HP Education Services



Similar documents
HP-UX Role-Based Access Control B Release Notes

HP Education Services

3 Days Course on Linux Firewall & Security Administration

Linux Operating System Security

HP Education Services Course Overview

Security Advice for Instances in the HP Cloud

SCP - Strategic Infrastructure Security

Overview of Network Security The need for network security Desirable security properties Common vulnerabilities Security policy designs

Integrating HP Insight Management WBEM (WMI) Providers for Windows with HP System Insight Manager

Administering Windows Server 2012 (20411) H4D01S

Network Security and Firewall 1

RH033 Red Hat Linux Essentials or equivalent experience with Red Hat Linux..

Nixu SNS Security White Paper May 2007 Version 1.2

Host Hardening. OS Vulnerability test. CERT Report on systems vulnerabilities. (March 21, 2011)

COURCE TITLE DURATION LPI-202 Advanced Linux Professional Institute 40 H.

FTP Server Configuration

Security Overview of the Integrity Virtual Machines Architecture

Determine if the expectations/goals/strategies of the firewall have been identified and are sound.

HP Device Manager 4.6

HP-UX System and Network Administration for Experienced UNIX System Administrators Course Summary

1 hours, 30 minutes, 38 seconds Heavy scan. All scanned network resources. Copyright 2001, FTP access obtained

Hervey Allen. Network Startup Resource Center. PacNOG 6: Nadi, Fiji. Security Overview

Installing and Configuring Windows Server 2012 (20410) H4D00S

HP Device Manager 4.6

Parallels Plesk Panel

ENTERPRISE LINUX SECURITY ADMINISTRATION

HP Device Manager 4.7

HP Operations Orchestration Software

Customer Education Services Course Overview

LINUX NETWORK SECURITY

Global Partner Management Notice

GL254 - RED HAT ENTERPRISE LINUX SYSTEMS ADMINISTRATION III

CYBERTRON NETWORK SOLUTIONS

Red Hat Linux Administration II Installation, Configuration, Software and Troubleshooting

Small Systems Solutions is the. Premier Red Hat and Professional. VMware Certified Partner and Reseller. in Saudi Arabia, as well a competent

HP OneView Administration H4C04S

Network Access Control ProCurve and Microsoft NAP Integration

GL550 - Enterprise Linux Security Administration

Securing your Linux Server: Racing against the attacker. Nigel Edwards Hewlett-Packard

HP Business Service Management

Host Hardening. Presented by. Douglas Couch & Nathan Heck Security Analysts for ITaP 1

FIREWALL CHECKLIST. Pre Audit Checklist. 2. Obtain the Internet Policy, Standards, and Procedures relevant to the firewall review.

REPORT ON AUDIT OF LOCAL AREA NETWORK OF C-STAR LAB

HP ProLiant Essentials Vulnerability and Patch Management Pack Release Notes

information security and its Describe what drives the need for information security.

System Security Guide for Snare Server v7.0

Implementing Cisco IOS Network Security v2.0 (IINS)

HP ProLiant Essentials Vulnerability and Patch Management Pack Planning Guide

HP IMC Firewall Manager

HP ilo mobile app for Android

Securing Cisco Network Devices (SND)

CISCO IOS NETWORK SECURITY (IINS)

The Self-Hack Audit Stephen James Payoff

HP Windows 7 Onsite Upgrade Service

How To Secure An Rsa Authentication Agent

Information Security Measures and Monitoring System at BARC. - R.S.Mundada Computer Division B.A.R.C., Mumbai-85

MCITP: Enterprise Administrator 2010 Boot Camp H6C09S

HP Education Services Course Overview

GE Measurement & Control. Cyber Security for NEI 08-09

Security Maintenance Practices. IT 4823 Information Security Administration. Patches, Fixes, and Revisions. Hardening Operating Systems

TECHNICAL NOTE 01/02 PROTECTING YOUR COMPUTER NETWORK

Event Monitoring Service Version A Release Notes

HP-UX 11i software deployment and configuration tools

Unix Network Security

HP Security Assessment Services

JK0 015 CompTIA E2C Security+ (2008 Edition) Exam

CS 356 Lecture 25 and 26 Operating System Security. Spring 2013

HP Priority Services. Priority Access

HP ThinShell. Administrator Guide

Oracle Database 11g: Security

Secret Server Qualys Integration Guide

Larry Wilson Version 1.0 November, University Cyber-security Program Critical Asset Mapping

