Hillel kobrovski Linux security overview for ciso

Hillel Kobrovski
Cyber & Network Security Solutions Architect
Hillel@Innovateordie.co.il | 054-7700919
Linux Overview
for CISO

Linux is everywhere, Linux jobs are everywhere, there is a shortage of
Linux talent, and, Linux skills are in demand in just about every industry
and job category on the planet.
Linux is Everywhere!

▪ Linux means the kernel of the system, which is the central controller of
everything that happens on the computer.
▪ Linux is a combination of software called GNU/Linux, which defines the
operating system.
▪ GNU is the free software that provides open source equivalents of many
common UNIX commands.
▪ The Linux part of this combination is the Linux kernel, which is the core of
the operating system.
▪ The story of Linux begins with UNIX, an operating system developed at AT&T
Bell Labs in the 1970s.
▪ UNIX is written in the C language.
Linux is a Kernel

▪ Linux started in 1991 as a hobby project by Linus Torvalds, a Finnish born computer scientist
studying at the University of Helsinki.
▪ The GNU Project was developed Linux by Richard Stallman in 1983.
▪ Basically a kernel, it was combined with the various software and compilers from GNU
Project to form an OS, called GNU/Linux
▪ Linux is a full-fledged OS available in the form of various Linux Distributions :
RedHat, Fedora, SuSE, Ubuntu, Debian are examples of Linux distros
▪ Linux is supported by big names as IBM, Google, Sun, Novell, Oracle, HP, Dell, and many
more
What is Linux ?

▪Inspired by the UNIX OS, the Linux kernel was developed as a clone of UNIX
▪GNU was started in 1984 with a mission to develop a free UNIX-like OS
▪Linux was the best fit as the kernel for the GNU Project
▪Linux kernel was passed onto many interested developers throughout the
Internet
▪Linux today is a result of efforts of thousands of individuals, apart from Linus
Torvalds
History of Linux

▪ Historically, most software has been issued under a closed-source
license.
▪ This means that you get the right to use the executable program or
machine code, but cannot see the source code.
▪ The development of Linux closely parallels the rise of open source
software.
▪ The open source philosophy is that you have a right to obtain the
software source code and to modify it for your own use.
Linux is Open Source

▪ A distribution refers to the Linux kernel, tools, and suite of
applications that come bundled together.
▪ Take Linux and the GNU tools, add some user-facing applications
like a web browser and an email client, and you have a full Linux
system.
▪ There are distributions suited to every imaginable purpose.
▪ There are distributions that focus on running servers, desktops, or
even industry-specific tools like electronics design or statistical
computing.
Linux Has Distributions

▪ There are two basic types of interfaces available that allow you to interact with
the operating system.
▪ The typical computer user today is most familiar with a graphical user interface
(GUI).
▪ In a GUI, applications present themselves in windows that can be resized and
moved around.
▪ There are menus and tools to help users navigate.
▪ The second type of interface is the command line interface (CLI), a text-based
interface to the computer.
▪ The CLI relies primarily on keyboard input.
Linux Embraces the CLI

▪ Software that runs on a computing device and manages the
hardware and software components that make up the system.
▪ It also schedules programs to run and provides services to users or
programs (i.e., print).
▪ Commonly abbreviated as OS
Introduction to Operating Systems

● Users today have a choice between three major operating systems:
○ Microsoft Windows
○ Apple macOS
○ Linux
● Only Microsoft Windows is based on proprietary code that is not Unix or Linux
based.
Introduction to Operating Systems

● Role: Accessed by one user directly (desktop) or many users remotely (server)?
● Function: Does it need to run specific software? What is the skill set of users?
● Life Cycle: What is the service lifetime? OS types have different release cycles and
maintenance cycles for support and updates.
● Stability: Are OS releases beta (not tested “in the wild”) or stable (tested)?
● Compatibility: Is it backwards compatible as in is it compatible with software made
for earlier versions?
Decision Points

● Cost: Important factor for new systems.
○ Microsoft has annual license fees.
○ Apple does not charge annual fees but only works on Apple hardware.
○ There are multiple Linux providers who offer enterprise support and
although the software is free, support is not.
Decision Points

● Offers desktop and server versions.
● Slow release cycle (3-5 years), long maintenance cycle
● Emphasis on backward compatibility
● Runs a Graphical User Interface (GUI)
● Improved scripting and management abilities are being developed to compete
with Linux.
Microsoft Windows

