100 Basic Security Training (BST) courses

Duration 2 Days 12 CPD hours This course is intended for Security administrators who are responsible for using SaltStack SecOps to manage the security operations in their enterprise Overview By the end of the course, you should be able to meet the following objectives: Describe the architecture of SaltStack Config and SaltStack SecOps Integrate SaltStack Config with directory services. Configure roles and permissions for users and groups to manage and use SaltStack SecOps Use targeting to ensure that the jobs run on the correct minion systems Use remote execution modules to install the packages, transfer files, manage services, and manage users on minion systems Manage configuration control on the minion systems with states, pillars, requisites, and declarations Use Jinja and YAML code to manage the minion systems with the state files Enforce the desired state across minion systems automatically Use SaltStack SecOps to update the compliance and vulnerability content libraries Use SaltStack SecOps to enforce compliance and remediation on the infrastructure with industry standards Use SaltStack SecOps to provide automated vulnerability scanning and remediation on your infrastructure This two-day, hands-on training course provides you with the advanced knowledge, skills, and tools to achieve competency in using VMware vRealize© Automation SaltStack© SecOps. SaltStack SecOps allows you to scan your system for compliance against security benchmarks, detect system vulnerabilities, and remediate your results. This course enables you to create the SaltStack SecOps custom compliance libraries and use SaltStack SecOps. In addition, this course provides you with the fundamentals of how to use VMware vRealize© Automation SaltStack© Config to install software and manage system configurations. COURSE INTRODUCTION * Introductions and course logistics * Course objectives SALTSTACK CONFIG ARCHITECTURE * Identify the SaltStack Config deployment types * Identify the components of SaltStack Config * Describe the role of each SaltStack Config component SALTSTACK CONFIG SECURITY * Describe local user authentication * Describe LDAP and Active Directory authentication * Describe the roles and permissions in vRealize Automation for SaltStack Config * Describe the roles and permissions in SaltStack Config * Describe the SecOps permissions in SaltStack Config * Describe the advanced permissions available in SaltStack Config TARGETING MINIONS * Describe targeting and its importance * Target minions by minion ID * Target minions by glob * Target minions by regular expressions * Target minions by lists * Target minions by compound matching * Target minions by complex logical matching REMOTE EXECUTION AND JOB MANAGEMENT * Describe remote execution and its importance * Describe functions and arguments * Create and manage jobs * Use the Activities dashboard CONFIGURATION CONTROL THROUGH STATES, PILLARS, REQUISITES, AND DECLARATIONS * Define the SaltStack states * Describe file management in SaltStack Config * Create the SaltStack state files * Identify the components of a SaltStack state * Describe pillar data and the uses of pillar data * Configure pillar data on the SaltStack Config master server * Use pillar data in variables in the state files * Describe the difference between IDs and names in the state files * Use the correct execution order * Use requisites in the state files USING JINJA AND YAML * Describe the SaltStack Config renderer system * Use YAML in the state files * Use Jinja in the state files * Use Jinja conditionals, lists, and loops USING SALTSTACK SECOPS COMPLY * Describe the SaltStack SecOps Comply architecture * Describe CIS and DISA STIG benchmarks * Describe the SaltStack SecOps Comply security library * Describe the remediation differences between SaltStack SecOps and VMware Carbon Black© * Create and manage the policies * Create and manage the custom checks * Run assessments on the minion systems * Use SaltStack SecOps to remediate the noncompliant systems * Manage the SaltStack SecOps Comply configuration options * Manage the benchmark content ingestion USING SALTSTACK SECOPS PROTECT * Describe Common Vulnerabilities and Exposures (CVEs) * Use the Protect dashboard * Create and manage the policies * Update the vulnerability library * Run the vulnerability scans * Remediate the vulnerabilities * Manage the vulnerability exemptions

