UNIX/LINUX

UNIX/LINUX NETWORK ADMINISTRATION AND SECURITY

DESCRIPTION
This training program helps the participants to configure multiple parts of a Linux system with the goal to optimize its functionality, reliability, performance and security.
COURSE CONTENT

Module 1: Introduction to Network Services

  • Linux Network Components
  • Connecting Networks
  • Service Management
  • chkconfig
  • xinetd Services
  • The xinetd Daemon
  • Fault Analysis

Module 2: Organizing Networked Systems

  • DNS Basics
  • Internet DNS Hierarchy
  • Name Server Hierarchy
  • Client-side DNS
  • Server-side DNS
  • Berkeley Internet Name Domain (BIND)
  • Configuring BIND
  • Configuration File Basics
  • Address Match Lists and acl
  • rndc
  • Zone Files
  • Main Record Types
  • Delegating Subdomains
  • Caching-only Name Server
  • BIND Utilities
  • BIND Syntax Utilities
  • Configuring the DHCP server

Module 3: Network File Sharing Services

  • Configuring NFS services
  • Configuring FTP services
  • Samba Services
  • Samba Daemons
  • Configuring Samba
  • Configuring File and Directory Sharing
  • Printing to the Samba Server
  • Authentication Methods
  • Samba Client Tools: smbclient and smbmount

Module 4: Electronic Mail Services

  • sendmail Features
  • Security and "Anti-Spam" Features
  • An Email Review
  • Simple Operational Overview
  • Main Configuration Files
  • sendmail Configuration with the m4 Macro Language
  • sendmail Client Configuration
  • Blacklisting Recipients
  • Debugging sendmail
  • Postfix
  • Using Postfix
  • Additional postfix Configuration Files
  • procmail Local Delivery

Module 5: The HTTP Service

  • Apache Features
  • Apache Configuration
  • Apache Server Configuration
  • Virtual Hosts
  • Apache Namespace Configuration
  • CGI
  • Apache Encrypted Web Server
  • Squid Web Proxy Cache

Module 6: Security Concerns and Policy

  • Security Terms
  • Basic Network Security
  • Which Services Are Running?
  • Remote Service Detection
  • Definitions of Security
  • Security Policy
  • Backup Policies

Module 7: Authentication Services

  • Authentication Basics
  • Service Profile: PAM
  • PAM Operation
  • Core PAM Modules
  • Authentication Modules
  • Password Security
  • Password Policy
  • Resource Limits
  • User Access Control
  • Single User Mode
  • Authentication Troubleshooting
  • NIS Overview
  • NIS Server Topology
  • Configuring an NIS Server
  • NIS Client Configuration
  • NIS Troubleshooting

Module 8: System Monitoring

  • Introduction to System Monitoring
  • File System Analysis
  • Set User and Group ID Permissions
  • Typical Problematic Permissions
  • EXT2 Filesystem Attributes
  • Monitoring Data Integrity with tripwire
  • Configuring tripwire
  • System Log Files
  • syslogd and klogd configuration
  • Advanced syslogd configuration
  • Log File Analysis
  • Monitoring and Limiting Processes
  • Monitoring Processes with top
  • Monitoring Processes Graphically
  • System Activity Reporting
  • Process Accounting Tools

Module 9: Securing Networks

  • Packet Filtering Capabilities
  • Netfilter Architecture
  • Netfilter Packet Flow
  • Chain Operations
  • Rule targets
  • Rule Matching
  • Network Address Translation(NAT)
  • Connection Tracking
  • Rule persistence
  • The "Bastion Host"

Module 10: Securing Services

  • SystemV Startup Control
  • Securing the Service
  • tcp_wrappers Configuration
  • Daemon Specification
  • Client Specification
  • Advanced Syntax
  • xinetd-based security
  • xinetd Access Control
  • Host Patterns
  • Advanced Security Options

Module 11: Securing Data

  • The Need For Encryption
  • Cryptographic Building Blocks
  • Random Numbers
  • One-Way Hashes
  • Symmetric Encryption
  • Asymmetric Encryption
  • Public Key Infrastructures
  • Digital Certificates
  • Generating Digital Certificates
  • OpenSSH Overview
  • The OpenSSH
  • OpenSSH Authentication
  • Protecting Your Keys
  • Applications: RPM