ENTERPRISE LINUX SECURITY ADMINISTRATION



Similar documents
GL550 - Enterprise Linux Security Administration

ENTERPRISE LINUX SECURITY ADMINISTRATION

GL-550: Red Hat Linux Security Administration. Course Outline. Course Length: 5 days

COURCE TITLE DURATION LPI-202 Advanced Linux Professional Institute 40 H.

GL254 - RED HAT ENTERPRISE LINUX SYSTEMS ADMINISTRATION III

ENTERPRISE LINUX NETWORKING SERVICES

GL275 - ENTERPRISE LINUX NETWORKING SERVICES

ENTERPRISE LINUX SYSTEM ADMINISTRATION

GL-275: Red Hat Linux Network Services. Course Outline. Course Length: 5 days

"Charting the Course... Enterprise Linux Networking Services Course Summary

GL-250: Red Hat Linux Systems Administration. Course Outline. Course Length: 5 days

Information Security Measures and Monitoring System at BARC. - R.S.Mundada Computer Division B.A.R.C., Mumbai-85

ENTERPRISE LINUX NETWORKING SERVICES

RedHat (RHEL) System Administration Course Summary

Linux for UNIX Administrators

3 Days Course on Linux Firewall & Security Administration

Linux Operating System Security

SCP - Strategic Infrastructure Security

Security Provider Integration Kerberos Authentication

Oracle Linux Advanced Administration

Lab Tasks 1. Configuring a Slave Name Server 2. Configure rndc for Secure named Control

Small Systems Solutions is the. Premier Red Hat and Professional. VMware Certified Partner and Reseller. in Saudi Arabia, as well a competent

Red Hat System Administration 1(RH124) is Designed for IT Professionals who are new to Linux.

NETASQ ACTIVE DIRECTORY INTEGRATION

FreeIPA - Open Source Identity Management in Linux

REPORT ON AUDIT OF LOCAL AREA NETWORK OF C-STAR LAB

Linux Troubleshooting. 5 Days

Port Scanning and Vulnerability Assessment. ECE4893 Internetwork Security Georgia Institute of Technology

NETWORK SECURITY HACKS *

How to build an Identity Management System on Linux. Simo Sorce Principal Software Engineer Red Hat, Inc.

Kerberos and Single Sign-On with HTTP

Unit objectives IBM Power Systems

ACE Management Server Deployment Guide VMware ACE 2.0

White Paper. Fabasoft on Linux - Preparation Guide for Community ENTerprise Operating System. Fabasoft Folio 2015 Update Rollup 2

NETWORK SECURITY HACKS

Penetration Testing. NTS330 Unit 1 Penetration V1.0. February 20, Juan Ortega. Juan Ortega, juaorteg@uat.edu. 1 Juan Ortega, juaorteg@uat.

ANNEXURE-1 TO THE TENDER ENQUIRY NO.: DPS/AMPU/MIC/1896. Network Security Software Nessus- Technical Details

RH033 Red Hat Linux Essentials or equivalent experience with Red Hat Linux..

Single sign-on websites with Apache httpd: Integrating with Active Directory for authentication and authorization

LINUX SECURITY COOKBOOK. DanieIJ. Barren, Richard E Silverman, and Robert G. Byrnes

RHCSA 7RHCE Red Haf Linux Certification Practice

HP Education Services

Device Log Export ENGLISH

Port Scanning. Objectives. Introduction: Port Scanning. 1. Introduce the techniques of port scanning. 2. Use port scanning audit tools such as Nmap.

Install and Configure an Open Source Identity Server Lab

Windows Security and Directory Services for UNIX using Centrify DirectControl

MongoDB Security Guide

1 Scope of Assessment

CYBERTRON NETWORK SOLUTIONS

IBM. Vulnerability scanning and best practices

Advanced Linux System Administration Knowledge GNU/LINUX Requirements

Setting up a DNS MX Record for mail.corp.com p. 327 Installing Fedora on the Front-End Mail Server with the Postfix and SpamAssassin Packages

Designing a Windows Server 2008 Applications Infrastructure

TIBCO Spotfire Platform IT Brief

Linux VPS with cpanel. Getting Started Guide

Univention Corporate Server. Extended domain services documentation

Likewise Security Benefits

Single Sign-on (SSO) technologies for the Domino Web Server

Building Open Source Identity Management with FreeIPA. Martin Kosek

Overview of Network Security The need for network security Desirable security properties Common vulnerabilities Security policy designs

Installing Squid with Active Directory Authentication

Using Nessus In Web Application Vulnerability Assessments

Getting Started in Red Hat Linux An Overview of Red Hat Linux p. 3 Introducing Red Hat Linux p. 4 What Is Linux? p. 5 Linux's Roots in UNIX p.

