By: Corey Holzer, Ph.D. CISSP
October 6, 2021
By: Corey Holzer, Ph.D. CISSP
October 6, 2021
I cannot count the number of times I’ve heard the phrase, “While adversaries only need to get lucky once, we need to be right every time.” If it were not so accurate, it might become a meme or other running joke. Then again, as Al Capone, played by Robert DeNiro, said in the movie The Untouchables, “As with so many things in life, we laugh because it’s funny, and we laugh because it’s true.”
Truth be told, it is the challenge cybersecurity professionals must deal with regularly. The best in our profession come to this realization sooner in their career rather than later. Unfortunately, with the ever-increasing number of threats we face, the longer this takes for a cybersecurity professional to realize, the shorter his career will be.
Information is at the center of business today. Information is a means of revenue. Therefore, protecting it is at the center of what cybersecurity professionals are expected to do in their role of protecting their organization’s networks and the systems on them.
It is for this reason perimeter security is no longer enough. For security measures to be truly effective and combat the complex attacks adversaries employ to steal information. One could say this is based on business mobility but, while this is one reason for endpoint protection, it is not the sole reason for it.
Cyber Professionals need to employ endpoint security because one layer of security is not enough. In no small part, this is because threats come from without and within an organization. It is also needed because no one can assume the first line of defense will hold external threats at bay. Remember, they only need to get lucky once to get inside the perimeter. Therefore in a complex environment where systems are mobile and threats may already be inside the network, hardening each node is mandatory.
As cybersecurity professionals look at this challenging environment, they must answer several questions about why we harden the systems and services. This is why the first learning module in my latest course, Linux Hardening, spends nine lessons on the theory of hardening systems regardless of whether one is talking about Windows, Linux, or any other operating system.
The theoretical approach starts at the lowest level. From there, it builds layer-by-layer through the boot process, the handling of resources visa vi the kernel, the operating system, services, and through users.
After addressing the “why” through the discussion of theory, the course transitions into meaningful ways to turn the theories into actual and functional means of implementing security measures. My recommendations throughout the course focus on defense-in-depth. It is a concept taken from a military approach to security. Layers of defense work in tandem to ensure the failure of one measure does not compromise the entire defensive structure.
In other words, just as a network is designed with multiple security measures that complement each other, the same approach is also applied to individual workstations and servers.
A recent article regarding the growing Linux footprint and the associated risk on Infosecurity Magazine’s website should encourage any cybersecurity professional that the measures and methods outlined in this course need to be implemented as applicable on all Linux servers and workstations your network.
The author, Aaron Ansari, is the Cloud Security VP at Trend Micro. He notes that most businesses are ill-equipped to handle the growing threats because they lack the requisite skills to handle the evolving landscape. He goes on to say this includes some cloud providers as well. However, the problem in the case of Cloud Providers is that much of the cloud infrastructure relies on Linux.
This means it is prime time for you to develop your Linux skills, particularly securing operating systems, services, and user accounts. The methods presented in the course will work for full servers, virtual machines, instances in the cloud, containers, and serverless services.
I have been working with Linux for more than 20 years. Guess you include Unix even longer. I can confidently say that even if you work in an organization that does not rely heavily on Linux, it is a skill that will invariably give you an advantage over your peers. Advanced knowledge of Linux will benefit your career.
Even if the company you work for only has Windows servers, there is the chance for the business to implement Linux without adding a single server. Microsoft is taking steps to incorporate Linux into the Windows Operating System through the Windows Subsystem for Linux. Currently, this is limited to incorporation through the Linux sublayer, but their efforts need to be watched closely to see how things will evolve.
The IT landscape is constantly changing and evolving. A cybersecurity expert must adapt to those evolutions unless he becomes irrelevant. If you are new to Linux or even just Linux security, Cybrary’s new Linux Hardening course is one you need to take. You owe it to yourself and to organizations hiring you to protect their networks.