Securing a Linux Server
Starting dates and places
Description
Overview
Linux server has proven itself as a powerful, stable, fast and scalable IT platform for both small-to-medium enterprise and large organisations, where data, network, high availability storage and other server-type provisioning installations are routinely served by Linux.
This course will build on the experience, knowledge and capabilities of the delegates, who - most likely - will have installed and managed a Linux machine(s) for a period of time. During this event, we will step through most of the system and server administration and maintenance tasks, this time concentrating on security aspects of the configuration, lock down techniques, and best practices for fine-tuning a system…
Frequently asked questions
There are no frequently asked questions yet. If you have any more questions or need help, contact our customer service.
Overview
Linux server has proven itself as a powerful, stable, fast and
scalable IT platform for both small-to-medium enterprise and large
organisations, where data, network, high availability storage and
other server-type provisioning installations are routinely served
by Linux.
This course will build on the experience, knowledge and
capabilities of the delegates, who - most likely - will have
installed and managed a Linux machine(s) for a period of time.
During this event, we will step through most of the system and
server administration and maintenance tasks, this time
concentrating on security aspects of the configuration, lock down
techniques, and best practices for fine-tuning a system in order to
make it as secure as relevant and possible.
The course is a follow up to the “Essential Linux Administration”,
“Advanced Linux Administration” and “Building a Linux Server”
training path.
Target audience
Experienced Linux system and network administrators, analysts, or
system architects responsible maintaining and securing servers
based on a Linux operating systemDelegates will also be expected to
be familiar with the basics of IT security and data encryption
concepts, as provided by the “Information Security Fundamentals”
course
Prerequisites
- Delegates should have previously attended the Building a Linux Server and Information Security Fundamentals courses (or have equivalent knowledge) and have several months practical experience of administering a Linux system
- Alternatively, they must be able to demonstrate a solid experience (typically several years) of any UNIX system administration and server maintenance
Delegates will learn how to
- Analyse the physical computer issues
- Protect Linux server at the GRUB level
- Appreciate a perimeter network concepts and protection
- Configure and use iptables firewall
- Implement jail environment with chroot
- Use SSH for seamless and secure connectivity
- Manage services as part of security proofing and tie down
- Implement and control basic SELinux policy
- Authentication Methods and Techniques
Course Outline.
Getting Started
Linux server market; Introduction to distributions considered in
this course; Red Hat, SUSE and Debian derivatives; Understand your
kernel; Web resources and forums
Physical and OS Security of Linux
Computer hardware; Location and environment; Network topology;
Hardware and software inventory; BIOS security; BIOS updates and
configuration; Bootstrapping protection; Securing access to GRUB
and the kernels; Password-protecting LILO; UEFI secure boot
specification
SSH Hints and Tricks
SSH purpose; Recap of basic SSH use; SSH client and server
configuration ; Using SSH keys; Creating public/private key pair;
Configuring and using SSH agent; Tunnelling X application in SSH;
Port forwarding; Principles of local and remote port forwarding;
Forwarding through a firewall and multiple gateways; SSH and
VNC
Introduction to SELinux
DAC vs. MAC security policies; Problems with traditional methods;
Main SELinux features: policies, enforcement, control; Scope,
coverage and availability of SELinux; SELinux states; Labelling and
access policies; Policy database and run-time flow; Creating
policies
User Account Security
User types and their accounts: Superuser(s), daemon users, ordinary
users; Terminal and shell control files; Unknown and dormant
accounts; Testing account usage and activity: lastlog, last, lastb;
Authenticating with PAM; PAM structure, control flow and
configuration; User login and security files; login.defs,
securetty, messages
Working with chroot
Why use a chroot environment; Best chroot practices; Basics of
constructing a chroot jail; Understanding the structure; Tools to
identify / create required files; Popular chroot implementations;
chroot-aware named packages
System Service Control
Linux SysVinit startup sequence; Single and multi-user run levels;
The init process and its configuration in /etc/inittab; SysVinit
startup; Upstart method; Runlevel and service; Using run level 4 to
isolate service management; Configuring runlevel 4 as means of
proofing Apache configuration
Perimeter Network Protection
Firewall concepts; Infrastructure and DMZ ; Types and
implementations; Linux firewall: iptables; Operating system and
software preparation; Rules, chains and targets; Saving and
restoring rules; Firewall products; Netfilter, iptables; Front end
products and alternatives; Using knockd to open holes in the
firewall
Authentication Methods and Techniques
SSL/TSL certificates: creating, validating, installing; Creating
Kerberos Key Distribution Centre; Managing Kerberos realm; Using
Kerberos alongside other technologies.
Share your review
Do you have experience with this course? Submit your review and help other people make the right choice. As a thank you for your effort we will donate £1.- to Stichting Edukans.There are no frequently asked questions yet. If you have any more questions or need help, contact our customer service.