Enterprise Linux Security Administration Training in Westland

Enroll in or hire us to teach our Enterprise Linux Security Administration class in Westland, Michigan by calling us @303.377.6176. Like all HSG classes, Enterprise Linux Security Administration may be offered either onsite or via instructor led virtual training. Consider looking at our public training schedule to see if it is scheduled: Public Training Classes
Provided there are enough attendees, Enterprise Linux Security Administration may be taught at one of our local training facilities.
We offer private customized training for groups of 3 or more attendees.

Course Description

 
This highly technical course focuses on properly securing machines running the Linux operating systems. A broad range of general security techniques such as packet filtering, password policies, and file integrity checking are covered. Advanced security tec hnologies such as Kerberos and SELinux are taught. Special attention is given to securing commonly deployed network services. At the end of the course, students have an excellent understanding of the potential security vulnerabilities-know how to audit existing machines, and how to securely deploy new network services.
Course Length: 5 Days
Course Tuition: $2090 (US)

Prerequisites

E xperienced systems administrators with current Linux or UNIX systems

Course Outline

 
  1. SECURITY CONCEPTS
    1. Basic Security Principles
    2. RHEL7 Default Install
    3. RHEL7 Firewall
    4. SLES12 Default Install
    5. SUSE Basic Firewall Configuration
    6. SLES12: File Security
    7. Minimization – Discovery
    8. Service Discovery
    9. Hardening
    10. Security Concepts
    LAB TASKS
    1. Removing Packages Using RPM
    2. Firewall Configuration
    3. Process Discovery
    4. Operation of the setuid() and capset() System Calls
    5. Operation of the chroot() System Call
  2. SCANNING, PROBING, AND MAPPING VULNERABILITIES
    1. The Security Environment
    2. Stealth Reconnaissance
    3. The WHOIS database
    4. Interrogating DNS
    5. Discovering Hosts
    6. Discovering Reachable Services
    7. Reconnaissance with SNMP
    8. Discovery of RPC Services
    9. Enumerating NFS Shares
    10. Nessus/OpenVAS Insecurity Scanner
    11. Configuring OpenVAS
    12. Intrusion Detection Systems
    13. Snort Rules
    14. Writing Snort Rules
    LAB TASKS
    1. NMAP
    2. OpenVAS
    3. Advanced nmap Options
  3. PASSWORD SECURITY AND PAM
    1. Unix Passwords
    2. Password Aging
    3. Auditing Passwords
    4. PAM Overview
    5. PAM Module Types
    6. PAM Order of Processing
    7. PAM Control Statements
    8. PAM Modules
    9. pam_unix
    10. pam_cracklib.so
    11. pam_pwcheck.so
    12. pam_env.so
    13. pam_xauth.so
    14. pam_tally2.so
    15. pam_wheel.so
    16. pam_limits.so
    17. pam_nologin.so
    18. pam_deny.so
    19. pam_warn.so
    20. pam_securetty.so
    21. pam_time.so
    22. pam_access.so
    23. pam_listfile.so
    24. pam_lastlog.so
    25. pam_console.so
    LAB TASKS
    1. John the Ripper
    2. Cracklib
    3. Using pam_listfile to Implement Arbitrary ACLs
    4. Using pam_limits to Restrict Simultaneous Logins
    5. Using pam_nologin to Restrict Logins
    6. Using pam_access to Restrict Logins
    7. su & pam
  4. SECURE NETWORK TIME PROTOCOL (NTP)
    1. The Importance of Time
    2. Hardware and System Clock
    3. Time Measurements
    4. NTP Terms and Definitions
    5. Synchronization Methods
    6. NTP Evolution
    7. Time Server Hierarchy
    8. Operational Modes
    9. NTP Clients
    10. Configuring NTP Clients
    11. Configuring NTP Servers
    12. Securing NTP
    13. NTP Packet Integrity
    14. Useful NTP Commands
    LAB TASKS
    1. Configuring and Securing NTP
    2. Peering NTP with Multiple Systems
  5. KERBEROS CONCEPTS AND COMPONENTS
    1. Common Security Problems
    2. Account Proliferation
    3. The Kerberos Solution
    4. Kerberos History
    5. Kerberos Implementations
    6. Kerberos Concepts
    7. Kerberos Principals
    8. Kerberos Safeguards
    9. Kerberos Components
    10. Authentication Process
    11. Identification Types
    12. Logging In
    13. Gaining Privileges
    14. Using Privileges
    15. Kerberos Components and the KDC
    16. Kerberized Services Review
    17. KDC Server Daemons
    18. Configuration Files
    19. Utilities Overview
  6. IMPLEMENTING KERBEROS
    1. Plan Topology and Implementation
    2. Kerberos 5 Client Software
    3. Kerberos 5 Server Software
    4. Synchronize Clocks
    5. Create Master KDC
    6. Configuring the Master KDC
    7. KDC Logging
    8. Kerberos Realm Defaults
    9. Specifying [realms]
    10. Specifying [domain_realm]
    11. Allow Administrative Access
    12. Create KDC Databases
    13. Create Administrators
    14. Install Keys for Services
    15. Start Services
    16. Add Host Principals
