LinuxCBT.com

Syllabus

Focus: Foundational Security Techniques

Duration: 16-Hours

  • Basic Security - Module I

    • Boot Security
      • Explore Dell PowerEdge BIOS Security-related features
      • Discuss concepts & improve Dell PowerEdge BIOS security
      • Explain run-time boot loader vulnerabilities
      • Explore single-user mode (rootshell) and its inherent problems
      • Modify default GRUB startup options & examine results
      • Secure boot loader using MD5 hash
      • Identify key startup-related configuration files & define boot security measures
      • Identify key boot-related utilities
      • Confirm expected hardware configuration
      • Discuss INIT process, runlevel configuration & concepts
      • Explore & tighten the security of the INIT configuration
    •  
    • Shell Security
      • Confirm expected applications
      • Discuss Teletype Terminals (TTYs) and Pseudo Terminals (PTS)
      • Identify common TTYs and PTSs
      • Track current TTYs and PTSs - character devices
      • Discuss concepts related to privileged and non-privileged use
      • Restrict privileged login
      • Use SSH and discuss TTYs
      • Discuss the importance of consistent system-wide banners & messages
      • Define and configure system banners for pre and post-system-access
      • Identify user-logon history and correlate to TTYs
      • Identify current user-connections - console-based and network-based
      • Use lsof to identify open files and sockets
    •  
    • Syslog Security
      • Discuss Syslog concepts and applications
      • Explain Syslog semantics - facilities & levels - message handling & routing
      • Focus on security-related Syslog facilities
      • Examine security logs managed by Syslog
      • Configure Network Time Protocol (NTP) on interesting hosts
      • Secure NTP configuration
      • Ensure time consistency to preserve log-integrity
      • Configure Syslog replication to preserve log-integrity
      • Identify log discrepancies between Syslog hosts
    •  
    • Reconnaissance & Vulnerability Assessment Tools
      • Discuss Stage-1 host/network attack concepts
      • Upgrade NMAP reconnaissance tool to increase effectiveness
      • Identify NMAP files
      • Discuss TCP handshake procedure
      • Discuss half-open/SYN connections
      • Perform connect and SYN-based host/network reconnaissance
      • Identify potential vulnerabilities on interesting hosts derived from reconnaissance
      • Examine NMAP logging capabilities
      • Perform port sweeps to identify common vulnerabilities across exposed systems
      • Secure exposed daemons/services
      • Perform follow-up audit to ensure security policy compliance
      • Discuss vulnerability scanner capabilities and applications
      • Prepare system for Nessus vulnerability scanner installation - identify/install dependencies
      • Generate self-signed SSL/TLS certificates for secure client/server communications
      • Activate Nessus subscription, server and client components
      • Explore vulnerability scanner interface and features
      • Perform network-based reconnaissance attack to determine vulnerabilities
      • Examine results of the reconnaissance attack and archive results
      • Secure exposed vulnerabilities
    •  
    • XINETD - TCPWrappers - Chattr - Lsattr - TCPDump - Clear Text Daemons
      • Install Telnet Daemon
      • Install Very Secure FTP Daemon (VSFTPD)
      • Explore XINETD configuration and explain directives
      • Configure XINETD to restrict communications at layer-3 and layer-4
      • Restrict access to XINETD-protected daemons/services based on time range
      • Examine XINETD logging via Syslog
      • Discuss TCPWrappers security concepts & applications
      • Enhance Telnetd security with TCPWrappers
      • Confirm XINETD & TCPWrappers security
      • Discuss chattr applications & usage
      • Identify & flag key files as immutable to deter modifcation
      • Confirm extended attributes (XATTRs)
      • Discuss TCPDump applications & usage
      • Configure TCPDump to intercept Telnet & FTP - clear-text traffic
      • Use Ethereal to examine & reconstruct captured clear-text traffic
    •  
    • Secure Shell (SSH) & MD5SUM Applications
      • Use Ethereal to examine SSH streams
      • Generate RSA/DSA PKI usage keys
      • Configure Public Key Infrastructure (PKI) based authentication
      • Secure PKI authentication files
      • Use SCP to transfer files securely in non-interactive mode
      • Use SFTP to transfer files securely in interactive mode
      • Configure SSH to support a pseudo-VPN using SSH-Tunnelling
      • Discuss MD5SUM concepts and applications
      • Compare & contrast modified files using MD5SUM
      • Use MD5SUM to verify the integrity of downloaded files
    •  
    • GNU Privacy Guard (GPG) - Pretty Good Privacy (PGP) Compatible - PKI
      • Discuss GPG concepts & applications - symmetric/asymmetric encryption
      • Generate asymmetric RSA/DSA GPG/PGP usage keys - for multiple users
      • Create a local web of trust
      • Perform encrypts/decrypts and test data-exchanges
      • Sign encrypted content and verify signatures @ recipient
      • Import & export public keys for usage
      • Use GPG/PGP with Mutt Mail User Agent (MUA)
    •  
    • AIDE File Integrity Implementation
      • Discuss file-integrity checker concepts & applications
      • Identify online repository & download AIDE
      • Install AIDE on interesting hosts
      • Configure AIDE to protect key files & directories
      • Alter file system objects and confirm modifications using AIDE
      • Audit the file system using AIDE
    •  
    • Rootkits
      • Discuss rootkits concepts & applications
      • Describe privilege elevation techniques
      • Obtain & install T0rnkit - rootkit
      • Identify system changes due to the rootkit
      • Implement T0rnkit with AIDE to identify compromised system objects
      • Implement T0rnkit with chkrootkit to identify rootkits
      • T0rnkit - rootkit - cleanup
      • Implement N-DU rootkit
      • Evaluate system changes
    •  
    • Bastille Linux - OS-Hardening
      • Discuss Bastille Linux system hardening capabilities
      • Obtain Bastille Linux & perform a system assessment
      • Install Bastille Linux
      • Evaluate hardened system components
    •  
    • NPING - Flexible Packet Crafting
      • Discuss benefits
      • Download and install
      • Explore typical usage
    •  
    • Nikto - Web Server Vulnerability Scanner
      • Download and install
      • Discuss configuration options
      • Scan web servers
      • Evaluate results
    •  

LinuxCBT Basic Security Edition

  •  
DEMO