LinuxCBT Deb3x Edition
LinuxCBT Deb3x Edition
MP4 | Video: AVC 800x620 | Audio: AAC 44KHz 2ch | Duration: 45 Hours | 3.23 GB
Genre: eLearning | Language: English
MP4 | Video: AVC 800x620 | Audio: AAC 44KHz 2ch | Duration: 45 Hours | 3.23 GB
Genre: eLearning | Language: English
Introduction to & Installation of Debian GNU/Linux
Identify Debian GNU/Linux distribution sites
Explain various methods of obtaining Debian GNU/Linux
Explain the various Debian GNU/Linux strains (Woody/Sarge/Sid)
Explain how the efficient Jigsaw Download (jigdo) process operates
Install Jigsaw Download tool on RedHat system to obtain Debian ISO images
Demonstrate how to obtain Debian GNU/Linux using the efficient Jigsaw Download (Jigdo) process from RedHat Linux and Windows 2003 systems
Prepare (Burn) Debian GNU/Linux media based on Jigdo for installation
Demonstrate how to obtain Debian GNU/Linux using the traditional ISO images from RedHat Linux & Windows 2003 Systems
Prepare (Burn) Debian GNU/Linux media based on ISO downloads for installation
Demonstrate how to obtain Debian GNU/Linux using a minimal CD for network installation
Prepare Debian GNU/Linux media based on the minimal CD ISO download for installation
Prep the Intel-based system for a Workstation installation of Debian GNU/Linux
Install Debian Linux on Intel-based x86 machine using CD-ROMs
Use CFDISK to create user-partitions on the Debian Workstation system
Use CFDISK to create a system-Swap partition
Configure the installation process with Workstation-oriented packages
Prepare the Intel-based system for a Server installation of Debian GNU/Linux
Install Debian Linux on Intel-based x86 machine using CD-ROMs
Use Fdisk to create server-oriented partitions on the Debian Server system
Use Fdisk to create a system-Swap partition
Configure the installation process with Server-oriented packages
Prep the Intel-based system for a Network installation of Debian GNU/Linux
Identify Network Installation ISO Image repositories
Download Network Installation ISO Image & burn to CDRW
Use Fdisk to create server-oriented partitions on the Debian Server system
Use Fdisk to create a system-Swap partition
Identify and specify Debian mirrors to obtain installation packages from
Install Debian Linux on Intel-based x86 machine using HTTP
Configure the installation process with Server-oriented packages
Prepare the Sun Fire SPARC-based headless system for a Remote Network installation of Debian GNU/Linux using SSH, CKermit & serial connectivity
Install Debian GNU/Linux SPARC edition using the Module -1 Binary
Configure server-oriented drive partitions using Fdisk
Configure optimal server-oriented Swap partition using Fdisk
Configure the Sun Fire SPARC system with network connectivity
Update Debian SPARC system with latest security patches using APT
Explore the Debian GNU/Linux KDE Desktop Interface & Default Applications
Identify Documentation - Man Pages & Graphical
Explore Debian GNU/Linux GNOME Desktop Interface & Default Applications
Upgrade Mozilla web browser software
Implement Macromedia Flash plug-in and configure support in Mozilla and evaluate results
Implement the current Java Runtime Environment (JRE/J2SE) for system-wide access to Java applets/etc.
