Securing a Linux Server

2 Day Course
Hands On
Code QALXSEC

This course has been retired. Please view currently available Linux Training Courses.

Modules

Hide all

Introductions (4 topics)

  • Course introduction and pre-requisites
  • Linux server market
  • Revision of security related terminology and approach
  • Physical, installation, user and application security basics

Physical and OS Security of Linux (4 topics)

  • Computer hardware - location and environment BIOS and boot access
  • Grub configuration
  • Kernel options and device protection
  • Logging and audit trails

A Perimeter Network Concepts and Protection (4 topics)

  • Infrastructure vs. DMZ
  • Firewall concepts, types and implementations Firewalls: Netfilter, iptables, ufw
  • Configuring iptables
  • Sniffers and snoopers: terminology and programs Using nmap

Introduction to SELinux (8 topics)

  • DAC vs. MAC security policies
  • Problems with traditional methods
  • Main SELinux features: policies, enforcement, control
  • Scope, coverage and availability of SELinux
  • SELinux states
  • Labelling and access policies
  • Policy database and run-time flow
  • Creating policies

Internet Security (4 topics)

  • Apache: installation considerations, file hierarchy security, user and group ownership, authentication, access control and authorisations
  • Mail: SMTP server and client, sendmail, postfix, dovecot
  • DNS and chroot
  • Protecting MySQL: securing ports and communication tools, fixes and patches, creating and securing database user, user accounts and passwords

Protecting Files and File Servers (5 topics)

  • Setting up GPG
  • Signing and encrypting files
  • Securing FTP server
  • Anonymous FTP server in chroot environment SAMBA server: security, authentication, integration with Windows authentication
  • NFS security features

Authentication Methods and Techniques (2 topics)

  • SSL/TSL certificates: creating, validating, installing
  • Creating Kerberos Key Distribution Centre, managing Kerberos realm, using Kerberos alongside other technologies.

Prerequisites

Delegates should have previously attended the Building a Linux Server and Information Security Fundamentals courses (or have equivalent knowledge) and have several months practical experience of administering a Linux system. Alternatively, they must be able to demonstrate a solid experience (typically several years) of any UNIX system administration and server maintenance.

Sections