Linux Operating System Security



Similar documents
Linux System Administration on Red Hat

Advanced Linux System Administration on Red Hat

Designing and Coding Secure Systems

LINUX SECURITY COOKBOOK. DanieIJ. Barren, Richard E Silverman, and Robert G. Byrnes

GL550 - Enterprise Linux Security Administration

COURCE TITLE DURATION LPI-202 Advanced Linux Professional Institute 40 H.

GL254 - RED HAT ENTERPRISE LINUX SYSTEMS ADMINISTRATION III

SCP - Strategic Infrastructure Security

HP Education Services

GL-550: Red Hat Linux Security Administration. Course Outline. Course Length: 5 days

ENTERPRISE LINUX SECURITY ADMINISTRATION

CS 356 Lecture 25 and 26 Operating System Security. Spring 2013

Getting Started in Red Hat Linux An Overview of Red Hat Linux p. 3 Introducing Red Hat Linux p. 4 What Is Linux? p. 5 Linux's Roots in UNIX p.

ENTERPRISE LINUX SECURITY ADMINISTRATION

Network Security Foundations

3 Days Course on Linux Firewall & Security Administration

Small Systems Solutions is the. Premier Red Hat and Professional. VMware Certified Partner and Reseller. in Saudi Arabia, as well a competent

Description: Objective: Attending students will learn:

RH033 Red Hat Linux Essentials or equivalent experience with Red Hat Linux..

Linux Server Configuration Guidelines

Beginning OpenVPN 2.0.9

Security + Certification (ITSY 1076) Syllabus

INFORMATION SECURITY TRAINING CATALOG (2015)

Linux Troubleshooting. 5 Days

LINUX NETWORK SECURITY

Red Hat Linux Administration II Installation, Configuration, Software and Troubleshooting

Deploying Ubuntu Server Edition. Training Course Overview. (Ubuntu LTS)

Host Hardening. OS Vulnerability test. CERT Report on systems vulnerabilities. (March 21, 2011)

Table of Contents. Introduction. Audience. At Course Completion. Prerequisites

information security and its Describe what drives the need for information security.

NETWORK SECURITY HACKS *

Nessus Agents. October 2015

Advanced Linux System Administration Knowledge GNU/LINUX Requirements

Ethical Hacking and Attack Tools

OnCommand Performance Manager 1.1

Open Source Security: Opportunity or Oxymoron?

Linux Network Security

GLS250 "Enterprise Linux Systems Administration"

Security Advice for Instances in the HP Cloud

Linux VPS with cpanel. Getting Started Guide

Networking: EC Council Network Security Administrator NSA

Testing for Security

TABLE OF CONTENTS NETWORK SECURITY 2...1

Introduction Open Source Security Tools for Information Technology Professionals

IT6203 Systems & Network Administration. (Optional)

Secure Network Filesystem (Secure NFS) By Travis Zigler

Guide to the Secure Configuration of Red Hat Enterprise Linux 5

Viking VPN Guide Linux/UNIX

2016 TÜBİTAK BİLGEM Cyber Security Institute

INFORMATION SECURITY TRAINING CATALOG (2016)

Chapter 11 Phase 5: Covering Tracks and Hiding

Nixu SNS Security White Paper May 2007 Version 1.2

Network Security and Firewall 1

Information Security Measures and Monitoring System at BARC. - R.S.Mundada Computer Division B.A.R.C., Mumbai-85

Course Content Summary ITN 261 Network Attacks, Computer Crime and Hacking (4 Credits)

Chapter 6 Configuring the SSL VPN Tunnel Client and Port Forwarding

Oracle Linux 7: System Administration Ed 1 NEW

HARFORD COMMUNITY COLLEGE 401 Thomas Run Road Bel Air, MD Course Outline CIS INTRODUCTION TO UNIX

SSL Tunnels. Introduction

NETWORK SECURITY (W/LAB) Course Syllabus

What is included in the ATRC server support

Installing Virtual Coordinator (VC) in Linux Systems that use RPM (Red Hat, Fedora, CentOS) Document # 15807A1-103 Date: Aug 06, 2012

Hervey Allen. Network Startup Resource Center. PacNOG 6: Nadi, Fiji. Security Overview

GSEC GIAC Security. Essentials Certification ONE ALL IN EXAM GUIDE. Ric Messier. Singapore Sydney Toronto

Network Defense Specialist. Course Title: Network Defense Specialist: Securing and Troubleshooting Network Operating Systems

This chapter describes how to set up and manage VPN service in Mac OS X Server.

