COURSE CODE: LA104

SYNOPSIS :
Linux is the dominant operating system when it comes to provide network services such as web, ftp, e-mail and file sharing. Linux Advanced Network Security course provides training in securing these network services and implementing network intrusion detection application.

SUITABLE FOR :
Experienced Unix / Linux administrators who wants to become expert to their professional competence by identifying and filling any gap in their knowledge.

Who have completed our LA102 & LA 103 courses and wish to progress to advanced network security administration.

PREREQUISITES :
LA102, LA103 or RHCE certification or strong working experience is required for this course.
Course participants should already know how to implement Linux server Applications in enterprise segment.

DELIVERY :
Extensive practical exercises is made during this Linux course. The person will have an understanding of how to implement secured environment .

COURSE CONTENTS:

Introduction

  • Physical & Logical Security
  • Location & Access
  • Cluster and mirroring Concept
  • Boot level security (LILO & GRUB)
  • Cryptography - an introduction

PAM authentication

  • Configuring PAM
  • NIS and LDAP
  • pam.conf and /etc/pam.

Managing Mail Traffic

  • Implementing client mail management software
  • to filter mail
  • to store mail
  • to monitor incoming user mail
  • procmail
  • procmailrc
  • Using server - side procmail

Apache Security

  • Access configuration
  • Configure Apache to use virtual hosts
  • Creating an SSL certification for Apache using OpenSSL
  • Defining SSL definitions in configuration files using OpenSSL
  • httpd.conf

Authentication Protocols

  • Kerberos server setup

Securing a DNS server

  • Configure BIND to run as a non-root user
  • Configure BIND to run in a chroot jail
  • Configuring DNSSEC statements
  • Configure a split DNS configuration using the forwarders statement
  • Specifying a non-standard version number string in response to queries
  • SysV init files
  • /etc/named.conf
  • /etc/passwd
  • dnskeygen

TCP wrappers

  • Security need for TCP wrappers
  • tcpd
  • /etc/inetd.conf
  • /etc/hosts.allow and /etc/hosts.deny
  • xinetd

Security tasks

  • Install and configure Kerberos
  • Auditing source code
  • Getting security alerts
  • Open mail relays
  • Installing Intrusion Detection Systems
  • Port scanning with nmap
  • Firewall using IP Tables
  • Filter and NAT Rules

Troubleshooting network issues

  • ifconfig
  • route
  • netstat
  • /etc/network and /etc/sysconfig/network - scripts/
  • System log files
  • ping
  • /etc/resolv.conf
  • /etc/hosts
  • /etc/hosts.allow and /etc/hosts.deny
  • /etc/hostname and /etc/HOSTNAME
  • traceroute
  • nslookup and dig
  • dmesg

DURATION

  • Full Time - 2.5 Days - 22 Hours
  • Part Time - 2 hrs / day - 22 Hours, Monday - Friday