Enterprise Linux Network Security

Course overview

This 5-day course provides focuses on Enterprise Linux Network Security and protocols used in Linux, UNIX, and Windows 2003/2008 are examined. After a detailed discussion of the TCP/IP suite component protocols and Ethernet operation, the student practices using various tools to capture, analyze, and generate IP traffic. Students then explore the tools and techniques used to exploit protocol weaknesses and perform more advanced network attacks. After building a thorough understanding of network based attacks, course focus shifts to the defensive solutions available. Students install, configure, and test two of the most popular and powerful NIDS (Network Intrusion Detection Systems) solutions available. Finally, students create a Linux based router/firewall solution, including advanced functionality such as NAT (Network Address Translation), policy routing, and traffic shaping.

Prerequisites

• Linux system administration I (H7091S) and Linux system administration II (H7092S); or
• Accelerated Linux administration for experienced HP-UX or Sun Solaris administrators (U2794S)

Audience

• Linux system administrators wanting to increase their knowledge and skills in Enterprise Linux Network Security.

Ways to save

Benefits to you

• Learn and experience the TCP/IP suite component protocols and ethernet operation using various tools to capture, analyze, and generate IP traffic
• Explore the tools and techniques used to exploit protocol weaknesses and perform more advanced network attacks
• Install, configure, and test the most popular and powerful NIDS (Network Intrusion Detection Systems) solutions
• Efficiently use networking services and security options
• Create a Linux based router/firewall solution, including advanced functionality such as NAT (Network Address Translation), policy routing, and traffic shaping

Next Steps

• View our Linux system administrator curriculum path

Course outline

Ethernet and IP operation

• Ethernet security issues
• Detecting promiscuous NICs
• Tcpdump
• Ethereal
• IP fragmentation
• Important ICMP messages
• ICMP security issues
• LAB: Basic traffic generation, capture, and analysis

IP and ARP vulnerability analysis

• IP security issues
• Routing protocol security
• Protecting against IP abuse
• ARP security issues
• ARP cache poisoning defense
• LAB: Advanced traffic generation, capture, and analysis

UDP/TCP protocol and TELNET vulnerability

• UDP segment format
• TCP segment format
• TCP connection termination
• TCP SYN attack
• TCP sequence guessing
• TCP connection hijacking
• Telnet security concerns
• LAB: Attacks on TCP

FTP and HTTP vulnerability analysis

• FTP concepts
• Security concerns
• The bounce attack
• Minimizing risk
• FTP port stealing
• HTTP concepts
• Security concerns
• Header spoofing
• LAB: Attacks on FTP and HTTP

DNS protocol vulnerability analysis

• DNS concepts
• DNS spoofing
• DNS cache poisoning
• DNS security improvements
• LAB: Attacks on DNS

SSH and HTTPS protocol vulnerability analysis

• SSH concepts
• SSH vulnerabilities
• HTTPS protocol analysis
• SSL enabled protocols
• The SSL handshake
• SSL vulnerabilities
• Intercepted key exchange
• LAB: SSH and HTTPS

Remote operating system detection

• OS detection
• Commands
• TCP/IP stack fingerprinting
• Remote fingerprinting applications
• Nmap
• LAB: Using nmap

Attacks and basic attach detection

• Sources of attacks
• Denial-of-service attacks
• Methods of intrusion
• Password cracking
• Intrusion detection
• Attack detection tools
• Klaxon
• PortSentry
• LAB: Basic scan detection

Intrusion Detection Technologies (IDS)

• Intrusion Detection Systems (IDS)
• Host-based IDS
• Network-based IDS
• Network-node IDS
• File integrity checkers
• Snort architecture
• Snort detection rules
• Snort logs and alerts
• LAB: Exploring snort

Advanced snort configuration

• Advanced snort features
• Snort add-ons
• ACID web console
• The ACID interface
• Snortcenter management
• LAB: snort tools

Snort rules

• Snort rules format
• Snort rules options
• Writing snort rules
• LAB: Custom snort rules

Linux and static routing

• Linux as a router
• Linux router minimum requirements
• Router Specific settings
• LAB: Static routing

Linux firewalls

• Application firewalls: TCP wrappers
• Application firewalls: squid
• Packet filters: ipchains
• Stateful packet filters: iptables
• Recommended firewall rules
• Using iptables
• Advanced iptables actions
• LAB: iptables

Network and port address translation

• Network Address Translation (NAT)
• Port Address Translation (PAT)
• Configuring NAT and PAT
• NAT limitations
• Security using NAT and PAT
• Detecting NAT
• LAB: Network address translation

IP policy routing

• Advanced routing
• Replacing ifconfig with ip
• Replacing route with arp
• Policy routing
• Linux policy routing
• LAB: Policy routing