security strategies in linux platforms and applications lesson 11 managing security alerts and ...
DESCRIPTION
Security Strategies in Linux Platforms and Applications Lesson 11 Managing Security Alerts and Updates. Learning Objective and Key Concepts. Learning Objective Evaluate the importance of maintaining a software management plan. Key Concepts Software management tools - PowerPoint PPT PresentationTRANSCRIPT
© 2013 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.comAll rights reserved.
Security Strategies in Linux Platforms and Applications
Lesson 11Managing Security Alerts and Updates
Page 2Security Strategies in Linux Platforms and Applications© 2013 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.comAll rights reserved.
Learning Objective and Key ConceptsLearning Objective Evaluate the importance of maintaining a
software management plan.Key Concepts Software management tools Techniques to manage the update process Importance of anti-virus software in Linux security Open source software vulnerabilities and security
updates
Page 3Security Strategies in Linux Platforms and Applications© 2013 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.comAll rights reserved.
DISCOVER: CONCEPTS
Page 4Security Strategies in Linux Platforms and Applications© 2013 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.comAll rights reserved.
Common Package Managers
Yellowdog Updater, Modified (YUM)
Advanced Package Tool (APT)
Portage and emerge
Zypper
Conary
Page 5Security Strategies in Linux Platforms and Applications© 2013 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.comAll rights reserved.
Graphical Package Managers
PackageKit
Synaptic
Porthole
YaST (Yet another Setup Tool)
Page 6Security Strategies in Linux Platforms and Applications© 2013 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.comAll rights reserved.
Best Practices for Compiling Software You must know about the software you are
downloading. Make sure that it is from a reputable organization.
Verify the source code. Do not compile the software as root if it can be
compiled as a regular user. Always read the README file. Follow recommendations of the Linux Filesystem
Hierarchy Standard (FHS).
Page 7Security Strategies in Linux Platforms and Applications© 2013 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.comAll rights reserved.
Red Hat Satellite Server
Red Hat's platform
Red Hat Satellite Server
Corporate demilitarized zone (DMZ) firewall
Computer Systems
Updates are controlled internally and not by Red Hat'splatform
Transmits all software packages and updates
Page 8Security Strategies in Linux Platforms and Applications© 2013 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.comAll rights reserved.
DISCOVER: PROCESS
Page 9Security Strategies in Linux Platforms and Applications© 2013 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.comAll rights reserved.
Process to Apply Security Updates ManuallySecurity patch becomes available
Check if it is high priority?
Enter task or patch in queue for next scheduled maintenance of systems
Apply and test in development
Apply and test in staging
Apply to production
Page 10Security Strategies in Linux Platforms and Applications© 2013 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.comAll rights reserved.
Process to Apply Security Updates Automatically
Security patch becomes available
Linux distribution repositories: Community or commercial
Development updated Staging updatedProduction updated
Page 11Security Strategies in Linux Platforms and Applications© 2013 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.comAll rights reserved.
Red Hat Network (RHN) UpdateStep 1: Security patch becomes available for Apache Web server Step 4: RHN transmits
update to the Web serverStep 2: RHN flags that www1.is418.com
Is in need of the patch
rhn.redhat.com www1.is418.cominstalls update
Step 3: RHN sends an e-mail notification, places an alert in the control panel, and sends alert to impacted Linux systems
Page 12Security Strategies in Linux Platforms and Applications© 2013 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.comAll rights reserved.
DISCOVER: ROLES
Page 13Security Strategies in Linux Platforms and Applications© 2013 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.comAll rights reserved.
Commercial Linux VendorMonitors specific software vulnerabilitiesProvides patches to the softwarePackages the softwareTests the patchesNotifies customers and provides updates
Page 14Security Strategies in Linux Platforms and Applications© 2013 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.comAll rights reserved.
Linux System AdministratorMonitors mailing lists, forums, and security-
related Web sitesCommunicates with Linux vendor about
updatesApplies patches to development and
staging serversRolls out security updates to production
systems
Page 15Security Strategies in Linux Platforms and Applications© 2013 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.comAll rights reserved.
DISCOVER: CONTEXTS
Page 16Security Strategies in Linux Platforms and Applications© 2013 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.comAll rights reserved.
Software Management Plans
Vendor Supported Used for mission-critical Linux serversPopular with businesses without in-house
Linux system administration expertise
Page 17Security Strategies in Linux Platforms and Applications© 2013 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.comAll rights reserved.
Software Management Plans (Continued)
Community SupportedUsed for less critical servers Popular with Web hosting companies with
experienced Linux system administrators Popular choice with business entities on a
budget
Page 18Security Strategies in Linux Platforms and Applications© 2013 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.comAll rights reserved.
DISCOVER: RATIONALE
Page 19Security Strategies in Linux Platforms and Applications© 2013 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.comAll rights reserved.
Software Management Plans Update all software on the Linux systemSend notifications directly to the impacted
systemsVerify and maintain a history of all installed
softwareKeep all installed software in a database for
easy querying
Page 20Security Strategies in Linux Platforms and Applications© 2013 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.comAll rights reserved.
Anti-Virus SoftwareThese software protect operating systems
from viruses that are contained in documents and e-mails.
Anti-virus software needs to be installed on critical servers for compliance with regulations, such as the Payment Card Industry (PCI) Data Security Standard (DSS).
Page 21Security Strategies in Linux Platforms and Applications© 2013 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.comAll rights reserved.
SummaryCommon and graphical package managersRed Hat Satellite ServerProcesses to apply security updates Importance of anti-virus software in Linux
security Software management plans
Page 22Security Strategies in Linux Platforms and Applications© 2013 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.comAll rights reserved.
OPTIONAL SLIDES
Page 23Security Strategies in Linux Platforms and Applications© 2013 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.comAll rights reserved.
Ubuntu 50unattended-upgrades Configuration File
Page 24Security Strategies in Linux Platforms and Applications© 2013 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.comAll rights reserved.
X