• No results found

RHS333 Red Hat Enterprise Security

N/A
N/A
Info
Download
Protected

Academic year: 2021

Share "RHS333 Red Hat Enterprise Security"

Copied!
6
0
0

Loading.... (view fulltext now)

Download now ( 6 Page )

Full text

(1)

RHS333 Red Hat Enterprise Security:

Network Services

Course Outline

RHS333 goes beyond the essential security coverage offered in the RHCE curriculum and delves deeper into the security features, capabilities, and risks associated with the most commonly deployed services. Among the topics covered in this four-day, hands-on course are the following:

1. The Threat Model and Protection Methods

o Internet threat model and the attacker's plan o System security and service availability o An overview of protection mechanisms

2. Basic Service Security

o SELinux

o Host-based access control

o Firewalls using Netfilter and iptables o TCP wrappers

o xinetd and service limits

3. Cryptography

o Overview of cryptographic techniques o Management of SSL certificates o Using GnuPG

4. Logging and NTP

o Time synchronization with NTP o Logging: syslog and its weaknesses o Protecting log servers

5. BIND and DNS Security

o BIND vulnerabilities

o DNS Security: attacks on DNS o Access control lists

o Transaction signatures

o Restricting zone transfers and recursive queries o DNS Topologies

o Bogus servers and blackholes o Views

o Monitoring and logging o Dynamic DNS security

6. Network Authentication: RPC, NIS, and Kerberos

o Vulnerabilities

o Network-managed users and account management o RPC and NIS security issues

o Improving NIS security o Using Kerberos authentication o Debugging Kerberized Services o Kerberos Cross-Realm Trust o Kerberos Encryption

(2)

o Overview of NFS versions 2, 3, and 4 o Security in NFS versions 2 and 3 o Improvements in security in NFS4 o Troubleshooting NFS4

o Client-side mount options

8. OpenSSH

o Vulnerabilities

o Server configuration and the SSH protocols o Authentication and access control

o Client-side security o Protecting private keys

o Port-forwarding and X11-forwarding issues

9. Electronic Mail with Sendmail

o Vulnerabilities o Server topologies o Email encryption

o Access control and STARTTLS o Anti-spam mechanisms

10. Postfix

o Vulnerabilities

o Security and Postfix design o Configuring SASL/TLS

11. FTP

o Vulnerabilities

o The FTP protocol and FTP servers o Logging o Anonymous FTP o Access control 12. Apache security o Vulnerabilities o Access control

o Authentication: files, passwords, Kerberos

o Security implications of common configuration options o CGI security

o Server side includes o suEXEC

13. Intrusion Detection and Recovery

o Intrusion risks o Security policy

o Detecting possible intrusions

o Monitoring network traffic and open ports o Detecting modified files

o Investigating and verifying detected intrusions

(3)

RH423 Red Hat Enterprise Directory

Services and Authentication

Course Outline

1. Introduction to Directory Services

o What is a directory?

o LDAP: models, schema, and attributes o Object classes

o LDIF

2. The LDAP Naming Model

o Directory information trees and Distingued Names o X.500 and "Internet" naming suffixes

o Planning the directory hierarchy

3. Red Hat Directory Server: Basic Configuration

o Installation and setup of Red Hat Directory Server o Using the Red Hat Console

o Using logging to monitor Red Hat Directory Server activity o Backing up and restoring the directory

o Basic performance tuning with indexes

4. Searching and Modifying the LDAP Directory

o Using command line utilities to search the directory o Search filter syntax

o Updating the directory

5. Red Hat Directory Server: Authentication and Security

o Configuring TLS security

o Using access control instructions (ACI's) o ACI's and the Red Hat Console

6. Linux User Authentication with NSS and PAM

o Understanding authentication and authorization o Name service switch (NSS)

o Advanced pluggable authentication modules (PAM) configuration

7. Centralized User Authentication with LDAP

o Central account management with LDAP

o Using migration scripts to migrate existing data into an LDAP server o LDAP user authentication

8. Kerberos and LDAP

o Introduction to Kerberos

o Configuring the Kerberos key distribution center (KDC) and clients o Configuring LDAP to support Kerberos

9. Directory Referrals and Replication

o Referrals and replication o Single master configuration o Multiple master configuration

o Planning for directory server availability

(4)

o Synchronizing Red Hat Directory Server with Active Directory o Managing users with Winbind and LDAP

o Mapping attributes between Linux and Windows

11. Red Hat Enterprise IPA

o Understanding IPA o IPA requirements o Configuring IPA server o Configuring IPA clients

