RHS333 Red Hat Enterprise Security: Network Services

Course Outline
RHS333 goes beyond the essential security coverage offered in the RHCE curriculum and delves deeper into the security features, capabilities, and risks associated with the most commonly deployed services. mong the topics covered in this four!day, hands!on course are the following" #. $he $hreat %odel and &rotection %ethods o 'nternet threat model and the attacker(s plan o System security and service availability o n overview of protection mechanisms ). *asic Service Security o SE+inu, o Host!based access control o -irewalls using .etfilter and iptables o $C& wrappers o ,inetd and service limits 3. Cryptography o /verview of cryptographic techni0ues o %anagement of SS+ certificates o 1sing 2nu&2 3. +ogging and .$& o $ime synchroni4ation with .$& o +ogging" syslog and its weaknesses o &rotecting log servers 5. *'.6 and 6.S Security o *'.6 vulnerabilities o 6.S Security" attacks on 6.S o ccess control lists o $ransaction signatures o Restricting 4one transfers and recursive 0ueries o 6.S $opologies o *ogus servers and blackholes o 7iews o %onitoring and logging o 6ynamic 6.S security 8. .etwork uthentication" R&C, .'S, and 9erberos o 7ulnerabilities o .etwork!managed users and account management o R&C and .'S security issues o 'mproving .'S security o 1sing 9erberos authentication o 6ebugging 9erberi4ed Services o 9erberos Cross!Realm $rust o 9erberos Encryption :. .etwork -ile System

/verview of .-S versions ), 3, and 3 Security in .-S versions ) and 3 'mprovements in security in .-S3 $roubleshooting .-S3 Client!side mount options ;. /penSSH o 7ulnerabilities o Server configuration and the SSH protocols o uthentication and access control o Client!side security o &rotecting private keys o &ort!forwarding and <##!forwarding issues =. Electronic %ail with Sendmail o 7ulnerabilities o Server topologies o Email encryption o ccess control and S$ R$$+S o nti!spam mechanisms #>. &ostfi, o 7ulnerabilities o Security and &ostfi, design o Configuring S S+?$+S ##. -$& o 7ulnerabilities o $he -$& protocol and -$& servers o +ogging o nonymous -$& o ccess control #). pache security o 7ulnerabilities o ccess control o uthentication" files, passwords, 9erberos o Security implications of common configuration options o C2' security o Server side includes o suE<EC #3. 'ntrusion 6etection and Recovery o 'ntrusion risks o Security policy o 6etecting possible intrusions o %onitoring network traffic and open ports o 6etecting modified files o 'nvestigating and verifying detected intrusions o Recovering from, reporting, and documenting intrusions
o o o o o

RH423 Red Hat Enterprise Directory Services and Aut entication

Course Outline
#. 'ntroduction to 6irectory Services o @hat is a directoryA o +6 &" models, schema, and attributes o /bBect classes o +6'). $he +6 & .aming %odel o 6irectory information trees and 6istingued .ames o <.5>> and C'nternetC naming suffi,es o &lanning the directory hierarchy 3. Red Hat 6irectory Server" *asic Configuration o 'nstallation and setup of Red Hat 6irectory Server o 1sing the Red Hat Console o 1sing logging to monitor Red Hat 6irectory Server activity o *acking up and restoring the directory o *asic performance tuning with inde,es 3. Searching and %odifying the +6 & 6irectory o 1sing command line utilities to search the directory o Search filter synta, o 1pdating the directory 5. Red Hat 6irectory Server" uthentication and Security o Configuring $+S security o 1sing access control instructions D C'(sE o C'(s and the Red Hat Console 8. +inu, 1ser uthentication with .SS and & % o 1nderstanding authentication and authori4ation o .ame service switch D.SSE o dvanced pluggable authentication modules D& %E configuration :. Centrali4ed 1ser uthentication with +6 & o Central account management with +6 & o 1sing migration scripts to migrate e,isting data into an +6 & server o +6 & user authentication ;. 9erberos and +6 & o 'ntroduction to 9erberos o Configuring the 9erberos key distribution center D96CE and clients o Configuring +6 & to support 9erberos =. 6irectory Referrals and Replication o Referrals and replication o Single master configuration o %ultiple master configuration o &lanning for directory server availability #>. Cross!&latform Centrali4ed 'dentity %anagement

