LinuxCBT Security Edition encompasses 9 pivotal security modules: 1. Security Basics (fundamentals) 2. Proxy Security featuring Squid 3. Firewall Security featuring IPTables 4. SELinux Security - MAC-based Security Controls 5. Network Intrusion Detection System (NIDS) Security featuring Snort® NIDS 6. Packet | Capture | Analysis Security featuring Ethereal® 7. Pluggable Authentication Modules (PAM) Security 8. Open Secure Shell version 2 (OpenSSHv2) Security 9. OpenPGP with Gnu Privacy Guard (GPG) Security LinuxCBT Security Edition is unparalleled in content, depth and expertise. It entails 89-hours, or ~ 2-weeks of classroom training. LinuxCBT Security Edition prepares you or your organization for successfully securing GNU/Linux & Open Source-based solutions. As a by- product, many of the covered concepts, utilities and tricks are applicable to heterogeneous computing environments, ensuring your coverage of the fundamentals of securing corporate infrastructures. Recommended Prerequisites for: • Any LinuxCBT Operating System Course (Classic/EL-4/SUSE/Debian Editions) Open mind & determination to master Linux and related open-source applications Basic understanding of networking concepts Access to a PC to follow the exercises Basic Security - Module 1 • Boot Security ○ Explore Dell PowerEdge BIOS Security-related features ○ Discuss concepts & improve Dell PowerEdge BIOS security ○ Explain run-time boot loader vulnerabilities ○ Explore single-user mode (rootshell) and its inherent problems ○ Modify default GRUB startup options & examine results ○ Secure boot loader using MD5 hash ○ Identify key startup-related configuration files & define boot security measures ○ Identify key boot-related utilities ○ Confirm expected hardware configuration ○ Discuss INIT process, runlevel configuration & concepts ○ Explore & tighten the security of the INIT configuration ○ ○ Shell Security ○ Confirm expected applications ○ Discuss Teletype Terminals (TTYs) and Pseudo Terminals (PTS) ○ Identify common TTYs and PTSs ○ Track current TTYs and PTSs - character devices ○ Discuss concepts related to privileged and non-privileged use ○ Restrict privileged login ○ Use SSH and discuss TTYs ○ Discuss the importance of consistent system-wide banners & messages ○ Define and configure system banners for pre and post-system-access ○ Identify user-logon history and correlate to TTYs ○ Identify current user-connections - console-based and network-based ○ Use lsof to identify open files and sockets ○ ○ Syslog Security ○ Discuss Syslog concepts and applications ○ Explain Syslog semantics - facilities & levels - message handling & routing ○ Focus on security-related Syslog facilities ○ Examine security logs managed by Syslog ○ Configure Network Time Protocol (NTP) on interesting hosts ○ Secure NTP configuration ○ Ensure time consistency to preserve log-integrity ○ Configure Syslog replication to preserve log-integrity ○ Identify log discrepancies between Syslog hosts ○ ○ Reconnaissance & Vulnerability Assessment Tools ○ Discuss Stage-1 host/network attack concepts ○ Upgrade NMAP reconnaissance tool to increase effectiveness ○ Identify NMAP files ○ Discuss TCP handshake procedure ○ Discuss half-open/SYN connections ○ Perform connect and SYN-based host/network reconnaissance ○ Identify potential vulnerabilities on interesting hosts derived from reconnaissance ○ Examine NMAP logging capabilities ○ Perform port sweeps to identify common vulnerabilities across exposed systems ○ Secure exposed daemons/services ○ Perform follow-up audit to ensure security policy compliance ○ Discuss vulnerability scanner capabilities and applications ○ Prepare system for Nessus vulnerability scanner installation - identify/install dependencies ○ Generate self-signed SSL/TLS certificates for secure client/server communications ○ Activate Nessus subscription, server and client components ○ Explore vulnerability scanner interface and features ○ Perform network-based reconnaissance attack to determine vulnerabilities ○ Examine results of the reconnaissance attack and archive results ○ Secure exposed vulnerabilities ○ ○ XINETD - TCPWrappers - Chattr - Lsattr - TCPDump - Clear Text Daemons ○ Install Telnet Daemon ○ Install Very Secure FTP Daemon (VSFTPD) ○ Explore XINETD configuration and explain directives ○ Configure XINETD to restrict communications at layer-3 and layer-4 ○ Restrict access to XINETD-protected daemons/services based on time range ○ Examine XINETD logging via Syslog ○ Discuss TCPWrappers security concepts & applications ○ Enhance Telnetd security with TCPWrappers ○ Confirm XINETD & TCPWrappers security ○ Discuss chattr applications & usage ○ Identify & flag key files as immutable to deter modifcation ○ Confirm extended attributes (XATTRs) ○ Discuss TCPDump