Duration 5 Days 30 CPD hours This course is intended for Security Professionals working with Kubernetes Clusters Container Orchestration Engineers DevOps Professionals Overview In this course, students will learn and practice essential Kubernetes concepts and tasks in the following sections: Cloud Security Fundamentals Cluster Hardening System Hardening Minimize Microservice Vulnerabilities Supply Chain Security Disaster Recovery Secure Back-up and Restore This class prepares students for the Certified Kubernetes Security Specialist (CKS) exam. Kubernetes is a Cloud Orchestration Platform providing reliability, replication, and stabilitywhile maximizing resource utilization for applications and services. By the conclusion of this hands-on, vendor agnostic training you will be equipped with a thorough understanding ofcloud security fundamentals, along with the knowledge, skills and abilities to secure a Kubernetes cluster, detect threats, and properly resolve a security catastrophe. This courseincludes hands-on instruction which develops skills and knowledge for securing container-based applications and Kubernetes platforms, during build, deployment, and runtime. We prioritizecovering all objectives and concepts necessary for passing the Certified Kubernetes Security Specialist (CKS) exam. You will be provided the components necessary to assemble your ownhigh availability Kubernetes environment and harden it for your security needs. LEARNING YOUR ENVIRONMENT * Underlying Infrastructure * Using Vim * Tmux CLOUD SECURITY PRIMER * Basic Principles * Threat Analysis * Approach * CIS Benchmarks SECURING YOUR KUBERNETES CLUSTER * Kubernetes Architecture * Pods and the Control Plane * Kubernetes Security Concepts INSTALL KUBERNETES USING KUBEADM * Configure Network Plugin Requirements * Kubeadm Basic Cluster * Installing Kubeadm * Join Node to Cluster * Kubeadm Token * Manage Kubeadm Tokens * Kubeadm Cluster Upgrade SECURING THE KUBE-APISERVER * Configuring the kube-apiserver * Enable Audit Logging * Falco * Deploy Falco to Monitor System Calls * Enable Pod Security Policies * Encrypt Data at Rest * Encryption Configuration * Benchmark Cluster with Kube-Bench * Kube-Bench SECURING ETCD * ETCD Isolation * ETCD Disaster Recovery * ETCD Snapshot and Restore PURGE KUBERNETES * Purge Kubeadm * 3Purge Kubeadm IMAGE SCANNING * Container Essentials * Secure Containers * Creating a Docker Image * Scanning with Trivy * Trivy * Snyk Security MANUALLY INSTALLING KUBERNETES * Kubernetes the Alta3 Way * Deploy Kubernetes the Alta3 Way * Validate your Kubernetes Installation * Sonobuoy K8s Validation Test KUBECTL (OPTIONAL) * Kubectl get and sorting * kubectl get * kubectl describe LABELS (OPTIONAL) * Labels * Labels and Selectors * Annotations * Insert an Annotation SECURING YOUR APPLICATION * Scan a Running Container * Tracee * Security Contexts for Pods * Understanding Security Contexts * AppArmor Profiles * AppArmor * Isolate Container Kernels * gVisor POD SECURITY * Pod Security Policies * Deploy a PSP * Pod Security Standards * Enable PSS OPEN POLICY AGENT (OPA) * Admission Controller * Create a LimitRange * Open Policy Agent * Policy as Code * Deploy Gatekeeper USER ADMINISTRATION * Contexts * Contexts * Authentication and Authorization * Role Based Access Control * Role Based Access Control * RBAC Distributing Access * Service Accounts * Limit Pod Service Accounts SECURING SECRETS * Secrets * Create and Consume Secrets * Hashicorp Vault * Deploy Vault SECURING THE NETWORK * Networking Plugins * NetworkPolicy * Deploy a NetworkPolicy * mTLS * Linkerd * mTLS with istio * istio THREAT DETECTION * Active Threat Analysis * Host Intrusion Detection * Deploy OSSEC * Network Intrusion Detection * Deploy Suricata * Physical Intrusion Detection DISASTER RECOVERY * Harsh Reality of Security * Deploy a Response Plan * Kasten K10 Backups * Deploy K10

Duration 1 Days 6 CPD hours This course is intended for This course is intended for: Solutions architects, cloud engineers, including security engineers, delivery and implementation engineers, professional services, and Cloud Center of Excellence (CCOE) Overview In this course, you will learn to: Design and implement a secure network infrastructure Design and implement compute security Design and implement a logging solution Currently, the average cost of a security breach can be upwards of $4 million. AWS Security Best Practices provides an overview of some of the industry best practices for using AWS security and control types. This course helps you understand your responsibilities while providing valuable guidelines for