Basic Debian GNU/Linux Skills
Demonstrate usage of the following useful commands & concepts
ls, pwd, cd, cp, mv, rm, mkdir, rmdir, whoami, man, info
alias, cat, file, chmod, chown, history
Standard in/out, UNIX Pipes, Redirection, Command Chaining
ps, df, free, vmstat, top, kill
less & more, head & tail, diff
which & whereis, w, who
find, grep, locate
tar, gzip/gunzip, bzip2, zcat
PING (Packet Internet Groper) - used to issue ICMP echo requests
dig (Domain Information Groper) - used to query DNS servers
Demonstrate typical usage of the vi text editor
Demonstrate typical usage the nano text editor
Tarball Archiving & compression of files & directories with TAR/GZIP/BZIP2
Explain UNIX/Linux file security & permissions (-rwxrwxrwx)
Use mount/umount to access CD-ROM and floppy devices
Explore /etc/fstab (File system Table file)
Explore TCP/IP Configuration
Install Wget and demonstrate its typical usage to interface to HTTP/FTP servers
top
Advanced Package Management Tool (APT) Concepts
Explain classes of Debian GNU/Linux Packages
Identify Debian GNU/Linux Package Management Tools
Inventory currently installed DEB packages
Demonstrate Packge Group Selection with tasksel
Discuss Package Refinement with dselect
Identify key Advanced Package Tool (APT) configuration files
Search for Debian GNU/Linux packages using Advanced Package Tool (APT)
Install/Update/Remove software using APT
Configure APT to query multiple sources for packages
Use DPKG to install a DEB package located on an EXT3 File System
Configure APT to install packages from varying versions of Debian GNU/Linux
Use Aptitude to manage Debian GNU/Linux packages
Install Apt-Spy using APT to identify optimal mirrors
Disk Management using CFDISK & FDISK
Provision additional Storage partitions using CFDISK
Partition using FDISK additional user space
Use MKE2FS to provision multiple 20GB EXT2 & EXT3 File Systems
Use TUNE2FS to convert existing EXT2 File Systems to EXT3 File Systems
Provision additional Swap storage
Use MKSWAP & SWAPON to enable additional Swap storage
Provision multiple Temp File System (TMPFS) using free memory
Demonstrate typical usage of Temp File Systems for fast I/O
Update File System Table (FSTAB) to reflect system changes
Remote Desktop (RDP) Client Implementation
Download and intall RDesktop prerequisites (dev packages, etc.)
Compile, implement & explore RDesktop Terminal Services desktop connectivity to Windows 2003/2000/XP servers running Remote Desktop Protocol (RDP)
Secure Shell (SSH) Client
Explain SSH concepts, implementation, etc.
Use SSH Client to connect to remote Linux Systems using password authentication
Identify key SSH-client files (.known_hosts, public/private key pairs,etc.)
Authenticate to remote Linux systems using alternate credentials
Use Secure Copy Protocol (SCP) to move data between systems non-interactively
Use Secure File Transfer Protocol (SFTP) to move data between systems interactively
Demonstrate how to generate Public/Private key (RSA/DSA) pairs using SSH-Keygen
Demonstrate using SSH to authenticate to remote Linux hosts without passwords
System V Debian GNU/Linux Runlevel implementation
Explain Debian GNU/Linux System V Init Runlevel (0 - 6) concepts & applications
Identify key startup files, including scripts (inittab,Sscripts,Kscripts,etc.)
Identify startup log files & entries using DMESG & exploration
TCP/IP Configuration
Identify key files for the transition from DHCP to Static addressing
Configure Linux client with static TCP/IP parameters for network communication
Configure Virtual (Sub) Ethernet Interfaces to faciliate multiple IP addresses
Implement Network Time Protocol (NTP) Client/Server
Configure Network Time Protocol (NTP) to perform client/server time synchronization
Identify NTP bounded UDP interfaces
Synchronize Debian GNU/Linux NTP with RedHat Linux Stratum 2 NTP server
Configure RedHat Linux NTP server to synchronize with Debian GNU/Linux server
Manage Users and Groups
User profile implementation logic and concepts - (Bash profile/etc/skel/aliases/PATH/etc.)
User and group creation & management concepts - passwd, shadow, group, gshadow files
Use useradd/adduser, groupadd/addgroup, usermod, etc.
Examine adduser configuration file
Explore System Logging via SYSLOG and Logrotate
Explanation of syslog facilities & levels
Demonstrate syslog administration
Demonstrate Cisco to Linux SYSLOG functionality
Explore automatic log rotation and customization via Logrotate
Configure Logrotate to rotate & compress sample log files
top
Commonly-used Network Utilities
NETSTAT
Traceroute & MTR (PING & Traceroute functionality)
ARP
IFCONFIG
Route
DIG & NSLOOKUP
Whois
Implement Telnet Daemon for temporary clear-text shell communications
Examine Message of the day banners (MOTD), /etc/issue file (pre-login banner/display info.)
