This feature first appeared in the Summer 2015 issue of Certification Magazine. Click here to get your own print or digital copy.
More than two-thirds of the servers hosting Internet-facing websites run variations of the Linux operating system, according to W3Techs Web Technology Surveys. If your organization is among this large group, do you have the skills that you need to properly secure these systems? Failure to implement strong Linux security safeguards may lead to website defacements or, in the worst case, provide hackers with a launching pad to wage an attack against sensitive information stored on your internal network. Organizations running secure Linux servers must have competently trained IT pros with the skills required to harden those systems against attack.
Linux security certifications provide IT professionals with a standardized way to demonstrate their system defense skills to potential employers. These certifications may be narrowly focused on Linux security, but they cover a wide range of topics within that domain. Students studying for a Linux security certification will cover ground including firewalls, network security, encryption, application and operating system patching and other important topics. Candidates who go on to pass the exam will be able to leverage these skills in an increasingly competitive employment market and stand out from the crowd when competing for lucrative Linux security engineering positions.
You might already know that, unlike Microsoft Windows, Linux comes in many variations. While Microsoft has teams dedicated to building standard editions of Windows, Linux development uses an open source approach that relies largely upon volunteer software developers. Many of these developers have different ideas about the features and qualities of strong operating systems and this leads to the development of many different "flavors" of Linux. Popular Linux distributions include Ubuntu, Red Hat Enterprise Linux (RHEL), Debian, CentOS and SUSE. There are also special-purpose Linux distributions, such as Amazon Linux, a CentOS variant tuned for use on the Amazon Web Services cloud platform.
Fortunately, security certification programs tend to shy away from distribution-specific approaches to Linux security knowledge. With the exception of the Red Hat Certificate of Expertise, all of the certifications discussed in this article are distribution-agnostic and cover the general skills required to provide Linux security services on top of any common distribution.
GIAC Certified UNIX Security Administrator
Security professionals around the world widely acknowledge the SANS Institute's Global Information Assurance Certification (GIAC) program as the "master's level" technical certification for security professionals. GIAC credentials dive deep into technical material and cover many different niches of information security. Linux security is no exception, with SANS offering the GIAC Certified UNIX Security Administrator credential to those demonstrating security prowess on UNIX and Linux operating systems.
The name of the credential might be a holdover to the days when UNIX systems were more prevalent, but the material on the exam covers Linux in detail. It includes questions relating to the configuration of Apache web servers, secure Domain Name Service (DNS) configurations, firewalls, computer forensics, Unix account maintenance and log security, among other topics.
Candidates seeking the GIAC Certified UNIX Security Administrator credential may choose to take the SANS SEC506: Securing Linux/Unix course at a live training event, or through on-demand e-learning options. Students who wish to avoid the high cost of these training options may elect to prepare themselves for the exam using other resources. Earning the credential requires passing a two-hour, 75-question exam with a score of 65.3 percent or higher. GIAC offers proctored exams through the Pearson VUE testing network. Students who pass this exam join an elite group: there are only 1,520 GIAC Certified UNIX Security Administrators in the world.
Red Hat Certificate of Expertise in Server Hardening
Administrators who work exclusively in a Red Hat Linux environment may wish to pursue Red Hat's distribution-specific certification program. One of the credentials in this program, the Red Hat Certificate of Expertise in Server Hardening, focuses specifically on security topics. There is no formal prerequisite for the certificate, but Red Hat recommends that candidates already possess the basic Linux knowledge required to earn the Red Hat Certified System Administrator (RHCSA) credential.
The server hardening certificate covers knowledge across four main objectives. First, candidates should be familiar with configuring security options for file systems and volumes. Second, candidates must know how to implement user account security and identity management options. Third, candidates must be familiar with secure logging and auditing processes. Finally, administrators should know how to maintain a secure, updated copy of Red Hat Enterprise Linux.
Earning the Certificate of Expertise in Server Hardening also gives IT professionals credit toward the coveted Red Hat Certified Architect (RHCA) credential. Students seeking the RHCA must pass five Linux exams and the server hardening certificate satisfies one of these requirements. If you prowl around the web enough, you may find references to the Red Hat Certified Security Specialist (RHCSS) credential. Red Hat retired this credential earlier this year and is no longer accepting new applicants.
Linux Professional Institute LPIC-3
The Linux Professional Institute, a non-profit organization dedicated to promoting professional careers in Linux technologies, offers a distribution-neutral certification program for Linux administrators. Their program includes the LPIC-3 certification level that students may earn by passing an exam focused on Linux security. This specialty exam, LPIC 303, covers five Linux security topics:
- Access Control
- Application Security
- Operations Security
- Network Security
Unfortunately, there's a catch to this program. Linux security professionals can't simply take the LPIC 303 exam and earn the LPIC-3 credential. The Linux Professional Institute's certification program requires passing a sequential series of exams where candidates first earn the LPIC-1 and LPIC-2 credentials before becoming LPIC-3 certified. These earlier certification programs each require passing two examinations covering a variety of Linux administration topics. LPIC-1 candidates must pass LPI's 101 and 102 exams while LPIC-2 candidates must complete the LPI 201 and 202 exams. That's a total of five examinations before earning your Linux security credential through LPI: an investment that many security professionals may not be willing to make.
CompTIA Security+ and Linux+ Certifications
One alternative for candidates who don't wish to focus exclusively on Linux security is completing a sequence of other certifications that also demonstrate knowledge in Linux security domains. CompTIA, well-known for offering entry-level information technology certifications offers two programs of interest: the Security+ and Linux+ credentials.
As the name implies, Security+ focuses on the skills required of entry-level information security practitioners. Candidates for this credential take a 90-minute examination with 90 questions covering a breadth of information security skills. Most security professionals consider this a fairly easy examination for those with some experience in the field and self-study options are quite common among successful Security+ candidates.
The Linux+ certification is an interesting twist on the Linux Professional Institute certification program mentioned earlier. CompTIA markets the Linux+ credential as "Powered by LPI" and uses the LPIC 101 and 102 exams as the requirements for earning Linux+. In fact, candidates who earn the Linux+ credential through CompTIA may automatically receive the LPIC-1 credential as well as the SUSE Certified Linux Administrator (CLA) credential. You can earn three certifications for the price (and work!) of one.
Earning both the Security+ and Linux+ certifications is a strong combination of credentials that demonstrate interest in the core skills of Linux security. Employers may look kindly upon this combination and will certainly recognize the strong CompTIA brand over the less well-known Linux Professional Institute.
Certified Information Systems Security Professional (CISSP)
Finally, any discussion of information security certifications would be remiss to exclude the Certified Information Systems Security Professional (CISSP) credential. The CISSP, while it doesn't focus exclusively on Linux security, is widely recognized as the crown jewel of information security certifications and is often a prerequisite for advanced information security jobs.
That said, earning the CISSP is not easy. In addition to passing a comprehensive exam covering eight domains of information security, candidates must prove that they have at least five years of paid, full-time work experience in two or more of the domains. These eight domains include:
- Security and Risk Management
- Asset Security
- Security Engineering
- Communication and Network Security
- Identity and Access Management
- Security Assessment and Testing
- Security Operations
- Software Development Security
Unfortunately, there's no shortcut to the CISSP credential. Students new to the profession should probably start with one of the other certifications on this list and work their way up to the CISSP when they accumulate the required five years of work experience.
Linux security is an important skillset that is in high demand among technology employers. Candidates who take the time to demonstrate their knowledge of Linux security principles through one of the certification programs described in this article add powerful punch to their resumes and stand out from the crowd when seeking new employment opportunities.