EUCIP - IT Administrator. Module 5 IT Security. Version 2.0

Overview of Network Security The need for network security Desirable security properties Common vulnerabilities Security policy designs

Red Hat Enterprise Linux (RHEL 6) Courses

Intrusion Detection and Prevention: Network and IDS Configuration and Monitoring using Snort

Security Configuration Guide P/N Rev A05

Guide to the Secure Configuration of Red Hat Enterprise Linux 5

Installing and Configuring Websense Content Gateway

Specialized Programme on Internetworking Design and LAN WAN Administration

VMware: Advanced Security

CYBERTRON NETWORK SOLUTIONS

Data Collection and Analysis: Get End-to-End Security with Cisco Connected Analytics for Network Deployment

Open Source Security Tools for Information Technology Professionals

Exam Questions SY0-401

Network Security. Network Packet Analysis

Linux Boot Camp. Our Lady of the Lake University Computer Information Systems & Security Department Kevin Barton Artair Burnett

System Administration: The Complete Reference

McAfee Firewall Enterprise 8.2.1

TIME SCHEDULE. 1 Introduction to Computer Security & Cryptography 13

ACADEMIA LOCAL CISCO UCV-MARACAY CONTENIDO DE CURSO CURRICULUM CCNA. SEGURIDAD CCNA SECURITY. VERSION 1.0

RHCSA 7RHCE Red Haf Linux Certification Practice

Unix Network Security

Computer Security: Principles and Practice

Ethical Hacking and Information Security. Foundation of Information Security. Detailed Module. Duration. Lecture with Hands On Session: 90 Hours

Ficha técnica de curso Código: IFCAD111

Contents. Part 1 SSH Basics 1. Acknowledgments About the Author Introduction

1 Scope of Assessment

Asheville-Buncombe Technical Community College Department of Networking Technology. Course Outline

Cyber Exercises, Small and Large

Transcription:

Linux Operating System Security Kenneth Ingham and Anil Somayaji September 29, 2009 1 Course overview This class is for students who want to learn how to configure systems to be secure, test the security of systems, and/or and manage the system more securely. 2 Course objectives Know how to work with a network mapping tool and how to control what it discovers. Know how to work with penetration testing systems and how to reduce their threat. Understand network security issues and how to control network access. Learn about some of the intrusion detection systems available. Understand how the use of cryptography can improve system security, including topics such as VPNs, SSL/TLS, and OpenSSH. Understand local operating system security issues, such as logging, file permissions, password security, and the setuid bit. 3 Student background If you are attending this class, then we assume that You should have a basic familiarity with Linux system administration. Specifically: When a lab says, install the RPM foo.rpm or install the package in foo.tar.gz, you should understand what this means and how to do it. You should understand Unix file permissions, how they work, and how you change them. You should understand how to create users and the parts of a user account. 1

You should understand the process the system goes through when it boots. Knowledge of shell programming will help you understand the system startup scripts, etc. If you know regular expressions, you will be able to make better use of the various tools that use them for searching. (For optional kernel chapter) You should understand how to build a new kernel (although the class notes will give some guidance on this topic). 4 Logistics The class lasts three days. Fedora Core 4 The class uses the following software: Apache web server Bastille Linux RPM CentOS 5.x or Red Hat Enterprise 5.x Firefox (on Linux distribution but needed for Windows) GnuPG IP Tables and associated kernel modules and any GUI config tools. Kernel sources from kernel.org or distribution LIDS distribution to match the kernel OpenSSL command-line utilities PAM Perl-Tk and Perl-Curses RPMs TCP wrappers aide (on OS distribution) bzip2 chattr chmod find fuser iptraf (if covered in this class) logger logrotate lsattr lsof mke2fs mount named manual page; a web browser with Internet access nessus client and server either installed or distribution files available netstat 2

nmap nmap (on distribution media) portsentry (installed or distribution files) snort installed or distribution files socklist sshd ssh stunnel version 4.0 sudo syslogd telnet (client) umount xinetd xinetd or inetd pam wheel.so a DHCP and DNS server for the class a /test filesystem (size not critical) for mounting nosuid and/or nodev. an NIS server on the instructor machine with an account the students will log into (if this class covers NIS) ipsec-tools static IP addresses (these do not need to be routable) No class network information specified. The class needs a web server for the class web site. The instructor s laptop may be this web server; otherwise the machine provided in the classroom for the instructor is a good choice. This machine obviously will need web server software installed. 5 Class outline 1. Introduction (Lecture: 15; Lab: 0) (a) Class Introductions (b) Class Logistics i. Class schedule ii. Breaks iii. Question policy iv. Break room and restroom locations v. Assumptions about your background (c) Typographic conventions (d) What the class covers 2. General Security Issues (Lecture: 25; Lab: 30) (a) General OS security 3

i. Physical security is paramount ii. Security is a process, not a product iii. Fewest services/minimal functionality iv. Least privilege v. Compartmentalization vi. Defense in depth (b) Patches and keeping current (c) Security myths i. We have a firewall, the attackers cannot get to this machine ii. I use anti-virus software; my machine does not have any malware (d) Class software 3. Logging (Lecture: 30; Lab: 35) (a) Overview (b) syslogd i. syslog.conf ii. Facilities iii. Severity Levels iv. Actions (c) Log file rotation i. logrotate directives (d) Utilities to assist with log files 4. Authentication (Lecture: 45; Lab: 45) (a) Password cracking (b) PAM i. Example (c) Root access (d) sudo i. sudo configuration (e) nsswitch.conf (f) Kerberos i. Quick Overview ii. Session Protocol iii. Setting up a Kerberos server iv. Setting up a Kerberos client (g) LDAP 4

