Defense-in-Depth

Goal Understand why system hardening matters and master the foundational principles of defense-in-depth security. Learn how attackers exploit unhardened systems and how layered defenses contain breaches. Prerequisites: Weeks 1-10 (especially Week 5 SSH hardening, Week 9 physical security) This is Part 1 of 4 - Subsequent parts cover MAC systems, kernel hardening, and sandboxing. 1. Why System Hardening Matters The Attacker’s Advantage Without hardening: Single vulnerability → Full system compromise Example attack chain: ...

Goal Master Firejail for application sandboxing and understand when to use each hardening tool. Complete hands-on labs and establish a continuous hardening practice. Prerequisites: Week 11c (Kernel Hardening & AppArmor) This is Part 4 of 4 - Covers Firejail sandboxing and the decision framework. 1. Firejail for Application Sandboxing What is Firejail? Firejail creates isolated sandboxes for applications using Linux namespaces: Filesystem isolation - Restrict access to specific directories Network isolation - Block or restrict network access Process isolation - Limit system calls (seccomp) Resource limits - Restrict CPU, memory usage Why use Firejail: ...