LinuxCBT Security Edition
LinuxCBT Security Edition encompasses 8 pivotal security modules:
- Security Basics (fundamentals)
- Proxy Security featuring Squid
- Firewall Security featuring IPTables
- SELinux Security - MAC-based Security Controls
- Network Intrusion Detection System (NIDS) Security featuring Snort® NIDS
- Packet | Capture | Analysis Security featuring Ethereal®
- Pluggable Authentication Modules (PAM) Security
- Open Secure Shell version 2 (OpenSSHv2) Security
LinuxCBT Security Edition is unparalleled in content, depth and expertise. It entails 80-hours, or ~ 2-weeks of classroom training. LinuxCBT Security Edition prepares you or your organization for successfully securing GNU/Linux & Open Source-based solutions. As a by-product, many of the covered concepts, utilities and tricks are applicable to heterogeneous computing environments, ensuring your coverage of the fundamentals of securing corporate infrastructures.
Recommended Prerequisites for:
- Any LinuxCBT Operating System Course (Classic/EL-4/SUSE/Debian Editions)
- Open mind & determination to master Linux and related open-source applications
- Basic understanding of networking concepts
- Access to a PC to follow the exercises
Basic Security - Module 1
- Boot Security
- Explore Dell PowerEdge BIOS Security-related features
- Discuss concepts & improve Dell PowerEdge BIOS security
- Explain run-time boot loader vulnerabilities
- Explore single-user mode (rootshell) and its inherent problems
- Modify default GRUB startup options & examine results
- Secure boot loader using MD5 hash
- Identify key startup-related configuration files & define boot security measures
- Identify key boot-related utilities
- Confirm expected hardware configuration
- Discuss INIT process, runlevel configuration & concepts
- Explore & tighten the security of the INIT configuration
- Shell Security
- Confirm expected applications
- Discuss Teletype Terminals (TTYs) and Pseudo Terminals (PTS)
- Identify common TTYs and PTSs
- Track current TTYs and PTSs - character devices
- Discuss concepts related to privileged and non-privileged use
- Restrict privileged login
- Use SSH and discuss TTYs
- Discuss the importance of consistent system-wide banners & messages
- Define and configure system banners for pre and post-system-access
- Identify user-logon history and correlate to TTYs
- Identify current user-connections - console-based and network-based
- Use lsof to identify open files and sockets
- Syslog Security
- Discuss Syslog concepts and applications
- Explain Syslog semantics - facilities & levels - message handling & routing
- Focus on security-related Syslog facilities
- Examine security logs managed by Syslog
- Configure Network Time Protocol (NTP) on interesting hosts
- Secure NTP configuration
- Ensure time consistency to preserve log-integrity
- Configure Syslog replication to preserve log-integrity
- Identify log discrepancies between Syslog hosts
- Reconnaissance & Vulnerability Assessment Tools
- Discuss Stage-1 host/network attack concepts
- Upgrade NMAP reconnaissance tool to increase effectiveness
- Identify NMAP files
- Discuss TCP handshake procedure
- Discuss half-open/SYN connections
- Perform connect and SYN-based host/network reconnaissance
- Identify potential vulnerabilities on interesting hosts derived from reconnaissance
- Examine NMAP logging capabilities
- Perform port sweeps to identify common vulnerabilities across exposed systems
- Secure exposed daemons/services
- Perform follow-up audit to ensure security policy compliance
- Discuss vulnerability scanner capabilities and applications
- Prepare system for Nessus vulnerability scanner installation - identify/install dependencies
- Generate self-signed SSL/TLS certificates for secure client/server communications
- Activate Nessus subscription, server and client components
- Explore vulnerability scanner interface and features
- Perform network-based reconnaissance attack to determine vulnerabilities
- Examine results of the reconnaissance attack and archive results
- Secure exposed vulnerabilities
- XINETD - TCPWrappers - Chattr - Lsattr - TCPDump - Clear Text Daemons
- Install Telnet Daemon
- Install Very Secure FTP Daemon (VSFTPD)
- Explore XINETD configuration and explain directives
- Configure XINETD to restrict communications at layer-3 and layer-4
- Restrict access to XINETD-protected daemons/services based on time range
- Examine XINETD logging via Syslog
- Discuss TCPWrappers security concepts & applications
- Enhance Telnetd security with TCPWrappers
- Confirm XINETD & TCPWrappers security
- Discuss chattr applications & usage
- Identify & flag key files as immutable to deter modifcation
- Confirm extended attributes (XATTRs)
- Discuss TCPDump applications & usage
- Configure TCPDump to intercept Telnet & FTP - clear-text traffic
- Use Ethereal to examine & reconstruct captured clear-text traffic
- Secure Shell (SSH) & MD5SUM Applications
- Use Ethereal to examine SSH streams
- Generate RSA/DSA PKI usage keys
- Configure Public Key Infrastructure (PKI) based authentication
- Secure PKI authentication files
- Use SCP to transfer files securely in non-interactive mode
- Use SFTP to transfer files securely in interactive mode
- Configure SSH to support a pseudo-VPN using SSH-Tunnelling
- Discuss MD5SUM concepts and applications
- Compare & contrast modified files using MD5SUM