how to keep your workload safe and secure. You will learn how to secure your network infrastructure using sound design options. You will also learn how you can harden your compute resources and manage them securely. Finally, by understanding AWS monitoring and alerting, you can detect and alert on suspicious events to help you quickly begin the response process in the event of a potential compromise. MODULE 1: AWS SECURITY OVERVIEW * Shared responsibility model * Customer challenges * Frameworks and standards * Establishing best practices * Compliance in AWS MODULE 2: SECURING THE NETWORK * Flexible and secure * Security inside the Amazon Virtual Private Cloud (Amazon VPC) * Security services * Third-party security solutions MODULE 3: AMAZON EC2 SECURITY * Compute hardening * Amazon Elastic Block Store (EBS) encryption * Secure management and maintenance * Detecting vulnerabilities * Using AWS Marketplace MODULE 4: MONITORING AND ALERTING * Logging network traffic * Logging user and Application Programming Interface (API) traffic * Visibility with Amazon CloudWatch * Enhancing monitoring and alerting * Verifying your AWS environment ADDITIONAL COURSE DETAILS: Nexus Humans AWS Security Best Practices training program is a workshop that presents an invigorating mix of sessions, lessons, and masterclasses meticulously crafted to propel your learning expedition forward. This immersive bootcamp-style experience boasts interactive lectures, hands-on labs, and collaborative hackathons, all strategically designed to fortify fundamental concepts. Guided by seasoned coaches, each session offers priceless insights and practical skills crucial for honing your expertise. Whether you're stepping into the realm of professional skills or a seasoned professional, this comprehensive course ensures you're equipped with the knowledge and prowess necessary for success. While we feel this is the best course for the AWS Security Best Practices course and one of our Top 10 we encourage you to read the course outline to make sure it is the right content for you. Additionally, private sessions, closed classes or dedicated events are available both live online and at our training centres in Dublin and London, as well as at your offices anywhere in the UK, Ireland or across EMEA.

Duration 5 Days 30 CPD hours This course is intended for IT professionals across a broad range of disciplines who need to perform essential Linux administration tasks including installation, establishing network connectivity, managing physical storage, and basic security administration. This course relates to Red Hat Enterprise Linux 7 and is designed for IT pros without previous Linux admin experience. The course focuses on providing students with Linux admin 'survival skills' by focusing on core admin tasks. ACCESS THE COMMAND LINE * Log in to a Linux system and run simple commands using the shell. MANAGE FILES FROM THE COMMAND LINE * Copy, move, create, delete, and organize files from the bash shell prompt. GETTING HELP IN RED HAT ENTERPRISE LINUX * Resolve problems by using online help systems and Red Hat support utilities. CREATE, VIEW, AND EDIT TEXT FILES * Create, view, and edit text files from command output or in an editor MANAGE LOCAL LINUX USERS AND GROUPS * Manage local Linux users and groups, and administer local password policies. CONTROL ACCESS TO FILES WITH LINUX FILE SYSTEM PERMISSIONS * Set Linux file system permissions on files and interpret the security effects of different permission settings. MONITOR AND MANAGE LINUX PROCESSES * Obtain information about the system, and control processes running on it. CONTROL SERVICES AND DAEMONS * Control and monitor network services and system daemons using systemd. CONFIGURE AND SECURE OPENSSH SERVICE * Access and provide access to the command line on remote systems securely using OpenSSH. ANALYZE AND STORE LOGS * Locate and accurately interpret relevant system log files for troubleshooting purposes. MANAGE RED HAT ENTERPRISE LINUX NETWORKING * Configure basic IPv4 networking on Red Hat Enterprise Linux systems. ARCHIVE AND COPY FILES BETWEEN SYSTEMS * Archive files and copy them from one system to another. INSTALL AND UPDATE SOFTWARE PACKAGES * Download, install, update, and manage software packages from Red Hat and yum package repositories. ACCESS LINUX FILE SYSTEMS * Access and inspect existing file systems on a Red Hat Enterprise Linux system. USE VIRTUALIZED SYSTEMS * Create and use Red Hat Enterprise Linux virtual machines with KVM and libvirt.

