Description

Security
12.-14. June 2019 in Espoo
Only 2 seats left - last reg. 30. May
3 days
EUR 2.650 (FI)

Request more information

Leevi Lehtinen
phone: +358 40 546 1469
leevi.lehtinen@nohau.se

Linux is being used in an increasing number of embedded devices including IoT devices, Industrial Control Systems, automotive in-vehicle infotainment, WiFi routers and home gateways, smart meters, industrial monitoring equipment and even domestic white goods.

Increasingly these devices are being connected to networks and this can leave them vulnerable to remote attacks that can result in brand damage, financial liabilities, product returns and even safety issues.

“Hardening” Linux systems to make them more resistant to attack is possible and is something that should be performed for every connected product.

This course provides an in-depth, hands-on practical guide to Linux system and application hardening for engineering teams. Attendees take away comprehensive printed notes and their copy of the worked exercises on a Linux virtual machine.

Course Description

Each day comprises 4 sessions of approximately 1.5 hours, with refreshment and lunch breaks between.

Day 1

Security Fundamentals
Security and Privacy Guiding Principles
– Case studies


Common software attacks and 
mitigations
– TOCTOU
– Command injection
– Lab Exercises

Common software attacks and mitigations
– Buffer overflow
– Lab Exercises

Common software attacks and mitigations
– Format strings
– Integer overflow
– Side channel attacks

Day 2

Secure Software Development Lifecycle
– Case study
Threat modelling
– Threat model exercise

Hardening the Linux kernel
Linux boot, bootloaders and the chain of trust

 

Securing the run-time environment
– Case study
– Dynamic linking exercise

Secure information storage
– Linux file systems
– Extended file attributes exercise

Day 3

Introduction to cryptography
– Code signing exercise

 


Network and Communications attacks

– Port scanning and firewall exercises


Isolating applications and processes

– LXC exercise


Linux Security Modules
 – SMACK exercise
– Static analysis exercise
– Fuzz testing exercise

During the course, trainees work through the challenges on our ‘capture the flag’ vulnerable Linux server. Thinking like an attacker helps you to understand how to better protect your system.

Who is this course for?

Software architects, developers and team managers and also testers responsible to design, implement and test of the Linux based embedded devices.

On-Site training

We also offer education On-Site, at your company – please ask! This course can be tailored to suit your particular hardware and software environment, if you like.

What our participants have said:

Trainers skills of the subject and ability in teaching: average 5,6 points (6,0 max, total 25 participants in Finland at this course). Participants reported that their knowledge has improved 39% during this training.

All trainers have years of experience working with embedded electronics products and the courses are designed to provide pragmatic and real-world advice.

Course Technical Requirements

This is a technical training course aimed at engineers, so a level of knowledge in the following is required:

  • Competent in C software development (writing and building code)
  • Basic Linux/Unix command line experience is helpful for practical’s.

Klar til at bestille? Eller bare til at høre mere?

Giv os et ring på 44 52 16 50, eller udfyld felterne, så ringer vi til dig!