HP Networking BGP and MPLS technology training

HP Education Services Course Overview

LINUX SECURITY COOKBOOK. DanieIJ. Barren, Richard E Silverman, and Robert G. Byrnes

How to manage non-hp x86 Windows servers with HP SIM

Configuring and Administrating Microsoft SharePoint 2010 (10174) HK913S

Security Audit Report for ACME Corporation

Network Security: A Practical Approach. Jan L. Harrington

Hands-On Ethical Hacking and Network Defense Second Edition Chapter 8 Desktop and Server OS Vulnerabilities

Deploying Ubuntu Server Edition. Training Course Overview. (Ubuntu LTS)

Tim Bovles WILEY. Wiley Publishing, Inc.

vsphere Security ESXi 6.0 vcenter Server 6.0 EN

Integrating F5 BIG-IP load balancer administration with HP ProLiant Essentials Rapid Deployment Pack

ENTERPRISE LINUX SECURITY ADMINISTRATION

Linux Troubleshooting. 5 Days

INFORMATION SECURITY TRAINING CATALOG (2015)

Directory and File Transfer Services. Chapter 7

Security FAQs (Frequently Asked Questions) for Xerox Remote Print Services

NETWORK SECURITY HACKS *

SSL VPN Technology White Paper

Managing HP Integrity Servers with HP Server Automation and HP Virtual Server Environment

HP ProLiant Essentials Vulnerability and Patch Management Pack Server Security Recommendations

Transcription:

HP Education Services HP-UX Security (H3541S) Concerned about system security? HP s updated and enhanced HP-UX Security course can help you secure your systems and mitigate risks. Designed for experienced administrators, this course covers all aspects of HP-UX security. Configure an IPFilter firewall. Monitor suspicious activity with RBAC keystroke logging and HP Host Intrusion Detection System. Lockdown your system with Bastille. Create secure isolated execution environments for an Apache server and Oracle database with SRP. Encrypt a logical volume with EVFS. You will do all this and more in this exciting hands-on class! Audience Experienced system and network administrators responsible for securing and monitoring HP-UX systems Prerequisites HP-UX System and Network Administration I (H3064S) and HP-UX System and Network Administration II (H3065S) or HP-UX System and Network Administration for Experienced UNIX System Administrators (H5875S) or Equivalent experience Course objective Course title: HP-UX Security HP product number: H3541S Category/Subcategory: HP-UX / UNIX Course length: 5 days Level: Advanced Delivery language: English To order: To review course schedules and to register for a course, visit www.hp.com/learn/unix and select your country from the drop down menu, or, contact your HP sales representative or HP authorized channel partner. At the conclusion of this course you should be able to: Identify software vulnerabilities and prevent buffer Manage user passwords, enable password aging, overflow attacks and verify user password security Manage user security attributes and user accounts HP Education services are governed by the HP Education Services Terms and Conditions

Install, configure, and manage RBAC Configure and use JFS ACLs to secure files and directories Protect data with EVFS Identify, configure, and disable network services to improve security Install and configure an IPFilter system firewall to block and allow service access Configure HIDS to monitor security incidents on client systems Enable and configure Bastille for standardized security policies Managing security patches with SWA Create an isolated execution environment with SRP Benefits to you Learn how to use Role Based Access Control (RBAC), Secure Shell (SSH), Host Intrusion Detection System (HIDS), Software Assistant (SWA), IPFilter, Bastille, and other HP supported tools to harden and secure HP-UX systems Create secure, isolated execution environments for applications with HP-UX security compartments and Secure Resource Partitions Learn how to use Tripwire, John the Ripper, nmap, lsof, and other open source tools to further improve HP-UX system security Why education services from HP? Focus on job-specific skills Hands-on practice Experienced and best-in-the-field HP instructors Comprehensive student materials More than 80 training locations worldwide Customized on-site delivery Next steps HP-UX Troubleshooting H4264 or HP-UX Virtualization Tools Boot Camp HG869 Detailed course outline Introduction Why security? HP-UX security tools HP-UX security certifications Course agenda Securing user accounts: user passwords Understanding the /etc/passwd file Understanding the /etc/shadow file Encrypting passwords Enabling shadow passwords Enabling long passwords Configuring password aging Cracking passwords with John the Ripper Authenticating users via PAM Configuring /etc/pam.conf Securing user accounts: special cases Protecting user accounts: guidelines Protecting the root account: guidelines Limiting root and operator access via /etc/security Limiting root and operator access via sudo Limiting root and operator access via the restricted SAM builder Limiting root and operator access via the SMH Configuring accounts for guest users Configuring accounts for single application users Configuring accounts for teams and groups Preventing dormant accounts Securing user accounts: Standard Mode Security Extensions (SMSE) Configuring SMSE user security Understanding Standard Mode Security Enhancements benefits Understanding SMSE attributes Configuring /etc/security.dsc Configuring /etc/default/security Configuring /etc/passwd and /etc/shadow Configuring /var/adm/userdb/ via userdbset, userdbget, and userdbck Enforcing SMSE security policies Securing user accounts: Role Based Access Control (RBAC) RBAC features and benefits Installing RBAC Configuring & assigning RBAC roles Configuring & assigning RBAC authorizations Configuring RBAC commands & privileges Verifying the RBAC database HP Education services are governed by the HP Education Services Terms and Conditions 2