Dynamic Host Configuration Protocol (DHCP) services
Explain the various steps of the DHCP process
Configure global & scope-level DHCP options
Configure IP reservations based on layer 2 MAC addresses
Enable Linux DHCP services
Configure Windows/Linux clients to receive dynamic addresses from Linux
Examine evidence of clients requesting addresses from DHCPD
Very Secure VSFTPD File Transfer Protocol (FTP) services
Implement anonymous FTPD
Implement user-level FTPD access
Implement FTPD banners
Disable anonymous access
Configure VSFTPD to chroot jail users into their home directories
Implement bandwidth rate-limiting to control bandwidth usage
Implement & test banning of unwelcomed anonymous e-mail addresses
Implement VSFTPD user with redirect to a Samba share
Implement Linux & Windows Integration via Samba
Implement SMBFS integration with Debian GNU/Linux File System
Mount Windows shares seamlessly using Samba File System (SMBFS)
Configure FSTAB to support repetitive mounts
Implement secure SMBFS credentials for mounting
Install Samba Server support
Install Samba Web-based Administration Tool (SWAT)
Configure Samba file sharing
Configure Samba with multiple NETBIOS aliases
Configure Samba Windows Internet Name Server (WINS) support
Evaluate Windows XP client access to Debian GNU/Linux Samba server
Explore the CRON scheduling daemon & configuration
Identify key Cron configuration scopes (Global & User)
Explain Crontab file format and applicable options
Define custom cron jobs system-wide
Define custom cron jobs user-wide
Evaluate results of cron jobs
Implement the Berkeley Internet Daemon (BIND) Domain Name Server (DNS)
Implement BIND 9.x
Configure BIND as a caching-only DNS server
Test caching-only name resolution from Linux hosts
Configure Linux/Windows 2003 clients to use Linux BIND DNS server
Configure BIND as an Authoritative DNS server
Test primary name resolution from Windows & Linux hosts
Configure BIND as a secondary(slave) DNS server
Configure DNS zones on Linux BIND & Windows 2003 DNS - activate replication
Evaluate results of BIND configuration using DIG
Configure DNS zones
Configure zone transfers
Evaluate BIND's configuration files
Kernel Re-compilation & upgrade - Debian Style
Obtain latest Linux Kernel sources
Install requisite Debian GNU/Linux packages
Select hardware and software modules and support for new kernel
Compile new Linux kernel
Install new Linux kernel
Update boot loader
Reboot system and verify functionality
top
Web Application Services
Implement Apache Web Server
Examine httpd.conf file directives
Implement virtual directories using Apache and symbollic links
Implement Redirects using Locate and various Apache directives
Configure virtual hosts bound to the primary IP address and port
Configure virtual hosts bound to alternate virtual IP addresses and ports
Implement Apache logging system per virtual host
Configure basic authentication to virtual hosts containers via Directory directives
Configure digest authentication
Implementation of Webalizer Log Analysis software
Generate web reports using Webalizer
Implementation of PHP Dynamic Web Access Scripting Engine
Evaluate PHP Dynamic Web Access Scripting Engine installation results
Test basic PHP script-processing using sample scripts
MySQL Relational Database Management System
Install MySQL Relational Database Management System
Secure access to MySQL
Create sample MySQL databases
Install PHPMyAdmin for web-based management of MySQL instances
Explain & Secure access to PHPMyAdmin
Explore PHPMyAdmin's interface
Sendmail MTA Essentials
Introduction to Sendmail Message Transfer Agent (MTA)
Implementation of Sendmail
Identify default Debian GNU/Linux Sendmail logging
Use Mutt to demonstrate outbound mail handling using Sendmail
Attempt to relay messages from a remote Windows host
Identify failed relays fromt the remote Windows host
Configure Sendmail to relay messages for remote Windows host
Configure Sendmail to support virtual hosts/multiple domains
Evaluate results of routing messages to multiple domains using Sendmail
Redirect virtual SMTP addressess to Internet-based SMTP hosts
Verify message delivery using Mutt & SSH
Post Office Protocol Version 3 (POP3)
Explain POP3 concepts and applications
Implement POP3 daemon
Connect to POP3 daemon using Windows Outlook Express client
Reroute inbound messages using Sendmail to POP3 account for retrieval
