• Professional Development
  • Medicine & Nursing
  • Arts & Crafts
  • Health & Wellbeing
  • Personal Development

Course Images

Securing UNIX systems

Securing UNIX systems

  • 30 Day Money Back Guarantee
  • Completion Certificate
  • 24/7 Technical Support

Highlights

  • Delivered Online or In-Person

  • You travel to organiser or they travel to you

  • Redhill

  • 5 days

  • All levels

Description

Securing UNIX systems training course description

This course teaches you everything you need to know
to build a safe Linux environment. The first section
handles cryptography and authentication with
certificates, openssl, mod_ssl, DNSSEC and filesystem
encryption. Then Host security and hardening is
covered with intrusion detection, and also user
management and authentication. Filesystem Access
control is then covered. Finally network security is
covered with network hardening, packet filtering and
VPNs.

What will you learn

  • Secure UNIX accounts.

  • Secure UNIX file systems.

  • Secure UNIX access through the network.

Securing UNIX systems course details

  • Who will benefit:

Linux technical staff needing to secure their systems.

  • Prerequisites:

Linux system administration (LPIC-1)

  • Duration

5 days

Securing UNIX systems course contents
  • Cryptography


  • Certificates and Public Key Infrastructures

X.509 certificates, lifecycle, fields and certificate
extensions. Trust chains and PKI. openssl. Public and
private keys. Certification authority. Manage server and
client certificates. Revoke certificates and CAs.

  • Encryption, signing and authentication


SSL, TLS, protocol versions. Transport layer security
threats, e.g. MITM. Apache HTTPD with mod_ssl for
HTTPS service, including SNI and HSTS. HTTPD with
mod_ssl to authenticate users using certificates. HTTPD
with mod_ssl to provide OCSP stapling. Use OpenSSL
for SSL/TLS client and server tests.

  • Encrypted File Systems


Block device and file system encryption. dm-crypt with
LUKS to encrypt block devices. eCryptfs to encrypt file
systems, including home directories and, PAM
integration, plain dm-crypt and EncFS.

  • DNS and cryptography


DNSSEC and DANE. BIND as an authoritative name
server serving DNSSEC secured zones. BIND as an
recursive name server that performs DNSSEC validation,
KSK, ZSK, Key Tag, Key generation, key storage, key
management and key rollover, Maintenance and resigning of zones, Use DANE. TSIG.

  • Host Security


  • Host Hardening


BIOS and boot loader (GRUB 2) security. Disable
useless software and services, sysctl for security related
kernel configuration, particularly ASLR, Exec-Shield and
IP / ICMP configuration, Exec-Shield and IP / ICMP
configuration, Limit resource usage. Work with chroot
environments, Security advantages of virtualization.

  • Host Intrusion Detection


The Linux Audit system, chkrootkit, rkhunter, including
updates, Linux Malware Detect, Automate host scans
using cron, AIDE, including rule management,
OpenSCAP.

  • User Management and Authentication


NSS and PAM, Enforce password policies. Lock
accounts automatically after failed login attempts,
SSSD, Configure NSS and PAM for use with SSSD,
SSSD authentication against Active Directory, IPA,
LDAP, Kerberos and local domains, Kerberos and local
domains, Kerberos tickets.

  • FreeIPA Installation and Samba Integration


FreeIPA, architecture and components. Install and
manage a FreeIPA server and domain, Active Directory
replication and Kerberos cross-realm trusts, sudo,
autofs, SSH and SELinux integration in FreeIPA.

  • Access Control


  • Discretionary Access Control


File ownership and permissions, SUID, SGID. Access
control lists, extended attributes and attribute classes.

  • Mandatory Access Control


TE, RBAC, MAC, DAC. SELinux, AppArmor and Smack.

  • etwork File Systems


NFSv4 security issues and improvements, NFSv4
server and clients, NFSv4 authentication mechanisms
(LIPKEY, SPKM, Kerberos), NFSv4 pseudo file system,
NFSv4 ACLs. CIFS clients, CIFS Unix Extensions, CIFS
security modes (NTLM, Kerberos), mapping and
handling of CIFS ACLs and SIDs in a Linux system.

  • Network Security


  • Network Hardening


FreeRADIUS, nmap, scan methods. Wireshark, filters
and statistics. Rogue router advertisements and DHCP
messages.

  • Network Intrusion Detection


ntop, Cacti, bandwidth usage monitoring, Snort, rule
management, OpenVAS, NASL.

  • Packet Filtering


Firewall architectures, DMZ, netfilter, iptables and
ip6tables, standard modules, tests and targets. IPv4 and
IPv6 packet filtering. Connection tracking, NAT. IP sets
and netfilter rules, nftables and nft. ebtables. conntrackd

  • Virtual Private Networks


OpenVPN server and clients for both bridged and routed
VPN networks. IPsec server and clients for routed VPN
networks using IPsec-Tools / racoon. L2TP.

About The Provider

Tags

Reviews