LinuxCBT Debian 3 Edition - Security Implementation Techniqu

[Nguyen Trung Hoa]

LinuxCBT Debian 3 Edition - Security Implementation Techniques - Module 5

TCP Wrappers (hosts.allow/hosts.deny)

* Discuss TCP Wrappers concepts & applications
* Identify primary package and key TCP Wrappers configuration files
* Demonstrate disabled TCP Wrappers configurations by attempting connectivity
* Examine pre and post TCP Wrappers configuration effects
* Implement TCP Wrappers for common services
* Test local & remote access to TCP Wrappers-protected host & services


XINETD (Enhanced & Secure INETD Super Server Implementation)

* Upgrade Debian GNU/Linux system from INETD to XINETD
* Identify key XINETD configuration files
* Explain the contents and structure of xinetd.conf
* Restrict access to various daemons/services based on hosts & subnets
* Compare & contrast TCP Wrappers and XINETD
* Secure services with XINETD
* Insert common global xinetd.conf daemon/service defaults
* Configure XINETD to log via SYSLOG
* Configure XINETD to restrict number of spawned instances of daemons/services
* Configure port forwarding of daemons/services
* Configure XINETD to bind daemons/services to specific sub-interfaces (Virtual IP addresses)
* Explore additional XINETD features


IPTABLES (Netfilter Linux Kernel-based Firewall)

* Discuss IPTABLES/Netfilter Concepts
* Explain IPTABLES default chains/filters and policies
* Examine TCP/ICMP communications pre-IPTABLES chains
* Implement ICMP inbound filtration based on various hosts
* Use Cisco PIX Firewall to verify ICMP debugging
* Filter traffic based on Layer-4 TCP/UDP (Source/Destination Ports) information
* Restrict access to various daemons (SSH/FTP/HTTP/etc.)
* Test connectivity locally and remotely (RedHat/Windows/etc.)


Network Mapper (NMAP)

* Obtain, compile and install current version of NMAP
* Identify commonly used NMAP options/switches/parameters
* Perform default TCP SYN-based ethical scans of local and remote resources
* Explain typical TCP handshake protocol while using NMAP
* Examine the results of scans on remote Cisco firewall with debugging mode enabled
* Perform default TCP Connect-based ethical scans of local and remote resources
* Examine the results of scans on remote Cisco PIX Firewall with debugging mode enabled
* Use NMAP to scan using aliased and spoofed IP addresses
* Peform local ethical scans
* Identifiy key NMAP configuration files
* Use NMAP to perform operating system fingerprinting
* Peform subnet-wide ethical scans


Nessus Vulnerability Scanner

* Download, compile, and prepare Nessus vulnerability scanner for deployment
* Implement Nessus client/server Security vulnerability scanner in ~ Phisher ~mode
* Identify Nessus's key features and explore its graphical interface
* Ethical scan of the local system for vulnerabilities
* Examine scan results via the reporting engine
* Discuss mitigation techniques for suggested vulnerabilities
* Ethical scan of a fraction of the class C subnet by using CIDR
* Examine the scan results and discuss
* Ethical scan of the entire class C subnet
* Examine Nessus process utilization while vulnerability scans are in progress


Lockdown (Debian GNU/Linux System Lockdown)

* Explain potential network-based entry points to the system
* Identify superfluous daemons/services using NETSTAT & NMAP
* Disable superfluous daemons/services using update-rc.d and proper scripts
* Identify changes in the system as a result of performing the lockdown
* Disable superfluous daemons/services using XINETD
* Restrict source address access to daemons/services using XINETD
* Restrict bind address for daemons/services using XINETD
* Discuss application-layer security for added protection (MySQL/Apache/Sendmail/SSH/Nessus)
* Force SSHD to bind to desired layer-3 IP address for controlled security
* Secure the system using IPTABLES & TCP Wrappers for added security


Snort 2.1x Intrusion Detection System (IDS)

* Obtain, and install Snort pre-requisites (libpcap/libpcre/etc.)
* Obtain, compile and install the Snort Intrusion Detection System (IDS)
* Identify and explain key operating modes (Sniffer/Logger/IDS)
* Run Snort in all three modes and examine the results
* Output Snort logs to ASCII text format and examine the results
* Output Snort logs to binary format and examine the results
* Use Snort with Berkeley Packet Filter (BPF) to parse logs
* Implement Snort with BPF to filter real-time traffic
* Obtain and install requisite MySQL libraries for Snort
* Recompile Snort IDS with MySQL support
* Implement Snort IDS with MySQL integration for real-time reporting
* Implement ACID web-based front-end for examining Snort logs

Code:



http://hotfile.com/list/590130/23fcbe8