Synchroni4ing Red Hat 6irectory Server with ctive 6irectory %anaging users with @inbind and +6 & %apping attributes between +inu, and @indows ##. Red Hat Enterprise '& o 1nderstanding '& o '& re0uirements o Configuring '& server o Configuring '& clients
o o o

RHS42! Red Hat Enterprise SE"inu# $olicy Ad%inistration

Course Outline &nit ' ( )ntroduction to SE"inu#

6iscretionary ccess Control vs. %andatory ccess Control SE+inu, History and rchitecture /verview Elements of the SE+inu, security model" o user identity and role o domain and type o sensitivity and categories o security conte,t SE+inu, &olicy and Red Hat(s $argeted &olicy Configuring &olicy with *ooleans rchiving Setting and 6isplaying E,tended ttributes Hands(on "a*: &nderstandin+ SE"inu#

&nit 2 ( &sin+ SE"inu#

Controlling SE+inu, -ile Conte,ts Relabeling -iles and -ilesystems %ount options Hand(on "a*: ,orkin+ wit SE"inu#

&nit 3 ( - e Red Hat -ar+eted $olicy

'dentifying and $oggling &rotected Services pache Security Conte,ts and Configuration *ooleans .ame Service Conte,ts and Configuration *ooleans .'S Client Conte,ts /ther Services -ile Conte,t for Special 6irectory $rees

$roubleshooting and avc 6enial %essages setroubleshootd and +ogging Hands(on "a*: &nderstandin+ and -rou*les ootin+ t e Red Hat -ar+eted $olicy

&nit 4 ( )ntroduction to $olicies

&olicy /verview and /rgani4ation Compiling and +oading the %onolithic &olicy and &olicy %odules &olicy $ype Enforcement %odule Synta, /bBect Classes 6omain $ransition Hands(on "a*: &nderstandin+ policies

&nit . ( $olicy &tilities

$ools available for manipulating and analy4ing policies o apol o seaudit and seauditFreport o checkpolicy o sepcut o sesearch o sestatus o audit)allow and audit)why o sealert o avcstat o seinfo o semanage and semodule o %an pages Hands(on "a*: E#plorin+ &tilities

&nit / ( &ser and Role Security

Role!based ccess Control %ulti Category Security 6efining a Security dministrator %ulti!+evel Security $he strict &olicy 1ser 'dentification and 6eclaration Role 'dentification and 6eclaration Roles in 1se in $ransitions Role 6ominance Hands(on "a*: )%ple%entin+ &ser and Role 0ased $olicy Restrictions

&nit 1 ( Anato%y o2 a $olicy

$olicy 3acros -ype Attri*utes and Aliases -ype -ransitions , en and How do 4iles 5et "a*eled

restorecond Custo%i6a*le -ypes Hands(on "a*: 0uildin+ $olicies

&nit 7 ( 3anipulatin+ $olicies

)nstallin+ and Co%pilin+ $olicies - e $olicy "an+ua+e Access 8ector SE"inu# lo+s Security )denti2iers ( S)Ds 4ilesyste% "a*elin+ 0e avior Conte#t on Network O*9ects Creatin+ and &sin+ New 0ooleans 3anipulatin+ $olicy *y E#a%ple 3acros Ena*leaudit Hands(on "a*: Co%pilin+ $olicies

&nit ! ( $ro9ect

0est practices Create 4ile Conte#ts: -ypes and -ypealiases Edit and Create Network Conte#ts Edit and Create Do%ains Hands(on "a*: Editin+ and ,ritin+ $olicy