Home > On-Demand Archives > Talks >

Hardening Linux for Embedded Systems

Aljoscha Lautenbach - Watch Now - Duration: 41:50

Hardening Linux for Embedded Systems
Aljoscha Lautenbach

With increasing regulatory requirements on cybersecurity around the world, it is more important than ever to secure the systems you develop. As Linux is an integral part of many embedded systems, we will address how to harden Linux systems, in other words, how to reduce their attack surface by applying appropriate configurations. Linux hardening is a vast topic, so we will give a high-level overview of the topic, and then dive deeper into a few chosen topics.

Among other things, you will learn the following:

  • What is hardening and when is a system sufficiently "hardened"
  • How to weigh trade-offs between security and performance of certain kernel configurations
  • Which Linux Security Modules (LSMs) exist, and which are most useful for embedded use cases
  • How to configure a standard firewall with nftables
  • How to configure SSH for maintenance & diagnostics
  • Which tools can help you with the hardening process
M↓ MARKDOWN HELP
italicssurround text with 
*asterisks*
boldsurround text with 
**two asterisks**
hyperlink
[hyperlink](https://example.com)
or just a bare URL
code
surround text with 
`backticks`
strikethroughsurround text with 
~~two tilde characters~~
quote
prefix with 
>
Thomas.Schaertel
Score: 1 | 2 days ago | 1 reply

Hi Aljoscha,
thank you very much for your talk. I even wasn't aware of linPEAS, maybe as I'm focusing most of the time on developing a solution. On the other side, most systems are guarded by the company's firewalls, so security falls short within the dev cycle, while we are fighting with different distributions and kernel versions to implement something. So I learned already a lot from your talk. Do you have any recommendation/resource on hardening e.g. a book?
Thanks a lot!
Thomas

Aljoscha LautenbachSpeaker
Score: 0 | 2 days ago | no reply

Hi Thomas!
I'm glad it was helpful! I am not personally aware of a book on Linux hardening, but that doesn't mean that there is no such book. The difficulty with hardening is that it is such a broad topic and you can approach it from so many different angles. Apart from reading the official Linux documentation, my main recommendation would be to learn the attacking techniques, so that you know what to look out for. Until I learned how to exploit a misconfigured cron job, I never would have looked for it. And learning the basics of penetration testing is quite fun!

OUR SPONSORS

OUR PARTNERS