Penetration Testing
resources for system level security? Dec 05 2011 11:09PM
ֺȯ (zilly1 naver com) (1 replies)
Re: resources for system level security? Dec 10 2011 08:03PM
Artis Schlossberg (artis infosec lv)
For Linux, a good starting point is a hardening guide by NSA:

http://people.redhat.com/sgrubb/files/hardening-rhel5.pdf

Although it covers RHEL specifically, many points apply to other
distributions too.

I'd then also look at checklist provided by SANS Institute:

http://www.sans.org/score/checklists/linuxchecklist.pdf

Guide to General Server Security from NIST is also worth mentioning:

http://csrc.nist.gov/publications/nistpubs/800-123/SP800-123.pdf

These are a good starting point, not an exhaustive material on the
subject matter.

There are some good books that cover this; search your library.

---Artis

2011/12/6 ìµ?ë´?í?? <zilly1 (at) naver (dot) com [email concealed]>:
> Hi all,
> I started to work of focusing on linux system level security. Mostof the servers are providing web services.
> Although I have been working on application pen testing, I havelittle experience to handle with security issues of system or OSitself.
> Could you recommend where I should start for it?
> (useful books, web sites, or concepts/terminology I have tounderstand)
> Any advice would be highly appreciated.
>

------------------------------------------------------------------------

This list is sponsored by: Information Assurance Certification Review Board

Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified.

http://www.iacertification.org
------------------------------------------------------------------------

[ reply ]


 

Privacy Statement
Copyright 2010, SecurityFocus