Hardening Linux for Embedded Systems
With increasing regulatory requirements on cybersecurity around the world, it is more important than ever to secure the systems you develop. As Linux is an integral part of many embedded systems, we will address how to harden Linux systems, in other words, how to reduce their attack surface by applying appropriate configurations. Linux hardening is a vast topic, so we will give a high-level overview of the topic, and then dive deeper into a few chosen topics.
Among other things, you will learn the following:
- What is hardening and when is a system sufficiently "hardened"
- How to weigh trade-offs between security and performance of certain kernel configurations
- Which Linux Security Modules (LSMs) exist, and which are most useful for embedded use cases
- How to configure a standard firewall with nftables
- How to configure SSH for maintenance & diagnostics
- Which tools can help you with the hardening process