Course Overview
The course will teach students how to use local and network security. This is a course for those responsible for the configuration, managing and setup of Linux system security e.g. kernel security, data security, file system security, password security, ACLs, SELinux, network services security, TCPWrappers, Linux-based firewall with iptables and Virtual Private Networking.
Goal
Upon completion of this course, students should be able to:
|
|
- Discuss network and local system security and place the firewall therein
- Install and harden Linux system
- System monitoring
- Understand PAM authentication
- Securing the kernel, file systems and data
- Manage TCPWrappers for securing services
- SELinux administration
- Configure iptables packet filtering and Network Address Translation
- Configure Virtual Private Networking
- Configure and use hacker’s tools
- Detect and counter firewall intrusions
|
Pre-Requisites
Have an experience using Linux Operating System and have basic programming skills.
Who Should Attend?
This course is designed for experienced Linux and networking professionals who are responsible for configuring and maintaining security for Linux systems. System / Network administrators & support people, programmers and prospective Linux power users, looking to harness the power of task automation through shell scripting.
Linux Security Administration – Schedule
|
Day 1
|
|
09.00am – 10.00am
|
Introduction to Security and Firewall
- Definition of security
- Security policy
- Type of attack
- Principles of security
- Security practices
- Hackers, crackers and script kiddies
- Motivation of hackers and crackers
- What you have to lose
- What is a firewall?
- Position of a firewall
- Virtual Private Networking
- Network security techniques and usage
|
| 10.00am – 10.30am |
Breakfast
|
|
10.30am – 12.45pm
|
PAM Authentication
- Authentication
- PAM
- Password security
- Password policy
- Utilities and authentication
- PAM troubleshooting
|
|
12.45pm – 02.15pm
|
Lunch
|
|
02.15pm – 05.00pm
|
System Monitoring
- Introduction to system monitoring
- File system analysis
- System log file
- Log file analysis
- Monitoring process
- Process monitoring utilities
- System activity reporting
- Limiting process
- Process accounting tools
Installing and Securing Linux
- Installing Linux
- Applying patches
- Kernel recompilation
- Hardening Linux
- User account considerations
- Disabling services
- Filesystem Hardening
- Access Control Lists (ACLs)
- Kernel tuning and configuration options
|
|
Day 2
|
|
09.00am – 10.00am
|
Securing Services
- System V startup control
- Securing the services
- TCPWrappers configuration
- Securing xinetd
- Securing DNS
- Securing Mail
|
|
10.00am – 10.30am
|
Breakfast
|
|
10.30am – 12.45pm
|
Securing Data
- Fundamentals of encryption
- The need for encryption
- Symmetric encryption
- Asymmetric encryption
- Public Key Infrastructure (PKI)
- Digital certificates
|
|
12.45pm – 02.15pm
|
Lunch
|
|
02.15pm – 05.00pm
|
SELinux Administration
- Security Enhanced Linux (SELinux)
- SELinux targeted policy
- SELinux installation options and control
- Controlling SELinux
- SELinux contexts
- Troubleshooting SELinux
|
|
Day 3
|
|
09.00am – 10.00am
|
Securing Network
- Packet filtering overview
- Network Address Translation
- Kernel-level firewall implementation with iptables
- Protection against spoofed addresses
- IP masquerading
- FWBuilder
|
|
10.00am – 10.30am
|
Breakfast
|
|
10.30am – 12.45pm
|
Virtual Private Networking
- Virtual Private Network concepts
- Virtual Private Network solutions
- IPSec
|
|
12.45pm – 02.15pm
|
Lunch
|
|
02.15pm – 05.00pm
|
Hacker’s Tools
- Sniffers
- Ethereal
- Nmap
- Nessus
|
