RHS 333

Red Hat Enterprise Security: Network Services (RHS333) is an intensive course that equips senior system administrators and security professionals with the skills and knowledge required to harden systems against both internal and external attacks. This class advances beyond the essential security coverage offered in the RHCE curriculum and delves more deeply into the security features, capabilities, and how to properly respond to sophisticated security threats aimed at enterprise systems. Students will also cover an in-depth analysis of the ever-changing threat models as they pertain to Red Hat Enterprise Linux.

Course Outline:

The Threat Model and Protection Methods

Internet threat model and the attacker's plan | System security and service availability | An overview of protection mechanisms

Basic Service Security

SELinux | Host-based access control | Firewalls using Netfilter and iptables | TCP wrappers | xinetd and service limits

Cryptography

Overview of cryptographic techniques | Management of SSL certificates | Using GnuPG

BIND and DNS Security

BIND vulnerabilities | DNS Security: attacks on DNS | Access control lists | Transaction signatures | Restricting zone transfers and recursive queries | DNS Topologies | Bogus servers and blackholes | Views | Monitoring and logging | Dynamic DNS security

Network Authentication: RPC, NIS, and Kerberos

Vulnerabilities | Network-managed users and account management | RPC and NIS security issues | Improving NIS security | Using Kerberos authentication | Debugging Kerberized Services | Kerberos Cross-Realm Trust | Kerberos Encryption

Network File System

Overview of NFS versions 2, 3, and 4 | Security in NFS versions 2 and 3 | Improvements in security in NFS4 | Troubleshooting NFS4 | Client-side mount options

OpenSSH

Vulnerabilities | Server configuration and the SSH protocols | Authentication and access control | Client-side security | Protecting private keys | Port-forwarding and X11-forwarding issues

Electronic Mail with Sendmail

Vulnerabilities | Server topologies | Email encryption | Access control and STARTTLS | Anti-spam mechanisms

Postfix

Vulnerabilities | Security and Postfix design | Anti-spam mechanisms | Configuring SASL/TLS

FTP

Vulnerabilities | The FTP protocol and FTP servers | Logging | Anonymous FTP | Access control

Apache security

Vulnerabilities | Access control | Authentication: files, passwords, Kerberos | Security implications of common configuration options | CGI security | Server side includes | suEXEC

Intrusion Detection and Recovery

Intrusion risks | Security policy | Detecting possible intrusions | Monitoring network traffic and open ports | Detecting modified files | Investigating and verifying detected intrusions | Recovering from, reporting, and documenting intrusions