Securing a Linux Server
Book Now - 1 Delivery Method Available:Scheduled Online Onsite
Linux server has proven itself as a powerful, stable, fast and scalable IT platform for both small-to-medium enterprise and large organisations, where data, network, high availability storage and other server-type provisioning installations are routinely served by Linux.
This course will build on the experience, knowledge and capabilities of the delegates, who - most likely - will have installed and managed a Linux machine(s) for a period of time. During this event, we will step through most of the system and server administration and maintenance tasks, this time concentrating on security aspects of the configuration, lock down techniques, and best practices for fine-tuning a system in order to make it as secure as relevant and possible.
The course is a follow up to the "Essential Linux Administration", "Advanced Linux Administration" and "Building a Linux Server" training path.
Experienced Linux system and network administrators, analysts, or system architects responsible maintaining and securing servers based on a Linux operating system.
Delegates will learn how to:
- Analyse the physical computer issues
- Protect Linux server at the GRUB level
- Appreciate a perimeter network concepts and protection
- Be aware of snooper and sniffer tools in Linux
- Configure and use iptables firewall
- Implement and control basic SELinux policy
- Understand configuration aspects of main Internet server applications
- Apply techniques to protect and secure files and file server protocols
- Authentication Methods and Techniques
We work with the following best of breed training partners using our bulk buying power to bring you a wider range of dates, locations and prices.
Introductions (4 topics)
- Course introduction and pre-requisites
- Linux server market
- Revision of security related terminology and approach
- Physical, installation, user and application security basics
Physical and OS Security of Linux (4 topics)
- Computer hardware - location and environment BIOS and boot access
- Grub configuration
- Kernel options and device protection
- Logging and audit trails
A Perimeter Network Concepts and Protection (4 topics)
- Infrastructure vs. DMZ
- Firewall concepts, types and implementations Firewalls: Netfilter, iptables, ufw
- Configuring iptables
- Sniffers and snoopers: terminology and programs Using nmap
Introduction to SELinux (8 topics)
- DAC vs. MAC security policies
- Problems with traditional methods
- Main SELinux features: policies, enforcement, control
- Scope, coverage and availability of SELinux
- SELinux states
- Labelling and access policies
- Policy database and run-time flow
- Creating policies
Internet Security (4 topics)
- Apache: installation considerations, file hierarchy security, user and group ownership, authentication, access control and authorisations
- Mail: SMTP server and client, sendmail, postfix, dovecot
- DNS and chroot
- Protecting MySQL: securing ports and communication tools, fixes and patches, creating and securing database user, user accounts and passwords
Protecting Files and File Servers (5 topics)
- Setting up GPG
- Signing and encrypting files
- Securing FTP server
- Anonymous FTP server in chroot environment SAMBA server: security, authentication, integration with Windows authentication
- NFS security features
Authentication Methods and Techniques (2 topics)
- SSL/TSL certificates: creating, validating, installing
- Creating Kerberos Key Distribution Centre, managing Kerberos realm, using Kerberos alongside other technologies.
The courses below may help you meet the knowledge level required to take this course. If you are unsure please ask a training advisor .