A Sysadmin Takes the LPI Security Essentials Exam
Linux Professional Institute (LPI) officially launched its newest certificate, Security Essentials. As an official training partner, I had the opportunity to participate in the beta phase of the exam, and thus get to know it better and contribute my impressions.
I was never a cybersecurity specialist. In my career of more than 20 years, I have worked mainly in the support and administration of Linux servers and open source solutions. I also teach these subjects.
Therefore, I was familiar with some subjects in the exam program through professional work. I knew other topics more superficially through readings, conversations, videos, and lectures that I came across day to day.
The topics in the exam seek to ensure that the professional or student has a good understanding of the main concepts of security in its most diverse aspects. Extremely technical knowledge, such as tool configuration or the use of commands, is not required.
In the first topic, “Security Concepts,” as the name implies, the candidate will find questions related to the most common IT security concepts, the main terms used, the types of attacks and vulnerabilities, how incidents are named and reported, and what types of action to take when faults are detected.
In the “Encryption” topic, the main concepts of cryptography are discussed, including public, private, symmetric, and asymmetric keys You’ll encounter these concepts often when you work with remote connections, such as when using SSH. This topic also encompasses a good understanding of security in web connections with the use of certificates over HTTPS, and the secure use of email, mainly using S/MIME and OpenPGP. In addition, the topic addresses data encryption on personal devices and in the cloud.
The third topic, “Device and Storage Security,” addresses security in hardware devices, the Internet of Things (IoT), and their interconnections such as USB and Bluetooth. Security in software applications is also covered, describing the main types of vulnerabilities and malware.
The topic “Network and Service Security” turns out to be very familiar to anyone who already works with technology on a daily basis. The topic addresses the main concepts in network operation, such as the main protocols, interface types, and components, along with cloud concepts. The safe use of a wireless network, including the main risks and ways of mitigating vulnerabilities, is also discussed.
Finally, “Identity and Privacy” covers concepts such as authentication, authorization, confidentiality, and privacy. Sample concepts include the secure use of passwords, social engineering, and the main types of attacks on identity and privacy. This topic also included subjects that are currently very critical in our current digital environment, especially stalking and cybermobbing.
As I said, I didn't previously know all the content covered, and I had to prepare myself somewhat for the exam.
Usually, LPI itself makes great study material available at its Learning Materials site, but at the time of the beta phase, such material was not yet available.
In this case, my study strategy was basically to search the Web for each area of knowledge and the main terms mentioned in each subtopic. For example, I’d ask “What is Advanced Persistent Threats (APT)” or “What is the difference between black hat hacking and white hat hacking.”
It is not necessary to dive deeply into topics; just a general understanding of each subject is enough. At the end you might ask yourself: “Do I know the main features of Bitlocker?” or “Do I understand the main concepts about HTTPS?” If you're comfortable with your answers, move on to learn another topic.
After taking the exam and then finalizing the whole process, I now understand clearly how relevant the subjects covered in Security Essentials are. The program covers the knowledge of security that every professional who works or intends to work computer technology should have. Going further, these are very relevant subjects for anyone who handles data and sensitive information in their daily life, whether personally or professionally.
In short, Security Essentials perfectly delivers what it promises: to validate and even stimulate knowledge about information security at many levels.
<< Read the previous post of this series | Read the next post of this series >>