Sitemap | Search


 
Training > Courses > Oracle > Enterprise Linux Security Administration

Enterprise Linux Security Administration

 What you will learn:

This highly technical course focuses on properly securing machines running the Linux operating systems. A broad range of general security techniques such as user/group policies, and file integrity checking are covered. Advanced security technologies are taught such as Kerberos and the hardening of popular applications such as Apache, databases, and email systems. At the end of the course, students have an excellent understanding of the potential security vulnerabilities -- know how to audit existing machines, and best practices how to securely deploy new Linux servers.

Schedule/Purchase
Training Formats
Price
Duration
View Schedule (Link)
Instructor-Led Training
SAR 7031.25
4 Days

Prerequisites:
Required Prerequisites:
Course Objectives:
  • identify the Security Concepts
  • Implement Kerberos
  • Secure NTP
  • Administrate and use Kerberos
  • Use Kerberized Clients
  • Secure the filesystem
  • Secure Apache
  • Secure PostgreSQL
  • Secure EMail Systems
  • Enable Policy
Course Topics:
Security Concepts
  • Basic Security Principles
  • Default Install
  • Firewall Options and File Security
  • Minimization - Discovery
  • Service Discovery
  • Hardening
  • Security Concepts
Probing, Mapping and Scanning for Vulnerabilities
  • The Security Environment
  • Stealth Reconnaissance
  • The WHOIS database
  • Interrogating DNS
  • Discovering Available Hosts & Applications and RPC Services
  • Reconnaissance with SNMP
  • Enumerating NFS Shares
  • Nessus Insecurity Scanner and Installation
Password Security and PAM
  • Unix Passwords and Password Aging
  • Auditing Passwords
  • PAM Implementation, Management, and Control Statements
  • PAM Modules
  • User Device Access: resmgr
Secure network time protocol (NTP)
  • Time Measurements and Synchronization Methods
  • NTP Evolution
  • Time Server Hierarchy
  • Operational Modes
  • Configuring NTP Clients and Servers
  • Securing NTP
  • NTP Packet Integrity
  • Useful NTP Commands
Kerberos Concepts
  • The Computing Landscape
  • Common Security Problems
  • Account Proliferation
  • The Kerberos Solution
  • Kerberos History, Implementations, and Concepts
  • Kerberos Principals, Safeguards, and Components
  • Authentication Process and Identification Types
  • Gaining and Using Privileges
Kerberos Components
  • Kerberos Components
  • Kerberos Principal Review
  • Kerberized Services Review and Clients
  • KDC Server Daemons
  • Configuration Files
  • Utilities Overview
  • Kerberos SysV Init Scripts
Implementing Kerberos
  • Plan Topology and Implementation
  • Kerberos 5 Client and Server Software
  • Synchronize Clocks
  • Creating and Configuring the Master KDC
  • KDC Logging
  • Create KDC Databases and Administrators
  • Configure Slave KDCs
  • Install krb5.conf on Clients and Client PAM Configuration
Administrating and Using Kerberos
  • Key Tables and Managing Keytabs
  • MIT Principal Policy
  • Signing Into Kerberos
  • Ticket types and Viewing Tickets
  • GUI Kerberos Ticket Management
  • Passwords and Changing Passwords
  • Using Kerberized Services and Enabling Kerberized Services
  • Kerberized FTP and OpenSSH
Securing the filesystem
  • Filesystem Mount Options
  • NFS Properties and NFS Export Option
  • NFSv4 and GSSAPI Auth
  • Implementing NFSv4
  • File Encryption with GPG and OpenSSL
  • Encrypted Loopback FS
Tripwire
  • Host Intrusion Detection
  • Using RPM as an IDS
  • TripWire History and Concepts
  • TripWire Installation, Policies, and Configuration
  • TripWire Commands and General Operation
Securing Apache
  • Default Configuration
  • Configuring CGI
  • Turning off unneeded modules
  • ACL by IP Address
  • HTTP User Authentication and Digest Authentication
  • Authentication via SQL, LDAP, and Kerberos
  • Scrubbing HTTP Headers
  • Metering HTTP Bandwidth
Securing PostgreSQL
  • PostgreSQL Overview and Default Configuration
  • Configuring SSL
  • Authentication Methods and Advanced Authentication
  • Ident-based Authentication
Securing EMail Systems
  • SMTP Overview and Implementations
  • Selecting an MTA
  • Security Considerations
  • Postfix Overview
  • Chrooting Postfix and Connections and Relays
  • SMTP AUTH & StartTLS/SSL
  • Secure Cyrus IMAP Config
  • Using GSSAPI/Kerberos Auth
Concepts
  • DAC vs. MAC
  • Shortcomings of Traditional UNIX Security
  • Goals, Terms, and Logical Architecture
  • Activating and Interfacing
  • Commands and Roles
  • Modified System Utilities
Policy
  • Policies Review
  • Choosing a Policy and Compiled Policy Files
  • M4 Macro Language
  • File Context Files (*.fc) and Type Enforcement Files (*.te)
  • Booleans
  • Graphical Policy Tools
  • Policy Analysis and Customization
  • Troubleshooting Problems