This is an expansive course that covers a wide range of Network Operations useful to every organization. Special attention is paid to the concepts needed to implement these services securely| and to the trouble-shooting skills which will be necessary for real-world administration of these Network Operations. Like all our classes| the course material is designed to provide extensive hands-on experience.
Topics include:
Security with SELinux and Netfilter| DNS concepts and implementation with Bind
LDAP concepts and implementation using OpenLDAP; Web services with Apache
FTP with vsftpd; caching| filtering proxies with Squid
SMB/CIFS (Windows networking) with Samba
E-mail concepts and implementation with Postfix combined with either Dovecot or Cyrus.
Current Version: A01
Learning Objectives
Course Details
Module 1. Securing Services
Xinetd| Xinetd Connection Limiting and Access Control
Xinetd: Resource limits| redirection| logging
TCP Wrappers| The /etc/hosts.allow & /etc/hosts.deny Files
/etc/hosts.{allow|deny} Shortcuts
Advanced TCP Wrappers| SUSE Basic Firewall Configuration
FirewallD| Netfilter: Stateful Packet Filter Firewall| Netfilter Concepts
Using the iptables Command| Netfilter Rule Syntax
Targets| Common match_specs|
Extended Packet Matching Modules| Connection Tracking
Lab Tasks - Securing xinetd Services| Enforcing Security Policy with xinetd
Securing Services with Netfilter
FirewallD| Troubleshooting Practice
Module 2: SELINUX And LSM
AppArmor
SELinux Security Framework
Choosing an SELinux Policy
SELinux Commands
SELinux Booleans
SELinux Policy Tools
Lab Tasks
Exploring AppArmor Modes
SELinux File Contexts
Module 3: DNS Concepts
Naming Services
DNS A Better Way
The Domain Name Space
Delegation and Zones
Server Roles
Resolving Names
Resolving IP Addresses
Basic BIND Administration
Configuring the Resolver
Testing Resolution
Lab Tasks - Configuring a Slave Name Server
Module 4: Configuring BIND
BIND Configuration Files| named.conf Syntax
named.conf Options Block| Creating a Site-Wide Cache
rndc Key Configuration
Zones In named.conf| Zone Database File Syntax
SOA Start of Authority
A| AAAA| & PTR Address & Pointer Records
NS Name Server
TXT| CNAME| & MX Text| Alias| & Mail Host
SRV – SRV Service Records| Abbreviations and Gotchas
$GENERATE| $ORIGIN| and $INCLUDE
Lab Tasks - Use rndc to Control named
Configuring BIND Zone Files
Module 5: Creating DNS Hierarchies
Subdomains and Delegation
Subdomains
Delegating Zones
in-addr.arpa. Delegation
Issues with in-addr.arpa.
RFC2317 & in-addr.arpa.
Lab Tasks
Create a Subdomain in an Existing Domain
Subdomain Delegation
Module 6: Advanced BIND DNS Features
Address Match Lists & ACLs
Split Namespace with Views
Restricting Queries
Restricting Zone Transfers
Running BIND in a chroot
Dynamic DNS Concepts
Allowing Dynamic DNS Updates
DDNS Administration with nsupdate
Common Problems
Securing DNS With TSIG
Lab Tasks - Configuring Dynamic DNS
Securing BIND DNS
Module 7: Using Apache
HTTP Operation| Apache Architecture
Dynamic Shared Objects| Adding Modules to Apache
Apache Configuration Files
httpd.conf Server Settings| httpd.conf – Main Configuration
HTTP Virtual Servers
Virtual Hosting DNS Implications| httpd.conf – VirtualHost Configuration
Port and IP based Virtual Hosts
Name-based Virtual Host
Apache Logging| Log Analysis|
Lab Tasks - Apache Architecture
Apache Content
Configuring Virtual Hosts
Module 8: Apache Security
Virtual Hosting Security Implications
Delegating Administration
Directory Protection
Directory Protection with AllowOverride
Common Uses for .htaccess
Symmetric Encryption Algorithms
Asymmetric Encryption Algorithms
Digital Certificates| TLS Using mod_ssl.so
Lab Tasks
Using .htaccess Files
Using TLS Certificates with Apache
Use SNI and TLS with Virtual Hosts
Module 9: Apache Security
Dynamic HTTP Content
PHP: Hypertext Preprocessor
Developer Tools for PHP
Installing PHP| Configuring PHP| Securing PHP
Security Related php.ini Configuration