Configuring RBAC logging & auditing Running commands with privrun Editing files with privedit Enabling RBAC keystroke logging Protecting data via file permissions and JFS Access Control Lists (ACLs) Understanding how hackers exploit improper file and directory permissions Viewing and changing file permissions Searching for files with improper permissions Configuring and using the SUID bit Configuring and using the SGID bit Configuring and using the sticky bit Configuring and using JFS ACLs Protecting data via swverify, md5sum, and Tripwire File integrity checking overview Verifying executable integrity with swverify Verifying file integrity with md5sum Verifying file integrity with Tripwire Installing Tripwire Creating Tripwire keys Creating the Tripwire configuration file Creating the Tripwire policy file Creating the Tripwire database Performing a Tripwire integrity check Updating the Tripwire database Updating the Tripwire policy file Protecting data via Encrypted Volumes and File Systems (EVFS) EVFS features EVS architecture EVS volumes EVS volume encryption keys, user keys, and recovery keys Step 1: Installing and configuring EVFS software Step 2: Creating user keys Step 3: Creating recovery keys Step 4: Creating an LVM or VxVM volume Step 5: Creating EVS device files Step 6: Creating and populating the volume s EMD Step 7: Enabling the EVS volume Step 8: Creating and mounting a file system Step 9: Enabling autostart Step 10: Migrating data to the EVS volume Step 11: Backing up the EVS configuration Managing EVS volume users Managing the EVS key database Extending an EVS volume Reducing an EVS volume Removing EVS volumes Backing up EVS volumes EVS limitations EVS and TPM/TCS integration overview Securing network services: inetd & tcpwrapper inetd service overview inetd configuration file overview Securing inetd Securing the inetd internal services Securing the RPC services Securing the Berkeley services Securing FTP Securing FTP service classes Securing anonymous FTP Securing guest FTP Securing other ftpaccess security features Securing other inetd services Securing other non-inetd services Securing inetd via TCPwrapper Securing network services: SSH Legacy network service vulnerabilities: DNS Legacy network service vulnerabilities: Sniffers Legacy network service vulnerabilities: IP spoofing Solution: Securing the network infrastructure Solution: Using symmetric key encryption Solution: Using public key encryption Solution: Using public key authentication HP Education services are governed by the HP Education Services Terms and Conditions 3

