SanEd consulting

Company profile

SanEd consulting is an IT training company which initiated its services in 2005 primarily as Sun Microsystem's authorised training provider. Our training portfolio was Solaris and Java focused. Later on we upgraded our portfolio and included authorisations from Veritas / Symantec and Oracle after aquisition of Sun. 

As the global IT market is rapidly changing and developing we must have accepted its needs and trends. Thus, beginning of 2014 we decided to "refurbish" our services and included new, young and perspective partners and together prepared number of interesting trainings you can find in our catalogue.

We are looking forward to successful cooperation with you.

.
поздравления с новорожденным

Enterprise Linux Security Administration

Start Date:
Not Specified
Finish date:
Not Specified
Code:
GL-550
Price:
0.00 EUR (VAT excl.)

Description

This highly technical course focuses on properly securing machines running GuruLabsthe Linux operating systems. A broad range of general security techniques such as packet filtering, password policies, and file integrity checking are covered. Advanced security technologies such as Kerberos and SELinux are taught. Special attention is given to securing commonly deployed network services. At the end of the course, students have an excellent understanding of the potential security vulnerabilities -- know how to audit existing machines, and how to securely deploy new network services.

 

Training days

5 days

 

Prerequisites

This class covers advanced security topics and is intended for experienced systems administrators. Candidates should have current Linux or UNIX systems administration experience equivalent to the GL120 "Linux Fundamentals", GL250 "Enterprise Linux Systems Administration", and GL275 "Enterprise Linux Network Services"

 

Course content

 

Security Concepts

  • Basic Security Principles
  • RHEL6 Default Install
  • RHEL6 Firewall
  • SLES11 Default Install
  • SLES11 Firewall
  • SLES11: File Security
  • Minimization - Discovery
  • Service Discovery
  • Hardening
  • Security Concepts


Scanning, Probing, and Mapping Vulnerabilities

  • The Security Environment
  • Stealth Reconnaissance
  • The WHOIS database
  • Interrogating DNS
  • Discovering Hosts
  • Discovering Reachable Services
  • Reconnaissance with SNMP
  • Discovery of RPC Services
  • Enumerating NFS Shares
  • Nessus Insecurity Scanner
  • Configuring OpenVAS


Password Security and PAM

  • Unix Passwords
  • Password Aging
  • Auditing Passwords
  • PAM Overview
  • PAM Module Types
  • PAM Order of Processing
  • PAM Control Statements
  • PAM Modules
  • pam_unix
  • pam_cracklib.so
  • pam_pwcheck.so
  • pam_env.so
  • pam_xauth.so
  • pam_tally2.so
  • pam_wheel.so
  • pam_limits.so
  • pam_nologin.so
  • pam_deny.so
  • pam_warn.so
  • pam_securetty.so
  • pam_time.so
  • pam_access.so
  • pam_listfile.so
  • pam_lastlog.so
  • pam_console.so


Secure Network Time Protocol (NTP)

  • The Importance of Time
  • Hardware and System Clock
  • Time Measurements
  • NTP Terms and Definitions
  • Synchronization Methods
  • NTP Evolution
  • Time Server Hierarchy
  • Operational Modes
  • NTP Clients
  • Configuring NTP Clients
  • Configuring NTP Servers
  • Securing NTP
  • NTP Packet Integrity
  • Useful NTP Commands


Kerberos Concepts and Components

  • Common Security Problems
  • Account Proliferation
  • The Kerberos Solution
  • Kerberos History
  • Kerberos Implementations
  • Kerberos Concepts
  • Kerberos Principals
  • Kerberos Safeguards
  • Kerberos Components
  • Authentication Process
  • Identification Types
  • Logging In
  • Gaining Privileges
  • Using Privileges
  • Kerberos Components and the KDC
  • Kerberized Services Review
  • Kerberized Clients
  • KDC Server Daemons
  • Configuration Files
  • Utilities Overview