Use Mutt to send SMTP-based messages to POP3 account
Internet Messaging Access Protocol (IMAP)
Explain IMAP concepts and applications in comparison to POP3
Implement IMAP services
Connect to IMAP services from remote Windows Outlook Express client
Web-based Mail Implementation using Squirrel-mail
Describe required squirrel mail components for web-mail integration
Install squirrel mail on Debian GNU/Linux system
Configure Apache virtual directory for squirrel mail integration
Configure Apache Virtual Host for squirrel mail integration
Configure BIND DNS services for squirrel mail integration
Explore squirrel mail's web-based interface
TCP Wrappers (hosts.allow/hosts.deny)
Discuss TCP Wrappers concepts & applications
Identify primary package and key TCP Wrappers configuration files
Demonstrate disabled TCP Wrappers configurations by attempting connectivity
Examine pre and post TCP Wrappers configuration effects
Implement TCP Wrappers for common services
Test local & remote access to TCP Wrappers-protected host & services
XINETD (Enhanced & Secure INETD Super Server Implementation)
Upgrade Debian GNU/Linux system from INETD to XINETD
Identify key XINETD configuration files
Explain the contents and structure of xinetd.conf
Restrict access to various daemons/services based on hosts & subnets
Compare & contrast TCP Wrappers and XINETD
Secure services with XINETD
Insert common global xinetd.conf daemon/service defaults
Configure XINETD to log via SYSLOG
Configure XINETD to restrict number of spawned instances of daemons/services
Configure port forwarding of daemons/services
Configure XINETD to bind daemons/services to specific sub-interfaces (Virtual IP addresses)
Explore additional XINETD features
IPTABLES (Netfilter Linux Kernel-based Firewall)
Discuss IPTABLES/Netfilter Concepts
Explain IPTABLES default chains/filters and policies
Examine TCP/ICMP communications pre-IPTABLES chains
Implement ICMP inbound filtration based on various hosts
Use Cisco PIX Firewall to verify ICMP debugging
Filter traffic based on Layer-4 TCP/UDP (Source/Destination Ports) information
Restrict access to various daemons (SSH/FTP/HTTP/etc.)
Test connectivity locally and remotely (RedHat/Windows/etc.)
Network Mapper (NMAP)
Obtain, compile and install current version of NMAP
Identify commonly used NMAP options/switches/parameters
Perform default TCP SYN-based ethical scans of local and remote resources
Explain typical TCP handshake protocol while using NMAP
Examine the results of scans on remote Cisco firewall with debugging mode enabled
Perform default TCP Connect-based ethical scans of local and remote resources
Examine the results of scans on remote Cisco PIX Firewall with debugging mode enabled
Use NMAP to scan using aliased and spoofed IP addresses
Peform local ethical scans
Identifiy key NMAP configuration files
Use NMAP to perform operating system fingerprinting
Peform subnet-wide ethical scans
Nessus Vulnerability Scanner
Download, compile, and prepare Nessus vulnerability scanner for deployment
Implement Nessus client/server Security vulnerability scanner in SSL-mode
Identify Nessus's key features and explore its graphical interface
Ethical scan of the local system for vulnerabilities
Examine scan results via the reporting engine
Discuss mitigation techniques for suggested vulnerabilities
Ethical scan of a fraction of the class C subnet by using CIDR
Examine the scan results and discuss
Ethical scan of the entire class C subnet
Examine Nessus process utilization while vulnerability scans are in progress
Lockdown (Debian GNU/Linux System Lockdown)
Explain potential network-based entry points to the system
Identify superfluous daemons/services using NETSTAT & NMAP
Disable superfluous daemons/services using update-rc.d and proper scripts
Identify changes in the system as a result of performing the lockdown
Disable superfluous daemons/services using XINETD
Restrict source address access to daemons/services using XINETD
Restrict bind address for daemons/services using XINETD
Discuss application-layer security for added protection (MySQL/Apache/Sendmail/SSH/Nessus)
Force SSHD to bind to desired layer-3 IP address for controlled security
Secure the system using IPTABLES & TCP Wrappers for added security
Snort 2.1x Intrusion Detection System (IDS)
Obtain, and install Snort pre-requisites (libpcap/libpcre/etc.)