● Runs only on Apple hardware
● Server version adds packages to the desktop version to aid in management and
sharing.
● UNIX certified
● New major releases every 18-24 months
Apple macOS

● Unique in that after choosing Linux you must choose a distribution
● Different distributions focus on different use cases, e.g. desktop,
server, scientific, network
● Some distributions offer commercial support, most is volunteer
based
Linux

● Role: Distributions available for variety of systems; commercial for servers and
desktop, specialized to repurpose computers, embedded systems, etc.
● Function: Distributions can be chosen based on purpose of usage or security
needed.
● Life Cycle: Most distributions have major and minor update cycles. Some Linux
releases have long-term support (LTS) (5+ years, 13yrs for SUSE LTS ).
● Stability: Some distributions offer stable, testing, and unstable releases.
● Compatibility: Distributions are zero cost. Depending on need, paying for
support may be worthwhile. Enterprise users can pay for support or attempt self-
support.
Linux Decision Points

Share of the global server market by operating system in 2018 and 2019

Linux Distribution Map
Source:
http://futurist.se/gldt/

Linux Distribution for Workstation

Over 60+ Linux Distribution for Workstation

Commercial Linux Distribution for Server

● Focuses on server applications like web and file serving.
● Releases Red Hat Enterprise Linux (RHEL), a stable distribution with long
release cycles.
● Sponsors the Fedora Project, a personal desktop with latest software.
● CentOS is a free version of RHEL software which does not offer support.
● Scientific Linux is a specific use distribution based on Red Hat.
Red Hat

● One of the first distributions
● Originally derived from Slackware (1993 – 2016)
● Contains proprietary code and is sold as a server product. Some modules or
addons may contain proprietary code.
● Sold as a server product although a Workstation version exists.
● OpenSUSE is a completely open, free version with multiple desktop packages.
SUSE

Debian:
● Community effort that promotes use of open source software.
● Invented its own package management system (apt) based on the .deb file format.
Ubuntu:
● Ubunto is its most popular derived distribution, which has variants for desktop,
server, and applications. Ubuntu also offers an Long-Term Support (LTS) version.
Linux Mint:
• Linux Mint is a derivative of Ubuntu with various free versions, some have license
restrictions.
Debian – Ubuntu – Linux Mint

▪ Linux Operating system based on Debian designed to be run directly
from a CD / DVD (Live CD) or a USB flash drive (Live USB)
▪ First edition year 2000 , one of the first of its kind for any operating system
▪ Can run over minimum hardware require ( 10GE Disk Space / 2GE RAM)
Knoppix – Live CD

● Provides a platform for mobile users
● Lacks traditional GNU/Linux packages to make it compatible with
desktop.
● Led By & Sponsored by Google Since 2007
● Disturbed with Open Handset Alliance – Open Source
● Multi-Touch GUI support: Smart Phone / Tablet / Smart TV
Android

Android Emulator under Windows / PC
1.BlueStacks
2.Nox
3.GameLoop
4.AndY
5.MEmu

● Raspbian is a Linux distribution designed to run on Raspberry Pi
hardware.
● Linux From Scratch (LFS) consists of an online book, source code,
and instructions for building a custom Linux distribution.
Other Linux Distributions

Linux Distribution for End Point (Workstation / Mobile)

Server OS - Server Operating System Industry Market Share, 2018

Server Reliability by Hardware Platform Running Linux OS
Source: ITIC 2020 Global Server Hardware Server OS Reliability Survey

Cyber Network Security Solutions base on Linux OS (Free BSD)

Linux base / Open Source Security solutions

Free Base Linux Router / FireWall
Source: https://en.wikipedia.org/wiki/List_of_router_and_firewall_distributions

Linux Distributions for Hacking and Penetration Testing
1. Kali Linux
2. BackBox
3. Parrot Security OS
4. BlackArch
5. Bugtraq
6. DEFT Linux
7. Samurai Web Testing Framework
8. Pentoo Linux
9. Caine
10. Network Security Toolkit
11. Fedora Security Spin
12. ArchStrike
13. Cyborg Linux
14. Matriux
15. Weakerth4n
Source : https://itsfoss.com/linux-hacking-penetration-testing/
Kali Linux Certifications
• OSWE Web Expert
• OSCP Certified Professional
• OSCE Certified Expert
• OSWP Wireless Professional
• OSEE Exploitation Expert