Implementing Kerberos

  • Plan Topology and Implementation
  • Kerberos 5 Client Software
  • Kerberos 5 Server Software
  • Synchronize Clocks
  • Create Master KDC
  • Configuring the Master KDC
  • KDC Logging
  • Kerberos Realm Defaults
  • Specifying [realms]
  • Specifying [domain_realm]
  • Allow Administrative Access
  • Create KDC Databases
  • Create Administrators
  • Install Keys for Services
  • Start Services
  • Add Host Principals
  • Add Common Service Principals
  • Configure Slave KDCs
  • Create Principals for Slaves
  • Define Slaves as KDCs
  • Copy Configuration to Slaves
  • Install Principals on Slaves
  • Create Stash on Slaves
  • Start Slave Daemons
  • Client Configuration
  • Install krb5.conf on Clients
  • Client PAM Configuration
  • Install Client Host Keys

Administering and Using Kerberos

  • Administrative Tasks
  • Key Tables
  • Managing Keytabs
  • Managing Principals
  • Viewing Principals
  • Adding, Deleting, and Modifying Principals
  • Principal Policy
  • Overall Goals for Users
  • Signing In to Kerberos
  • Ticket types
  • Viewing Tickets
  • Removing Tickets
  • Passwords
  • Changing Passwords
  • Giving Others Access
  • Using Kerberized Services
  • Kerberized FTP
  • Enabling Kerberized Services
  • OpenSSH and Kerberos


Securing the Filesystem

  • Filesystem Mount Options
  • NFS Properties
  • NFS Export Option
  • NFSv4 and GSSAPI Auth
  • Implementing NFSv4
  • Implementing Kerberos with NFS
  • GPG - GNU Privacy Guard
  • File Encryption with OpenSSL
  • File Encryption With encfs
  • Linux Unified Key Setup (LUKS)


AIDE

  • Host Intrusion Detection Systems
  • Using RPM as a HIDS
  • Introduction to AIDE
  • AIDE Installation
  • AIDE Policies
  • AIDE Usage


Accountability with Kernel Auditd

  • Accountability and Auditing
  • Simple Session Auditing
  • Simple Process Accounting & Command History
  • Kernel-Level Auditing
  • Configuring the Audit Daemon
  • Controlling Kernel Audit System
  • Creating Audit Rules
  • Searching Audit Logs
  • Generating Audit Log Reports
  • Audit Log Analysis


SELinux

  • DAC vs. MAC
  • Shortcomings of Traditional Unix Security
  • AppArmor
  • SELinux Goals
  • SELinux Evolution
  • SELinux Modes
  • Gathering Information
  • SELinux Virtual Filesystem
  • SELinux Contexts
  • Managing Contexts
  • The SELinux Policy
  • Choosing an SELinux Policy
  • Policy Layout
  • Tuning and Adapting Policy
  • Booleans
  • Permissive Domains
  • Managing File Contexts
  • Managing Port Contexts
  • SELinux Policy Tools
  • Examining Policy
  • SELinux Troubleshooting
  • SELinux Troubleshooting Continued


Securing Apache

  • Apache Overview
  • httpd.conf - Server Settings
  • Configuring CGI
  • Turning Off Unneeded Modules
  • Delegating Administration
  • Apache Access Controls (mod_access)
  • HTTP User Authentication
  • Standard Auth Modules
  • HTTP Digest Authentication
  • SSL Using mod_ssl.so
  • Authentication via SQL
  • Authentication via LDAP
  • Authentication via Kerberos
  • Scrubbing HTTP Headers
  • Metering HTTP Bandwidth


Securing PostgreSQL

  • PostgreSQL Overview
  • PostgreSQL Default Config
  • Configuring SSL
  • Client Authentication Basics
  • Advanced Authentication
  • Ident-based Authentication


 

Price:  2.000 €

 

Date: on demand


Book the course: Enterprise Linux Security Administration

Bookings are disabled.

     

- Trainings - - - - - Enterprise Linux Security Administration