RHS333/EX333 Red Hat Enterprise Security: Network Services With Exam

Revision: TE1514_20060318

Course Length:

5 Days

Course Description:

Red Hat Enterprise Linux has gained considerable momentum as the operating system of choice for deploying network services such as web, ftp, email, and file sharing. Red Hat's RHCE curriculum provides training in deploying these services and on the essential elements of securing them.

Who Should Attend:

The audience for this course includes system administrators, consultants, and other IT professionals responsible for the planning, implementation, and maintenance of network servers. While the emphasis is on running these services on Red Hat Enterprise Linux, and the content and labs will assume its use, system administrators and others using proprietary forms of Unix may also find many elements of this course relevant.

Benefits of Attendance:

Upon completion of this course, students will be able to:

• Master basic service security.
• Understand cryptography.
• Log system activity.
• Secure BIND and DNS.
• Improve NFS security.
• Manage FTP access.

Prerequisites:

RH253, RH300, or RHCE certification or equivalent work experience is required for this course. Course participants should already know the essential elements of how to configure the services covered, as this course will be focusing on more advanced topics from the outset.

Course Outline:

• Chapter 1: Mastering Basic Service Security
  1. Review of Host Security
  2. Advanced TCP Wrappers Configuration
  3. Advanced xinetd Configuration
• Chapter 2: Understanding Cryptography
  1. Overview of Cryptographic Techniques
  2. Management of SSL Certificates
• Chapter 3: Logging System Activity
  1. Clock Synchronization with NTP
  2. Configuring Centralized syslog Management
• Chapter 4: Securing Bind And DNS
  1. Name Server Topology and "Views"
  2. Configuration of Appropriate recursion and Response Policies
  3. Using TSIG Authentication Keys
  4. Running BIND in a chroot Environment
• Chapter 5: Network User Authentication Security
  1. Managing portmap and NIS Risks
  2. Using Kerberos Authentication
• Chapter 6: Improving NFS Security
  1. NFS Security Limitations
  2. Configurations to Avoid
• Chapter 7: The Secure Shell: OpenSSH
  1. Protocol and Service Security
  2. Protecting Public-key Authentication
  3. Port-forwarding and X11-Forwarding Issues
• Chapter 8: Securing E-mail With Sendmail And Postfix
  1. User Mail Spool Access Issues
  2. Overview of Postfix Configuration
  3. Access Control and STARTTLS
  4. Anti-Spam Features
  5. Introduction to Procmail
• Chapter 9: Managing FTP Access
  1. Controlling Local and anonymous Users
• Chapter 10: Apache Security
  1. User Authentication and Access Control
  2. Common Misconfigurations
  3. Containing CGI Risks
• Chapter 11: Basics Of Intrusion Response
  1. Monitoring for Suspicious Activity
  2. Verifying Suspected Intrusions
  3. Recovering From an Intrusion