Home > On-Demand Archives > Talks >

Hardening Linux for Embedded Systems

Aljoscha Lautenbach - Watch Now - EOC 2024 - Duration: 41:50

Hardening Linux for Embedded Systems
Aljoscha Lautenbach

With increasing regulatory requirements on cybersecurity around the world, it is more important than ever to secure the systems you develop. As Linux is an integral part of many embedded systems, we will address how to harden Linux systems, in other words, how to reduce their attack surface by applying appropriate configurations. Linux hardening is a vast topic, so we will give a high-level overview of the topic, and then dive deeper into a few chosen topics.

Among other things, you will learn the following:

  • What is hardening and when is a system sufficiently "hardened"
  • How to weigh trade-offs between security and performance of certain kernel configurations
  • Which Linux Security Modules (LSMs) exist, and which are most useful for embedded use cases
  • How to configure a standard firewall with nftables
  • How to configure SSH for maintenance & diagnostics
  • Which tools can help you with the hardening process
italicssurround text with
boldsurround text with
**two asterisks**
or just a bare URL
surround text with
strikethroughsurround text with
~~two tilde characters~~
prefix with

Score: 1 | 2 months ago | 1 reply

Hi Aljoscha,
thank you very much for your talk. I even wasn't aware of linPEAS, maybe as I'm focusing most of the time on developing a solution. On the other side, most systems are guarded by the company's firewalls, so security falls short within the dev cycle, while we are fighting with different distributions and kernel versions to implement something. So I learned already a lot from your talk. Do you have any recommendation/resource on hardening e.g. a book?
Thanks a lot!

Aljoscha LautenbachSpeaker
Score: 0 | 2 months ago | no reply

Hi Thomas!
I'm glad it was helpful! I am not personally aware of a book on Linux hardening, but that doesn't mean that there is no such book. The difficulty with hardening is that it is such a broad topic and you can approach it from so many different angles. Apart from reading the official Linux documentation, my main recommendation would be to learn the attacking techniques, so that you know what to look out for. Until I learned how to exploit a misconfigured cron job, I never would have looked for it. And learning the basics of penetration testing is quite fun!