Deploying Your ...Whatever More Securely With Linux
The lazy human's guide to publishing without getting owned
Michael is currently a Security Consultant working at Deja vu Security in Seattle. By day he's a mild-mannered hacker, consulting for startups and fortune 100 companies alike by identifying complex weaknesses in everything from web apps, to server BMCs, to hypervisors. But by night, he takes to the streets as a rogue developer creating security tools that have been described as "fine, I guess" by experts in the field.
Have you ever wanted to know how a pentester thinks your ...whatever is supposed to be deployed to the Internet securely? Come find out! We'll discuss a variety of Linux-focused deployment techniques designed to reduce attack surface and enhance the overall security of your deployment. Specific attention will be given to containerized deployments such as docker and runc, fully virtualized deployments using KVM/qemu, and fascinating hybrids between them such as runq. We'll also cover some best practices for hardening deployment Linux boxes such as implementing mandatory access control and using the magic of system call filtering to reduce the exposure inherent to running that ancient PHP application the sales team still needs for some reason. We'll wrap up with a quick chat about threat modeling; after all your ultimate goal is to deploy your thing - not build cyber Fort Knox. The ultimate goal? Learn to determine for yourself which set of technologies you need to run your shiny new python application, or REST API, or wordpress, or whatever else - and still be confident you won't get a bad case of the Kremlins on your server.
- 45 min
- LinuxFest Northwest 2019