    17. Add Common Service Principals
    18. Configure Slave KDCs
    19. Create Principals for Slaves
    20. Define Slaves as KDCs
    21. Copy Configuration to Slaves
    22. Install Principals on Slaves
    23. Synchronization of Database
    24. Propagate Data to Slaves
    25. Create Stash on Slaves
    26. Start Slave Daemons
    27. Client Configuration
    28. Install krb5.conf on Clients
    29. Client PAM Configuration
    30. Install Client Host Keys
    LAB TASKS
    1. Implementing Kerberos
  7. ADMINISTERING AND USING KERBEROS
    1. Administrative Tasks
    2. Key Tables
    3. Managing Keytabs
    4. Managing Principals
    5. Viewing Principals
    6. Adding, Deleting, and Modifying Principals
    7. Principal Policy
    8. Overall Goals for Users
    9. Signing In to Kerberos
    10. Ticket types
    11. Viewing Tickets
    12. Removing Tickets
    13. Passwords
    14. Changing Passwords
    15. Giving Others Access
    16. Using Kerberized Services
    17. Kerberized FTP
    18. Enabling Kerberized Services
    19. OpenSSH and Kerberos
    LAB TASKS
    1. Using Kerberized Clients
    2. Forwarding Kerberos Tickets
    3. OpenSSH with Kerberos
    4. Wireshark and Kerberos
  8. SECURING THE FILESYSTEM
    1. Filesystem Mount Options
    2. NFS Properties
    3. NFS Export Option
    4. NFSv4 and GSSAPI Auth
    5. Implementing NFSv4
    6. Implementing Kerberos with NFS
    7. GPG – GNU Privacy Guard
    8. File Encryption with OpenSSL
    9. File Encryption With encfs
    10. Linux Unified Key Setup (LUKS)
    LAB TASKS
    1. Securing Filesystems
    2. Securing NFS
    3. Implementing NFSv4
    4. File Encryption with GPG
    5. File Encryption With OpenSSL
    6. LUKS-on-disk format Encrypted Filesystem
  9. AIDE
    1. Host Intrusion Detection Systems
    2. Using RPM as a HIDS
    3. Introduction to AIDE
    4. AIDE Installation
    5. AIDE Policies
    6. AIDE Usage
    LAB TASKS
    1. File Integrity Checking with RPM
    2. File Integrity Checking with AIDE
  10. ACCOUNTABILITY WITH KERNEL AUDITD
    1. Accountability and Auditing
    2. Simple Session Auditing
    3. Simple Process Accounting & Command History
    4. Kernel-Level Auditing
    5. Configuring the Audit Daemon
    6. Controlling Kernel Audit System
    7. Creating Audit Rules
    8. Searching Audit Logs
    9. Generating Audit Log Reports
    10. Audit Log Analysis
    LAB TASKS
    1. Auditing Login/Logout
    2. Auditing File Access
    3. Auditing Command Execution
  11. SELINUX
    1. DAC vs. MAC
    2. Shortcomings of Traditional Unix Security
    3. AppArmor
    4. SELinux Goals
    5. SELinux Evolution
    6. SELinux Modes
    7. Gathering SELinux Information
    8. SELinux Virtual Filesystem
    9. SELinux Contexts
    10. Managing Contexts
    11. The SELinux Policy
    12. Choosing an SELinux Policy
    13. Policy Layout
    14. Tuning and Adapting Policy
    15. Booleans
    16. Permissive Domains
    17. Managing File Context Database
    18. Managing Port Contexts
    19. SELinux Policy Tools
    20. Examining Policy
    21. SELinux Troubleshooting
    22. SELinux Troubleshooting Continued
    LAB TASKS
    1. Exploring SELinux Modes
    2. Exploring AppArmor Modes
    3. SELinux Contexts in Action
    4. Exploring AppArmor
    5. Managing SELinux Booleans
    6. Creating Policy with Audit2allow
    7. Creating & Compiling Policy from Source
  12. SECURING APACHE
    1. Apache Overview
    2. httpd.conf – Server Settings
    3. Configuring CGI
    4. Turning Off Unneeded Modules
    5. Delegating Administration
    6. Apache Access Controls (mod_access)
    7. HTTP User Authentication
    8. Standard Auth Modules
    9. HTTP Digest Authentication
    10. TLS Using mod_ssl.so
    11. Authentication via SQL
    12. Authentication via LDAP
    13. Authentication via Kerberos
    14. Scrubbing HTTP Headers
    15. Metering HTTP Bandwidth
    LAB TASKS
    1. Hardening Apache by Minimizing Loaded Modules
    2. Scrubbing Apache & PHP Version Headers
    3. Protecting Web Content
    4. Protecting Web Content
    5. Using the suexec Mechanism
    6. Create a TLS CA key pair
    7. Using SSL CA Certificates with Apache
    8. Enable Apache SSL Client Certificate Authentication
    9. Enabling SSO in Apache with mod_auth_kerb
  13. SECURING POSTGRESQL
    1. PostgreSQL Overview
    2. PostgreSQL Default Config
    3. Configuring TLS
    4. Client Authentication Basics
    5. Advanced Authentication
    6. Ident-based Authentication
    LAB TASKS
    1. Configure PostgreSQL
    2. PostgreSQL with TLS
    3. PostgreSQL with Kerberos Authentication
    4. Securing PostgreSQL with Web Based Applications
  1. SECURING EMAIL SYSTEMS
    1. SMTP Implementations
    2. Security Considerations
    3. chrooting Postfix
    4. Email with GSSAPI/Kerberos Auth
    LAB TASKS
    1. Postfix In a Change Root Environment

