ENTERPRISE LINUX SECURITY ADMINISTRATION



Similar documents
GL-550: Red Hat Linux Security Administration. Course Outline. Course Length: 5 days

GL550 - Enterprise Linux Security Administration

ENTERPRISE LINUX SECURITY ADMINISTRATION

GL254 - RED HAT ENTERPRISE LINUX SYSTEMS ADMINISTRATION III

COURCE TITLE DURATION LPI-202 Advanced Linux Professional Institute 40 H.

ENTERPRISE LINUX SYSTEM ADMINISTRATION

ENTERPRISE LINUX NETWORKING SERVICES

GL275 - ENTERPRISE LINUX NETWORKING SERVICES

GL-250: Red Hat Linux Systems Administration. Course Outline. Course Length: 5 days

RedHat (RHEL) System Administration Course Summary

Information Security Measures and Monitoring System at BARC. - R.S.Mundada Computer Division B.A.R.C., Mumbai-85

GL-275: Red Hat Linux Network Services. Course Outline. Course Length: 5 days

ENTERPRISE LINUX NETWORKING SERVICES

Linux Operating System Security

"Charting the Course... Enterprise Linux Networking Services Course Summary

Linux for UNIX Administrators

Red Hat System Administration 1(RH124) is Designed for IT Professionals who are new to Linux.

SCP - Strategic Infrastructure Security

Security Provider Integration Kerberos Authentication

Getting Started in Red Hat Linux An Overview of Red Hat Linux p. 3 Introducing Red Hat Linux p. 4 What Is Linux? p. 5 Linux's Roots in UNIX p.

3 Days Course on Linux Firewall & Security Administration

FreeIPA - Open Source Identity Management in Linux

NETASQ ACTIVE DIRECTORY INTEGRATION

Oracle Linux Advanced Administration

Kerberos and Single Sign-On with HTTP

Small Systems Solutions is the. Premier Red Hat and Professional. VMware Certified Partner and Reseller. in Saudi Arabia, as well a competent

Likewise Security Benefits

Linux Security on HP Servers: Security Enhanced Linux. Abstract. Intended Audience. Technical introduction

White Paper. Fabasoft on Linux - Preparation Guide for Community ENTerprise Operating System. Fabasoft Folio 2015 Update Rollup 2

Lab Tasks 1. Configuring a Slave Name Server 2. Configure rndc for Secure named Control

ACE Management Server Deployment Guide VMware ACE 2.0

Unit objectives IBM Power Systems

Linux Troubleshooting. 5 Days

MongoDB Security Guide

How to build an Identity Management System on Linux. Simo Sorce Principal Software Engineer Red Hat, Inc.

Single sign-on websites with Apache httpd: Integrating with Active Directory for authentication and authorization

TIBCO Spotfire Platform IT Brief

NETWORK SECURITY HACKS

Install and Configure an Open Source Identity Server Lab

Identity Management: The authentic & authoritative guide for the modern enterprise

Kerberos and Single Sign On with HTTP

Penetration Testing. NTS330 Unit 1 Penetration V1.0. February 20, Juan Ortega. Juan Ortega, juaorteg@uat.edu. 1 Juan Ortega, juaorteg@uat.

NETWORK SECURITY HACKS *

OnCommand Performance Manager 1.1

ACE Management Server Administrator s Manual VMware ACE 2.6

REPORT ON AUDIT OF LOCAL AREA NETWORK OF C-STAR LAB

Port Scanning and Vulnerability Assessment. ECE4893 Internetwork Security Georgia Institute of Technology

Implementing Failover Capabilities in Red Hat Network Satellite

LINUX SECURITY COOKBOOK. DanieIJ. Barren, Richard E Silverman, and Robert G. Byrnes

Single Sign-on (SSO) technologies for the Domino Web Server

RHCSA 7RHCE Red Haf Linux Certification Practice

ANNEXURE-1 TO THE TENDER ENQUIRY NO.: DPS/AMPU/MIC/1896. Network Security Software Nessus- Technical Details