Obtain, compile and install the Snort Intrusion Detection System (IDS)
Identify and explain key operating modes (Sniffer/Logger/IDS)
Run Snort in all three modes and examine the results
Output Snort logs to ASCII text format and examine the results
Output Snort logs to binary format and examine the results
Use Snort with Berkeley Packet Filter (BPF) to parse logs
Implement Snort with BPF to filter real-time traffic
Obtain and install requisite MySQL libraries for Snort
Recompile Snort IDS with MySQL support
Implement Snort IDS with MySQL integration for real-time reporting
Implement ACID web-based front-end for examining Snort logs
Advanced Package Management Tool (APT) Concepts
Explain classes of Debian GNU/Linux Packages
Identify Debian GNU/Linux Package Management Tools
Inventory currently installed DEB packages
Demonstrate Packge Group Selection with tasksel
Discuss Package Refinement with dselect
Identify key Advanced Package Tool (APT) configuration files
Search for Debian GNU/Linux packages using Advanced Package Tool (APT)
Install/Update/Remove software using APT
Configure APT to query multiple sources for packages
Use DPKG to install a DEB package located on an EXT3 File System
Configure APT to install packages from varying versions of Debian GNU/Linux
Use Aptitude to manage Debian GNU/Linux packages
Install Apt-Spy using APT to identify optimal mirrors
Disk Management using CFDISK & FDISK
Provision additional Storage partitions using CFDISK
Partition using FDISK additional user space
Use MKE2FS to provision multiple 20GB EXT2 & EXT3 File Systems
Use TUNE2FS to convert existing EXT2 File Systems to EXT3 File Systems
Provision additional Swap storage
Use MKSWAP & SWAPON to enable additional Swap storage
Provision multiple Temp File System (TMPFS) using free memory
Demonstrate typical usage of Temp File Systems for fast I/O
Update File System Table (FSTAB) to reflect system changes
Remote Desktop (RDP) Client Implementation
Download and intall RDesktop prerequisites (dev packages, etc.)
Compile, implement & explore RDesktop Terminal Services desktop connectivity to Windows 2003/2000/XP servers running Remote Desktop Protocol (RDP)
Secure Shell (SSH) Client
Explain SSH concepts, implementation, etc.
Use SSH Client to connect to remote Linux Systems using password authentication
Identify key SSH-client files (.known_hosts, public/private key pairs,etc.)
Authenticate to remote Linux systems using alternate credentials
Use Secure Copy Protocol (SCP) to move data between systems non-interactively
Use Secure File Transfer Protocol (SFTP) to move data between systems interactively
Demonstrate how to generate Public/Private key (RSA/DSA) pairs using SSH-Keygen
Demonstrate using SSH to authenticate to remote Linux hosts without passwords
System V Debian GNU/Linux Runlevel implementation
Explain Debian GNU/Linux System V Init Runlevel (0 - 6) concepts & applications
Identify key startup files, including scripts (inittab,Sscripts,Kscripts,etc.)
Identify startup log files & entries using DMESG & exploration
TCP/IP Configuration
Identify key files for the transition from DHCP to Static addressing
Configure Linux client with static TCP/IP parameters for network communication
Configure Virtual (Sub) Ethernet Interfaces to faciliate multiple IP addresses
Implement Network Time Protocol (NTP) Client/Server
Configure Network Time Protocol (NTP) to perform client/server time synchronization
Identify NTP bounded UDP interfaces
Synchronize Debian GNU/Linux NTP with RedHat Linux Stratum 2 NTP server
Configure RedHat Linux NTP server to synchronize with Debian GNU/Linux server
Manage Users and Groups
User profile implementation logic and concepts - (Bash profile/etc/skel/aliases/PATH/etc.)
User and group creation & management concepts - passwd, shadow, group, gshadow files
Use useradd/adduser, groupadd/addgroup, usermod, etc.
Examine adduser configuration file
Explore System Logging via SYSLOG and Logrotate
Explanation of syslog facilities & levels
Demonstrate syslog administration
Demonstrate Cisco to Linux SYSLOG functionality
Explore automatic log rotation and customization via Logrotate
Configure Logrotate to rotate & compress sample log files
top
Commonly-used Network Utilities
NETSTAT
Traceroute & MTR (PING & Traceroute functionality)
ARP
IFCONFIG
Route
DIG & NSLOOKUP
Whois
Implement Telnet Daemon for temporary clear-text shell communications
Examine Message of the day banners (MOTD), /etc/issue file (pre-login banner/display info.)
