Register Here
DateLocation
Add to SQLSoft+
Watch List
Click on a date to register
SQLSoft Live Distance Learning   Live@DL
Add to your watch list
1409




VS-2200 - 5 days - Instructor-led (classroom)

Linux Security

Price: 3,000

Table of Contents

Introduction
Course Description
Audience/Prerequisites
At Course Completion
Certified Professional Exams
Student Materials
Topical Outline

Introduction

SQLSoft+ has partnered with SiegeWorks to bring this unique Linux Security course to the Puget Sound area. The flexibility and openness of the Linux operating system makes this a vital course for security professionals charged with providing effective security measures to their Linux environment.

Return to Top

Course Description

The UNIX family of operating systems, including the increasingly used Linux versions, is prized by IT professionals for its flexibility and openness. Vulnerabilities in standard configurations, however, can make UNIX systems susceptible to security threats. Protection against intrusion is an absolute requirement for those depending on UNIX systems. This course provides the knowledge and skills you need to establish security for your UNIX and Linux platforms. Through a series of practical hands-on exercises, you learn to use tools and utilities to assess vulnerabilities, detect configurations that threaten security, and provide effective access controls.

Return to Top

Audience/Prerequisites

Take this class if you:

  • Are an information security professionals charged with securing Linux platforms.
  • Are familiar with principles of Linux operating systems and fundamental
    principles and concepts of computer networks.

Return to Top

At Course Completion

At the end of this course, you will will understand:

  • Using automated tools to scan for UNIX vulnerabilities you can fix
  • Installing utilities to enforce the use of more secure passwords
  • Analyzing system logs for signs of intrusions and attacks
  • Exerting controls to limit the abuse of superuser privileges
  • Protecting a server with iptables packet-filtering rule
  • Configuring OpenSSH servers and clients
  • Securing applications with cryptographic tunnel
  • Detecting intrusions with Tripwire

Return to Top

Certified Professional Exams

Although no Exams are directly associated with this course, the depth of coverage and real world examples used in the course enable students who are geared towards Red Hat certifications to gain valuable knowledge in helping them prepare for certification.

Return to Top

Student Materials

Students receive a Student Workbook and supplemental handouts.

Return to Top

Topical Outline

Overview

1. Introduction: The Need For Security

2. Understanding the Problem

3. A secure topology

4. Assessing the Network

5. Packet Filtering with Iptables

6. Basic System Security Measures

7. Desktop Security

8. System Hardening

9. Access Control

10. Securing Services

11. Keeping Secure (staying up to Date etc.)

Detailed outline:

1. Introduction: The Need for Security in Linux

1.1 Introducing the Enemy - The Hacker Myth
1.2 Just Who Is at Risk?
1.3 The Implications of a Compromise
1.4 Hackers and Crackers
Summary

2. Understanding the Problem

Part I: Attacks Against Linux

2.1 Exploits and Vulnerabilities

  • Weak Passwords
  • suid Binaries
  • The Buffer Overflow
  • The Basics
  • Race Conditions
  • Key Logging
  • Unauthorized X Windows Access

2.2 Trojans and Backdoors

  • The Sendmail Trojan
  • Modifying /etc/passwd
  • Modifying /etc/inetd.conf
  • Creating SUID Shells
  • Trojaned System Binaries
  • CGI Abuse

2.3 Rootkits

  • FLEA
  • TOrn
  • Adore (2.4.x kernel)
  • Adore-ng (2.6.x kernel)

Part II: Attacks Against the Network

2.4 Denial of Service (DoS)

  • Distributed Flood Nets
  • The Smurf Attack
  • Fragmentation Attacks
  • SYN Flodding
  • Nonbandwidth-Oriented DoS Attacks

2.5 TCP/IP Attacks

  • ARP Spoofing
  • DNS Attacks
  • Packet Sniffing
  • Switched LAN Sniffing
  • IP Spoofing
  • Man-in-the-Middle Attacks
  • Replay Attacks
  • Injection Attacks
  • Summary

3. A Secure Topology

3.1 Network Topology

  • Switches, Hubs, and Sniffing
  • Gateways, Routers, and Firewalls
  • Wireless Networking
  • Network Address Translation (NAT)
  • The DMZ

3.2 A Detour into IptableS

  • Preparation
  • Patch-O-Matic
  • Installation
  • The Life Cycle of a Packet
  • Using Iptables
  • General Syntax

3.3 Implementing the Three-Legged Model

  • Firewall Rulesets
  • Traffic Routing

3.4 Network Tuning with the /proc Filesystem

  • Sysctl 111
  • Routing Options
  • Security Settings
  • ICMP Messages
  • TCP Settings
  • 3.5 Virtual Private Networks and IP Security
  • Virtual Private Networking (VPN)
  • Road Warriors
  • IPsec
  • Implementing a VPN with IPsec
  • Summary

4. Assessing the Network

4.1 Ports canning with Nmap

  • Scan Types and Options
  • Umap in Use

4.2 Vulnerability Auditing with Nessus

  • Installing Nessus

4.3 Web Site Auditing with Nikto

  • Summary

5. Packet Filtering with Iptables

5.1 The Components of an Iptables Rule

  • Generic Matches
  • TCP-Specific Matches
  • UDP-Specific Matches
  • ICMP-Specific Matches
  • Matching Extensions
  • Targets

