Documente Academic
Documente Profesional
Documente Cultură
Course Outline
RHS333 goes beyond the essential security coverage offered in the RHCE curriculum and delves deeper into the security features, capabilities, and risks associated with the most commonly deployed services. mong the topics covered in this four!day, hands!on course are the following" #. $he $hreat %odel and &rotection %ethods o 'nternet threat model and the attacker(s plan o System security and service availability o n overview of protection mechanisms ). *asic Service Security o SE+inu, o Host!based access control o -irewalls using .etfilter and iptables o $C& wrappers o ,inetd and service limits 3. Cryptography o /verview of cryptographic techni0ues o %anagement of SS+ certificates o 1sing 2nu&2 3. +ogging and .$& o $ime synchroni4ation with .$& o +ogging" syslog and its weaknesses o &rotecting log servers 5. *'.6 and 6.S Security o *'.6 vulnerabilities o 6.S Security" attacks on 6.S o ccess control lists o $ransaction signatures o Restricting 4one transfers and recursive 0ueries o 6.S $opologies o *ogus servers and blackholes o 7iews o %onitoring and logging o 6ynamic 6.S security 8. .etwork uthentication" R&C, .'S, and 9erberos o 7ulnerabilities o .etwork!managed users and account management o R&C and .'S security issues o 'mproving .'S security o 1sing 9erberos authentication o 6ebugging 9erberi4ed Services o 9erberos Cross!Realm $rust o 9erberos Encryption :. .etwork -ile System
/verview of .-S versions ), 3, and 3 Security in .-S versions ) and 3 'mprovements in security in .-S3 $roubleshooting .-S3 Client!side mount options ;. /penSSH o 7ulnerabilities o Server configuration and the SSH protocols o uthentication and access control o Client!side security o &rotecting private keys o &ort!forwarding and <##!forwarding issues =. Electronic %ail with Sendmail o 7ulnerabilities o Server topologies o Email encryption o ccess control and S$ R$$+S o nti!spam mechanisms #>. &ostfi, o 7ulnerabilities o Security and &ostfi, design o Configuring S S+?$+S ##. -$& o 7ulnerabilities o $he -$& protocol and -$& servers o +ogging o nonymous -$& o ccess control #). pache security o 7ulnerabilities o ccess control o uthentication" files, passwords, 9erberos o Security implications of common configuration options o C2' security o Server side includes o suE<EC #3. 'ntrusion 6etection and Recovery o 'ntrusion risks o Security policy o 6etecting possible intrusions o %onitoring network traffic and open ports o 6etecting modified files o 'nvestigating and verifying detected intrusions o Recovering from, reporting, and documenting intrusions
o o o o o
Synchroni4ing Red Hat 6irectory Server with ctive 6irectory %anaging users with @inbind and +6 & %apping attributes between +inu, and @indows ##. Red Hat Enterprise '& o 1nderstanding '& o '& re0uirements o Configuring '& server o Configuring '& clients
o o o
6iscretionary ccess Control vs. %andatory ccess Control SE+inu, History and rchitecture /verview Elements of the SE+inu, security model" o user identity and role o domain and type o sensitivity and categories o security conte,t SE+inu, &olicy and Red Hat(s $argeted &olicy Configuring &olicy with *ooleans rchiving Setting and 6isplaying E,tended ttributes Hands(on "a*: &nderstandin+ SE"inu#
Controlling SE+inu, -ile Conte,ts Relabeling -iles and -ilesystems %ount options Hand(on "a*: ,orkin+ wit SE"inu#
'dentifying and $oggling &rotected Services pache Security Conte,ts and Configuration *ooleans .ame Service Conte,ts and Configuration *ooleans .'S Client Conte,ts /ther Services -ile Conte,t for Special 6irectory $rees
$roubleshooting and avc 6enial %essages setroubleshootd and +ogging Hands(on "a*: &nderstandin+ and -rou*les ootin+ t e Red Hat -ar+eted $olicy
&olicy /verview and /rgani4ation Compiling and +oading the %onolithic &olicy and &olicy %odules &olicy $ype Enforcement %odule Synta, /bBect Classes 6omain $ransition Hands(on "a*: &nderstandin+ policies
$ools available for manipulating and analy4ing policies o apol o seaudit and seauditFreport o checkpolicy o sepcut o sesearch o sestatus o audit)allow and audit)why o sealert o avcstat o seinfo o semanage and semodule o %an pages Hands(on "a*: E#plorin+ &tilities
Role!based ccess Control %ulti Category Security 6efining a Security dministrator %ulti!+evel Security $he strict &olicy 1ser 'dentification and 6eclaration Role 'dentification and 6eclaration Roles in 1se in $ransitions Role 6ominance Hands(on "a*: )%ple%entin+ &ser and Role 0ased $olicy Restrictions
$olicy 3acros -ype Attri*utes and Aliases -ype -ransitions , en and How do 4iles 5et "a*eled
)nstallin+ and Co%pilin+ $olicies - e $olicy "an+ua+e Access 8ector SE"inu# lo+s Security )denti2iers ( S)Ds 4ilesyste% "a*elin+ 0e avior Conte#t on Network O*9ects Creatin+ and &sin+ New 0ooleans 3anipulatin+ $olicy *y E#a%ple 3acros Ena*leaudit Hands(on "a*: Co%pilin+ $olicies
&nit ! ( $ro9ect
0est practices Create 4ile Conte#ts: -ypes and -ypealiases Edit and Create Network Conte#ts Edit and Create Do%ains Hands(on "a*: Editin+ and ,ritin+ $olicy