Unit 13 Worksheet - System Hardening

Instructions

Fill out the worksheet as you progress through the lab and discussions. Hold your worksheets until the end to turn them in as a final submission packet.

Resources / Important Links

Downloads

The worksheet has been provided below. The document(s) can be transposed to the desired format so long as the content is preserved. For example, the .txt could be transposed to a .md file.

Unit 13 Recording

Discussion Post #1

Scenario:

Your security team comes to you with a discrepancy between the production security baseline and something that is running on one of your servers in production. There are 5 servers in a web cluster and only one of them is showing this behavior. They want you to account for why something is different.

  1. How are you going to validate that the difference between the systems?

  2. What are you going to look at to explain this?

  3. What could be done to prevent this problem in the future?

Discussion Post #2

Scenario:

Your team has been giving you more and more engineering responsibilities.
You are being asked to build out the next set of servers to integrate into the development environment. Your team is going from RHEL 8 to Rocky 9.4.

  1. How might you start to plan out your migration?

  2. What are you going to check on the existing systems to baseline your build?

  3. What kind of validation plan might you use for your new Rocky 9.4 systems?

Submit your input by following the link below.

The discussion posts are done in Discord threads. Click the 'Threads' icon on the top right and search for the discussion post.

Definitions

Hardening:

Pipeline:

Change management (IT):

Security Standard:

Security Posture:

Acceptable Risk:

NIST 800-53:

STIG:

CIS Benchmark:

OpenSCAP:

SCC Tool:

HIDS:

HIPS:

Digging Deeper (Optional)

  1. Run through this lab: https://killercoda.com/het-tanis/course/Linux-Labs/107-server-startup-process

    • How does this help you better understand the discussion 13-2 question?

  2. Run through this lab: https://killercoda.com/het-tanis/course/Linux-Labs/203-updating-golden-image

    • How does this help you better understand the process of hardening systems?

Reflection Questions

  1. What questions do you still have about this week?

  2. How can you apply this now in your current role in IT? If you’re not in IT, how can you look to put something like this into your resume or portfolio?