There’s a big increase lately in terms of Linux security and how to get into the field. Some can get by only knowing basic command line arguments, others require a CISSP to even be considered. But, experience in the field itself shows more than anything, even if you’re sitting at your desk working through a virtual machine. But what can really help someone, who’s passionate about security and Linux become even better? Help them get a job, and even start their own Linux security business?
You’re not going to know the tricks and ropes of every situation. Even if you were to simulate your own DoS and see how it affects your home network, there’s many ways to construct such an attack.
What you can do, however, is set up a virtual environment, or even a small virtual server farm. Get them to talk to each other, throw DoS attacks at them and see how they react. Having the knowledge of virtualization will get you further ahead than you may think, especially if you work for a “go green” company.
Scenario: I had a job interview late last year for a company. I did pretty well up until troubleshooting came into play. Safe to say I didn’t get the job, but knowing what they were looking for me to do on a day-to-day basis really opened my eyes. It made me realize what I need to focus more on, and how to do so. I ended up taking that knowledge, installing a small Linux distro on a server and trying to simulate various issues. With virtualization I can kill the network adapter without interrupting anything important. I’m able to run through various scenarios in practice that I was tested with in the interview, and try to solve them there.
It’s not a permanent solution, but it helps a lot. Heck, I have another scenario for you.
Scenario: Working for a web hosting company, I was placed in the position of rebuilding a RAID array. I had very minimal experience with such technology and only knew a little bit of the basics. But, I was forced to dive in blindfolded and do it what I needed to do. I don’t remember the details, but I can definitely tell you it didn’t go well (I told them before hand I wasn’t sure what I was doing, but I sure learned what not to do hah). Anyways, after I got off work, I went back to my place, and again installed a server via virtual machine. I spent a good week toying with RAID and how to work with it. Even to this day I’ve done it, and have also written various scripts to make the process smoother.
Virtualization is probably going to be your biggest friend going into security. There’s so many things that can break and go wrong that it’s easier being to reformat a virtual machine than it is reformatting your PC.
Knowing the Software (Part 1)
This here is going to be at least a two-part coverage, because in security there is just too much to cover. However, the biggest tool I see in the arsenal everywhere is nmap. Especially if you’re looking to set up or test a firewall, nmap should always be the first tool you go to. It will help you test against malformed packets, scan the network for devices and a whole lot more. The documentation on this tool will pretty much speak more volume than I can about it, but you should definitely learn your way around this piece of software.
Scenario: You notice a lot of traffic being sent to a server but no requests being fullfilled. this can either be an attempted DoS attack or someone just sending bad packets. The best way to find out if you don’t have network monitoring software set up is to test. While nmap won’t be a viable solution to test for a DoS attack, it does provide a vast array of methods to test for bad packets. You can run the host against each known test in nmap, and compare the results until you find a match.