From the course: Linux Hardening
Hardening the hardware - Linux Tutorial
From the course: Linux Hardening
Hardening the hardware
Welcome back. This is Cybrary's course on Hardening Linux. In this lesson, we'll cover hardening the hardware. I'm your instructor, Corey Holzer. We have two learning objectives for this lesson. First, you will understand and be able to enumerate security measures that you can incorporate in the BIOS. Second, you will be able to describe how each measure makes the computer more secure. Every computer has either BIOS or UEFI. They perform much of the same tasks with regards to implementing tests of the physical components, retaining settings of the hardware, and determining basic configurations like the order of devices to check for the operating system. One note from here on, I will say BIOS, but I'm referring to both BIOS and UEFI. Therefore, from a security perspective, we need to protect the BIOS settings so someone does not change them. It is also a best practice to ensure a user cannot use an external device, DVD, or CD as an alternate means for booting the computer. Doing this prevents a malicious individual from booting using a different device, and then searching the internal storage for useful information. This approach also means there won't be any logs of this activity within the server's OS, because that OS wasn't running. We lock the BIOS because we don't want someone changing the security settings we put in place. Locking the BIOS also creates a redundancy when we implement similar security measures in the operating system. For example, we can also prevent booting to an external device inside the operating system. Redundancy means we are making it harder for someone to sidestep the security we put in place. In this lesson, we addressed two topics. First, we discussed some of the things we can do within the BIOS to make the computer in question harder to compromise. Second, we discussed how each measure helps to harden the system. I want to thank you for taking the time for joining me for this lesson, and I look forward to seeing you in the next one.
Practice while you learn with exercise files
Download the files the instructor uses to teach the course. Follow along and learn by watching, listening and practicing.
Download courses and learn on the go
Watch courses on your mobile device without an internet connection. Download courses using your iOS or Android LinkedIn Learning app.
Contents
-
-
-
-
Hardening the hardware2m 22s
-
(Locked)
Hardening the bootloader4m 24s
-
(Locked)
Securing the kernel9m
-
(Locked)
Disabling Ctrl-Alt-Delete (demo)1m 6s
-
(Locked)
Securing storage devices, part one9m 3s
-
(Locked)
Securing storage devices, part two7m 35s
-
(Locked)
Disabling SUID and SGID permissions (demo)51s
-
(Locked)
Blocking unwanted activities and traffic7m 52s
-
(Locked)
Minimizing the OS attack surface, part one5m 36s
-
(Locked)
Minimizing the OS attack surface, part two4m 41s
-
(Locked)
Network hardening at the host4m 54s
-
(Locked)
System administration hardening6m 8s
-
(Locked)
Testing, monitoring, and reviewing9m 25s
-
-
-
-