Andreas Dittrich, Philipp Reinecke Testing of Network and System Security. example.

Mohamed Zaki. Certificates and Training. Qualifications. Phone : Address: RedHat Certification ID :

Identity Management: The authentic & authoritative guide for the modern enterprise

Citrix NetScaler 10 Essentials and Networking

Web Application Vulnerability Testing with Nessus

The course will be run on a Linux platform, but it is suitable for all UNIX based deployments.

Medical Device Security Health Imaging Digital Capture. Security Assessment Report for the Kodak DryView 8150 Imager Release 1.0.

Security FAQs (Frequently Asked Questions) for Xerox Remote Print Services

Single Sign On. Configuration Checklist for Single Sign On CHAPTER

CSE331: Introduction to Networks and Security. Lecture 17 Fall 2006

Introduction to Network Discovery and Identity

Best Practices Guide for NerveCenter System and Security Administrators. Windows and UNIX Version 5.x Version 6.x. July 2011 NCBPSA

Web App Security Audit Services

Network Security and Firewall 1

OnCommand Performance Manager 1.1

CUIT UNIX Standard Operating Environment and Security Best Practices

Advanced Administration for Citrix NetScaler 9.0 Platinum Edition

Pre Sales Communications

NetIQ Identity Manager Setup Guide

FreeIPA Cross Forest Trusts

Integration with Active Directory. Jeremy Allison Samba Team

The Mac OS X Server Essentials v10.5 Exam Skills Assessment Guide

Identity Management based on FreeIPA

External Identity and Authentication Providers For Apache HTTP Server

DenyAll Detect. Technical documentation 07/27/2015

Security Considerations White Paper for Cisco Smart Storage 1

Scan Report Executive Summary. Part 2. Component Compliance Summary IP Address :

External and Federated Identities on the Web

Kerberos and Single Sign On with HTTP

CA Performance Center

Linux Network Security

Transcription:

ENTERPRISE LINUX SECURITY ADMINISTRATION COURSE DESCRIPTION: This highly technical course focuses on properly securing machines running the Linux operating systems. A broad range of general security techniques such as packet filtering, password policies, and file integrity checking are covered. Advanced security technologies such as Kerberos and SELinux are taught. Special attention is given to securing commonly deployed network services. At the end of the course, students have an excellent understanding of the potential security vulnerabilities - know how to audit existing machines, and how to securely deploy new network services. PREREQUISITES: Type: Linux Duration: 5 days Audience: System Architechs. Advanced Linux System Adinistrator with at least 3 years experience. Security Specialists. This class covers advanced security topics and is intended for experienced systems administrators. Candidates should have current Linux or UNIX systems administration experience equivalent to the GL120 "Linux Fundamentals", GL250 "Enterprise Linux Systems Administration", and GL275 "Enterprise Linux Network Services" 1

CONTENT SECURITY CONCEPTS Basic Security Principles Linux Default Install Installer Firewall Options Post-Install Firewall Minimization - Discovery Service Discovery Hardening Security Concepts Removing Packages Using RPM Firewall Configuration Process Discovery Operation of the setuid() and capset() System Calls Operation of the chroot() System Call SCANNING, PROBING, AND MAPPING VULNERABILITIES The Security Environment Stealth Reconnaissance The WHOIS database Interrogating DNS Discovering Available Hosts and Apps Reconnaissance with SNMP Discovery of RPC Services Enumerating NFS Shares Nessus Insecurity Scanner Configuring OpenVAS NMAP OpenVAS Advanced NMAP Options PASSWORD SECURITY AND PAM Unix Passwords Password Aging Auditing Passwords PAM Implementation, Management, and Control Statements PAM Modules 2

pam_unix.so pam_cracklib.so pam_pwcheck.so pam_env.so pam_xauth.so pam_tally.so pam_wheel.so pam_limits.so pam_nologin.so pam_deny.so pam_securetty.so pam_time.so pam_access.so pam_listfile.so pam_lastlog.so pam_warn.so pam_console.so pam_resmgr.so pam_devperm.so John the Ripper Cracklib Using pam_listfile to Implement Arbitrary ACLs Using pam_limits to Restrict Simultaneous Logins Using pam_nologin to Restrict Logins Using pam_access to Restrict Logins su & pam SECURE NETWORK TIME PROTOCOL (NTP) The Importance of Time Time Measurements Terms and Definitions Synchronization Methods NTP Evolution Time Server Hierarchy Operational Modes NTP Clients Configuring NTP Clients and Servers Securing NTP NTP Packet Integrity Useful NTP Commands 3

