by Randy Russell (Red Hat)
I am pleased to announce our newest certification, Red Hat Certificate of Expertise in Server Hardening. This new Certificate of Expertise will take the place of the Red Hat Certificate of Expertise in Security: Network Services and Red Hat Certificate of Expertise in Directory Services and Authentication. Red Hat Certified Professionals working towards earning Red Hat Certified Security Specialist (RHCSS), Red Hat Certified Datacenter Specialist (RHCDS) or Red Hat Certified Architect are able to visit our Certification FAQ to learn more about how this new Certificate of Expertise fits into these programs. Why are we introducing this new credential and replacing long-standing ones with it?
Every year, Las Vegas plays host to DEF CON® Hacking Conference, which is routinely described as the world’s biggest hacker conference. Most people attend to learn about security exploits so that they can protect themselves and others. At last year’s conference many speakers within the DEF CON community spoke about the important of asking questions, engaging with others while at the conference and sharing knowledge.
One speaker, who is particular well-established, likewise made such a statement. He then went on to say that in order to speak to him, there were requirements. He then proceeded to enumerate, accompanied by slides, the vast array of skills and knowledge one needed in order to be worthy to step into his presence. His rigorous list would be an excellent checklist for someone who wanted to have a heavy-duty, information assurance consulting practice. However, many of us must think about security and implement practices that address specific risk factors with appropriate levels of time, effort and money. It is not our role to contemplate the vast everythingness of everything. We need to ensure that we have taken appropriate steps on systems within our care. In short, we need focus within that deep, broad ocean called security.
This brings me back to our new Red Hat Certificate of Expertise in Server Hardening and Red Hat Server Hardening course that covers the skills and knowledge we test in the exam. The new credential and course bring a new level of focus to security topics. Everything we have covered in earlier exams and courses was and is worthwhile to someone somewhere. What we wanted to do is bring a sharper, more defined sense of what must be done rather than explore the broad and deep territory of what could be done. That goal thus raised another important question: how do you decide what must be done? And how do you make the answer practical and applicable to all those environments running Red Hat Enterprise Linux out there?
Our answer to the question lies in standards. Red Hat’s commitment to and involvement in standards across the entire IT field is long-standing. Open source is itself, in subtle and important ways, an exercise in standards. Consequently, we decided to look to the knowledge out there as encapsulated by standards, rather than relying on the perspectives in here. Furthermore, looking to standards (e.g., PCI) aligned our efforts with the actual needs in the field because many of the professionals working on Red Hat systems are responsible for bringing those systems into compliance with standards. Therefore, we did a review of various standards in use to identify the common ground among them and to help us focus on what would be most useful to know.
If you or someone on your team is responsible for standards-compliance or if your organization wants to improve its security practices in its use of Red Hat Enterprise Linux, take a look at the Red Hat Certificate of Expertise in Server Hardening exam objectives and Red Hat Server Hardening course outline. They might not make you worthy to breathe the rarified air of that speaker I described, but the Certificate of Expertise will demonstrate that you can focus on the key security steps you need to take and the course will help you get there.
This work is licensed under a Creative Commons Attribution-NonCommercial-NoDerivs 3.0 Unported License.