HP-UX encryption & authentication products Configuring SSH encryption & server authentication Configuring SSH client/user authentication Configuring SSH single sign-on Managing SSH keys Using the UNIX SSH clients Using PuTTY SSH clients Securing network services: IPFilter Firewall overview Packet filtering firewalls Network Address Translation firewalls Host versus perimeter firewalls Installing IPFilter Managing IPFilter rulesets Configuring a default deny policy Preventing IP and loopback spoofing Controlling ICMP service access Controlling access to UDP services Controlling access to TCP services Controlling access via active and passive FTP Testing IPFilter rulesets Monitoring IPFilter Hardening HP-UX with Bastille Bastille overview Installing Bastille Generating a Bastille assessment Creating a Bastille configuration file Applying a Bastille configuration file Applying a pre-configured Bastille configuration file Applying a pre-configured Bastille configuration via Ignite-UX Reviewing the Bastille logs Monitoring changes with bastille_drift Reverting to the pre-bastille configuration Integrating Bastille and HP SIM Monitoring activity via system log files Monitoring log files Monitoring logins via last, lastb, and who Monitoring processes via ps, top, and whodo Monitoring file access via ll, fuser, and lsof Monitoring network connections via netstat, idlookup, and lsof Monitoring inetd connections Monitoring system activity via syslogd Configuring /etc/syslog.conf Hiding connections, processes, and arguments Doctoring log files and time stamps Monitoring activity via SMSE auditing Auditing overview Trusted system versus SMSE auditing Enabling and disabling auditing Verifying auditing Selecting users to audit Selecting events & system calls to audit Creating and applying an audit profile Viewing audit trails Switching audit trails Understanding audomon AFS & FSS switches Understanding audomon audit trail names Configuring audomon parameters Configuring audomon custom scripts Monitoring suspicious activity via HP s Host Intrusion Detection System (HIDS) HIDS overview HIDS architecture Installing HP s HIDS product Configuring HIDS detection templates and properties Configuring HIDS surveillance groups Configuring HIDS surveillance schedules Configuring HIDS response scripts Assigning surveillance schedules to clients Monitoring HIDS alerts and errors Managing security patches with Software Assistant (SWA) Security patch overview SWA overview Reading US-CERT advisory bulletins Reading HP-UX security bulletins HP Education services are governed by the HP Education Services Terms and Conditions 4

Installing swa Generating swa reports Viewing swa reports Retrieving swa recommended patches Installing swa patches Installing other products recommended by swa Applying other manual changes Regenerating swa reports Purging swa caches Viewing swa logs Customizing swa defaults Integrating SWA and HP SIM Preventing unauthorized swa and swlist access Preventing buffer overflow attacks Setting the executable_stack kernel parameter Setting the chatr +es executable stack option Isolating applications via security compartments Security compartment concepts Compartment rule concepts INIT compartment concepts Installing compartment software Enabling compartment functionality Creating and modifying compartments Viewing compartments Adding network interface rules Adding file permission rules Adding a compartment-specific directory Viewing compartments Launching applications in compartments Configuring compartment users Executing commands in compartments Removing compartments Disabling compartment functionality Using discovery compartments to determine an application s compartment requirements Isolating Applications via Secure Resource Partitions SRP concepts SRP example SRP subsystems SRP templates SRP services Installing SRP Enabling and configuring SRP Verifying the SRP configuration Creating an SRP interactively Creating an SRP non-interactively Adding the init, prm, network, ipfilter, login, and ipsec services to an SRP Adding the ssh, apache, tomcat, and oracle templates to an SRP Adding the custom template to an SRP Deploying an application in an SRP Updating an SRP Viewing the SRP configuration & status Starting & stopping an SRP Accessing an SRP Removing an SRP Appendix: Improving user and password security with trusted systems Trusted system overview Configuring password format policies Configuring password aging policies Configuring user account policies Configuring terminal security policies Configuring access control policies Configuring password aging policies Understanding the /tcb directory structure Appendix: Implementing chroot() Limiting file access via chroot() Configuring chroot()ed applications Appendix: Implementing Fine Grained Privileges (FGP) Limiting privileges via FGP Installing FGP Software Installing FGP Software Recognized Privileges Permitted, Effective, and Retained Privilege Sets Configuring FGP Privileges via setfilexsec HP Education services are governed by the HP Education Services Terms and Conditions 5

Configuring FGP Privileges via RBAC Configuring & Using FGP TRIALMODE Appendix: Process Resource Manager (PRM) Overview Allocating resources without PRM Allocating resources with PRM PRM advantages PRM managers PRM groups PRM Fair Share Scheduler concepts & configuration PRM PSET concepts & configuration PRM memory manager concepts & configuration Reviewing available resources Analyzing application requirements Enabling PRM Creating and updating the PRM configuration file Monitoring resource usage Copyright 2010 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. The only warranties for HP products and services are set forth in the express warranty statements accompanying such products and services. Nothing herein should be construed as constituting an additional warranty. HP shall not be liable for technical or editorial errors or omissions contained herein. ver h.00 To review course schedules and to register for a course, visit www.hp.com/learn/unix and select your country from the drop down menu. HP Education services are governed by the HP Education Services Terms and Conditions 6

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information