Windows Security and Directory Services for UNIX using Centrify DirectControl

Device Log Export ENGLISH

Deploying Ubuntu Server Edition. Training Course Overview. (Ubuntu LTS)

What s New in Centrify Server Suite 2015

Network Security and Firewall 1

FreeIPA Cross Forest Trusts

Single Sign On. Configuration Checklist for Single Sign On CHAPTER

Installing Squid with Active Directory Authentication

Identity Management based on FreeIPA

Dell Proximity Printing Solution. Installation Guide

External and Federated Identities on the Web

Integrating Linux systems with Active Directory

Linux VPS with cpanel. Getting Started Guide

Building Open Source Identity Management with FreeIPA. Martin Kosek

Security FAQs (Frequently Asked Questions) for Xerox Remote Print Services

Centrify Identity and Access Management for Cloudera

1 Scope of Assessment

Moving to Plesk Automation 11.5

Integration with Active Directory. Jeremy Allison Samba Team

DenyAll Detect. Technical documentation 07/27/2015

Penetration Testing Workshop

Overview of Network Security The need for network security Desirable security properties Common vulnerabilities Security policy designs

Pre Sales Communications

ICANWK401A Install and manage a server

ICANWK504A Design and implement an integrated server solution

Introduction to Network Discovery and Identity

Discovering Mac OS X Weaknesses and Fixing Them with the New Bastille OS X Port

Univention Corporate Server. Extended domain services documentation

MongoDB Security Guide Release 3.0.6

Using Nessus In Web Application Vulnerability Assessments

Port Scanning. Objectives. Introduction: Port Scanning. 1. Introduce the techniques of port scanning. 2. Use port scanning audit tools such as Nmap.

Red Hat Identity Management

Mohamed Zaki. Certificates and Training. Qualifications. Phone : Address: RedHat Certification ID :

HARFORD COMMUNITY COLLEGE 401 Thomas Run Road Bel Air, MD Course Outline CIS INTRODUCTION TO UNIX

Advanced Linux System Administration Knowledge GNU/LINUX Requirements

Enabling Active Directory Authentication with ESX Server 1

IBM. Vulnerability scanning and best practices

Hosts HARDENING WINDOWS NETWORKS TRAINING

HP Education Services

Secret Server Qualys Integration Guide

Automating Cloud Security with Centrify Express and RightScale

The Mac OS X Server Essentials v10.5 Exam Skills Assessment Guide

Security Enhanced Linux and the Path Forward

Transcription:

ENTERPRISE LINUX SECURITY ADMINISTRATION This highly technical course focuses on properly securing machines running the Linux operating systems. A broad range of general security techniques such as packet filtering, password policies, and file integrity checking are covered. Advanced security technologies such as Kerberos and SELinux are taught. Special attention is given to securing commonly deployed network services. At the end of the course, students have an excellent understanding of the potential security vulnerabilities -- know how to audit existing machines, and how to securely deploy new network services. Prerequisites: This class covers advanced security topics and is intended for experienced systems administrators. Candidates should have current Linux or UNIX systems administration experience equivalent to the "Linux Fundamentals", "Enterprise Linux Systems Administration", and "Enterprise Linux Network Services" Supported Distributions: Red Hat Enterprise Linux 6 SUSE Linux Enterprise 11 Recommended Class Length: 5 days Detailed Course Outline: 1. SECURITY CONCEPTS 1. Basic Security Principles 2. RHEL6 Default Install 3. RHEL6 Firewall 4. SLES11 Default Install 5. SLES11 Firewall 6. SLES11: File Security 7. Minimization â Discovery 8. Service Discovery 9. Hardening 10. Security Concepts 11. Removing Packages Using RPM 12. Firewall Configuration 13. Process Discovery 14. Operation of the setuid() and capset() System Calls 15. Operation of the chroot() System Call 2. SCANNING, PROBING, AND MAPPING VULNERABILITIES 1. The Security Environment 2. Stealth Reconnaissance 3. The WHOIS database