- Use MD5SUM to verify the integrity of downloaded files
- GNU Privacy Guard (GPG) - Pretty Good Privacy (PGP) Compatible - PKI
- Discuss GPG concepts & applications - symmetric/asymmetric encryption
- Generate asymmetric RSA/DSA GPG/PGP usage keys - for multiple users
- Create a local web of trust
- Perform encrypts/decrypts and test data-exchanges
- Sign encrypted content and verify signatures @ recipient
- Import & export public keys for usage
- Use GPG/PGP with Mutt Mail User Agent (MUA)
- AIDE File Integrity Implementation
- Discuss file-integrity checker concepts & applications
- Identify online repository & download AIDE
- Install AIDE on interesting hosts
- Configure AIDE to protect key files & directories
- Alter file system objects and confirm modifications using AIDE
- Audit the file system using AIDE
- Rootkits
- Discuss rootkits concepts & applications
- Describe privilege elevation techniques
- Obtain & install T0rnkit - rootkit
- Identify system changes due to the rootkit
- Implement T0rnkit with AIDE to identify compromised system objects
- Implement T0rnkit with chkrootkit to identify rootkits
- T0rnkit - rootkit - cleanup
- Implement N-DU rootkit
- Evaluate system changes
- Bastille Linux - OS-Hardening
- Discuss Bastille Linux system hardening capabilities
- Obtain Bastille Linux & perform a system assessment
- Install Bastille Linux
- Evaluate hardened system components
- top
Proxy Security - Module 2
- Squid Proxy Initialization
- Discuss Squid concepts & applications
- Discuss DNS application
- Configure DNS on primary SuSE Linux server for the Squid Proxy environment
- Confirm DNS environment
- Start Squid and evaluate default configuration
- Install Squid Proxy server
- General Proxy Usage
- Configure web browser to utilize proxy services
- Grant permissions to permit local hosts to utilize proxy services
- Discuss ideal file system layout - partitioning
- Explore key configuration files
- Use client to test the performance of proxy services
- Discuss HIT/MISS logic for serving content
- Configure proxy support for text-based (lftp/wget/lynx) HTTP clients
- Squid Proxy Logs
- Discuss Squid Proxy logging mechanism
- Identify key log files
- Discuss & explore the Access log to identify HITS and/or MISSES
- Discuss & explore the Store log to identify cached content
- Convert Squid logs to the Common Log Format (CLF) for easy processing
- Discuss key CLF fields
- Configure Webalizer to process Squid-CLF logs
- Revert to Squid Native logs
- Discuss key Native log fields
- Configure Webalizer to process Squid Native logs
- Squid Network Configuration & System Stats
- Discuss cachemgr.cgi Common Gateway Interface(CGI) script
- Explore the available metrics provided by cachemgr.cgi
- Change default Squid Proxy port
- Modify text/graphical clients and test communications
- Discuss Safe Ports - usage & applications
- Squid Access Control Lists (ACLs)
- Intro to Access Control Lists (ACLs) - syntax
- Define & test multiple HTTP-based ACLs
- Define & test ACL lists - to support multiple hosts/subnets
- Define & test time-based ACLs
- Nest ACLs to tighten security
- Implement destination domain based ACLs
- Exempt destination domains from being cached to ensure content freshness
- Define & test Anded ACLs
- Discuss the benefits of Regular Expressions (Regexes)
- Implement Regular Expressions ACLs to match URL patterns
- Exempt hosts/subnets from being cached or using the Squid cache
- Force cache usage
- Configure enterprise-class Cisco PIX firewall to deny outbound traffic
- Configure DNS round-robin with multiple Squid Proxy caches for load-balancing
- Discuss delay pool concepts & applications - bandwidth management
- Configure delay pools - to support rate-limiting
- Examine results of various delay pool classes
- Enforce maximum connections to deter Denial of Service (DoS) attacks
- Verify maximum connections comply with security policy
- Squid Proxy Hierarchies
- Discuss Squid cache hierarchy concepts & applications
- Ensure communications through a primary cache server - double-auditing
- Discuss and configure parent-child bypass based on ACLs
- Configure Intranet ACLs for peer-cache bypass
- Discuss & implement Squid cache hierarchy siblings
- Configure transparent proxy services
- top
Firewall Security - Module 3
- Intro IPTables
- Discuss key IPTables concepts
- OSI Model discussion
- Determine if IPTables support is available in the current kernel
- Identify key IPTables modules and supporting files
- Explore and examine the default tables
- Learn IPTables Access Control List (ACL) syntax
- Discuss ACL management
- Learn to Save & Restore IPTables ACLs
- IPTables - Chain Management
- Explore the various chains in the default tables
- Discuss the purpose of each chain
- Examine packet counts & bytes traversing the various chains
- Focus on appending and inserting new ACLs into pre-defined chains
- Write rules to permit common traffic flows
- Delete & Replace ACLs to alter security policy
- Flush ACLs - reset the security policy to defaults
- Zero packet counts & bytes - bandwidth usage monitoring
- Create user-defined chains to perform additional packet handling
- Rename chains to suit the security policy/nomenclature
- Discuss & explore chain policy
- IPTables - Packet Matching & Handling
- Explain the the basics of packet matching
- Identify key layer-3/4 match objects - (Source/Dest IPs, Source/Dest Ports, etc.)