5.2 Creating a Firewall Ruleset

  • Protecting the Firewall
  • Protecting the DMZ
  • ICMP Messages
  • TTL Rewriting
  • Blocking Unwanted Hosts
  • Filtering Illegal Addresses
  • Local Packet Filtering

5.3 Firewall Management: Dealing with Dynamic IP Addresses

  • DHCPCD
  • Blocking and Unblocking Hosts
  • Using GUI Management Tools
  • Summary

6. Basic System Security Measures

6.1 Password Protection

  • The /etc/passwd file
  • Shadowed Passwords
  • Password Protection Algorithms
  • Login Control with /etc/login.defs
  • Password Strategies
  • Enforcing Strong Passwords

6.2 User Control and PAM

  • PAM Configuration
  • Password Control
  • Limiting Resources
  • The Non-PAM Way
  • Controlling su Access
  • Creating a Chroot Environment
  • Other PAM Modules

6.3 Services

  • Common Services
  • Starting and Stopping Services

6.4 Tightening User Permissions

  • World-Writable Files
  • sum and SGID Files
  • Partitions and Mount Options
  • Ext2 Attribute

6.5 Delegating Root Access

  • /etc/sudoers
  • SUDO Security
  • 6.6 Physical Security
  • Removing the CD-ROM and Floppy Drive
  • Case Locks
  • Location
  • Keyloggers
  • The BIOS
  • Summary

7. Desktop Security

7.1 Viruses and Worms

  • Clam
  • General Antivirus Precautions

7.2 Safe Web Browsing

  • Scripting
  • Cookies
  • Authentication
  • Digital Certificates

7.3 E-Mail

  • Client-Side Mail Filtering
  • E- Mail Integrity

7.4 X Windows

  • Host-Based Authentication
  • Token Authentication
  • Summary

8. System Hardening

8.1 Choosing a Distribution

  • General Distributions
  • Specialized Distributions
  • 8.2 chroot Environments
  • Jail Construction
  • Escaping from chroot Jails

8.3 Stripping Down Linux

  • Unnecessary Binaries
  • Compilers and Interpreters
  • Other Tools
  • Placing System Utilities on CD-ROM
  • Choosing Applications During Installation
  • Post-Installation Package Management

8.4 Memory Protection

  • StackGuardTM 307 MemGuard
  • Stack-Smashing Protector
  • Bounds Checking
  • CRED
  • Libsafe
  • Pax
  • Nonexecutable Memory (NOEXEC)
  • Address Space Layout Randomization (ASLR)
  • Buffer Overflow Detection
  • Conclusion

8.5 Policing System Call with Systrace

  • Installation
  • Components of a Policy File
  • Policy File Creation
  • Automatic Policy Generation
  • Policy Enforcement
  • Interactive Policy Enforcement
  • Third-Party Policy Files
  • Summary

9. Access Control

9.1 Introduction to Access Control

  • Discretionary Access Control (DAC)
  • Mandatory Access Control (MAC)
  • Domain Type Enforcement (DTE)
  • Linux Security Modules (LSM)

9.2 Role-Based Access Control with Grsecurity Installation

  • A Note on Group Memberships
  • Security Level
  • Address Space Protection
  • RBAC Options
  • Filesystem Protection
  • Kernel Auditing
  • Executable Protections
  • Network Protections
  • Logging Options
  • Access Control
  • ACL Structure
  • Implementing Grsecurity

9.3 LIDS: Linux Intrusion Detection System (LIDS) Installation

  • Lids Administration
  • Sealing the Kernel
  • LIDS- Free Sessions
  • File ACLs and Capabilities ACLs
  • Implementing LIDS

9.4 Other Access Control Projects

  • SELinux
  • Rule-Set Based Access Control (RSBAC)
  • DTE
  • Comparing Techniques
  • Summary

10. Securing Services

10.1 Web Services and Apache

  • Configuration
  • Version Hiding
  • Resource Limiting
  • Access Control
  • Web Scripting
  • Secure Perl-CGI Programming
  • CGIWrap
  • PHP
  • chrooting Apache

10.2 SSH

  • Configuration
  • Hiding the SSH Server Version
  • Connection Tunneling
  • 10.3 NFS and NIS
  • NFS
  • lOA DNS and BIND
  • General Precautions
  • DNS Security Extensions (DNSSEC)
  • Split Functionality Nameservers

10.5 E-Mail

  • Sendmail
  • Qmail
  • POP3 and IMAP
  • Stunnel

10.6 FTP

  • WU-FTP
  • VSFTPD
  • TLS (SSL) Support
  • Summary

11. Keeping Secure

11.1 Staying Up to Date

  • Application Mailing Lists
  • Security Mailing Lists
  • Up2Date
  • Patch Management with Ximian Red Carpet

11.2 Logging and Log Analysis

  • Protecting /var/log
  • Syslog
  • /var/log/wtmp
  • BSD Process Accounting
  • Log Analysis with Lire

11.3 System Integrity

  • Tripwire
  • Post-Install Configuration
  • Using Tripwire
  • Some Closing Thoughts
  • Chkrootkit

11.4 Intrusion Detection

  • Snort

11.5 Recovering from a Compromise Discovering a Security Breach

  • Analyzing the System
  • Seeking Justice
  • Summary

Return to Top