Thursday 21 February 2019

Developing & Delivering KnowHow

Home > Training > Embedded Linux Security Hardening
Secure Embedded

Embedded Linux Security Hardening

Standard Level - 3 days - Onsite team training

Essential aspects of this training course are covered in the 5 day class Comprehensive Embedded Linux Security
View course info, dates and locations

Linux is being used in an increasing number of embedded devices including smart building and energy devices, set-top-boxes, automotive in-vehicle infotainment, WiFi routers and home gateways, smart meters, industrial monitoring equipment and even domestic white goods.

Increasingly these devices are being connected to networks and this can leave them vulnerable to remote attacks that can result in brand damage, financial liabilities, product returns and even safety issues.

"Hardening" Linux systems to make them more resistant to attack is possible and is something that should be performed for every connected product. Our courses cover three aspects of system hardening:

  • Hardening the Linux operating system itself (this course)
  • Protecting applications running under Linux
  • Running applications in sandboxes - more detail on a specialised approach to protecting systems and the applications running on them
Workshops comprise approximately 50% of class time and are based around carefully designed hands-on exercises to reinforce learning. Doulos is an independent company, enabling delegates to receive the benefit of objective tuition while learning in the context of their chosen tool chain.

Who should attend?

This course is designed for engineers who need to get familiar quickly with determining the vulnerabilities in their systems and securing them. It is focused on the capabilities and features that Linux provides to protect against security attacks.

What will you learn?

The course contains a mix of theory and practical sessions. Using a practical example system, it teaches each participant to increase the security step-by-step by:

  • Understanding security requirements and what needs to be protected
  • Understanding how systems are attacked
  • Hardening the boot process
  • Improving the security of the Linux kernel
  • Hardening the software environment to resist commonly used attacks
  • Restricting access to and from the network
  • Protecting sensitive data on the filesystem
  • Using advanced techniques such as Linux Security Modules (including SELinux) to limit the impact of a successful attack


This is a technical training course aimed at engineers, so a basic level of knowledge in the following is required:

  • Linux kernel configuration
  • Linux/Unix command line
  • Basic Linux system administration and configuration

Please contact Doulos direct to discuss and assess your specific experience against the pre-requisites.

Training materials

Doulos training materials are renowned for being the most comprehensive and user friendly available. Their style, content and coverage is unique in the embedded systems training world, and has made them sought after resources in their own right. The materials include:

  • Fully indexed class notes creating a complete reference manual
  • Workbook full of practical examples and solutions to help you apply your knowledge

Structure and Content

Security fundamentals

What is security and why is it necessary? • Security concepts and terminology • Defense-in-depth approach • Why are devices attacked and who attacks them? • The guiding principles of securing a system

Linux boot, bootloaders and the chain of trust

The bootloader • Debug and trace • The Linux kernel interface • Building a chain of trust • Example boot scenarios and fast boot • Hibernation and security

Hardening the Linux kernel

What is the Linux kernel? • Configuring the kernel • Trace and debug options • Kernel modules • Kernel build options • Kernel hardening • Linux security modules • Understanding the Kernel Crypto subsystem and key management • Latest kernel security features • Practical: Adding a security patch to a standard kernel

Network security

Data in motion • The internet protocol suite • Link layer protection • Internet and transport layer protection • Application layer protection • Network domains, firewalls and port forwarding • Wireless security • Other digital connectivity threats • Practicals: Port scanning, implementing a firewall

Security testing and release control

Testing and the Secure Software Development Lifecycle • Release management • Test tools • Practical: basic penetration testing

Security testing tools

System breaking tools • Network tools • File system tools • Vulnerability testing and exploit frameworks

Securing the software environment

Dynamic loading • Limiting resources • Limiting kernel access • Practical: Dynamic linking

Common kernel attacks and mitigations

Fundamental system software vulnerabilities • Application level attacks • Attacks against the system • Side-channel attacks • Practical: ┬áCommon attacks and protecting against them

Information security

Data at rest and in use • Linux filesystems • Integrity and Authenticity • Confidentiality • Availability • Caching and security • Overview on SoC hardware security features that can help

Linux Security Modules

The origin and role of LSMs • Mandatory Access Control • LSMs used in embedded systems • Performance impacts of LSMs • Practical: adding LSM hardening to an LXC sandbox

The course can also be tailored to suit your particular hardware and software environment. Please contact Doulos to discuss your specific requirements.

Looking for team-based training, or other locations?

Complete an on-line form and a Doulos representative will get back to you »

Price on request

Back to top
Privacy Policy Site Map Contact Us