Course info
Oct 13, 2016
1h 31m

If you're responsible for the security and reliability of IT resources of any kind, then encryption is your friend. Not only is it unwise to try to manage sensitive health records or credit card transactions without using strong encryption to obscure the data, but, in many cases, it's against the law. It's not only your data that's at risk; if your website and DNS service aren't protected by some kind of public key certificates, it could be just a matter of time before your servers will be hijacked by criminal hackers. In this course, Linux Encryption Security, you'll cover everything you need to know to apply proper encryption to the Linux systems behind your website, stored and mobile data, and DNS infrastructure. First, you'll learn how to configure and administrate industry-standard packages, such as OpenSSL, X.509 certificates, SSL/TLS, BIND, Apache httpd, eCryptfs, and Cryptsetup. Next, you'll explore encrypting the files on a PC or mobile device. Finally, you'll discover how to secure the all-important DNS service connecting your customers and users to your web-facing resources. By the end of this course, you'll feel confident tackling an assortment of possible security risk and vulnerabilities.

About the author
About the author

David taught high school for twenty years, worked as a Linux system administrator for five years, and has been writing since he could hold a crayon between his fingers. His childhood bedroom wall has since been repainted.

More from the author
Using Docker on AWS
1h 24m
Jun 12, 2019
More courses by David Clinton
Section Introduction Transcripts
Section Introduction Transcripts

Course Overview
Your small business ecommerce website is about to go live, but you haven't yet addressed the issue of authentication and SSL certificates, and the guy from the company handling your credit card processing is on the phone. Infrastructure security is or should be on everybody's minds right now. Websites, mobile devices, even your local data drives, everything is potentially vulnerable. Obscuring sensitive data through sophisticated encryption is one of the few things that can really reduce your risk of exposure. In this course I'll show you how to configure and manage encryption on Linux-based systems. You'll learn to encrypt your website using either a well-known certificate authority or by issuing your own certificates. We'll also cover encrypting the files on a PC or a mobile device, and how to secure the all-important DNS service connecting your customers and users to your web facing resources. If you're reasonably comfortable working on the Linux command line with file systems, networks, and package management, and have at least a basic, general knowledge of TCP/IP networking protocols, then you'll enjoy taking this course. If you're responsible for resources that might be vulnerable to security risks, then you'd better take the course.

Website Authentication
In this module we're going to configure the Apache web server for SSL authentication, install certificates on both our CA server, and on a client browser, test the whole structure to make sure it's behaving the way it should, and learn how to use HSTS, HTTP Strict Transport Security to prevent clients from being unknowingly downgraded to an unencrypted connection in mid-session. Apache is, of course, the world's most popular web server framework, but it'll handle the road a bit differently depending on your Linux distribution. I'm going to be working on Ubuntu 1604 where Apache is known on the command line and in the file system as Apache2. Other dist rows like CentOS or Fedora will call it httpd. Configuration files can also sometimes be organized a bit differently, but by and large, things work the same wherever you find it. Right now, of course, our main interest is in how apache manages encryption to protect client sessions from vulnerability, particularly from the class of vulnerability known as Man-in-the-Middle attacks. A Man-in-the-Middle attack occurs when someone manages to intercept and alter packets being sent back and forth between two network nodes allowing them to both listen in on private communications, and inject their own malicious responses. Properly encrypted sessions should make such a tax impossible, but the trick is achieving proper encryption, and that's exactly what we're going to talk about next.