Canada IT Courses
ExitCertified US




ExitCertified - Excellence in IT Certified Education
 
IT education classes
IT training feature sheet
 
   
 
start > courses and registration > training feature sheet
Enterprise Linux Security Administration
 
 
 
 
ibm certified training   this course works with savings passes
 
code. QLG55   length. 5 days
type. Instructor-Led   partner. IBM
price.
$2,750  
 
 
In this highly technical course, focus on properly securing machines running the Linux operating systems. Examine a broad range of general security techniques, such as user/group policies and file integrity checking. Learn advanced security technologies, such as Kerberos, Security Enhanced Linux (SELinux), and the hardening of popular applications, such as Apache, databases, and e-mail systems. By the end of the course, gain an excellent understanding of the potential security vulnerabilities: know how to audit existing machines and best practices on how to securely deploy new Linux servers.
 
course schedule  
 
There are currently no scheduled dates for this course. If you are interested in this course, request a course date with the links below.
   
Request course date Request on site training
 
who can benefit
  
 
This is an expert course for:

Individuals who are Linux system administrators needing to secure Linux systems
Individuals seeking security auditing skills for Linux systems
Individuals who administer Red Hat Enterprise Linux or SUSE Linux Enterprise Server based systems


 
prerequisites
  
 
You should have strong Linux system administration experience. You should be comfortable with concepts and tasks, such as editing text files in UNIX and starting and stopping services/daemons. A good grasp of networking concepts is helpful.
 
skills gained
  
 

Understand core security concepts, such as firewalling, file security, discovery, and hardening
Use tools for probing, mapping, and scanning for vulnerabilities including nmap and nessus
Implement a hardened Network Time Protocol (NTP) client/server setup for secure, synchronized network time
Secure a system's filesystem using Network File System (NFS), GNU Privacy Guard (GPG), and TripWire
Implement password security and Pluggable Authentication Module (PAM)
Deploy a secure authentication system using Kerberos
Configure SELinux policies
Perform a security audit on Linux systems
Securely deploy new network services, such as Apache, PostgreSQL, PHP, and Posfix
 
ibm education advantage program eligibility:
  
 

Yes - IBM Education Pack - online account




 
course content details  
 


  Section 1 - security concepts

basic security principles
Red hat enterprise Linux (RHEL) /Fiber Channel (FC) /SUSE Linux enterprise Server (SLES) / SUSE Linux (SL) default install
Red hat (RH) /SUSE firewall options and file security
minimization - discovery
service discovery
hardening
security concepts




  Lab 1 - security concepts

discovering what software packages are installed and removing unneeded packages
using lokkit for firewall configuration
identification of running services and removing unneeded services
increasing security using system calls and chroot




  Section 2 - probing, mapping, and scanning for vulnerabilities

the security environment
stealth reconnaissance
the WHOIS database
interrogating Domain Name System (DNS)
discovering available hosts and applications
reconnaissance with Simple Network Management Protocol (SNMP)
discovery of Remote Procedure Call (RPC) services
enumerating NFS shares
Nessus insecurity scanner and installation




  Lab 2 - probing, mapping and Nessus

Discovery of listening services and remote stack fingerprinting
Installing, configuring and testing Nessus insecurity scanner




  Section 3 - password security and PAM

UNIX passwords
password aging
auditing passwords
PAM implementation, management, and control statements
PAM modules
pam_stack.so, pam_unix.so, pam_unix2.so, pam_cracklib.so, pam_pwcheck.so, pam_env.so, pam_xauth..so, pam_tally.so, pam_wheel.so, pam_limits.so, pam_nologin.so, pam_deny.so, pam_securetty.so, pam_time.so, pam_access.so, pam_listfile.so, pam_lastlog.so, pam_warn.so, pam_console.so, pam_resmgr.so, and pam_devperm.so
user device access: resmgr




  Lab 3 - PAMs

auditing user password quality
creating additional dictionaries for use with cracklib
working with PAM modules
limiting access activities of users and accounts




  Section 4 - secure NTP

the importance of time
time measurements and synchronization methods
NTP evolution
time server hierarchy
operational modes
NTP clients
configuring NTP clients and servers
securing NTP
NTP packet integrity
useful NTP commands




  Lab 4 - secure NTP

configuring NTP peering
configuring strong authentication on a NTP server
defining access control lists (ACL) for secure access to NTP server


  Section 5 - Kerberos concepts

the computing landscape
common security problems
account proliferation
the Kerberos solution
Kerberos history, implementations, and concepts
Kerberos principals, safeguards, and components
authentication process and identification types
logging in
gaining and using privileges




  Section 6 - Kerberos components

Kerberos components
Kerberos principal review
Kerberized services review and clients
Key Distribution Center (KDC) server daemons
Configuration files
Utilities overview
Kerberos sysV init scripts




  Section 7 - implementing Kerberos

plan topology and implementation
Kerberos 5 client and server software
synchronize clocks
creating and configuring the master KDC
KDC logging
specifying [realms] and [domain_realm]
allow administrative access
create KDC databases and administrators
Install Keys for services and start services
add host principals and common service principals
configure slave KDCs
client configuration
Install krb5.conf on clients
client PAM configuration
Install client host keys