Duration 1 Days 6 CPD hours This course is intended for This course is intended for new users employed in a data processing environment who are new to Power Systems with IBM i. Overview After completing this course, you should be able to:Explain the functions supported by IBM i operating systemsExplain Power System with IBM i models and generationsExplain which applications are supportedSign on / off the systemUse the display station keyboardUse the online help that is availableUse the different interfaces available for IBM iUnderstand how objects are managedEnter control language (CL) commandsSend and receive messages and work with message queuesManage work and outputExplain basic security concepts on IBM i In this classroom course, you will learn basic concepts and skills you need to be productive users on Power Systems with IBM i. With plenty of hands-on lab exercises, we show everything from signing onto the available user interfaces; green screen environment and IBM Navigator for i.You will learn how objects are managed on the system and how you display these objects. You will learn to use control language (CL) commands (fast path) and how to work with and manage messages on the system. Students will also learn how to the system manages work and how you manage your printouts. Lastly, students will also get a basic overview of security. INTRODUCTION AND OVERVIEW TO IBM I USING THE 5250 EMULATION INTERFACE OVERVIEW OF IBM I ACCESS CLIENT SOLUTIONS USING IBM NAVIGATOR FOR I USING THE MESSAGES FUNCTION ON IBM I USING CL COMMANDS ON IBM I MANAGING OBJECTS ON IBM I MANAGING YOUR WORK ON IBM I IBM I SECURITY OVERVIEW ADDITIONAL EDUCATION ADDITIONAL COURSE DETAILS: Nexus Humans OE98 Introduction to IBM i for New Users training program is a workshop that presents an invigorating mix of sessions, lessons, and masterclasses meticulously crafted to propel your learning expedition forward. This immersive bootcamp-style experience boasts interactive lectures, hands-on labs, and collaborative hackathons, all strategically designed to fortify fundamental concepts. Guided by seasoned coaches, each session offers priceless insights and practical skills crucial for honing your expertise. Whether you're stepping into the realm of professional skills or a seasoned professional, this comprehensive course ensures you're equipped with the knowledge and prowess necessary for success. While we feel this is the best course for the OE98 Introduction to IBM i for New Users course and one of our Top 10 we encourage you to read the course outline to make sure it is the right content for you. Additionally, private sessions, closed classes or dedicated events are available both live online and at our training centres in Dublin and London, as well as at your offices anywhere in the UK, Ireland or across EMEA.

