Red Hat Enterprise Security Network Services (RHS333)

Security for the most commonly deployed services

Course outline

The threat model and protection methods

  • Internet threat model and the attacker's plan

  • System security and service availability

  • An overview of protection mechanisms

Basic service security

  • SELinux

  • Host-based access control

  • Firewalls using Netfilter and iptables

  • TCP wrappers

  • xinetd and service limits

Cryptography

  • Overview of cryptographic techniques

  • Management of SSL certificates

  • Using GnuPG

Logging and NTP

  • Time synchronization with NTP

  • Logging: syslog and its weaknesses

  • Protecting log servers

BIND and DNS security

  • BIND vulnerabilities

  • DNS security: attacks on DNS

  • Access control lists

  • Transaction signatures

  • Restricting zone transfers and recursive queries

  • DNS topologies

  • Bogus servers and black holes

  • Views

  • Monitoring and logging

  • Dynamic DNS security

Network authentication: RPC, NIS, and Kerberos

  • Vulnerabilities

  • Network-managed users and account management

  • RPC and NIS security issues

  • Improving NIS security

  • Using Kerberos authentication

  • Debugging Kerberized services

  • Kerberos cross-realm trust

  • Kerberos encryption

Network File System

  • Overview of NFS versions 2, 3, and 4

  • Security in NFS versions 2 and 3

  • Improvements in security in NFS4

  • Troubleshooting NFS4

  • Client-side mount options

OpenSSH

  • Vulnerabilities

  • Server configuration and the SSH protocols

  • Authentication and access control

  • Client-side security

  • Protecting private keys

  • Port-forwarding and X11-forwarding issues

Electronic mail with Sendmail

  • Vulnerabilities

  • Server topologies

  • Email encryption

  • Access control and STARTTLS

  • Anti-spam mechanisms

Postfix

  • Vulnerabilities

  • Security and Postfix design

  • Configuring SASL/TLS

FTP

  • Vulnerabilities

  • The FTP protocol and FTP servers

  • Logging

  • Anonymous FTP

  • Access control

Apache security

  • Vulnerabilities

  • Access control

  • Authentication: files, passwords, Kerberos

  • Security implications of common configuration options

  • CGI security

  • Server-side includes

  • suEXEC

Intrusion detection and recovery

  • Intrusion risks

  • Security policy

  • Detecting possible intrusions

  • Monitoring network traffic and open ports

  • Detecting modified files

  • Investigating and verifying detected intrusions

  • Recovering from, reporting, and documenting intrusions




Note: Course outline is subject to change with technology advances and as the nature of the underlying job evolves. For questions or confirmation on a specific objective or topic, please contact a training specialist.