U208: Linux Advanced Networking & Security Administration – 4 Days

Who Should Attend:
For Linux- and/or LINUX- systems administrators who want to build skills at configuring common network services and security administration using Linux.

Objectives:
This module covers areas for participants who want to become a system administrator who can setup a Linux server and configure common network services and security at an acceptable level. Topics include in-depth system and network services knowledge, less error-prone setups and high availability systems. Increased security practices, protection against common attacks and crash-free network service implementation are also included.

Contents:

Introduction to Network Services: Red Hat Linux Network Components, Connecting Networks, Service Management, chkconfig, xinetd Services

Basic Networking Services: DNS Basics, Zones, Domains & Delegation, Internet DNS Hierarchy, Name Server Hierarchy, Client-side DNS, Server-side DNS, Berkeley Internet Name Daemon (BIND), Configuring BIND, Configuration File Basics, Address Match Lists and acl, Zone Files, Main Record Types, Delegating Subdomains, Caching -only Name Server, BIND Utilities.

The Samba Service: Samba Introduction, Samba Services, Samba Daemons, Configuring Samba, Configuring Sharing, Enabling WINS, Printing to the Samba Server.

Electronic Mail Services: sendmail, Security and "Anti-Spam" Features, An Email Review, Simple Operational Objectives, Main Configuration Files, sendmail Client Configuration, Blacklisting Recipients, Debugging sendmail.

The HTTP Service: Apache Features, Apache Configuration, Apache Server Configuration, Virtual Hosts, Apache Namespace Configuration, CGI, Apache Encrypted Web Server.

NFS, FTP and DHCP Services: FTP,NFS File Sharing, NFS Server, Client-side NFS,DHCP Objectives, Configuring a DHCP Server.

Security Concerns and Policy: Security Terms, Basic Network Security, Definitions of Common Terms, Security Policy, Intrusion Detection, Backup Policies.

Authentication Services: Service Profile: PAM, PAM Operation, Core PAM Modules, Authentication Modules, Password Security Password Policy, Resource Limits, User Access Control, Single User Mode Authentication Troubleshooting, NIS Objectives, NIS Server Topology, Configuring an NIS Server, NIS Client Configuration, NIS Troubleshooting.

System Monitoring: File System Analysis, Set User and Group ID Permissions, EXT2 Filesystem Attributes, Monitoring Data Integrity with tripwire, Configuring tripwire System Log Files, syslogd and klogd configuration, Log File Analysis, Monitoring and Limiting Processes, Monitoring Processes with top, Monitoring Processes Graphically, System Activity Reporting, Process Accounting Tools.

Securing Networks: Packet Filtering Capabilities, Netfilter Architecture, Netfilter, Packet Flow, Chain Operations, Rule targets, Rule Matching, Network Address Translation (NAT), Connection Tracking, Rule persistence, The "Bastion Host".

Securing Services: System V Startup Control, Remote Service Detection, Securing the Service, tcp_wrappers configuration, Daemon/Client Specification, Advanced Syntax xinetd-based security, xinetd Access Control.

Enycryption: The Need For Encryption, Cryptographic Building Blocks, Random Numbers, One-Way Hashes, Symmetric Encryption, Asymmetric Encryption, Public Key Infrastructures, Digital Certificates, Generating Digital Certificates, OpenSSH Objectives, The OpenSSH, OpenSSH Authentication, Protecting Your Keys.