Lucy Kerner, Senior Principal Security Global Technical Evangelist & Strategist, Red Hat
Peter Beniaris, Manager - Solutions Architecture, Red Hat
Lukas Vrabec, Senior Software Engineer - RHEL Security, Red Hat
Marek Haicman, Senior Quality Engineer and Product Owner - Security Compliance, Red Hat
Simo Sorce, Senior Principal Software Engineer - RHEL Security, Red Hat
Paul Wouters, Senior Software Engineer - RHEL Security, Red Hat
Daniel Kopecek, Senior Software Engineer - RHEL Security, Red Hat
Kirill Gliebov, Software Engineer - RHEL Security, Red Hat
Steve Grubb, Senior Principal Software Engineer - RHEL Security, Red Hat
Richard Guy Briggs, Senior Software Engineer - RHEL Security, Red Hat
In this lab, you’ll learn about the built-in security technologies available to you in Red Hat Enterprise Linux. You will use OpenSCAP to scan and remediate against vulnerabilities and configuration security baselines. You will also block possible attacks from vulnerabilities using SELinux and use Network Bound Disk Encryption to securely decrypt your encrypted boot volumes unattended. You will learn how to deploy opportunistic IPsec to encrypt all host to host communication within an enterprise network and also use USBGuard to implement basic whitelisting and blacklisting to define which USB devices are and are not authorized and how a USB device may interact with your system. Throughout your investigation of the security issues in your systems, you will utilize audit logs and will automate as much of your tasks as possible using Ansible. For example, you will make automated configuration changes to your systems across multiple versions of Red Hat Enterprise Linux running in your environment using the Systems Roles feature. You will also learn how to use the Audit Intrusion Detection Environment (AIDE) and learn how to create a single sign-on environment for all of your linux servers using Red Hat Identity Management. Finally, you will discover how to identify yourself and encrypt your communications with GNU Privacy Guard (GPG) and will also learn how to use firewalld to dynamically manage firewall rules.
In a series of scenarios, you will go through exercises as if you are a new system administrator who just joined a company who has not been historically good about practicing security. You will notice multiple security issues in your company’s data center and will work hard to fix these issues.
This lab is geared towards systems administrators, cloud administrators and operators, architects, and others working on infrastructure operations management who are interested in learning how to take advantage of the built-in security technologies in Red Hat Enterprise Linux.
The prerequisite for this lab include basic Linux skills gained from Red Hat Certified System Administrator (RHCSA) or equivalent system administration skills.
-
How to do automated security compliance using OpenSCAP
-
How to use SELinux to isolate running processes to mitigate against attacks
-
How to use Network Bound Disk Encryption (NBDE) to securely decrypt LUKs encrypted volumes
-
How to deploy opportunistic IPsec to encrypt all host to host communication within an enterprise network
-
How to use USBGuard to protect against rogue USB devices
-
Auditing capabilities of Red Hat Enterprise Linux
-
How to use the Audit Intrusion Detection Environment (AIDE)
-
How to create a single sign-on environment for all of your linux servers using Red Hat Identity Management
-
How to use GNU Privacy Guard (GPG) to identify yourself and encrypt your communications
-
How to use firewalld to dynamically manage firewall rules
-
How to configure systemwide Crypto Policies and set a machine in FIPS mode
Your entire lab environment is hosted online and includes: Red Hat Enterprise Linux and Red Hat Ansible Automation.
You will each be given your own unique GUID, which you will use to access your own instance of these Red Hat products for your lab exercises.
Each lab exercise is independent from each other, so feel free to do the lab exercises in whatever order you’d like.