4. Interrogating DNS 5. Discovering Hosts 6. Discovering Reachable Services 7. Reconnaissance with SNMP 8. Discovery of RPC Services 9. Enumerating NFS Shares 10. Nessus Insecurity Scanner 11. Configuring OpenVAS 12. NMAP 13. OpenVAS 14. Advanced nmap Options 3. PASSWORD SECURITY AND PAM 1. Unix Passwords 2. Password Aging 3. Auditing Passwords 4. PAM Overview 5. PAM Module Types 6. PAM Order of Processing 7. PAM Control Statements 8. PAM Modules 9. pam_unix 10. pam_cracklib.so 11. pam_pwcheck.so 12. pam_env.so 13. pam_xauth.so 14. pam_tally2.so 15. pam_wheel.so 16. pam_limits.so 17. pam_nologin.so 18. pam_deny.so 19. pam_warn.so 20. pam_securetty.so 21. pam_time.so 22. pam_access.so 23. pam_listfile.so 24. pam_lastlog.so 25. pam_console.so 26. John the Ripper 27. Cracklib 28. Using pam_listfile to Implement Arbitrary ACLs 29. Using pam_limits to Restrict Simultaneous Logins 30. Using pam_nologin to Restrict Logins 31. Using pam_access to Restrict Logins 32. su & pam 4. SECURE NETWORK TIME PROTOCOL (NTP) 1. The Importance of Time 2. Hardware and System Clock 3. Time Measurements

4. NTP Terms and Definitions 5. Synchronization Methods 6. NTP Evolution 7. Time Server Hierarchy 8. Operational Modes 9. NTP Clients 10. Configuring NTP Clients 11. Configuring NTP Servers 12. Securing NTP 13. NTP Packet Integrity 14. Useful NTP Commands 15. Configuring and Securing NTP 16. Peering NTP with Multiple Systems 5. KERBEROS CONCEPTS AND COMPONENTS 1. Common Security Problems 2. Account Proliferation 3. The Kerberos Solution 4. Kerberos History 5. Kerberos Implementations 6. Kerberos Concepts 7. Kerberos Principals 8. Kerberos Safeguards 9. Kerberos Components 10. Authentication Process 11. Identification Types 12. Logging In 13. Gaining Privileges 14. Using Privileges 15. Kerberos Components and the KDC 16. Kerberized Services Review 17. Kerberized Clients 18. KDC Server Daemons 19. Configuration Files 20. Utilities Overview 6. IMPLEMENTING KERBEROS 1. Plan Topology and Implementation 2. Kerberos 5 Client Software 3. Kerberos 5 Server Software 4. Synchronize Clocks 5. Create Master KDC 6. Configuring the Master KDC 7. KDC Logging 8. Kerberos Realm Defaults 9. Specifying [realms] 10. Specifying [domain_realm] 11. Allow Administrative Access 12. Create KDC Databases 13. Create Administrators 14. Install Keys for Services 15. Start Services 16. Add Host Principals

17. Add Common Service Principals 18. Configure Slave KDCs 19. Create Principals for Slaves 20. Define Slaves as KDCs 21. Copy Configuration to Slaves 22. Install Principals on Slaves 23. Create Stash on Slaves 24. Start Slave Daemons 25. Client Configuration 26. Install krb5.conf on Clients 27. Client PAM Configuration 28. Install Client Host Keys 29. Implementing Kerberos 7. ADMINISTERING AND USING KERBEROS 1. Administrative Tasks 2. Key Tables 3. Managing Keytabs 4. Managing Principals 5. Viewing Principals 6. Adding, Deleting, and Modifying Principals 7. Principal Policy 8. Overall Goals for Users 9. Signing In to Kerberos 10. Ticket types 11. Viewing Tickets 12. Removing Tickets 13. Passwords 14. Changing Passwords 15. Giving Others Access 16. Using Kerberized Services 17. Kerberized FTP 18. Enabling Kerberized Services 19. OpenSSH and Kerberos 20. Using Kerberized Clients 21. Forwarding Kerberos Tickets 22. OpenSSH with Kerberos 8. SECURING THE FILESYSTEM 1. Filesystem Mount Options 2. NFS Properties 3. NFS Export Option 4. NFSv4 and GSSAPI Auth 5. Implementing NFSv4 6. Implementing Kerberos with NFS 7. GPG â GNU Privacy Guard 8. File Encryption with OpenSSL 9. File Encryption With encfs 10. Linux Unified Key Setup (LUKS)

