Partners Contact Us Help My Account Store

WHY CERTIFY CERTIFICATIONS TRAINING TESTING CONTINUING EDUCATION STAY CONNECTED

HOME / IT CAREER NEWS HOME / POST

5 Linux Skills You Must Master to Be a Cybersecurity

Professional
Monday, August 20, 2018 by Jason W. Eckert
TAGS: CYBERSECURITY , IT SKILLS , LINUX

0 0 0
The need for security to protect the data on systems and
networks has skyrocketed in recent years. Cybersecurity
professionals perform a wide variety of different roles,
including:
Boost your Career with a

Certification

Analyzing the security of systems and networks by

performing penetra on tes ng and vulnerability Find out more about our
assessments (cybersecurity analysis). Cer fica ons
Monitoring and reac ng to security breaches to
mi gate data loss (cybersecurity response). How to get Certified

Inves ga ng and performing post-mortem analysis of a

4 Steps to Cer fica on
security breach to iden fy the data accessed and the
exploits used by the a acker (cybersecurity forensics).
Implemen ng technologies and processes to harden the Already certified? Let us and

others know!
security of systems and networks (cybersecurity administra on).
Share Your Story

How Does Linux Apply to Cybersecurity?

Linux plays an incredibly important part in the job of a cybersecurity professional. Specialized Linux distribu ons such as Kali
Linux are used by cybersecurity professionals to perform in-depth penetra on tes ng and vulnerability assessments, as well as
provide forensic analysis a er a security breach.

Moreover, Linux is the opera ng system used on most network devices and security appliances, including routers, firewalls,
next-genera on firewall (NGFW) devices, unified threat management (UTM) gateways, virtual private network (VPN)
concentrators, intrusion detec on systems (IDS), intrusion protec on systems (IPS), security informa on and event
management (SIEM) appliances, wireless access point (WAP) devices, and more. Consequently, to collect security-related data
from these devices or perform security hardening, you must first understand Linux.

Of course, on-premises and cloud-based Linux servers that host services and data will also be a focus of any cybersecurity
professional. This is especially important today considering that most servers in the cloud run Linux, and that more and more
companies are moving their data to the cloud.

5 Key Areas of Linux for Cybersecurity Professionals

In short, if you are planning on working as a cybersecurity professional, you’ll definitely need an excellent working knowledge of
the Linux opera ng system. In this blog post, we’ll examine five key areas of Linux that cybersecurity professionals must master.

1. Linux System and Network Administration

Regardless of whether you are performing penetra on tests, forensic analysis or security monitoring of a Linux server,
network device or security appliance, you will need to understand how to perform key system and network
administra on func ons within Linux. This includes understanding a plethora of different commands and file loca ons.
More specifically, you’ll need to use the appropriate commands to complete the following:

View system informa on (architecture, kernel version, filesystem layout, installed packages, running processes,
user sessions)
View and modify network configura on (IP configura on, open ports, open sockets, open files, installed
services)
Determine how the Linux system starts services (SysV Init or Systemd), as well as start/stop key services and
processes
Modify key system and service configura on files
Iden fy how events get logged (rsyslogd or journald) and the loca on of log files
Install so ware on the Linux distribu on (yum, dnf, apt, zypper, etc.)
View and work with the different physical and logical filesystems on the system (mount points, LVM, ZFS, btrfs,
etc.), including imaging data on a filesystem for analysis and evidence gathering using u li es such as dd
Analyze the content of key or suspicious files
Connect to remote systems using a wide variety of different methods, including ssh

2. Regular Expressions

Regular expressions are powerful wildcards used alongside certain Linux u li es to search system files and logs for key
events on a wide variety of network devices and servers. Even logs on Windows servers are o en collected by Linux
systems (including those running SIEM), where regular expressions can be used to narrow down key security-related
events.

When used properly, regular expressions can be used to determine whether a system or network has been breached, as
well as the depth of the security breach and ac ons that the hacker performed.