- Explore the multi-homed configuration
- Block traffic based on untrusted (Internet-facing) interface
- Perform packet matching/handling based on common TCP streams
- Perform packet matching/handling based on common UDP datagrams
- Perform packet matching/handling based on common ICMP traffic
- Write fewer rules (ACLs) by specifying lists of interesting layer-4 ports
- Discuss layer-3/4 IPTables default packet matching
- Discuss default layer-2 behavior
- Increase security by writing rules to match packets based on layer-2 addresses
- IPTables - State Maintenance - Stateful Firewall
- Discuss the capabilities of traditional packet-filtering firewalls
- Explain the advantages of stateful firewalls
- Examine the supported connection states
- Identify key kernel modules to support the stateful firewall
- Implement stateful ACLs & examine traffic flows
- IPTables - Targets - Match Handling
- Discuss the purpose of IPTables targets for packet handling
- Write rules with the ACCEPT target
- Write rules with the DROP target
- Write rules with the REJECT target
- Write rules with the REDIRECT target
- Confirm expected behavior for all targets
- IPTables - Logging
- Explore Syslog kernel logging configuration
- Define Access Control Entry (ACEs) to perform logging
- Explain the key fields captured by IPTables
- Log using user-defined chain for enhanced packet handling
- Log traffic based on security policy
- Define a catch-all ACE
- Use ACE negation to control logged packets
- Label log entries for enhanced parsing
- IPTables - Packet Routing
- Describe subnet layout
- Enable IP routing in the kernel - committ changes to disk
- Update routing tables on the other Linux Hosts on the network
- Update the Cisco PIX Firewall's routing tables
- Test routing through the Linux router, from a remote Windows 2003 Host
- Focus on the forward chain
- Write ACEs to permit routing
- Test connectivity
- IPTables - Network Address Translation (NAT)
- Discuss NAT features & concepts
- Discuss & implement IP masquerading
- Define Source NAT (SNAT) ACEs & test translations
- Create SNAT multiples
- Implement Destination NAT (DNAT) ACEs & test translations
- Define DNAT multiples
- Create NETMAP subnet mappings - one-to-one NATs
- IPTables - Demilitarized Zone (DMZ) Configuration
- Describe DMZ configuration
- Write Port Address Translation (PAT) rules to permit inbound traffic
- Test connectivity from connected subnets
- Configure DMZ forwarding (Routing)
- Implement Dual-DMZs - ideal for n-tiered web applications
- top
SELinux Security - Module 4
- Access Control Models
- Describe Access Control Model (ACM) theories (DAC/MAC/nDAC)
- Explain features & shortcomings of Discretionary Access Control (DAC) models
- Identify key DAC-based utilities
- Discuss the advantages & caveats of Mandatory Access Control (MAC)models
- Explore DAC-based programs
- SELinux - Basics
- Discuss subjects & objects
- Explain how SELinux is implemented in 2.6.x-based kernels
- Confirm SELinux support in the kernel
- Identify key SELinux packages
- Use sestatus to obtain the current SELinux mode
- Discuss subject & object labeling
- Describe the 3 SELinux operating modes
- Identify key utilities & files, which dictate the current SELinux operating mode
- Focus on the features of SELinux permissive mode
- Explore the boot process as it relates to SELinux
- SELinux - Object Labeling
- Discuss subject & object labeling
- Discuss the role of extended attributes (XATTRs)
- Expose the labels of specific objects
- Alter the lables of specific objects
- Configure SELinux to automatically label objects per security policy
- Reset the system and confirm labels on altered objects
- Explain security tuples
- Use fixfiles to restore object labels on running system per security policy
- SELinux - Type Contexts - Security Labels Applied to Objects
- Intro to object security tuples - security labels
- Attempt to serve HTML content using Apache in SELinux enforcing mode
- Identify problematic object security labels
- Serve HTML content in SELinux permissive mode
- Use chcon to alter object security labels
- Switch to enforcing mode & confirm the ability to serve HTML content
- Use restorecon to restore object security context (labels)
- SELinux - Basic Commands - Type & Domain Exposition
- ps - reveal subjects' security context (security label) - Domains
- ls - reveal objects' security label - Types
- cp - preserve/inherit security labels
