------------------------------------------------------------------------------------------------------------------------------------------

 
 

Linux Advanced Security

Introduction and Supporting Technologies

Types of service security

Application Availability

Data security and Integrity

Session security

Data Encryption

Open SSL

Digital Certificate

TLS/SSL Handshake

Generating a Private Key

Generating a Certificate Signing Request

Time Synchronization

Service Profile: NTP

Basic design of NTP

Simple Client Configuration

Server Configuration

Restrict and Access Control

Service Profile: SYSLOG

Configuring a Central Log Server

Weaknesses of syslog

Protecting Log Servers

 Advanced TCP Wrappers and xinetd

Access Control

Logging

Banners

/etc/xinetd.d issues

Interface Limits

Process Limits

Interaction with Other Filters

RPC Security:portmap,NIS,NFS

Vulnerabilities

The Portmapper

Detecting RPC services

Protecting the portmaper

Weaknesses of RPC

Protecting the portmapper

Network information Service

Network File System

Service Profile:NFS

Weakness of NFS

General NFS  Server Security

NFS Server Configuraion:/etc/exports

General NFS Client Security

Client Mount Options

 Kerberos

Vulnerabilities

Principles

Service Profiles:Kerberos

Installing Kerberized Services and Clients

Limitations of Kerberos

BIND and DNS Security

Service Profile:BIND

Types of Name Services

Attacks on DNS

Restricting Zone Transfer

Restricting Recursive Queries

Blocking all Queries

Running named in a Chroot() jail

DNS SEC

Limitations of DNSSEC

Electronic Mail

Server Topologies

/etc/mail/access

Black holes

Local Delivery Filtering

Procmail Operations

Procmail Recipes

Recipe Actions

Filtering email

Troubleshooting procmail

OpenSSH

Vulnerabilities

Service Profile:SSH

Protocols

Authentication Methods

Host Identification

Client Access Configuration

Logging and Reports

Authorized Keys Options

Forwarding Connections

FTP

Vulnerabilities

FTP Services

Service Profile: vsftpd

Service Profile: Wu-FTPed

Login Banners

Informational Capabilities

Local Users

Anonymous FTP

Anonymous FTP Uploading

Connection Restrictions

Host Access Restrictions

Encrypted File Transfer

Apache Security

Vulnerabilities

Security Profile:Apache

Access Control List

Flat File Authenticaion

Managing Passwords

SSL Virtual Hosts

SSL Security

CentOS PXE Instation

Install CentOS remotely by using PXE

Setting up a DHCP Server by using PXE file

Managing Disk and File System

Understanding the Disk Storage

Partition Hard Disks

Using Logical Volume Management Patitions

Mounting File System

Using the mkfs Command to Create a File System

 Configuring a Print Server

Common Unix Printing System

Setting up Printers

Configuring Print Services

 Samba Server Security

Configure Samba Server

Secure Smba Server

Accessing Samba Share

 Securing Linux On a Network

Understanding SELinux

Configuring SELinux

Configuring PAM

 Configuring Linux Kernel

Configuring or updating the kernel

Configuration and Compling Process

 Hacking Unix

Vulnerability Mapping

Understanding Sniffers

RootKit recovery

 Server Scanning

Determining If a system is Alive

Publicly Available Information

WHOIS and DNS Emulation

DNS Interrogation

Network Reconnaissance

 Linux Firewall Configuration

Using IPtables

 Managing User Accounts

Creating and Managing Users and Groups

Shadow Passwording

Process Accounting

Configure and Mange user accounts by Using PAM

 Connectivity with Cisco Routers

Configure and manage Cisco system via Linux

Securing Files and File System

Encrypting Files

Securely Mounting File System

Securing Removable Devices

Encrypting a loop file system

Unmounting an Encrypted file system

Logs and Log Monitoring

Sys log

Log Analysis and Correlation

Log Management and Rotation 

Manage Security Tools

NMAP

Nessus

Ethereal

Netcat

Snort

Tcpdump

Duration : 60 hrs

Investment : 30,000 /-