Java Servlets and JSP
Apache's Tomcat| Installing Java SDK
Installing Tomcat Manually
Using Tomcat with Apache
Lab Tasks
CGI Scripts in Apache| Apache Tomcat
Using Tomcat with Apache
Module 10: Implementing an FTP Server
The FTP Protocol
Active Mode FTP
Passive Mode FTP
ProFTPD
Pure-FTPd
vsftpd
Configuring vsftpd
Anonymous FTP with vsftpd
Lab Tasks
Configuring vsftpd
Module 11: The Squid Proxy Server
Squid Overview
Squid File Layout
Squid Access Control Lists
Applying Squid ACLs
Tuning Squid & Configuring Cache Hierarchies
Bandwidth Metering
Monitoring Squid| Proxy Client Configuration
Lab Tasks
Installing and Configuring Squid
Squid Cache Manager CGI
Proxy Auto Configuration
Configure a Squid Proxy Cluster
Module 12: SQL Fundamentals and MariaDB
Popular SQL Databases
SELECT Statements| INSERT Statements
UPDATE Statements| DELETE Statements
JOIN Clauses| MariaDB
MariaDB Installation and Security
MariaDB User Account Management
MariaDB Replication
Lab Tasks
SQL with Sqlite3
Installing and Securing MariaDB
Creating a Database in MariaDB
Create a Database Backed Application
Module 13: LDAP Concepts and Clients
LDAP: History and Uses
LDAP: Data Model Basics
LDAP: Protocol Basics
LDAP: Applications
LDAP: Search Filters
LDIF: LDAP Data Interchange Format
OpenLDAP Client Tools
Alternative LDAP Tools
Lab Tasks
Querying LDAP
Module 14: OpenLDAP Servers
Popular LDAP Server Implementations
OpenLDAP: Server Architecture
OpenLDAP: Backends| OpenLDAP: Replication
Managing slapd
OpenLDAP: Configuration Sections & Global Parameters
OpenLDAP: Database Parameters
OpenLDAP Server Tools
Native LDAP Authentication and Migration
Enabling LDAP-based Login
System Security Services Daemon (SSSD)
Lab Tasks
Installing and Configuring 389DS
Module 15: Samba Concepts and Configuration
Introducing Samba| NetBIOS and NetBEUI
Samba Daemons
Accessing Windows/Samba Shares from Linux
Samba Utilities| Samba Configuration Files
Mapping Permissions and ACLs| Mapping Linux Concepts
Share Authentication| User-Level Access
Samba Account Database| User Share Restrictions
Lab Tasks
Samba Share-Level Access| Samba User-Level Access
Samba Group Shares
Handling Symbolic Links with Samba
Samba Home Directory Shares
Module 16: SMTP Theory
SMTP
SMTP Terminology
SMTP Architecture
SMTP Commands
SMTP Extensions
SMTP AUTH
SMTPSTARTTLS
SMTP Session
Module 17: Postfix
Postfix Components| Architecture| Components| Configuration
master.cf| main.cf| Postfix Map Types| Postfix Pattern Matching| Advanced Postfix Options
Virtual Domains| Postfix Mail Filtering| Configuration Commands|
Management Commands| Postfix Logging
Logfile Analysis| Postfix| Relaying and SMTP AUTH
SMTP AUTH Server and Relay Control
SMTP AUTH Clients| Postfix / TLS
TLS Server Configuration| Postfix Client Configuration for TLS
Other TLS Clients| Ensuring TLS Security
Lab Tasks - Configuring Postfix| Postfix Virtual Host| Network Configuration
Postfix SMTP AUTH| STARTTLS Configuration
SUSE Postfix Configuration Cleanup
Module 18: Mail Services and Retrieval
Filtering Email| Procmail| SpamAssassin
Bogofilter| amavisd-new Mail Filtering| Accessing Email
The IMAP4 Protocol| Dovecot POP3/IMAP Server
Cyrus IMAP/POP3 Server| Cyrus IMAP MTA Integration
Cyrus Mailbox Administration
Fetchmail| Cyrus Mailbox Administration
Roundcube Webmail| GNU Mailman| Mailman Configuration
Lab Tasks - Configuring Procmail & SpamAssassin
Configuring Cyrus IMAP| Dovecot TLS Configuration
Configuring Roundcube| Base Mailman Configuration
Basic Mailing List
Private Mailing List
NIS
NIS Overview
NIS Limitations and Advantages
NIS Client Configuration
NIS Server Configuration
NIS Troubleshooting Aids
Lab Tasks
Using NIS for Centralized User Accounts
Configuring NIS
NIS Slave Server
NIS Failover
Troubleshooting Practice: NIS
Framework Connections
The materials within this course focus on the NICE Framework Task, Knowledge, and Skill statements identified within the indicated NICE Framework component(s):