O'Reilly logo
live online training icon Live Online training

Security for System Administration

Practical applications

Branson Matheson

With the constant increase and evolution of security risk, small to mid-size business have a more difficult time managing security effectively. In this two-day course, Branson Matheson explores applied security theory fundamentals and walks you through the practical application of security controls. You’ll gain a solid understanding of security theory as developed by NIST and leave able to evaluate your environment, determine risk and controls, and apply those controls in a cogent manner to maximize impact in your organization.

What you'll learn-and how you can apply it

By the end of this live, online course, you’ll understand:

  • The CIA triad of risk assessment (confidentiality, integrity, and availability) as outlined in NIST SP 800-60 and FIPS 199
  • How to apply risk models to determine effective controls using NIST SP 800-53

And you’ll be able to:

  • Evaluate your environment to determine risk by subsystem and system
  • Evaluate the risk and business requirements to apply effective controls
  • Use open source tools to perform routing security evaluation of your environment

This training course is for you because...

  • You’re an IT service provider with a background in support and system management who wants to improve your ability to manage your security footprint and protect your environment.
  • You’re responsible for security in your IT services group, and you need to put together a plan to improve security within your group and at your site.
  • You’re in IT and want to learn security theory and its application.


  • A background in Unix or Windows system administration
  • A working knowledge of virtualization (i.e., how to run systems within a virtual machine)
  • A clear understanding of the systems at your site

Required materials and setup:

A machine with VirtualBox or VMware installed

Kali Linux (installed and set up in a virtual machine)

Recommended preparation:

NIST SP 800-60 (pdf)

NIST SP 800-53 (website)

FIPS 199 (reports)

Complete all prework assignments in the course workbook (available in two formats below): ODT PDF

About your instructor

  • Branson Matheson is a 29-year veteran of system architecture, administration, and security. He started as a cryptologist for the US Navy and has since worked on NASA shuttle and aerospace projects, TSA security and monitoring systems, secure mobile communications, and Internet search engines. He has also run his own company while continuing to support many open source projects. Branson speaks to and trains sysadmins and security personnel world wide; and he is currently a senior technical lead for Cisco Cloud Services. Branson has several credentials; and generally likes to spend time responding to the statement "I bet you can't...."


The timeframes are only estimates and may vary according to how the class is progressing

Day 1

Introduction to security for system administration (50 minutes)

  • Lecture: Scoping the players; defining the needs; risk and how it applies in IT; the security lifecycle—categorize, select controls, implement, assess, and monitor; standards—ISO and security (GIAC, NIST)
  • Hands-on exercise: Give examples of the lifecycle for fence building for goats
  • Q&A

Break (10 minutes)

Categorization (55 minutes)

  • Lecture: Risk and how it applies to IT; security categorization—confidentiality, integrity, and availability; NIST SP 800-53r4 and security controls; rational application of controls
  • Group discussion: Discuss different approaches to measuring risk; review categorizations
  • Hands-on exercise: Identify three related information types and categorize them, baseline the systems, and produce SC IMPACT for entire system
  • Q&A

Break (10 minutes)

Select controls (55 minutes)

  • Lecture: A quick review of standards and controls; control impacts and mitigation strategies; unreasonable control and divergence; control management; evolving controls
  • Group discussion: Trade control applications and critique them; review assigned control applications
  • Q&A

Day 2

Implementation and change control (50 minutes)

  • Lecture: Change control—record, assess, plan, build/test, implement, and close; the change control workflow; change control boards; tools
  • Hands-on exercise: Create change control for a security control
  • Group discussion: Discuss controls and challenges to assumptions; what makes a good change control documentation trail?
  • Q&A

Break (10 minutes)

Validation (55 minutes)

  • Lecture: Network auditing—capabilities, tools (Nmap, OpenVAS), capacities, and detection; Kali Linux; Nmap demo; wifi auditing and tools—WiFi Analyzer and Kismet; host auditing and tools—OpenVAS, CISecurity, Lynis; host auditing as a control; remediation; CISecurity benchmarks
  • Hands-on exercises: Run several Nmaps; run the Lynis host auditor on Kali Linux
  • Group discussion: Discuss results
  • Q&A

Break (10 minutes)

Monitoring (75 minutes)

  • Lecture: Baselining versus change; signal to noise; data to information; host versus network monitoring; monitoring tools—ELK, scanners, network tap; monitoring external resources; news and patch updates; patch planning and implementation; identify sources of security info—Reddit r/netsec and ISC, tools, ISC Threatcon
  • Group discussion: Which is more effective in monitoring: individual or group?; how would you monitor a kindergarten class on a playground?; brainstorm ways to recognize failures; recognize logged issues
  • Hands-on exercises: Install and run ntop; run scanning exercise in course workbook

Break (10 minutes)

Proactive security (80 minutes)

  • Lecture: Authentication versus authorization; the principle of least privilege; information control; scoping access requirements; authentication tokens; policy creation; policy scopes; policy validation; risk reduction—system level (rm -i, config management); risk reduction—human factors (shell scripts, prompts, MOTD, security awareness)
  • Group discussion: What’s more important: length or complexity?; discuss DenyHosts settings
  • Hands-on exercises: Install and configure DenyHosts; select a nontechnical control and write a policy

Wrap-up and Q&A (10 minutes)