Duration 4 Days 24 CPD hours This course is intended for This course is designed for technical professionals who require the skills to administer IBM© MQ queue managers on distributed operating systems, in the Cloud, or on the IBM© MQ Appliance. Overview After completing this course, you should be able to:Describe the IBM© MQ deployment optionsPlan for the implementation of IBM© MQ on-premises or in the CloudUse IBM© MQ commands and the IBM© MQ Explorer to create and manage queue managers, queues, and channelsUse the IBM© MQ sample programs and utilities to test the IBM© MQ networkEnable a queue manager to exchange messages with another queue managerConfigure client connections to a queue managerUse a trigger message and a trigger monitor to start an application to process messagesImplement basic queue manager restart and recovery proceduresUse IBM© MQ troubleshooting tools to identify the cause of a problem in the IBM© MQ networkPlan for and implement basic IBM© MQ security featuresUse accounting and statistics messages to monitor the activities of an IBM© MQ systemDefine and administer a simple queue manager cluster This course provides technical professionals with the skills that are needed to administer IBM© MQ queue managers on distributed operating systems and in the Cloud. In addition to the instructor-led lectures, you participate in hands-on lab exercises that are designed to reinforce lecture content. The lab exercises use IBM© MQ V9.0, giving you practical experience with tasks such as handling queue recovery, implementing security, and problem determination. Note: This course does not cover any of the features of MQ for z/OS or MQ for IBM© i. COURSE INTRODUCTION IBM© MQ REVIEW IBM© MQ INSTALLATION AND DEPLOYMENT OPTIONS CREATING A QUEUE MANAGER AND QUEUES EXERCISE: USING COMMANDS TO CREATE A QUEUE MANAGER AND QUEUES INTRODUCTION TO IBM© MQ EXPLORER EXERCISE: USING IBM© MQ EXPLORER TO CREATE QUEUE MANAGERS AND QUEUES TESTING THE IBM© MQ IMPLEMENTATION EXERCISE: USING IBM© MQ SAMPLE PROGRAMS TO TEST THE CONFIGURATION IMPLEMENTING DISTRIBUTED QUEUING EXERCISE: CONNECTING QUEUE MANAGERS IBM© MQ CLIENTS EXERCISE: CONNECTING AN IBM© MQ CLIENT IMPLEMENTING TRIGGER MESSAGES AND MONITORS EXERCISE: IMPLEMENTING A TRIGGER MONITOR DIAGNOSING PROBLEMS EXERCISE: RUNNING AN IBM© MQ TRACE IMPLEMENTING BASIC SECURITY IN IBM© MQ EXERCISE: CONTROLLING ACCESS TO IBM© MQ BACKING UP AND RESTORING IBM© MQ MESSAGES AND OBJECT DEFINITIONS EXERCISE: USING A MEDIA IMAGE TO RESTORE A QUEUE EXERCISE: BACKING UP AND RESTORING IBM© MQ OBJECT DEFINITIONS INTRODUCTION TO QUEUE MANAGER CLUSTERS EXERCISE: IMPLEMENTING A BASIC CLUSTER MONITORING AND CONFIGURING IBM© MQ FOR PERFORMANCE EXERCISE: MONITORING IBM© MQ FOR PERFORMANCE COURSE SUMMARY

Duration 1 Days 6 CPD hours This course is intended for Cybersecurity Essentials provides foundational knowledge in cybersecurity and is recommended for all non-technical professionals who wish to develop an understanding of cyber safety. Overview After completing this course, students will be able to: Identify and reduce human errors that put organizations at risk for a cyber-attacks. Define Ransomware, Phishing, and Data Breaches to understand the differences. Identify the motives of hackers. Assess how data breaches occur. Develop a plan on how to protect accounts and privacy. Create a strong and secure password. Work in a secure manner while using remote Wi-Fi access. Safely use Virtual Private Networks (VPN). Identify vulnerabilities in home networks to keep them secure. Identity different social engineering techniques e.g. phishing, vishing. Detect social engineering attempts and prevent potential breaches. Prevent hackers from accessing a Mobile phone. Cybersecurity Essentials was developed using unparalleled learning methodology that prepares cadets for the Israeli Cyber and Intelligence Unit. It is designed to tackle human error by helping develop an advanced understanding and skills to protect individuals and organizations against the most common cyber threats. INTRODUCTION TO CYBERSECURITY * Introduction to the world of cybersecurity; basic terminology, and why cybersecurity is so important. Review of famous cyber-attacks. ACCOUNTS & CREDENTIALS SECURITY * One of the most common elements linking cyber-attacks is compromised or weak credentials. Learn different ways hackers can acquire passwords, and what to do when accounts have been compromised. How to prevent such attacks including best protection