Linux Certification
Source: https://www.guru99.com/best-linux-certifications.html
https://www.businessnewsdaily.com/10750-best-linux-certifications.html

● Philosophy that users have the right to obtain the software source code and modify it
for their own use.
● Software projects use source code; a human-readable set of computer instructions.
● Unix source code language preceded Linux. Unix was created at AT&T Bell Labs in
1969.
● Standards organizations like IEEE and POSIX ensure that code has the ability to be
compatible with other programs and operating systems for collaboration.
● GNU Project built tools that are compatible with UNIX, which were used to create
Linux and now make Linux a more complete package.
Open Source Philosophy

● Purchasing Software:
○ Ownership - Who owns the intellectual property
○ Money Transfer - Does it cost anything? How do you pay?
○ Licensing - What do you get? What can you do with the software? How
many computers? Can you share it?
Open Source Licensing

● End User License Agreement (EULA) is a legal document you must accept
before installing software.
● GNU General Public License version 2 (GPLv2) is a license that states the
source code must be made available to anyone and that anyone can make
changes. *Changes must be under the same license.
● Free and Open Source Software is software where anyone can view source
code, modify it, and redistribute it.
Open Source Licensing

● Founded in 1985 with goal of promoting free software. Advocates for freedom to
share, study, and modify the underlying source code.
● Enforces copyleft, the philosophy that if someone modifies free software, they are
required to share those changes when they share the modified software.
● Developed their own licenses which are free and are based on GNU General Public
License (GPL). **Also GPLv2, GPLv3, LGPLv2, and LGPLv3
The Free Software Foundation
“Two groups can be considered the most influential forces in the world of
open source: The Free Software Foundation and the Open Source
Initiative.”

● Licenses without copyleft are called permissive.
● Free and Open Source Software (FOSS) is an term used to refer to the
open source community, which consists of Free Software and Open Source as a
collective (a catch-all term).
● Free/Libre/Open Source Software (FLOSS) uses the term libre to define
the difference between free from restrictions (Libre) and free from cost (Free).
The Open Source Initiative

• Creative Commons (CC) is an American non-profit organization (2001) and
international network devoted to educational access and expanding the range
of creative works available for others to build upon legally and to share.[3] The
organization has released several copyright-licenses, known as Creative Commons
licenses, free of charge to the public.
● Attribution – Must acknowledge the author
● ShareAlike – Copyleft
● No-Derivs – You may not change the content
● NonCommercial – No commercial use
● Combinations are allowed, such as Attribution-No-Derivs-NonCommercial
Creative Commons

Creative Commons
Attribution (CC-BY) You can use CC BY content for any use but must credit the
copyright holder.
Attribution ShareAlike (CC-BY-SA) Copyleft version of the Attribution license
Attribution No-Derivs (CC-BY-ND) You may redistribute the content under the same conditions as
CC-BY but may not change it.
Attribution-NonCommercial (CC-BY-NC) Like CC BY, but you may not use it for commercial purposes.
Attribution-NonCommercial-ShareAlike
(CC-BY-NC-SA)
Requires that your changes be shared under the same license.
Attribution-NonCommercial-No-Derivs (CC-
BY-NC-ND)
Allows sharing the content to be used for non-commercial
purposes, but people may not change the content.
No Rights Reserved (CC0) Public domain

● Offer products and services: Red Hat and Ubuntu
● Create tools : Wireshark
● Package hardware and open source software; Tivo, appliances
Open Source Business Models

Linux User / System Introduction

● To be a Linux systems administrator, it is necessary to be comfortable with
Linux as a desktop operating system and have proficiency with basic
Information and Communication Technology (ICT) skills.
● Systems administrators use Linux to manage servers, assist users with
configuration issues, recommend new software, and update documentation
among other tasks.
● After familiarizing oneself with the Linux Graphical User Interface (GUI), or
desktop, the next step is learning how to perform tasks from the command line.
Navigating the Linux Desktop

● The command line interface (CLI) is a simple text input system for entering
anything from single word commands to complicated scripts.
● On systems that boot to a GUI, there are two common ways of accessing the
command line, a GUI-based terminal, and a virtual terminal:
○ Browse to the Terminal application from the applications menu
○ A virtual terminal can be run at the same time as a GUI but may require the
user to log in via the virtual terminal before they can execute commands
Getting to the Command Line