- mv - preserve security labels
- id - expose subject security label
- SELinux - Targeted Policy - Binary
- Explain the Targeted Policy's features
- Discuss policy transitions for domains
- Compare & contrast confined & unconfined states
- Exempt Apache daemon from the auspicies of the targeted policy's confined state
- Evaluate results after exemption
- Explain the security contexts applied to subjects & objects
- Peruse key targeted binary policy files
- Identify the daemons protected by the targeted policy
- Discuss the unconfined_t domain - subject label
- SELinux - Targeted Policy - Source
- Install the targeted policy source files
- Identify & discuss TE and FC files
- Explore file_contexts - context definition for objects
- Discuss the file context syntax
- Explain the purpose of using run_init to initiate SELinux-protected daemons
- Switch between permissive & enforcing modes and evaluate behavior
- Peruse the key files in the targeted source policy
- SELinux - Miscellaneous Utilities - Logging
- Use tar to archive SELinux-protected objects
- Confirm security labels on tar-archived objects
- Use the tar substitute 'star' to archive extended attributes(XATTRs)
- Confirm security labels on star-archived objects
- Discuss the role of the AVC
- Examine SELinux logs - /var/log/messages
- Alter Syslog configuration to route SELinux messages to an ideal location
- Use SETools, shell-based programs to output real-time statistics
- Install & use SEAudit graphical SELinux log-management tool
- top
Network Intrusion Detection System (NIDS) Security - Module 5
- Snort NIDS - Installation
- Peruse the LinuxCBT Security Edition classroom network topology
- Download Snort
- Import G/PGP public key and verify package integrity
- Identify & download key Snort dependencies
- Install current libpcap - Packet Capture Library
- Establish security configuration baseline
- Snort NIDS - Sniffer Mode
- Discuss sniffer mode concepts & applications
- Sniff IP packet headers - layer-3/4
- Sniff data-link headers - layer-2
- Sniff application payload - layer-7
- Sniff application/ip packet headers/data-link headers - all layers except physical
- Examine packets & packet loss
- Sniff traffic traversing interesting interfaces
- Sniff clear-text traffic
- Sniff encrypted streams
- Snort NIDS - Logging Mode
- Discuss logging mode concepts & applications
- Log traffic using default PCAP/TCPDump format
- Log traffic using ASCII mode & examine output
- Discuss directory structure created by ASCII logging mode
- Control verbosity of ASCII logging mode & examine output
- Enhance packet logging analysis by defaulting to binary logging
- Discuss default nomenclature for binary/TCPDump files
- Alter binary output options
- Use Snort NIDS to read binary/TCPDump files
- Snort NIDS - Berkeley Packet Filters (BPFs)
- Explain the advantages to utilizing BPFs
- Discuss BPF directional, type, and protocol qualifiers
- Identify clear-text based network applications and define appropriate BPFs
- Execute Snort NIDS in sniffer mode with BPFs enabled to match interesting traffic
- Log to the active pseudo-terminal console and examine the packet flows
- Combine BPF qualifiers to increase packet-matching capabilities
- Use logical operators to define more flexible BPFs
- Read binary TCPDump files using Snort & BPFs
- Execute Snort NIDS in logging/daemon mode
- Snort NIDS - Cisco Switch Configuration
- Examine the current network configuration
- Identify Snort NIDS sensors and centralized DBMS Server
- Create multiple VLANs on the Cisco Switch
- Secure the Cisco Switch configuration
- Isolate internal and external hosts, sensors and DBMS systems
- Configure SPAN - Port Mirroring for internal and external Snort NIDS Sensors
- Examine internal and external packet flows
- Snort NIDS - Network Intrusion Detection System (NIDS) Mode
- Discuss NIDS concepts & applications
- Prepare /etc/snort - configuration directory for NIDS operation
- Explore the snort.conf NIDS configuration file
- Discuss all snort.conf sections
- Download & install community rules
- Execute Snort in NIDS mode with TCPDump compliant output plugin
- Download & install Snort Vulnerability Research Team (VRT) rules
- Compare & contrast community rules to VRT rules
- Snort NIDS - Output Plugin - Barnyard Configuration
- Discuss features & benefits
- Configure Syslog based logging and examine results
- Configure Snort to log sequentially to multiple output locations