Course Directory [training on all levels]

Upcoming Classes
Gain insight and ideas from students with different perspectives and experiences.

Linux Unix Uses & Stats

Linux Unix is Used For:
Desktop Mainframe Computers Mobile Devices Embedded Devices
Difficulty
Popularity
Year Created
1991/1971
Pros
Performance:
Linux supports many efficient tools and operates them seamlessly. Because it's architecture is lightweight it runs faster than both Windows 8.1 and 10. 
 
Security:
Because Linux is an open-source software,  anyone can contribute code to help enhance the users’ experience i.e., adding features, fixing bugs, reducing security risks, and more.
 
 
Software Development:
The terminal in Linux is a *wild card*. You can do almost anything with it. This includes software installation, application and server configurations, file system management, and etc.
 
Large-scale:
Open-source projects benefit from having an attentive community. As a result, Linux is more secure than Windows. Instead of installing anti viruses to clean malware, you just have to stick to the recommended repositories. 
 
Efficient: 
Developers have the convenience of running servers, training machine learning models, accessing remote machines, and compiling and running scripts from the same terminal window. 
 
Free: 
Linux is free (you can put it on as many systems as you like) and you can change it to suit your needs.
Cons
Learning Curve: 
Linux is not for everyone, there is a learning curve in switching to Ubuntu. To actually learn Linux efficiently would take a user one to several years.
 
No Tech Support:
Unlike Windows, there isn’t a dedicated tech support, so getting help for things is up to you. 
 
Designer Compatabilty:
Linux is not as user friendly as Windows or as ‘straight out of the box design’ As an example for design choices, Adobe hasn’t released any of its products to Linux users. So it’s impossible to run them directly. The Ubuntu alternative is a free software called GIMP. 
 
Gaming Capabilities: 
Most games aren’t available in Linux. But that’s not to say you can’t make it happen, it's just not as easy.   
Linux Unix Job Market
Average Salary
$85k-$105k
Job Count
n/a
Top Job Locations

New York City
Boston
San Francisco 

Complimentary Skills to have along with Linux Unix
The following are types of jobs that may require Linux skills.  The top 15 job titles on Dice.com that mention Linux in their postings are:
- DevOps Engineer
- Software Engineer
- Java Developer
- Systems Engineer
- Systems Administrator
- Senior Software Engineer
- Network Engineer
- Python Developer
- Linux Systems Administrator
- Software Developer
- System Administrator
- Linux Administrator
- Linux Engineer
- Senior Java Developer
- C++ Developer

Interesting Reads Take a class with us and receive a book of your choosing for 50% off MSRP.