Learning Linux: Instructors Must Make Core Linux Skills Part of Every Cybersecurity Program
As one who has worked in the field of cybersecurity and taught thousands of students to operate in this arena, I have routinely observed a majority of graduate-level students lacking proficiency in navigating the Linux operating system during penetration testing assignments and being unable to answer test questions regarding core Linux capabilities.
This is a problem because anyone working in this field will inevitably come across a Linux-based system on networks they are responsible for protecting and on external networks during penetration tests. Each of these requires cybersecurity professionals to fully understand how to navigate, operate, and secure Linux as it is one of the most commonly used operating systems on servers across the planet. Read on to learn how to incorporate this training into your curriculum.
To Teach Linux, Start with the Command Line
Imagine this scenario: A penetration tester works on an objective and successfully gains access to a system on the target network. After issuing a few commands she determines that she is accessing a system running on one of the many flavors of the Linux operating system, and she has no idea how to proceed any further because she knows very little about Linux.
This is a common scenario in many cybersecurity training programs and one that professors can easily rectify by including core Linux skills in their courses.
Organizations hiring recent graduates expect them to be trained to a level commensurate with what the position requires, and if one does not know at least the basics of Linux, they will not be able to successfully test the security of modern networks or secure these systems against real-world hackers.
At a minimum, professors should teach proficiency with the command line, how to check and modify network configurations, how to utilize scripting languages, and how to stop and start Linux services.
The command line is the common interface on Linux and, since penetration testers are connecting remotely, it is the most likely way they will interact with the system. They should have a solid working knowledge of the common file structure, how to navigate, and where the most critical system files are stored.
Penetration testers are often challenged with disabling a system, retrieving usernames and passwords, modifying configurations, or setting up back door access for future engagements. Each of these tasks makes it necessary to know where core system files are located and how to access or modify those files to accomplish the mission. Once they have a solid grasp of the command line, they can move on to the more advanced task of network configurations.
Next: Teach the Tools for Navigating Linux
One of the first tasks a penetration tester accomplishes when gaining access to a system is to determine its IP address, any additional networks it is connected to, and its primary purpose on the network. Is it a web server, or file server, or does it serve another purpose? Students should be familiar with ifconfig, netstat, and iptables commands that can provide a treasure trove of information helpful with mapping the victim network, determining the next internal target, and the type of network security currently in place.
Tangential to this, if the student is using a Linux-based tool such as Metasploit, they can run additional scans on the internal network to gather even more information. And those with more advanced skills can leverage scripting languages to make their job much easier.
Scripting is a common component in Linux that controls task automation, configures alerts for system monitoring, and helps with many of the routine system administration tasks necessary to keep a server operating efficiently.
Penetration testers should have enough knowledge of scripting to be able to modify scripts administrators have put into place and create their own scripts when necessary. This is not as difficult as learning a programming language, but it is easier for those who have studied programming as there are some commonalities between the two.
Scripting also incorporates Linux commands so learning this skill after becoming familiar with the command line will be easier for students both inside and outside of the classroom. Scripting can also be used to manage the services provided by the victim system.
Disabling a Linux-based web server is as easy as stopping the service. One command can be enough to shut down a business selling products or services online. This highlights the importance of understanding how services function in Linux, which ones are necessary for core functionality, and which ones are used for many of the software-based capabilities a server provides. Stopping the right service can cut off email communication, disable internal firewalls, and remove access to network file systems. One favorite of hackers is to shut down the services that log all activity on a system—it is always best to go unnoticed when breaking into systems or testing their security.
Linux Can be Challenging, but Well Worth Your Class Time
Learning these components of Linux is critically important. If one is testing the security of a web server, they are likely to run into Linux-based web server applications like Apache, NGINX, or Cloudflare. If they are running a penetration test on a cloud provider’s infrastructure, they will most certainly see Linux servers offering capabilities to clients. Linux is extensively used in the network server arena because of its reputation for reliability and flexibility. Any professor teaching cyber security must prepare their students for the reality that they will regularly encounter Linux-based systems.
Students are often familiar with Windows because they use it every day, but Linux is less commonly used as a workstation, and it requires more intentional training to gain proficiency. Cybersecurity professors should consider adding Linux instruction at the undergraduate and graduate levels to fully prepare their students for what they will encounter in their professions. The current gap in the lack of knowledge of this operating system needs to be closed if we expect future cybersecurity professionals to be prepared for attacks against their networks.
Security Strategies in Linux Platforms and Applications, Third Edition
Using real-world examples and exercises, the third edition of Security Strategies in Linux Platforms and Applications covers every major aspect of security on a Linux system.
Instructors: Learn MoreRelated Content:
- Teaching The Power of AI in Network Defense: Leveraging New Capabilities
- Filling the Cybersecurity Talent Shortage: An Educator’s Perspective
- The Unspoken Truth About VPNs: What Your Cybersecurity Students Need to Know
About the Author:
Dr. Gene Lloyd is an adjunct professor at Liberty University. He teaches computer science and cyber security programs for undergraduate and graduate students with a focus on applied cryptography, digital forensics, ethics, legal issues and policies, web security, ethical hacking, security operations, risk management, network security, access control systems, and advanced topics in computer security.