Service Hardening is about configuring services to reduce their attack surface. By combining various low priority configuration issues, an attacker may be able to gain access and even elevate in a system without leaving much traces behind. Training focuses on practices that can be applied to almost any service – without modifying the program code.
Contents of the training:
This course is based on the most frequently occurring configuration security issues that our team has encountered over years of penetration testing.
- The main topics covered are:
- Public Key Certificates – chain verification, status, transparency
- Reverse proxy – IP-address and certificate info forwarding
- TLS – protocol, cipher suites, forward secrecy, CCA
- SSH – host keys and SSHFP, agent forwarding
- DNS – DoT/DoH, DNSSEC
- E-mail – DKIM, SPF, DMARC
- Logging – log tampering, creating meaningful logs
For each topic, first the theory is explained, based on this, the student will attack a service in a lab environment and finally, for selected topics, the student will harden that service to withstand such attack.
Target audience: developers, administrators, testers, security incident handlers and anyone else who has to deal with creating or maintaining services.
Learning method: Practical, lecture, hands-on-lab
More information from here.