LPAT301 Advanced Administration of Linux Security - A Level 3 Advanced Specialisation
Duration: 5 Days
Background and Intended Audience
This course is based to a large extent on the syllabus of the LPIC 303 exam. It is focused on administration of the secruity aspects Linux systems. Securing computer systems and networks involves constant vigilance as well as a good knowledge of potential vulnerabilities in the systems as they are deployed. Competence in this area involves a keen appreciation of the MOM triad of threat analysis (Method Opportunity Motive). Cryptography, however good or powerful, needs to be deployed and configured with great care. Security is really about careful observation of usage patterns, as well as careful attention to detail when configuring and deploying applications and setting up authorisation and authentication mechanisms.
Prerequisites
Attendees are assumed to have considerable Linux system admin knowledge equivalent to that required for LPIC Level2 such as might have been acquired by completing LPAT201 and LPAT202 training or equivalent and several months practical experience involving Linux system administration. Attendees are also expected to have experience of admin tasks such as setting up user accounts, configuring firewalls, and some knowledge of common vulnerabilities and how these can be remedied. Attendees are not expected to be advanced programmers with a detailed knowledge of cryptographic algorithms and protocols. The course provides many post course labs and challenges. For those contemplating taking this course as a distance learning course the number of hours of work involved is from 150 to 250 hours, with much of the time being spent setting up and configuring mixed network systems and testing out the various penetration testing exercises provided.
Key topics covered
- Cryptography
- Access Control
- Application Security
- Operations Security
- Network Security
Detailed Course Outline
- Cryptography
- X.509 Certificates and Public Key Infrastructures
- Configuring and using OpenSSL to implement certification authorities and issue SSL certificates for various purposes
- X.509v3 certificate extensions
- Understanding trust chains and public key infrastructures
- Generating and managing public and private keys
- Creating, operating and securing a certification authority
- Requesting, signing and managing server and client certificates
- Certificate revocation and certification authorities
- Use of X.509 certificates for both server and client authentication
- Setting up server authentication for Apache HTTPD.
- Understanding the relative strengths and weaknesses of the different SSL, TLS and protocol versions
- Understanding common transport layer security threats, e.g. Man-in-the-Middle attacks
- Configuring Apache HTTPD with mod_ssl to provide an HTTPS service, including SNI and HSTS
- Configuring Apache HTTPD with mod_ssl to authenticate users using certificates
- Configuring Apache HTTPD with mod_ssl to provide OCSP stapling
- Using OpenSSL for SSL/TLS client and server tests
- Encrypted File Systems
- Setting up and configuring encrypted file systems
- Understanding block device and file system encryption
- Using dm-crypt with LUKS to encrypt block devices
- Using eCryptfs to encrypt file systems, including home directories
- PAM integration
- dm-crypt and EncFS
- Understanding block device and file system encryption
- DNS and Cryptography - securing BIND version 9.7 or higher
- Understanding of DNSSEC and DANE
- Configuring and troubleshoot BIND as an authoritative name server serving DNSSEC secured zones
- Configure BIND as an recursive name server that performs DNSSEC validation on behalf of its clients
- Key Signing Key, Zone Signing Key, Key Tag
- Key generation, key storage, key management and key rollover
- Maintenance and re-signing of zones
- Using DANE to publish X.509 certificate information in DNS
- Using TSIG for secure communication with BIND
- HOST SECURITY
- Host Hardening - securing computers running Linux against common threats
- Configure BIOS and boot loader (GRUB 2) security
- Disabling not needed software and services
- Using sysctl for security related kernel configuration - ASLR, Exec-Shield and IP / ICMP configuration
- Limiting resource usage
- Working with chroot environments
- Dropping unnecessary capabilities
- Appreciating the security advantages of virtualization
- Host Intrusion Detection
- Familiarity with the use and configuration of common host intrusion detection software including updates and automated host scans.
- Use and configuration of the Linux Audit system
- Use of chkrootkit
- Use and configuration of rkhunter, including updates
- Use of Linux Malware Detection tools
- Automating host scans using cron
- Configuring and using AIDE, including rule management
- OpenSCAP
- User Management and Authentication - configuration and use of NSS, PAM, SSSD and Kerberos for both local and remote directories and authentication mechanisms as well as enforcing a password policy.
- NSS - configuring , testing and deploying
- PAM - configuring , and deploying
- Design, implementation and enforcement of password complexity policies and periodic password changes
- Configuring locking of accounts after a specified number of failed login attempts
- Configuring and using SSSD and configuring NSS and PAM for use with SSSD
- Configuring SSSD authentication against Active Directory, IPA, LDAP, Kerberos and local domains
- Obtaining and managing Kerberos tickets
- FreeIPA Installation and its integration with Samba
- Installation and maintenance of a server instance with a FreeIPA domain
- Integration of FreeIPA with Active Directory.
- Understanding the underlying concepts and principles and configuring Active Directory replication and Kerberos cross-realm trusts
- Integration of sudo, autofs, SSH and SELinux in FreeIPA
- ACCESS CONTROL - Theory , Policy and Practice
- Discretionary Access Control
- Access Control Lists and use of Extended Attributes
- Understanding and managing file ownership and permissions, including SUID and SGID
- Understanding and managing access control lists
- Understanding and managing extended attributes and attribute classes
- Mandatory Access Control
- SELinux mandatory access control
- Understanding the concepts of TE, RBAC, MAC and DAC
- Configuring, managing and using SELinux
- AppArmor and Smack
- Network File Systems security
- Configuration of NFSv4 clients and servers as well as CIFS client services.
- Understanding the underlying theory and concepts and being able to configure the NFSv4 authentication mechanisms LIPKEY, SPKM, Kerberos
- Understanding and use of NFSv4 pseudo file systems
- Understand and use of NFSv4 ACLs
- Configuration of CIFS clients
- Understanding and use of CIFS Unix Extensions
- Understanding and configuring CIFS security modes - NTLM, Kerberos
- Understanding and managing the mapping and handling of CIFS ACLs and SIDs in a Linux system
- NETWORK SECURITY
- Network Hardening
- Setup and testing of security measures
- Configuring FreeRADIUS to authenticate network nodes
- Using nmap to scan networks and hosts
- Using Wireshark to analyze network traffic, including filters and statistics
- Identifying and dealing with rogue router advertisements and DHCP messages
- Network Intrusion Detection
- use of and configuration of network security scanning, network monitoring and network intrusion detection software - including updating and maintaining of deployed security scanners.
- Implementiong bandwidth usage monitoring
- Configuring and using Snort, including rule management
- Configuring and using OpenVAS, including NASL
- Packet Filtering
- use and configuration of packet filters - particulary netfilter, iptables and ip6tables as well as a knowledge of nftables, nft and ebtables
- Concepts and patterns underlying common firewall architectures, including DMZ
- Implementing packet filtering for both IPv4 and IPv6
- Implementing connection tracking and network address translation
- Defining IP sets and using them in netfilter rules
- Knowledge of nftables and nft , ebtables and conntrackd
- Virtual Private Networks
- Use of OpenVPN and IPsec
- Configuring and operating an OpenVPN server and clients for both bridged and routed VPN networks
- Configuring and operating an IPsec server and clients for routed VPN networks using IPsec-Tools/racoon
- Awareness of L2TP and how to make use of it
- Internet privacy and TOR
Call us:
Technical enqiries: 020 8669 0769
Sales enquiries: 020 8647 1939, 020 77681 40786