08-10-2017 03:17 PM
PANOS is built upon Fedora Linux.
08-11-2017 12:59 AM
PAN-OS runs on redhat 🙂
for the PAN-OS perspective you don't need to worry about linux knowledge as the underlying OS is not exposed to the user.
In a broader sense, as a security manager it's probably good to get acquainted with linux a bit so you get a sense what kind of environment you're dealing with and to keep tabs on your admins (are they running everything in root, are they sandboxing processes, are they keeping services patched,...)
ubuntu is a good candidate to play with as it's very user friendly and has plenty of online resources 🙂
08-11-2017 05:57 AM
So are you a security manager reaper? Do you find everything regarding security done with linux, unix and ubuntu or is there a wider variety of choices? I am not a security manager just a systems engineer. I have learned linux, I am not an expert but I have built and configured some.
08-11-2017 06:13 AM
In my previous job I was everything combined 😉 (they only had one guy to do everything security and networking related)
some basic linux skills and understanding initially helped me better understand what the database guys were doing and helped me convince them they were doing it wrong 😉 later on it helped me better implement a couple of bastion servers (a couple of bind DNS boxes we needed as external DNS to our company)
maybe if your team is larger and you can delegate to a teamlead there's really no need for much linux knowledge but it's not a bad skill to posess, keeps people on their toes if you can drop a 'so did you CHROOT that bind9 you just deployed?' 😉
08-11-2017 06:21 AM
But really using linux for security is a preference not a necessity to do security. We are not a large team and they just formed a new security group of 2 based on the fact that linux experience made one guy more qualified to be in security.
We also use bind for DNS but I am not sure how we got on this subject LOL and it has be in place for over 4 years.
08-11-2017 06:26 AM - edited 08-11-2017 06:29 AM
I have to agree with Reaper that Linux/Unix is the base for a majority of the security products out there. Some I have seen as just software installed onto an OS of your choice. Very few have custom sourced base code.
I think the reasoning is that you can really strip down linux to only the little pieces you want and its not licensed so there is no worry of that added cost of support (can be added) or developing base code.
However just because someone knows Linux, doesnt make them more qualified. I think its more of a mindset as I have seen some windows systems so locked down that it was very secure. Also most vendors put their own spin onto the GUI so you cant even get into the base shell to run the basic commands.
08-11-2017 06:42 AM
I agree and that was my thought as well, that linux knowledge does not make you more qualified to be a security person because the products may be based on linux but that does not mean that they allow or require you to know linux to use them and most are not set up to modify them, they are a ready made package deal
08-11-2017 06:51 AM
Depending on how in depth you're getting with security and certain aspects of analysis on different Malware/Spyware sample or stuff like that I almost really would call Linux a necessity. Not only because of the tools available, but because of the threat of doing some of that on a Windows box would actually be.
You can do everything you would need to on a Windows box, but the time that it would take to do so would be inefficient and someone doing the same alaysis on a Linux box would be more efficient.
08-11-2017 06:53 AM
Interesting viewpoint bpry thanks for sharing. Can you give some examples of the linux tools that you use?
08-11-2017 07:14 AM
If your just getting started I would really recommend spinning up a REMnux and Cuckoo and giving them a go. They're pretty well documented, likely the best documented outside of the entire Kali distro. REMnux is it's own distro so it can be installed directly from it's OVA and Cuckoo last I checked still needed to be actually installed on an exsiting Linux install, they may have released it as it's own distro by now though I'm not sure.
Once you get involved in it and start working on forums you'll here other tools mentioned that you can look into; but I would recommend running with those two to start.
08-11-2017 10:41 AM
08-14-2017 05:55 AM
I was approaching a situation where the justification for creating a security position for an individual was justified by tgat person(not me) that the linux experience qualifies them above other for the position to which I disagreed. I believe the same way that you do that a wide variety of experiences make a good security person.
So what type of access does a security person usually have? Access to manage anything or limited access?
08-14-2017 06:21 AM
I guess it will depend a bit on the size of the team and the actual background of the manager.
Typically they would probably rely on reporting tools (reporting from the PANW itself and reporting tools like splunk/crystalreports/siem/...) to gain insight in the actual security situation rather than raw access to appliances or servers, that's the task of the admins.
A good (basic) working knowledge helps in assessing what needs to be done and how to hold the admins accountable to do their jobs properly, deeper knowledge improves that accountability but would still not really be part of the manager's job unless the team is so small the manager is also the admin and just needs to swap hats
A manager needs to be able to understand the environment and outline best practices based on a deep understanding of how security works, cysber kill chain etc.
an anecdote: in my previous company our database guy was an absolute linux guru but had no clue about 'security' as it only impeded on his core business of making the databases run smoothly
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