RHS429 Red Hat Enterprise SELinux Policy

Administration

Course Outline

Unit 1 - Introduction to SELinux

• Discretionary Access Control vs. Mandatory Access Control

• SELinux History and Architecture Overview

• Elements of the SELinux security model:

o user identity and role o domain and type

o sensitivity and categories o security context

• SELinux Policy and Red Hat's Targeted Policy

• Configuring Policy with Booleans

• Archiving

• Setting and Displaying Extended Attributes

Hands-on Lab: Understanding SELinux

Unit 2 - Using SELinux

• Controlling SELinux

• File Contexts

• Relabeling Files and Filesystems

• Mount options

Hand-on Lab: Working with SELinux

Unit 3 - The Red Hat Targeted Policy

• Identifying and Toggling Protected Services

• Apache Security Contexts and Configuration Booleans

• Name Service Contexts and Configuration Booleans

• NIS Client Contexts

• Other Services

(5)

• Troubleshooting and avc Denial Messages

• setroubleshootd and Logging

Hands-on Lab: Understanding and Troubleshooting the Red Hat Targeted Policy

Unit 4 - Introduction to Policies

• Policy Overview and Organization

• Compiling and Loading the Monolithic Policy and Policy Modules

• Policy Type Enforcement Module Syntax

• Object Classes

• Domain Transition

Hands-on Lab: Understanding policies

Unit 5 - Policy Utilities

• Tools available for manipulating and analyzing policies

o apol

o seaudit and seaudit_report o checkpolicy

o sepcut o sesearch o sestatus

o audit2allow and audit2why o sealert

o avcstat o seinfo

o semanage and semodule o Man pages

Hands-on Lab: Exploring Utilities

Unit 6 - User and Role Security

• Role-based Access Control

• Multi Category Security

• Defining a Security Administrator

• Multi-Level Security

• The strict Policy

• User Identification and Declaration

• Role Identification and Declaration

• Roles in Use in Transitions

• Role Dominance

Hands-on Lab: Implementing User and Role Based Policy Restrictions

Unit 7 - Anatomy of a Policy

Policy Macros

Type Attributes and Aliases Type Transitions

(6)

restorecond

Customizable Types

Hands-on Lab: Building Policies

Unit 8 - Manipulating Policies

Installing and Compiling Policies The Policy Language

Access Vector SELinux logs

Security Identifiers - SIDs Filesystem Labeling Behavior Context on Network Objects Creating and Using New Booleans Manipulating Policy by Example Macros

Enableaudit

Hands-on Lab: Compiling Policies

Unit 9 - Project

Best practices

Create File Contexts, Types and Typealiases Edit and Create Network Contexts

Edit and Create Domains

References

Download now ( PDF - 6 Page - 85.47 KB )

Related documents

Red Hat Enterprise Linux 7 Windows Integration Guide

That can be a complex task and real md simplifies that configuration; it can run a service discovery to identify available Active Directory and Red Hat Enterprise Linux

Interoperability Update: Red Hat Enterprise Linux 7 beta and Microsoft Windows

Direct Integration – Red Hat Enterprise Linux 6 Identity Store Components Platform Third Party Client Central Identity Server Active Directory. Red Hat

Integrating Red Hat Enterprise Linux 6 with Active Directory. Mark Heslin Principal Software Engineer

It is essential that the time service on the Red Hat Enterprise Linux 6 systems and Active Directory (Windows 2008) server are synchronized, otherwise Kerberos authentication may

Building a project ontology with extreme collaboration and virtual design and construction

This paper defines the concept of the ‘tripod’ method of design that uses VDC modeling (multi-disciplinary performance-based virtual design and construction modeling), an integrated

Immediate reality as a source of ecological experiences and awareness of children about the environment : Immediate reality as a source of ecological experiences and awareness of children about the environment

Trećim zadatkom htjeli smo ispitati oblike rada pomoću kojih odgajtelji potiču direktan kontakt i realiziraju neposredna iskustva djece s prirodom/okolišem izvan

CATALOG Everest COLLEGE

Everest College provides the competitive skills and knowledge necessary to obtain professional employment and career advancement in accounting, business, business

Mining at the Crossroads of Law and Development: A Comparative Review of Labor-Related Local Content Provisions in Africa\u27s Mining Laws Through the Prism of Automation

Increased productivity, the mitigation and potential elimination of environmental and human related hazards, and the lower cost of inputs are valid objectives

Relationship Between Self-Care Agency, Self-Care Practices, and Body Mass Index Among Nursing Professionals

A further challenge to the role model relationship between nurse and patient is the impact of nurses’ beliefs about weight management behaviors on engagement in patient