Configuring and Securing NTP Peering NTP With Multiple Systems KERBEROS CONCEPTS Common Security Problems Account Proliferation The Kerberos Solution Kerberos History, Implementations, and Concepts Kerberos Principals, Safeguards, and Components Authentication Process Identification Types Logging In Gaining and Using Privileges KERBEROS COMPONENTS Kerberos Components KDC Kerberos Principal Review Kerberized Services Review Kerberized Clients KDC Server Daemons Configuration Files Utilities Overview Kerberos SysV Init Scripts IMPLEMENTING KERBEROS Plan Topology Plan Implementation Kerberos 5 Client Software Kerberos 5 Server Software Synchronize Clocks Creating and Configuring the Master KDC KDC Logging Kerberos Realm Defaults Specifying [realms] Specifying [domain_realm] Allow Administrative Access Create KDC Databases and Administrators Install Keys for Services Start Services Add Host Principals Add Common Service Principals Configure Slave KDCs 4

Create Principals for Slaves Define Slaves as KDCs Copy Configuration to Slaves Install Principals on Slaves Synchronization of Database Propagate Data to Slaves Create Stash on Slaves Start Slave Daemons Client Configuration Install krb5.conf on Clients Client PAM Configuration Install Client Host Keys Implementing Kerberos ADMINISTRATING AND USING KERBEROS Administrative Tasks Key Tables Managing Keytabs Principals Managing Principals Principal Policy Viewing Principals Managing Policies Overall Goals for Users Signing Into Kerberos Ticket types Viewing Tickets Removing Tickets Passwords Changing Passwords Giving Others Access Using Kerberized Services Kerberized FTP Enabling Kerberized Services OpenSSH and Kerberos Using Kerberized Clients Forwarding Kerberos Tickets OpenSSH with Kerberos SECURING THE FILESYSTEM 5

Filesystem Mount Options NFS Properties NFS Export Option NFSv4 and GSSAPI Auth Implementing NFSv4 File Encryption with GPG and OpenSSL Linux Unified Key Setup (LUKS) Securing Filesystems Securing NFS Implementing NFSv4 File Encryption With GPG File Encryption With OpenSSL LUKS-on-disk format Encrypted Filesystem AIDE Host Intrusion Detection Using RPM as an HIDS Introduction to AIDE Concepts of AIDE AIDE Installation AIDE Policies AIDE Usage File Integrity Checking with RPM File Integrity Checking with AIDE SECURING APACHE Apache Overview Default Configuration Configuring CGI Turning Off Unneeded modules Configuration Delegation and Scope ACL by IP Address HTTP User Authentication Standard Auth Modules HTTP Digest Authentication Authentication via SQL, LDAP, and Kerberos Scrubbing HTTP Headers Metering HTTP Bandwidth 6

Hardening Apache by Minimizing Loaded Modules Scrubbing Apache & PHP version headers Protecting Web Content Using the suexec mechanism Enabling SSO in Apache with mod_auth_kerb SECURING POSTGRESQL PostgreSQL Overview and Default Configuration Configuring SSL Client Authentication Basics Authentication Methods Advanced Authentication Ident-based Authentication Configure PostgreSQL PostgreSQL with SSL PostgreSQL with Kerberos Authentication Securing PostgreSQL with Web Based Applications SECURING EMAIL SYSTEMS SMTP Overview SMTP Implementations Selecting an MTA Security Considerations Postfix Overview Chrooting Postfix Connections and Relays SMTP AUTH & StartTLS/SSL Secure Cyrus IMAP Config Using GSSAPI/Kerberos Auth Configuring Postfix Postfix Network Configuration Postfix In a Chrooted Environment Postfix SMTP AUTH Configuration Postfix STARTTLS Configuration Configuring Cyrus IMAP Kerberos with Postfix and Cyrus SELINUX CONCEPTS DAC vs. MAC Shortcomings of Traditional Unix Security 7

SELinux Goals, Evolution, and Modes Gathering Information SELinux Virtual Filesystem SELinux Contexts Managing Contexts SELinux Troubleshooting Exploring SELinux Modes SELinux Contexts in Action SELINUX POLICY The SELinux Policy Choosing a Policy Policy Layout Tuning and Adapting Policy Booleans Managing Booleans Managing File Contexts Managing Port Contexts Managing SELinux graphically Examining Policy Managing SELinux Booleans [RHEL] Creating Policy with Audit2allow [RHEL] Creating & Compiling Policy from Source [RHEL] ACCOUNTABILITY WITH KERNEL AUDITD Accountability and Auditing Simple Audit Tools Kernel-Level Auditing Configuring the Audit Daemon Controlling Kernel Audit System Creating Audit Rules Searching Audit Logs Generating Audit Log Reports Audit Log Analysis Auditing Login/Logout Auditing File Access Auditing Command Execution 8

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information