- Implement unified binary output logging to enhance performance
- Discuss concepts & features associated with post-processing Snort logs
- Download and install current barnyard post-processor
- Use barnyard to post-process logs to multiple output destinations
- Snort NIDS - BASE - MySQL® Implementation
- Discuss benefits of centralized console reporting for 1 or more Snort sensors
- Re-compile Snort on both sensors to support MySQL logging
- Configure MySQL on Database Management System (DBMS) Host
- Implement Snort database schema on DBMS Host
- Configure Snort to log output to MySQL DBMS Host
- Confirm output logging to the MySQL DBMS Host
- Prepare DBMS Host for BASE console installation
- Install BASE and complete schema extension
- Peruse BASE interface
- Snort® NIDS - Rules Configuration & Updates
- Discuss the concept of rules as related to Snort NIDS
- Examine Snort rule syntax
- Peruse pre-defined Snort rules
- Download & configure oinkmaster to automatically update Snort rules
- Confirm oinkmaster operation
- top
Packet Capture Analysis Security feat. Ethereal® - Module 6
- Introduction - Topology - Features
- Discuss course outline
- Explore system configuration
- Identify key network interfaces to be used for captures
- Identify connected interfaces on Cisco Switch
- Explore network topology - IPv4 & IPv6
- Identify Ethereal installation
- Enumerate and discuss key Ethereal features
- Ethereal® Graphical User Interface (GUI)
- Identify installation footprint
- Differentiate between promiscuous and non-promiscuous modes
- Configure X.org to permit non-privileged user to write output to screen
- Launch Ethereal GUI
- Identify the primary GUI components /Packet List | Packet Details | Packet Bytes/
- Discuss defaults
- Explore key menu items
- TCPDump | WinDump - Packet Capturing for /Linux|Unix|Windows/
- Discuss defaults, features and applications
- Use TCPDump on Linux to capture packets
- Log traffic using default PCAP/TCPDump format
- Discuss Berkeley Packet Filters (BPFs)
- Capture and log specific packets using BPFs for analysis with Ethereal
- Connect to Windows 2003 Server using Remote Desktop (RDesktop) utility
- Install WinDump and WinPCAP on Windows 2003 Server
- Identify available network interfaces using WinDump
- Capture and log packets using WinDump
- Capture and log specific packets using BPFs with WinDump for analysis with Ethereal
- Upload captures to Linux system for analysis in Ethereal
- Snort® NIDS Packet Capturing & Logging
- Discuss Snort NIDS's features
- Confirm prerequisites - /PCRE|LibPCAP|GCC|Make/
- Download and Import Snort G/PGP key and MD5SUM for Snort NIDS
- Download, verify, compile and install Snort NIDS
- Discuss BPF directional, type, and protocol qualifiers
- Identify clear-text based network applications and define appropriate BPFs
- Execute Snort NIDS in sniffer mode with BPFs enabled to match interesting traffic
- Log to the active pseudo-terminal console and examine the packet flows
- Combine BPF qualifiers to increase packet-matching capabilities
- Use logical operators to define more flexible BPFs
- Create captures for further analysis with Ethereal
- Sun Snoop Packet Capturing & Logging
- Connect to Solaris 10 system and prepare to use Snoop
- Draw parallels to TCPDump
- Enumerate key features
- Sniff and log generic traffic
- Sniff and log specific traffic using filters
- Sniff using Snoop, HTTP and FTP traffic
- Save filters for analysis by Ethereal
- Snoop various Solaris interfaces for interesting traffic
- Layer-2 & Internet Control Messaging Protocol (ICMP) Captures
- Launch Ethereal
- Identify sniffing interfaces
- Capture Address Resolution Protocol (ARP) Packets using Capture Filters
- Discuss and Identify Protocol Data Units (PDUs)
- Identify default Ethereal capture file
- Peruse packet capture statistics
- Identify Cisco VOIP router generating ARP requests
- Peruse time precision features - deci - nano-seconds
- Discuss time manipulations - relative to first packet - actual time
- Reveal protocol information from layer-1 through 7
- Identify network broadcasts in the packet stream
- Generate Layer-2 ARP traffic using PING and capture and analyze results
- Sniff traffic based on MAC addresses using Ethereal and Capture FIlters
- User Datagram Protocol (UDP) Captures & Analyses
- Discuss UDP Characteristics
- Focus on Network Time Protocol (NTP)
- Setup NTP strata for testing between multiple systems
