscribe to so you can stay on top of the latest issues and fixes. I posted a list at LinuxTrainingAcademy.com/security-list, and I've included that list in the course downloads as well. If you want to meet in person to talk about security, consider going to a CitySec meeting. There you'll get to meet and interact with like-minded people who have an interest in security. For the list, visit LinuxTrainingAcademy.com/citysec, or look in the course downloads. You can also find security, and even Linux related meetups in your area on meetup.com. I've also put together a list of security conferences that publish their videos online. You can watch hours and hours of presentations given at these various security conferences by visiting LinuxTrainingAcademy.com/security-videos. Again, I'll make sure this list is in the course downloads. Also, most of these videos are about broader security topics, and they aren't in a structured course format, but if you're looking to gain some insights into information security as a whole, then you'll definitely enjoy some of these videos.
Jason is the founder of the Linux Training Academy as well as the author of "Linux for Beginners" and "Command Line Kung Fu." He has over 20 years of professional Linux experience, having worked for industry leaders such as Hewlett-Packard, Xerox, UPS, FireEye, and Amazon.com. Nothing gives him more satisfaction than knowing he has helped thousands of IT professionals level up their careers through his many books and courses.