applications & usage ○ Configure TCPDump to intercept Telnet & FTP - clear-text traffic ○ Use Ethereal to examine & reconstruct captured clear-text traffic ○ ○ Secure Shell (SSH) & MD5SUM Applications ○ Use Ethereal to examine SSH streams ○ Generate RSA/DSA PKI usage keys ○ Configure Public Key Infrastructure (PKI) based authentication ○ Secure PKI authentication files ○ Use SCP to transfer files securely in non-interactive mode ○ Use SFTP to transfer files securely in interactive mode ○ Configure SSH to support a pseudo-VPN using SSH-Tunnelling ○ Discuss MD5SUM concepts and applications ○ Compare & contrast modified files using MD5SUM ○ Use MD5SUM to verify the integrity of downloaded files ○ ○ GNU Privacy Guard (GPG) - Pretty Good Privacy (PGP) Compatible - PKI ○ Discuss GPG concepts & applications - symmetric/asymmetric encryption ○ Generate asymmetric RSA/DSA GPG/PGP usage keys - for multiple users ○ Create a local web of trust ○ Perform encrypts/decrypts and test data-exchanges ○ Sign encrypted content and verify signatures @ recipient ○ Import & export public keys for usage ○ Use GPG/PGP with Mutt Mail User Agent (MUA) ○ ○ AIDE File Integrity Implementation ○ Discuss file-integrity checker concepts & applications ○ Identify online repository & download AIDE ○ Install AIDE on interesting hosts ○ Configure AIDE to protect key files & directories ○ Alter file system objects and confirm modifications using AIDE ○ Audit the file system using AIDE ○ ○ Rootkits ○ Discuss rootkits concepts & applications ○ Describe privilege elevation techniques ○ Obtain & install T0rnkit - rootkit ○ Identify system changes due to the rootkit ○ Implement T0rnkit with AIDE to identify compromised system objects ○ Implement T0rnkit with chkrootkit to identify rootkits ○ T0rnkit - rootkit - cleanup ○ Implement N-DU rootkit ○ Evaluate system changes ○ ○ Bastille Linux - OS-Hardening ○ Discuss Bastille Linux system hardening capabilities ○ Obtain Bastille Linux & perform a system assessment ○ Install Bastille Linux ○ Evaluate hardened system components ○ top Proxy Security - Module 2 • Squid Proxy Initialization ○ Discuss Squid concepts & applications ○ Discuss DNS application ○ Configure DNS on primary SuSE Linux server for the Squid Proxy environment ○ Confirm DNS environment ○ Start Squid and evaluate default configuration ○ Install Squid Proxy server ○ ○ General Proxy Usage ○ Configure web browser to utilize proxy services ○ Grant permissions to permit local hosts to utilize proxy services ○ Discuss ideal file system layout - partitioning ○ Explore key configuration files ○ Use client to test the performance of proxy services ○ Discuss HIT/MISS logic for serving content ○ Configure proxy support for text-based (lftp/wget/lynx) HTTP clients ○ ○ Squid Proxy Logs ○ Discuss Squid Proxy logging mechanism ○ Identify key log files ○ Discuss & explore the Access log to identify HITS and/or MISSES ○ Discuss & explore the Store log to identify cached content ○ Convert Squid logs to the Common Log Format (CLF) for easy processing ○ Discuss key CLF fields ○ Configure Webalizer to process Squid-CLF logs ○ Revert to Squid Native logs ○ Discuss key Native log fields ○ Configure Webalizer to process Squid Native logs ○ ○ Squid Network Configuration & System Stats ○ Discuss cachemgr.cgi Common Gateway Interface(CGI) script ○ Explore the available metrics provided by cachemgr.cgi ○ Change default Squid Proxy port ○ Modify text/graphical clients and test communications ○ Discuss Safe Ports - usage & applications ○ ○ Squid Access Control Lists (ACLs) ○ Intro to Access Control Lists (ACLs) - syntax ○ Define & test multiple HTTP-based ACLs ○ Define & test ACL lists - to support multiple hosts/subnets ○ Define & test time-based ACLs ○ Nest ACLs to tighten security ○ Implement destination domain based ACLs ○ Exempt destination domains from being cached to ensure content freshness ○ Define & test Anded ACLs ○ Discuss the benefits of Regular Expressions (Regexes) ○ Implement Regular Expressions ACLs to match URL patterns ○ Exempt hosts/subnets from being cached or using the Squid cache ○ Force cache usage ○ Configure enterprise-class Cisco PIX firewall to deny outbound traffic ○ Configure DNS round-robin with multiple Squid Proxy caches for load-balancing ○ Discuss delay pool concepts & applications - bandwidth management ○ Configure delay pools - to support rate-limiting ○ Examine results of various delay pool classes ○ Enforce maximum connections to deter Denial of Service (DoS) attacks ○ Verify maximum connections comply with security policy ○ ○ Squid Proxy Hierarchies ○ Discuss Squid cache hierarchy concepts & applications ○ Ensure communications through a primary cache server - double-auditing ○ Discuss and configure parent-child bypass based on ACLs ○