- Analyze NTP - UDP traffic using Ethereal
- Focus on Domain Name Service (DNS)
- Install a BIND DNS Caching-Only Server
- Analyze DIG queries
- Analyze 'nslookup' queries
- Transmission Control Protocol (TCP) Captures & Analyses
- Discuss TCP Characteristics - Connection-Oriented Services
- Explain TCP connection rules - Socket creation
- Sniff TCP traffic using Capture Filters in Ethereal
- Use Display Filters to parse TCP traffic
- Sniff FTP traffic
- Reconstruct FTP flows using TCP Stream Reassembly
- Differentiate between client and server flows
- Quantify client and server flows
- Discuss embedded Protocol Data Units (PDUs)
- Sniff Internet Protocol Version 6 (IPv6) traffic
- Peruse and discuss the IPv6:TCP:FTP traffic dump
- Analyze TCP Sockets
- Ethereal Display Filters - Post Processing Filters
- Identify previously captured - TCPDump - Ethereal - Snort - Snoop - Dumps
- Discuss features
- Explain Display Filter syntax
- Post-process previously captured traffic dumps
- Identify the various methods to exact display filters
- Filter data using the expression builder
- Filter traffic based on interesting properties
- Filter traffic using logical operators
- Ethereal Statistics
- Discuss features
- Explore the summary (metadata) of captured packets
- Peruse the protocol hierarchy - Layer's 1 - 7 of OSI
- Examine network conversations of captured packets
- Identify Destinations in packet dumps
- Examine ICMP statistics
- Text-based Captures with Tethereal
- Discuss features and applications
- Identify 'tethereal' and invoke
- Enumerate network interfaces
- Sniff generic network traffic
- Suppress capture output
- Apply Capture Filters
- Capture UDP Traffic
- Capture TCP Traffic
- Intranet-based Captures & Analysis
- Discuss Intranet monitoring objectives
- Analyze the network topology drawing
- Discuss Unicast, Broadcast and Multicast traffic
- Discuss Switch Port Mirroring - SPAN
- Configure Port Mirroring - SPAN on Cisco Switch for interesting ports
- Dedicate a network interface for sniffing traffic
- Configure Snort NIDS to sniff traffic on dedicated network interface
- Analyze Snort NIDS captures in Ethereal
- Sniff traffic between various Intranet hosts
- Internet-based Captures & Analysis
- Discuss Internet monitoring objectives
- Identify key external interfaces to monitor
- Update the Port Mirroring configuration to capture Internet traffic
- Capture external traffic
- Analyze using Ethereal
- Wireless-based Captures & Analysis
- Discuss Wireless monitoring objectives
- Connect to remote system with wireless interface
- Enable wireless interface
- Sniff traffic on wireless network
- Analyze using Ethereal
- Windows-based Captures & Analysis on Windows
- Download and Install Ethereal for Windows
- Explore interface
- Load previously captured data
- Analyze data
- Compare and contrast with Ethereal for Linux|Unix systems
- top
Pluggable Authentication Modules (PAM) Security - Module 7
- Introduction - Topology - Features
- Discuss course outline
- Explore system configuration
- Explore network topology
- Identify primary PAM systems
- Enumerate and discuss key PAM features
- PAM Rules Files & Syntax
- Identify key PAM configuration files
- Explain the purpose of the /etc/pam.d/other PAM rules file
- Discuss PAM's 4 management tasks
- Identify the 4 tokens supported within PAM rules files
- Explain possible values for the 4 supported rules file tokens
- Discuss PAM's stacking of rules for the 4 management tasks
- Examine the /etc/pam.d/sshd PAM rules file for the SSHD service/daemon
- Explore the contents of included PAM rules files
- Common PAMs - Identify & Discuss Commonly Implemented PAMs
- Explain the purpose and implementation of pam_echo
- Test pam_echo using SSH
- Explain the purpose and implementation of pam_warn
- Explain the purpose and implementation of pam_deny
- Identify instances of pam_warn and pam_deny modules
- Explain the purpose and implementation of pam_unix2
- Identify instances of pam_unix2 module
- Explain the purpose and implementation of pam_env
- Explain the purpose and implementation of pam_ftp
- Peruse /etc/pam.d/vsftpd and discuss the implemenation of pam_ftp
- Explain the purpose and implementation of pam_lastlog
- Explain the purpose and implementation of pam_limits
- Explain the purpose and implementation of pam_listfile
- Explain the purpose and implementation of pam_nologin
- Account Policies with PAM
- Explain authentication flow when using PAM