● The kernel decides which program gets which blocks of memory, it starts and kills
applications, and it handles displaying text or graphics on a monitor.
● Applications make requests to the kernel and in return receive resources, such as
memory, CPU, and disk space.
● The kernel also handles the switching of applications, a process known as multitasking.
● There are a large variety of application types such as word processors, web browsers,
and email clients, and more.
● A process is just one task that is loaded and tracked by the kernel.
● An application may even need multiple processes to function, so the kernel takes care
of running the processes, starting and stopping them as requested, and handing out
system resources.
Applications

● Linux software generally falls into one of three categories:
○ Server Applications: The purpose of this software is to serve information
to other computers, called clients.
○ Desktop Applications: Web browsers, text editors, music players, or other
applications with which users interact directly.
○ Tools: A loose category of software that exists to make it easier to manage
computer systems.
Major Applications

● UNIX has considerable overlap between the skills of software development and systems
administration.
● The tools for managing systems have features of computer languages, such as loops, and
are used extensively in automating systems administration tasks.
● Therefore, basic familiarity with programming is required for competent systems
administrators.
● Shells:
○ Users interact with a Linux system through a shell, which accepts commands to
execute.
○ Linux offers a variety of shells to choose from such as; the Bourne shell, the C shell,
the Bourne Again (Bash) shell, the tcsh, the Korn shell (Ksh), and the zsh.
Console Tools

● Text editors:
○ Most Linux systems provide a choice of text editors which are commonly
used at the console to edit configuration files.
○ The two main editors are Vi (or the more modern Vim) and Emacs.
○ Pico and Nano are available on most systems and provide very basi, yet
user friendly text editing.
Console Tools

Computer programming languages provide a way for a programmer to enter instructions in a more
human readable format, and for those instructions to eventually become translated into something
the computer understands.
● Languages fall into one of two camps: interpreted or compiled.
○ An interpreted language translates the written code into computer code as the program
runs.
○ A compiled language is translated all at once.
● Linux itself was written in a compiled language called C.
● C has been extended over the years to C++ and Objective C and other variants.
● The Java language uses hypothetical CPU called the Java Virtual Machine (JVM) and then
compiles all the code to that.
● JavaScript is a high-level interpreted programming language that is one of the core technologies
on the world wide web.
Development Languages

● Perl is an interpreted language originally developed to perform text manipulation but
has gained favor with systems administrators and is used in everything from
automation to building web applications.
● PHP is a language that was initially built to create dynamic web pages.
● Ruby is another language that was influenced by Perl and Shell that powers many of
the leading automation tools.
● Python is another scripting language that is in general use
○ Python has excellent statistical processing abilities and is a favorite in academia.
● OpenSSL is a cryptographic library that is used in everything from web servers to the
command line.
● C library. It provides a basic set of functions for reading and writing to files and
displays, which is used by applications and other languages alike.
Development Languages

‫של‬ ‫בגישה‬ ‫הגנה‬ ‫יישום‬"‫הרשת‬"‫השרת‬ ‫אל‬
•‫ברמת‬ ‫סגמנטציה‬FireWall‫רשתי‬
•WAF‫חיצוני‬,‫על‬ ‫ומדובר‬ ‫במידה‬WEB
•DB Security,‫במידה‬‫ומדובר‬‫על‬‫שרת‬Data Base
•IPS‫רשתי‬
‫אל‬ ‫השרת‬ ‫של‬ ‫בגישה‬ ‫הגנה‬ ‫יישום‬"‫הרשת‬"
•‫ברמת‬ ‫סגמנטציה‬FireWall‫רשתי‬
•IPS‫שבוחן‬ ‫רישתי‬‫תעבורה‬‫אל‬ ‫מהשרת‬ ‫שיצאה‬ ‫חריגה‬"‫הרשת‬"
•‫למנוע‬‫גישה‬‫ישירה‬‫לאינטרנט‬|‫שרת‬ ‫דרך‬ ‫גישה‬Proxy‫או‬
•‫ברמת‬ ‫לאינטרנט‬ ‫תעבורה‬ ‫של‬ ‫תוכן‬ ‫סינון‬DNS / WEB Filtering + Application Security
‫מידע‬ ‫אבטחת‬ ‫ליישום‬ ‫גישות‬‫לינוקס‬ ‫בסביבת‬ ‫סייבר‬ ‫הגנת‬