For example, you can use complex Linux regular expressions to search configura on and log files for pivo ng (the process
by which a hacker gains access to one system and then uses that system to gain access to other trusted systems easily).
Once you’ve found evidence of a security breach, you can use the informa on you’ve found to perform a granular search
of system and log files on a series of different network devices and servers using regular expression to trace the path a
hacker has taken on your network, the systems that they have compromised, and the data that they have accessed.

3. SELinux and AppArmor

Both SELinux and AppArmor are applica on-focused security modules on Linux systems that provide a high level of
protec on against a acks. Nearly all Internet-accessible Linux servers and Linux-based network and security devices
implement either SELinux or AppArmor to prevent applica ons from performing tasks that may compromise system and
data security.

As a result, you should understand the in-depth configura on of both SELinux and AppArmor for use when hardening any
Linux-based system. When analyzing an exis ng system with SELinux or AppArmor, it’s also important to iden fy the
policies enforced and excep ons allowed by the security module. Moreover, both SELinux and AppArmor log informa on
related to intrusion a empts and security breaches that is invaluable to cybersecurity professionals who are monitoring
security or performing forensic analysis.

4. Open-Source Security Tools 

There are hundreds of open-source tools that any cybersecurity professional would consider useful as part of their
security toolkit. Some are useful within all areas of cybersecurity (analysis, response, forensics or administra on), while
others may be useful in a single area. Many come pre-installed on security-focused Linux distribu ons such as Kali Linux,
while others can be installed as necessary.

As a cybersecurity professional, you should familiarize yourself with the in-depth usage of informa on gathering tools
(such as nmap) that can be used to learn more about systems on the network (a process called reconnaissance or
footprin ng). Addi onally, you should master tools that are useful for vulnerability analysis (such as OpenVAS), traffic
analysis (such as WireShark) and penetra on tes ng (such as E ercap, Metasploit, arpspoof, macof and many more).
Since most cybersecurity professionals collect security informa on centrally using a SIEM for analysis, you should also
know how to install, configure and use Linux-based open-source SIEM solu ons such as Alienvault OSSIM.

5. Bash Scripting

Whether you are performing cybersecurity analysis, response, forensics or administra on, you will need to leverage many
different Linux commands, as we’ve discussed in the previous four points. Since many of these commands can be reused
in the future within similar cybersecurity situa ons, you should always consider pu ng them within BASH shell scripts
that you can save for later use. I keep an arsenal of cybersecurity-related BASH shell scripts that I’ve built over the years
within a folder on all of my systems to ensure that I can perform cybersecurity analysis, response, forensics or
administra on as quickly as possible. And when it comes to security, quick response is vital.

CompTIA cer fica ons, including CompTIA Linux+, CompTIA Cybersecurity Analyst (CySA+) and the newly released CompTIA
PenTest+, can validate the skills needed to use Linux in cybersecurity roles.

PREVIOUS POST NEXT POST

Your Next Move: Business Analyst Why CompTIA PenTest+? A Review of CompTIA’s
Newest IT Cer fica on

1 Comments

Aasi Tahir Siddique

Saturday, September 1, 2018

Great ar cle!

Leave a Comment

Name Email

I'm not a robot

reCAPTCHA
Privacy - Terms

SUBMIT COMMENT

Related IT Career News

From the Military to Construc on: 5 Industries Video: How to Prepare for IT Cert Tests | Fear Factor: 4 Ways Fear Creeps into
That Hire CompTIA-Cer fied IT Pros CompTIA Certs Cybersecurity Planning
11.2.18 11.1.18 10.31.18

CERTIFICATION ASSOCIATION GOVERNMENT RELATIONS

CompTIA IT Cer fica ons CompTIA - The IT Industry Associa on CompTIA Advocacy
About Us
Store CompTIA AITP – The IT Professional
Contact Us
Blog Associa on
PARTNERS
Account Login
CompTIA Authorized Partner Program

PHILANTHROPY

Crea ng IT Futures Founda on

Copyright © CompTIA, Inc. All Rights Reserved Sitemap Terms of use Privacy Statement Trademarks