- Discuss account policies features
- Identify and peruse the default account policies file: /etc/login.defs
- Discus PAM's usage of /etc/login.defs as it pertains to system security
- Discuss pam_pwcheck is maintaining system policy
- Configure pam_pwcheck to support minimum password length
- Correlate pam_pwcheck system policy to user accounts database
- Configure pam_pwcheck to support password history
- Use chage to enumerate and change user accounts' attributes associated with system policy
- PAM Tally
- Explain applications of pam_tally
- Identify failed logins log file: /var/log/faillog
- Identify PAM authentication messages in /var/log/messages
- Compare and contrast pam_tally with faillog
- Use pam_tally to display user's tally
- Enable pam_tally system-wide with desired policy
- Fail to login multiple times, exceeding the system policy and evaluate results
- Reset user's login count using pam_tally and faillog
- Redirect PAM log messages using Syslog-NG
- PAM Password Quality Check (pam_passwdqc)
- Identify pam_passwdqc using RPM
- Discuss features
- Enumerate the supported password character classes - Complex passwords
- Replace pam_pwcheck with pam_passwdqc using at least 2 character classes
- Test password policy in non-enforcing mode
- Evaluate the effects
- Enable password policy in enforcing mode and evaluate
- Alter character class and length (complexity) requirements and evaluate
- PAM Time - Time-based Access Control
- Discuss features
- Explain configuration file syntax
- Impose restrictions on common services
- Evaluate results
- PAM Nologin
- Discuss features
- Explain configuration file syntax
- Implement nologin module via /etc/nologin
- Evaluate results
- PAM Limits - System Resource Limits Controlled by PAM
- Discuss features
- Explain configuration file syntax
- Impose restrictions on system resources
- Evaluate results
- PAM Authentication with Apache
- Discuss features and desired result
- Install Apache and development modules providing apxs support
- Download PAM Apache module
- Compile and install PAM Apache module
- Configure Apache web site to support PAM
- Evaluate results
- top
Open Secure Shell version 2 (OpenSSHv2) Security - Module 8
- Introduction - Topology - Features
- Discuss course outline
- Explore system configuration
- Identify key systems to be used
- Explore network topology
- Enumerate and discuss key OpenSSHv2 features
- Identify Key OpenSSHv2 Components
- Identify installed OpenSSHv2 related packages
- Peruse related startup and run-control script files
- Locate 'sshd' on the file system
- Discuss related client | server configuration files
- OpenSSHv2 Client - /ssh/
- Discuss features and benefits
- Obtain shell access on a remote system
- Configure /etc/hosts to provide local name resolution for OpenSSHv2
- Identify and discuss pseudo-terminals - pty
- Redirect X11/X.org traffic to localhost via SSH
- Bind 'ssh' to specific source IP address and test connectivity
- Execute commands on remote system without allocating a pseudo-terminal
- Debug 'ssh' connectivity
- Explore the system-wide client configuration file
- Explore user configuration file
- Secure Copy Program (SCP) - /scp/
- Discuss features and benefits
- Locate 'scp' on the file system
- Discuss usage
- Copy, non-interactively, previously generated data to remote systems
- Test 'scp' with global and user configuration directives
- Debug 'scp' connectivity
- Limit transfer rate to conserve bandwidth
- Secure File Transfer Program (SFTP) - /sftp/
- Discuss features and benefits
- Locate 'sftp' on the file system
- Discuss usage
- Connect to remote system using 'sftp' interactive shell
- Issue puts and gets and evaluate results
- Identify the sftp-server subsystem
- Peruse process list while connected to OpenSSHv2 server
- Illustrate batch file usage
- SSH Key Scan Utility - /ssh-keyscan/
- Discuss features and benefits
- Locate 'ssh-keyscan' on the file system
- Discuss usage
- Scan the network from STDIN for OpenSSHv2 public keys - RSA (SSHv1 & SSHv2) | DSA
- Scan the network based on a file with a list of hosts for OpenSSHv2 public keys
- Populate ~/.ssh/known_hosts file using 'ssh-keyscan' with BASH for loop
- Compare and contrast STDOUT with the output file
- SSH Key Generation Utility - /ssh-keygen/
- Discuss features and benefits
- Locate 'ssh-keygen' on the file system
- Discuss usage
- Generate RSA-2 usage keys
- Identify RSA-2 public and private key pair