‫השרת‬ ‫ברמת‬ ‫הגנה‬–‫נכנסת‬ ‫תקשורת‬
•‫לא‬‫להתקין‬"‫שרתים‬"‫בהם‬ ‫שאין‬‫צורך‬‫תפעולי‬
•‫לסגור‬Services‫שאין‬‫בהם‬‫צורך‬‫תפעולי‬
•‫יישום‬FireWall)IP Table(‫ה‬ ‫ברמת‬HOST‫תקשורת‬ ‫לכל‬"‫נכנסת‬"‫לשרת‬
•‫יישום‬IPSAV‫ה‬ ‫ברמת‬HOST
‫השרת‬ ‫ברמת‬ ‫הגנה‬–‫יוצאת‬ ‫תקשורת‬
•‫יישום‬FireWall)IP Table(‫ה‬ ‫ברמת‬HOST‫תקשורת‬ ‫לכל‬"‫יוצאת‬"‫מהשרת‬
•‫יישום‬IPSAV‫ה‬ ‫ברמת‬HOST
•‫הסרה‬‫של‬‫כלים‬"‫מסוכנים‬"‫השרת‬ ‫ברמת‬)‫ללא‬:TFP/TFTP Client / Telnet Client,NMAP‫וכו‬'(
•‫התקשורת‬ ‫ברמת‬ ‫חשודה‬ ‫פעילות‬ ‫ניתור‬–‫ברמת‬ ‫ובחינה‬ ‫לוגים‬ ‫העברת‬SEIM

‫הפעלה‬ ‫מערכת‬ ‫ברמת‬ ‫הגנה‬
•‫הרשאות‬ ‫הידוק‬Power User|‫יש‬‫ברמת‬ ‫שימוש‬ ‫האפשר‬ ‫ככל‬ ‫להמעיט‬Root
•‫ברמת‬ ‫הרשאות‬ ‫הידוק‬‫מערכת‬‫הקבצים‬
•‫ברמת‬ ‫הרשאות‬ ‫הידוק‬Services
•‫התקנת‬Services PackSecurity Patch‫קבוע‬ ‫באופן‬
‫מערכת‬ ‫מנהל‬ ‫התנהגות‬ ‫ברמת‬ ‫הגנה‬
•‫אמינות‬ ‫בדיקת‬‫תוכנות‬‫אפליקציות‬‫סקריפטים‬‫בטרם‬‫בשרת‬ ‫התקנתם‬
•‫חיצונים‬ ‫קבצים‬ ‫של‬ ‫אמינות‬ ‫בדיקת‬‫טרם‬‫לשרת‬ ‫שלהם‬ ‫העתקה‬
•‫נעילת‬Console‫שימוש‬ ‫שאין‬ ‫מקרה‬ ‫בכל‬,‫ל‬ ‫רק‬ ‫זה‬ ‫אם‬ ‫גם‬-2‫קפה‬ ‫כוס‬ ‫להביא‬ ‫דקות‬

• https://github.com/imthenachoman/How-To-Secure-A-Linux-Server
• https://github.com/topics/linux-hardening
Check List – How to Secure Linux Server

• https://www.sans.org/score/checklists
• https://citeseerx.ist.psu.edu/viewdoc/
download?doi=10.1.1.190.3702&rep=
rep1&type=pdf

• https://security.utexas.edu/os-hardening-checklist/linux-7

‫בכל‬ ‫לשירותכם‬‫שאלה‬
‫בברכה‬,‫הילל‬‫קוברובסקי‬
🎯‫רב‬ ‫ומומחה‬ ‫מנטור‬-‫לחדשנות‬ ‫תחומי‬,‫מיתוג‬,‫שיווקית‬ ‫אסטרטגיה‬‫והייטק‬ ‫סייבר‬ ‫לחברות‬ ‫ועסקית‬
🧭‫טכנולוגים‬ ‫טרנדים‬ ‫וחוקר‬ ‫עתידן‬
🛡‫סייבר‬ ‫והגנת‬ ‫מידע‬ ‫אבטחת‬ ‫פתרונות‬ ‫ארכיטקט‬
Hillel@Innovateordie.co.il | 054-7700919

Hillel kobrovski Linux security overview for ciso

Recommended

Recommended

More Related Content

What's hot

What's hot (20)

Similar to Hillel kobrovski Linux security overview for ciso

Similar to Hillel kobrovski Linux security overview for ciso (20)

More from Hillel Kobrovski

More from Hillel Kobrovski (20)

Recently uploaded

Recently uploaded (20)

Hillel kobrovski Linux security overview for ciso