Dynamic Host Configuration Protocol (DHCP) services
Explain the various steps of the DHCP process
Configure global & scope-level DHCP options
Configure IP reservations based on layer 2 MAC addresses
Enable Linux DHCP services
Configure Windows/Linux clients to receive dynamic addresses from Linux
Examine evidence of clients requesting addresses from DHCPD
Very Secure VSFTPD File Transfer Protocol (FTP) services
Implement anonymous FTPD
Implement user-level FTPD access
Implement FTPD banners
Disable anonymous access
Configure VSFTPD to chroot jail users into their home directories
Implement bandwidth rate-limiting to control bandwidth usage
Implement & test banning of unwelcomed anonymous e-mail addresses
Implement VSFTPD user with redirect to a Samba share
Implement Linux & Windows Integration via Samba
Implement SMBFS integration with Debian GNU/Linux File System
Mount Windows shares seamlessly using Samba File System (SMBFS)
Configure FSTAB to support repetitive mounts
Implement secure SMBFS credentials for mounting
Install Samba Server support
Install Samba Web-based Administration Tool (SWAT)
Configure Samba file sharing
Configure Samba with multiple NETBIOS aliases
Configure Samba Windows Internet Name Server (WINS) support
Evaluate Windows XP client access to Debian GNU/Linux Samba server
Explore the CRON scheduling daemon & configuration
Identify key Cron configuration scopes (Global & User)
Explain Crontab file format and applicable options
Define custom cron jobs system-wide
Define custom cron jobs user-wide
Evaluate results of cron jobs
Implement the Berkeley Internet Daemon (BIND) Domain Name Server (DNS)
Implement BIND 9.x
Configure BIND as a caching-only DNS server
Test caching-only name resolution from Linux hosts
Configure Linux/Windows 2003 clients to use Linux BIND DNS server
Configure BIND as an Authoritative DNS server
Test primary name resolution from Windows & Linux hosts
Configure BIND as a secondary(slave) DNS server
Configure DNS zones on Linux BIND & Windows 2003 DNS - activate replication
Evaluate results of BIND configuration using DIG
Configure DNS zones
Configure zone transfers
Evaluate BIND's configuration files
Kernel Re-compilation & upgrade - Debian Style
Obtain latest Linux Kernel sources
Install requisite Debian GNU/Linux packages
Select hardware and software modules and support for new kernel
Compile new Linux kernel
Install new Linux kernel
Update boot loader
Reboot system and verify functionality
top
Web Application Services
Implement Apache Web Server
Examine httpd.conf file directives
Implement virtual directories using Apache and symbollic links
Implement Redirects using Locate and various Apache directives
Configure virtual hosts bound to the primary IP address and port
Configure virtual hosts bound to alternate virtual IP addresses and ports
Implement Apache logging system per virtual host
Configure basic authentication to virtual hosts containers via Directory directives
Configure digest authentication
Implementation of Webalizer Log Analysis software
Generate web reports using Webalizer
Implementation of PHP Dynamic Web Access Scripting Engine
Evaluate PHP Dynamic Web Access Scripting Engine installation results
Test basic PHP script-processing using sample scripts
MySQL Relational Database Management System
Install MySQL Relational Database Management System
Secure access to MySQL
Create sample MySQL databases
Install PHPMyAdmin for web-based management of MySQL instances
Explain & Secure access to PHPMyAdmin
Explore PHPMyAdmin's interface
Sendmail MTA Essentials
Introduction to Sendmail Message Transfer Agent (MTA)
Implementation of Sendmail
Identify default Debian GNU/Linux Sendmail logging
Use Mutt to demonstrate outbound mail handling using Sendmail
Attempt to relay messages from a remote Windows host
Identify failed relays fromt the remote Windows host
Configure Sendmail to relay messages for remote Windows host
Configure Sendmail to support virtual hosts/multiple domains
Evaluate results of routing messages to multiple domains using Sendmail
Redirect virtual SMTP addressess to Internet-based SMTP hosts
Verify message delivery using Mutt & SSH
Post Office Protocol Version 3 (POP3)
Explain POP3 concepts and applications
Implement POP3 daemon
Connect to POP3 daemon using Windows Outlook Express client
Reroute inbound messages using Sendmail to POP3 account for retrieval
Use Mutt to send SMTP-based messages to POP3 account
Internet Messaging Access Protocol (IMAP)
Explain IMAP concepts and applications in comparison to POP3
Implement IMAP services
Connect to IMAP services from remote Windows Outlook Express client
Web-based Mail Implementation using Squirrel-mail