  Section 8 - administrating and using Kerberos

administrative tasks
key tables
managing keytabs
principals and managing principals
Massachusetts Institute of Technology (MIT) principal policy
viewing principals
MIT managing policies
goals for users
signing into Kerberos
ticket types and viewing tickets
Graphical User Interface (GUI) Kerberos ticket management
removing tickets
Passwords and changing passwords
giving others access
using Kerberized services
Kerberized FTP
enabling Kerberized services
OpenSSH and Kerberos




  Lab 8 - using Kerberized clients

system configuration for use of Kerberized client and server applications
using the Kerberized Telnet to connect via a ticket and encrypt the data for the session
exploring the utility and behavior of forwardable tickets
configuring an OpenSSH server and client to accept and use Kerberos authentication
testing Kerberos authentication with OpenSSH


  Section 9 securing the filesystem

filesystem mount options
NFS properties and NFS export option
NFSv4 and Generic Security Service Application Program Interfaces (GSS-API) auth
implementing NFSv4
file encryption with GPG and OpenSSL
encrypted loopback File System (FS)




  Lab 9 - filesystem security and file encryption

modification of filesystem mounting options to increase system security
configuring and securing an NFS share
encrypting and decrypting files using GPG and OpenSSL
setting up a NFSv4 share with GSSAPI/Kerberos authentication




  Section 10 - TripWire

host intrusion detection
using Red Hat Package Manager (RPM) as an Intrusion Detection System (IDS)
TripWire history and concepts
TripWire installation, policies, and configuration
TripWire commands and general operation




  Lab 10 - file integrity checking with RMP / TripWire

verifying the integrity of files on the system and files in a directory
configuring TripWire to monitor files and report changes




  Section 11 - securing Apache

Apache overview
RH/SUSE default configuration
configuring Common Gateway Interface (CGI)
turning off unneeded modules
configuration delegation and scope
ACL by Internet Protocol (IP) address
Hypertext Transfer Protocol (HTTP) user authentication
Standard auth modules
HTTP digest authentication
authentication via SQL, Lightweight Directory Access Protocol (LDAP), and Kerberos
scrubbing HTTP headers
metering HTTP bandwidth




  Section 12 - securing PostgreSQL

PostgreSQL overview and default configuration
configuring Secure Sockets Layer (SSL)
authentication methods and advanced authentication
ident-based authentication




  Lab 12- securing PostgreSQL

configuring PostgreSQL to accept remote Transmission Control Protocol (TCP) connections
configuring PostgreSQL to support strong authentication via SSL
configuring PostgreSQL to support Kerberos
setting up and configuring a Web-based multiuser PHP calendaring application that uses PostgreSQL
configuring Apache to support Kerberos authentication and to require SSL




  Section 13 - securing e-mail systems

Simple Mail Transfer Protocol (SMTP) overview and implementations
selecting an Message Transfer Agent (MTA)
security considerations
Postfix overview
Chrooting Postfix
connections and relays
SMTP AUTH and Start Transport Layer Security (TLS) /SSL
secure Cyrus Internet Message Access Protocol (IMAP) config
using GSSAPI/Kerberos auth


  Lab 13 - securing email

configuring a system to use Postfix
configuring Postfix to listen on the network and accept mail
modifying Postfix's sysV init script to set up and maintain the proper environment for chrooting Postfix daemons each time it starts
configuring Postfix to chroot some of its daemons
configuring Postfix to use SMTP AUTH via PAM for secure relaying
configuring Postfix to support STARTTLS to secure SMTP AUTH
configuring Cyrus IMAP with SSL/TLS for IMAPS and Post Office Protocol 3 (POP3) access
configuring Postfix to deliver mail to Cyrus IMAP
setting up evolution to test Postfix and Cyrus IMAP
generating Kerberos principals for Cyrus IMAP and Postfix
reconfiguring Cyrus IMAP and Postfix to perform GSSAPI/Kerberos authentication
reconfiguring evolution to perform GSSAPI/Kerberos authentication




  Section 14 - Security Enhanced Linux (SELinux) concepts

Massachusetts Institute of Technology (MIT) versus Media Access Control (MAC)
shortcomings of traditional UNIX security
SELinux goals, terms, and logical architecture
SELinux in action
activating and interfacing SELinux
SELinux commands and roles
modified system utilities




  Lab 14 - SELinux concepts

installing and initializing SELinux
working with several SELinux management commands to see how roles and contexts are used on the system




  Section 15 - SELinux policy

SELinux policies review
choosing a policy
compiled policy files
policy source files
M4 macro language
file context files (*.fc)
type enforcement files (*.te)
Booleans
graphical policy tools
policy analysis
policy customization
troubleshooting SELinux problems




  Lab 15 - SELinux policy

enabling strict policy
changing roles on the system
understanding the difference between how context labels are treated with the cp and mv commands
setting SELinux Boolean values
modifying the default policy so that users can do a directory listing in /var/log





 
Free PSP - FREE GPS

Save on IBM Training



find a course
 
phone us
 
view course schedule





Free PSP - FREE GPS

 
go to top
Sun Microsystems, Veritas, Oracle, Symantec, and Project Management IT Education Sun Microsystems, Veritas, Oracle, Symantec, and Project Management IT Education
© 2008 ExitCertified. All rights reserved.
terms of use and disclaimer :: privacy policy :: webmaster :: link to us