Skip to content

Latest commit

 

History

History
60 lines (42 loc) · 4.49 KB

File metadata and controls

60 lines (42 loc) · 4.49 KB

Defend Yourself Using Built-in RHEL Security Technologies

Presenters/Lab Developers:

Lucy Kerner, Security Global Technical Evangelist and Strategist, Red Hat

Peter Beniaris, Senior Solutions Architect, Red Hat

Lukas Vrabec, Software Engineer - Security Controls, Red Hat

Paul Moore, Principal Software Engineer - Security Controls, Red Hat

Martin Preisler, Senior Software Engineer - Security Compliance, Red Hat

Additional Lab Developers:

Paul Wouters, Senior Software Engineer - RHEL Security, Red Hat

Daniel Kopecek, Senior Software Engineer - RHEL Security, Red Hat

Overview and Prerequisites:

In this lab, you’ll learn about the built-in security technologies available to you in Red Hat Enterprise Linux. You will use OpenSCAP to scan and remediate against vulnerabilities and configuration security baselines. You will also block possible attacks from vulnerabilities using SELinux and use Network Bound Disk Encryption to securely decrypt your encrypted boot volumes unattended. You will learn how to deploy opportunistic IPsec to encrypt all host to host communication within an enterprise network and also use USBGuard to implement basic whitelisting and blacklisting to define which USB devices are and are not authorized and how a USB device may interact with your system. Throughout your investigation of the security issues in your systems, you will utilize audit logs and will automate as much of your tasks as possible using Ansible. For example, you will make automated configuration changes to your systems across multiple versions of Red Hat Enterprise Linux running in your environment using the Systems Roles feature. You will also learn how to use the Audit Intrusion Detection Environment (AIDE) and learn how to create a single sign-on environment for all of your linux servers using Red Hat Identity Management. Finally, you will discover how to identify yourself and encrypt your communications with GNU Privacy Guard (GPG) and will also learn how to use firewalld to dynamically manage firewall rules.

In a series of scenarios, you will go through exercises as if you are a new system administrator who just joined a company who has not been historically good about practicing security. You will notice multiple security issues in your company’s data center and will work hard to fix these issues.

This lab is geared towards systems administrators, cloud administrators and operators, architects, and others working on infrastructure operations management who are interested in learning how to take advantage of the built-in security technologies in Red Hat Enterprise Linux.

The prerequisite for this lab include basic Linux skills gained from Red Hat Certified System Administrator (RHCSA) or equivalent system administration skills.

Attendees, during this session, will learn:

  • How to do automated security compliance using OpenSCAP

  • How to use SELinux to isolate running processes to mitigate against attacks

  • How to use Network Bound Disk Encryption (NBDE) to securely decrypt LUKs encrypted volumes

  • How to deploy opportunistic IPsec to encrypt all host to host communication within an enterprise network

  • How to use USBGuard to protect against rogue USB devices

  • Auditing capabilities of Red Hat Enterprise Linux

  • How to use the Audit Intrusion Detection Environment (AIDE)

  • How to create a single sign-on environment for all of your linux servers using Red Hat Identity Management

  • How to use GNU Privacy Guard (GPG) to identify yourself and encrypt your communications

  • How to use firewalld to dynamically manage firewall rules

Lab Environment:

Your entire lab environment is hosted online and includes: Red Hat Enterprise Linux and Red Hat Ansible Automation.

You will each be given your own unique GUID, which you will use to access your own instance of these Red Hat products for your lab exercises.

Each lab exercise is independent from each other, so feel free to do the lab exercises in whatever order you’d like.