Slide 1
Most trusted JOB oriented professional program
DevOps Certified Professional (DCP)

Take your first step into the world of DevOps with this course, which will help you to learn about the methodologies and tools used to develop, deploy, and operate high-quality software.

Slide 2
DevOps to DevSecOps – Learn the evolution
DevSecOps Certified Professional (DSOCP)

Learn to automate security into a fast-paced DevOps environment using various open-source tools and scripts.

Slide 2
Get certified in the new tech skill to rule the industry
Site Reliability Engineering (SRE) Certified Professional

A method of measuring and achieving reliability through engineering and operations work – developed by Google to manage services.

Slide 2
Master the art of DevOps
Master in DevOps Engineering (MDE)

Get enrolled for the most advanced and only course in the WORLD which can make you an expert and proficient Architect in DevOps, DevSecOps and Site Reliability Engineering (SRE) principles together.

Slide 2
Gain expertise and certified yourself
Azure DevOps Solutions Expert

Learn about the DevOps services available on Azure and how you can use them to make your workflow more efficient.

Slide 3
Learn and get certified
AWS Certified DevOps Professional

Learn about the DevOps services offered by AWS and how you can use them to make your workflow more efficient.

previous arrow
next arrow

Complete Referance of Encryption in Linux Security

  • Introduction to Encryption
  • Using GNU GPG
  • Using SSH
  • Hashing Utilities
  • Using PKI Certificates in Linux

Introduction to Ecryption

  • Linux has built-in ability to encrypt files
  • Protects files in storage
  • Protection during transmission
  • Uses common standard algorithms
  • MD5 & SHA for Hashing
  • 3DES & AES for data encryption
  • Supports many other algorithms as well
  • PKI enabled
  • OS can generate self-signed certificates
  • Can use 3rd party generted certs

Using GNU GPG

  • GNU Privacy Guard comes built-in with most distros
  • Complete implementation of the OpenPGP Internet tandard a described in RFC 2440
  • Most popular personal encryption package
  • Ability to encrypt and digitally sign files
  • Used to send secure email messages
  • Used to encrypt files in storage
  • Uses DSA, EIGamal, 3DES and Twofish as encryption algorithms
  • Many other algorithms also supported
  • Some algorithms not legal for export outside US – obtain from International sites
  • First step is to generate a key pair (one public, one private)
  • Command to generate is ‘gpg –gen-key’
  • Use higher key length – minimum is 768
  • Enter user name and email address – key is generated baed upon this info
  • Enter password that will be used – use complex password rules
  • Export public key so others may exchange data securely with you
  • Other public keys can be imported as well
  • Sign your public keys before issue so others will know they are valid, and only accept signed keys from others
  • Encrypt data to send to others
  • Decrypring involves receiving and converting encrypted file
  • Digitally sign all encrypted files to verify they came from you
  • GPG has both command and GUI utilities
  • Use ‘gpg’ command with various options,performs all encryption/descryption tasks
  • GPG Demonstration

Using Secure Shell

  • Secure Shell(SSH) developed to protect communications
  • Telnet and FTP do not encrypt data; passwords and login info pased as plaintext
  • ‘r’ commands(rlogin, rsh, rcp, and rdist) also insecure
  • SSH developed to take their place and encrypt all data during communications session
  • SSH can also be used over X-windows
  • SSH allows remote login as root to perform system maintenance tasks
  • Several versions available, including SSH Tectia, OpenSSH, F-secure, and Reflection for Secure IT
  • OpenSSH is most popular in Linux distros
  • RSA authentication or conventional password based authentication can be used
  • Secure Shell then opens up a user program or interactive shell
  • Current version of OpenSSH is OpenSSH 8.7/8.7p1
  • SSH uses 2 protocol versions, 1 and 2
  • Version 1 is insecure due to integer overflow vulnerabilities
  • Use SSH implementation with version 2 protocol instead

Hashing Utilities

  • Hashed are produced to ensure file integrity
  • Ensure file has not been altered
  • Slightest alteration changes hash and indicates a file change
  • Hashing is method of verifying installation files and packages, as well as system files
  • Hashing also encrypts password
  • Actual passwords not stored,but hashes are stored
  • User enters password, which is hashed
  • Matching hash from /etc/shadow indicates correct password
  • Linux uses 2 major hashing algorithms
  • SHA(160-bit and higher)
  • MD5(Message Digest version 5) 128-bit
  • SHA is newer and stonger algorithm
  • Available in 160-bit, (SHA-1), 224, 256, and 512-bit versions (SHA-2)
  • Successor to MD5; required for US govt applications under FIPS 180-2
  • SHA2 preferred due to identified collision vulnerabilities in SHA1
  • Built-in Linux SHA utilities include:
  • sha1sum: computes and checks message digest(hash) for file
  • dgst: older utility that computes hashes using sha1 or md5
  • MD5 is older(but still widely used) hashing algorithm
  • Developed by Ron Rivest and replaced earlier algorithm MD4
  • 128-bit strength algorithm
  • Discovered to be vulnerable due to collision problems
  • MD5 utilities include:
  • md5sum: computes or checks hash value of file
  • md5crypt: encrypts a password for use in Grub boot loader

Using PKI Certificates in Linux

  • Linux has built-in ability to use and generate digital certificates
  • Used for variety of purposes:
  • Secure trasactions, web site verification, user authentication, and software sigining
  • Linux can use trusted certificates from 3rd parties
  • Can self-generate its own certifictes
  • Use ‘genkey’ command to generate SSL certificates and cert requests

Rajesh Kumar