i. Setting up an LDAP server ii. Using LDAP as a client (h) Summary (i) Lab 5. Local security issues (Lecture: 20; Lab: 60) (a) Disk partitioning (b) Setuid files (c) The sticky bit on a directory (d) Local security scanners i. rpm verification A. Limits of rpm verification 6. nmap and network mapping (Lecture: 20; Lab: 40) (a) nmap overview (b) Using nmap (c) netstat (d) lsof and fuser 7. Penetration testing (Lecture: 15; Lab: 60) (a) Testing for security (b) nessus i. Installing and running nessus (c) Other non-commercial penetration testing tools (d) Commercial penetration testing tools 8. Network access control (Lecture: 50; Lab: 60) (b) TCP wrappers (c) xinetd (d) IP Tables i. OS details ii. Basic IP tables commands iii. Rules iv. iptables examples (e) GUI configuration tools (f) Troubleshooting 5

(g) Summary 9. Intrusion Detection Overview (Lecture: 25; Lab: 35) (b) Types of Intrusion Detection Systems i. Input data stream ii. Data analysis method iii. Response strategy iv. Honeypots and darknets (c) Evaluating IDS systems (d) Comparing IDS strategies (e) IDS Overview Lab 10. Host-based Intrusion Detection Systems (Lecture: 20; Lab: 65) (b) aide i. Using aide (c) tripwire i. Configuring Tripwire (d) portsentry i. Installing and configuring portsentry (e) Other open source host-based IDSs (f) Commercial products (g) Summary 11. Network Intrusion Detection Systems (Lecture: 15; Lab: 45) (b) snort i. Installing snort ii. Configuring snort iii. Running snort (c) Other NIDSs (d) Lab 12. SELinux (Lecture: 35; Lab: 30) (a) Overview of SELinux (b) Discretionary versus mandatory access control (c) SELinux vocabulary (d) Security contexts i. Overview 6

ii. Example iii. Processes iv. Files and filesystems (e) Security policies (f) Enabling SELinux (g) Working with file contexts (h) Handling SELinux denials (i) SELinux notes (j) Summary (k) Lab 13. Cryptography Overview (Lecture: 70; Lab: 55) i. Cryptographic Applications ii. Open design (b) Cryptographic Primitives i. Cryptographic hash functions ii. Symmetric key encryption iii. Public key encryption (c) Digital signatures (d) Public Key Management i. The Problem ii. Certificates iii. Trust Models iv. Example: PGP/GnuPG v. Example: SSL/TLS vi. Overview A. The server B. The client (e) Random numbers (f) Parameter sizes (g) Insecure Cryptography i. Key management errors (h) Do not innovate in cryptography (i) Summary (j) Lab 14. Cryptographic Tools (Lecture: 40; Lab: 45) (b) GnuPG digital signatures i. Example: Obtaining a key from a key server ii. Verifying PGP signatures 7

iii. Verifying package signatures with rpm (c) ssh i. Public key authentication ii. Tunneling iii. ssh client issues iv. ssh server issues (d) Lab 15. SSL and TLS (Lecture: 30; Lab: 60) (a) Overview (b) The server (c) The client (d) OpenSSL (e) SSL/TLS configuration for servers i. Apache ii. SMTP AUTH and STARTTLS iii. stunnel 4.0 iv. stunnel configuration file (f) SSL/TLS issues in web browsers (g) Important Points 16. IPsec (Lecture: 30; Lab: 60) Appendices (b) How IPsec works (c) IPsec implementations for Linux (d) ipsec-tools (e) IPsec issues (f) VPN Security (g) Summary A. Review of networking concepts (Lecture: 15; Lab: 0) (a) ISO model of networking i. Network layer addressing (b) UDP (c) TCP i. TCP connection setup (d) ICMP B. Loop filesystem (Lecture: 0; Lab: 0) 8

(a) Loop device C. Security packages and distributions (Lecture: 20; Lab: 20-140) (a) Bastille Linux (b) LIDS (c) OpenWall (d) Trustix Secure Linux (e) Debian (f) OpenBSD (g) Lab D. Kernel configuration options (optional) (Lecture: 20; Lab: 105) (a) Kernel modules (b) lcap (c) Lab E. Network Configuration (Lecture: 30; Lab: 45) (a) Network configuration i. DHCP client configuration ii. Static network configuration (b) DNS lookups i. /etc/resolv.conf ii. host (c) Virtual network interfaces (d) mii-tool and ethtool i. Examples (e) system-config-network (f) Troubleshooting (g) Summary F. Network services (Lecture: 30; Lab: 45) (a) xinetd (b) ssh i. Public key authentication ii. Tunneling (c) NFS i. Client ii. Server (d) Automounter (e) Troubleshooting (f) Summary (g) Lab 9

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information