A few weeks ago, I decided that I want seriously pursue Linux, and gain considerable experience on my own time that would be valuable in future job roles.
Now, while learning things that are related to being a Linux sysadmin might not directly translate to anything I’ll be doing in Cybersecurity, the principles involved will, I believe.
My approach is to build a simulated office network that has enough going on to get me thinking in terms of securing and administering an office environment, but not so detailed that managing it is too difficult. For instance, we want to have users and roles, we want to have specific departments that have specific permissions, and so on. We don’t have to have all the users present in those departments, we only need enough to imagine the scenarios.
The way I’ve started this is with a simple Ubuntu virtual machine. It serves as kind of the hub for all the activity. I’ve also created some user accounts to simulate the different departments, and have set up password policies to begin reinforcing what I’ve picked up while I was studying for the Security+. Things like “long, strong, complex”, and “require password change upon first login”. It’s cool to see these things implemented in Linux.
Also, I set up some partitions (which is a nice skill to have), and have made groups for the different departments so that only certain departments can have access to those partitions. What’s neat, is that we can start to play out scenarios where the files from one department get exfiltrated, and we have to figure out what happened.