Describe required squirrel mail components for web-mail integration
Install squirrel mail on Debian GNU/Linux system
Configure Apache virtual directory for squirrel mail integration
Configure Apache Virtual Host for squirrel mail integration
Configure BIND DNS services for squirrel mail integration
Explore squirrel mail's web-based interface
TCP Wrappers (hosts.allow/hosts.deny)
Discuss TCP Wrappers concepts & applications
Identify primary package and key TCP Wrappers configuration files
Demonstrate disabled TCP Wrappers configurations by attempting connectivity
Examine pre and post TCP Wrappers configuration effects
Implement TCP Wrappers for common services
Test local & remote access to TCP Wrappers-protected host & services
XINETD (Enhanced & Secure INETD Super Server Implementation)
Upgrade Debian GNU/Linux system from INETD to XINETD
Identify key XINETD configuration files
Explain the contents and structure of xinetd.conf
Restrict access to various daemons/services based on hosts & subnets
Compare & contrast TCP Wrappers and XINETD
Secure services with XINETD
Insert common global xinetd.conf daemon/service defaults
Configure XINETD to log via SYSLOG
Configure XINETD to restrict number of spawned instances of daemons/services
Configure port forwarding of daemons/services
Configure XINETD to bind daemons/services to specific sub-interfaces (Virtual IP addresses)
Explore additional XINETD features
IPTABLES (Netfilter Linux Kernel-based Firewall)
Discuss IPTABLES/Netfilter Concepts
Explain IPTABLES default chains/filters and policies
Examine TCP/ICMP communications pre-IPTABLES chains
Implement ICMP inbound filtration based on various hosts
Use Cisco PIX Firewall to verify ICMP debugging
Filter traffic based on Layer-4 TCP/UDP (Source/Destination Ports) information
Restrict access to various daemons (SSH/FTP/HTTP/etc.)
Test connectivity locally and remotely (RedHat/Windows/etc.)
Network Mapper (NMAP)
Obtain, compile and install current version of NMAP
Identify commonly used NMAP options/switches/parameters
Perform default TCP SYN-based ethical scans of local and remote resources
Explain typical TCP handshake protocol while using NMAP
Examine the results of scans on remote Cisco firewall with debugging mode enabled
Perform default TCP Connect-based ethical scans of local and remote resources
Examine the results of scans on remote Cisco PIX Firewall with debugging mode enabled
Use NMAP to scan using aliased and spoofed IP addresses
Peform local ethical scans
Identifiy key NMAP configuration files
Use NMAP to perform operating system fingerprinting
Peform subnet-wide ethical scans
Nessus Vulnerability Scanner
Download, compile, and prepare Nessus vulnerability scanner for deployment
Implement Nessus client/server Security vulnerability scanner in SSL-mode
Identify Nessus's key features and explore its graphical interface
Ethical scan of the local system for vulnerabilities
Examine scan results via the reporting engine
Discuss mitigation techniques for suggested vulnerabilities
Ethical scan of a fraction of the class C subnet by using CIDR
Examine the scan results and discuss
Ethical scan of the entire class C subnet
Examine Nessus process utilization while vulnerability scans are in progress
Lockdown (Debian GNU/Linux System Lockdown)
Explain potential network-based entry points to the system
Identify superfluous daemons/services using NETSTAT & NMAP
Disable superfluous daemons/services using update-rc.d and proper scripts
Identify changes in the system as a result of performing the lockdown
Disable superfluous daemons/services using XINETD
Restrict source address access to daemons/services using XINETD
Restrict bind address for daemons/services using XINETD
Discuss application-layer security for added protection (MySQL/Apache/Sendmail/SSH/Nessus)
Force SSHD to bind to desired layer-3 IP address for controlled security
Secure the system using IPTABLES & TCP Wrappers for added security
Snort 2.1x Intrusion Detection System (IDS)
Obtain, and install Snort pre-requisites (libpcap/libpcre/etc.)
Obtain, compile and install the Snort Intrusion Detection System (IDS)
Identify and explain key operating modes (Sniffer/Logger/IDS)
Run Snort in all three modes and examine the results
Output Snort logs to ASCII text format and examine the results
Output Snort logs to binary format and examine the results
Use Snort with Berkeley Packet Filter (BPF) to parse logs
Implement Snort with BPF to filter real-time traffic
Obtain and install requisite MySQL libraries for Snort
Recompile Snort IDS with MySQL support
Implement Snort IDS with MySQL integration for real-time reporting
Implement ACID web-based front-end for examining Snort logs
LinuxCBT Deb3x Edition