11. Securing Filesystems 12. Securing NFS 13. Implementing NFSv4 14. File Encryption with GPG 15. File Encryption With OpenSSL 16. LUKS-on-disk format Encrypted Filesystem 9. AIDE 1. Host Intrusion Detection Systems 2. Using RPM as a HIDS 3. Introduction to AIDE 4. AIDE Installation 5. AIDE Policies 6. AIDE Usage 7. File Integrity Checking with RPM 8. File Integrity Checking with AIDE 10. ACCOUNTABILITY WITH KERNEL AUDITD 1. Accountability and Auditing 2. Simple Session Auditing 3. Simple Process Accounting & Command History 4. Kernel-Level Auditing 5. Configuring the Audit Daemon 6. Controlling Kernel Audit System 7. Creating Audit Rules 8. Searching Audit Logs 9. Generating Audit Log Reports 10. Audit Log Analysis 11. Auditing Login/Logout 12. Auditing File Access 13. Auditing Command Execution 11. SELINUX 1. DAC vs. MAC 2. Shortcomings of Traditional Unix Security 3. AppArmor 4. SELinux Goals 5. SELinux Evolution 6. SELinux Modes 7. Gathering Information 8. SELinux Virtual Filesystem 9. SELinux Contexts 10. Managing Contexts 11. The SELinux Policy 12. Choosing an SELinux Policy 13. Policy Layout 14. Tuning and Adapting Policy 15. Booleans

16. Permissive Domains 17. Managing File Contexts 18. Managing Port Contexts 19. SELinux Policy Tools 20. Examining Policy 21. SELinux Troubleshooting 22. SELinux Troubleshooting Continued 23. Exploring SELinux Modes 24. SELinux Contexts in Action 25. Managing SELinux Booleans 26. Creating Policy with Audit2allow 27. Creating & Compiling Policy from Source 12. SECURING APACHE 1. Apache Overview 2. httpd.conf â Server Settings 3. Configuring CGI 4. Turning Off Unneeded Modules 5. Delegating Administration 6. Apache Access Controls (mod_access) 7. HTTP User Authentication 8. Standard Auth Modules 9. HTTP Digest Authentication 10. Authentication via SQL 11. Authentication via LDAP 12. Authentication via Kerberos 13. Scrubbing HTTP Headers 14. Metering HTTP Bandwidth 15. Hardening Apache by Minimizing Loaded Modules 16. Scrubbing Apache & PHP Version Headers 17. Protecting Web Content 18. Using the suexec Mechanism 19. Enabling SSO in Apache with mod_auth_kerb 13. SECURING POSTGRESQL 1. PostgreSQL Overview 2. PostgreSQL Default Config 3. Configuring SSL 4. Client Authentication Basics 5. Advanced Authentication 6. Ident-based Authentication 7. Configure PostgreSQL 8. PostgreSQL with SSL 9. PostgreSQL with Kerberos Authentication 10. Securing PostgreSQL with Web Based Applications

A. SECURING EMAIL SYSTEMS 1. SMTP Implementations 2. Security Considerations 3. chrooting Postfix 4. Email with GSSAPI/Kerberos Auth 5. Postfix In a Change Root Environment

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information