- Generate DSA usage keys
- Identify DSA public and private key pair
- Expose usage keys' fingerprint using 'ssh-keygen'
- Generate RSA-2 | DSA usage keys for all hosts
- Public Key Infrastructure (PKI) - Password-less Logins
- Discuss features and benefits
- Identify key files for client and server implemenation of password-less (PKI-based) logins
- Copy manually, RSA-2 | DSA public keys to remote system's ~/.ssh/authorized_keys file
- Test password-less logins
- Use 'ssh-copy-id' to seamlessly populate remote system with RSA-2 | DSA usage keys
- Test password-less connectivity after using 'ssh-copy-id'
- Confirm password-less connectivity using SSH clients /ssh|scp|sftp/ in debug mode
- Connect to privileged account from non-privileged account using PKI
- Configure RSA-1 connectivity using PKI
- System-wide OpenSSHv2 Configuration Directives
- Identify key directory and files associated with client | server configuration
- Explore primary server configuration file
- Discuss applicability of directives
- Alter and test several SSHD directives
- Explore OpenSSHv2 configuration on RedHat Linux
- Explore OpenSSHv2 configuration on Solaris 10
- Port Forwarding - Pseudo-VPN Support - /Local|Remote|Gateway/
- Discuss features and benefits
- Implement local port forwarding using 'ssh'
- Configure remote port forwarding using 'ssh'
- Test circumvention of local firewall using remote port forwarding
- Implement gateway ports to share forwarded /local|remote/ with connected users
- Test connectivity
- Windows Integration - /PuTTY|WinSCP/
- Discuss features and applications
- Download and install PuTTY
- Explore PuTTY's features
- Configure PKI logins
- Download and install WinSCP
- Explore WinSCP's features
- Move data between Windows, Linux and Solaris
- Syslog | Syslog-NG Configuration
- Discuss features and benefits
- Identify default configuration
- Redirect OpenSSHv2 data using Syslog and Syslog-NG
- Examine results
- Enable debugging
- Host-based Authentication
- Discuss applicability and caveats
- Identify key configuration files and directives
- Implement host-based authentication
- Test results
- OpenSSHv2 Source Installation
- Discuss features and benefits
- Download current OpenSSHv2 source code
- Compile and install
- Restart services|daemons
- Test new version of OpenSSHv2
- Secure OpenSSHv2 Implementation
- Discuss features and benefits
- Identify key configuration file
- Enumerate and implement key directives
- Test configuration
Download:
http://rapidshare.com/files/56804966/LSE.part01.rar
http://rapidshare.com/files/56808371/LSE.part02.rar
http://rapidshare.com/files/56812845/LSE.part03.rar
http://rapidshare.com/files/56816422/LSE.part04.rar
http://rapidshare.com/files/56891273/LSE.part05.rar
http://rapidshare.com/files/56893964/LSE.part06.rar
http://rapidshare.com/files/56896528/LSE.part07.rar
http://rapidshare.com/files/56898820/LSE.part08.rar
http://rapidshare.com/files/56901024/LSE.part09.rar
http://rapidshare.com/files/56903151/LSE.part10.rar
http://rapidshare.com/files/56905430/LSE.part11.rar
http://rapidshare.com/files/56907508/LSE.part12.rar
http://rapidshare.com/files/56909717/LSE.part13.rar
http://rapidshare.com/files/56911755/LSE.part14.rar
http://rapidshare.com/files/56913670/LSE.part15.rar
http://rapidshare.com/files/56915573/LSE.part16.rar
http://rapidshare.com/files/56917522/LSE.part17.rar
http://rapidshare.com/files/56919496/LSE.part18.rar
http://rapidshare.com/files/56921553/LSE.part19.rar
http://rapidshare.com/files/56923477/LSE.part20.rar
http://rapidshare.com/files/56925534/LSE.part21.rar
http://rapidshare.com/files/56927553/LSE.part22.rar
http://rapidshare.com/files/56888492/LSE.part23.rar
Pass: uploaded by ultimate
http://rapidshare.com/files
http://rapidshare.com/files
http://rapidshare.com/files
http://rapidshare.com/files
http://rapidshare.com/files
http://rapidshare.com/files
http://rapidshare.com/files
http://rapidshare.com/files
http://rapidshare.com/files
http://rapidshare.com/files
http://rapidshare.com/files
http://rapidshare.com/files
http://rapidshare.com/files
http://rapidshare.com/files
http://rapidshare.com/files
http://rapidshare.com/files
http://rapidshare.com/files
http://rapidshare.com/files
http://rapidshare.com/files
http://rapidshare.com/files
http://rapidshare.com/files
http://rapidshare.com/files
http://rapidshare.com/files
Pass: uploaded by ultimate
1 comments:
Link die het rui ban oi. Post lai duoc ko?
Thanks
Post a Comment