methods and password management and introduction to tools for testing and creating strong passwords. REMOTE SECURITY: WI-FI & VPN * Evaluate main risks that arise when using public and non-protected Wi-Fi networks. Differentiate between private and public Wi-Fi networks, define what a VPN is and how to use it, and how to browse safely in remote environments. SOCIAL ENGINEERING * How hackers take advantage of ?human-based vulnerabilities?. Define social engineering and the different types of attacks that can leverage social engineering, such as phishing or vishing. Learn how to detect social engineering attempts and prevent future breaches. MOBILE SECURITY * Minimize the risk of an attack on mobile device and understand basic security principles for mobile applications. Learn how to protect photos, browsing history, text messages, and confidential business information such as emails, documents, access permission and more. ADDITIONAL COURSE DETAILS: Nexus Humans Cybersecurity Essentials training program is a workshop that presents an invigorating mix of sessions, lessons, and masterclasses meticulously crafted to propel your learning expedition forward. This immersive bootcamp-style experience boasts interactive lectures, hands-on labs, and collaborative hackathons, all strategically designed to fortify fundamental concepts. Guided by seasoned coaches, each session offers priceless insights and practical skills crucial for honing your expertise. Whether you're stepping into the realm of professional skills or a seasoned professional, this comprehensive course ensures you're equipped with the knowledge and prowess necessary for success. While we feel this is the best course for the Cybersecurity Essentials course and one of our Top 10 we encourage you to read the course outline to make sure it is the right content for you. Additionally, private sessions, closed classes or dedicated events are available both live online and at our training centres in Dublin and London, as well as at your offices anywhere in the UK, Ireland or across EMEA.

Duration 5 Days 30 CPD hours This course is intended for This course is designed for technical professionals who require the skills to administer IBM MQ. Overview After completing this course, you should be able to: Describe the IBM MQ deployment options Create and manage queue managers, queues, and channels Use the IBM MQ sample programs and utilities to test the IBM MQ network Configure distributed queuing Configure MQ client connections to a queue manager Define and administer a queue manager cluster Administer Java Message Service (JMS) in MQ Implement basic queue manager restart and recovery procedures Use IBM MQ troubleshooting tools to identify the cause of a problem in the IBM MQ network Manage IBM MQ security Monitor the activities and performance of an IBM MQ system This course is also available as self-paced virtual (e-learning) course IBM MQ V9.1 System Administration (ZM156G). This option does not require any travel.This course teaches you how to customize, operate, administer, and monitor IBM MQ on-premises on distributed operating systems. The course covers configuration, day-to-day administration, problem recovery, security management, and performance monitoring. In addition to the instructor-led lectures, the hands-on exercises provide practical experience with distributed queuing, working with MQ clients, and implementing clusters, publish/subscribe messaging. You also learn how to implement authorization, authentication, and encryption, and you learn how to monitor performance. INTRODUCING IBM MQ EXERCISE * Getting started with IBM MQ WORKING WITH IBM MQ ADMINISTRATION TOOLS EXERCISE * Working with IBM MQ administration tools CONFIGURING DISTRIBUTED QUEUING EXERCISE * Implementing distributed queuing MANAGING CLIENTS AND CLIENT CONNECTIONS EXERCISE * Connecting an IBM MQ client Advanced IBM MQ client features WORKING WITH QUEUE MANAGER CLUSTERS EXERCISE * Implementing a basic cluster PUBLISH/SUBSCRIBE MESSAGING EXERCISE * Configuring publish/subscribe message queuing IMPLEMENTING BASIC SECURITY IN IBM MQ EXERCISE * Controlling access to IBM MQ SECURING IBM MQ CHANNELS WITH TLS EXERCISE * Securing channels with TLS Authenticating channels and connections EXERCISE * Implementing connection authentication Supporting JMS with IBM MQ Diagnosing problems * Running an IBM MQ trace Backing up and restoring IBM MQ messages and object definitions * Using a media image to restore a queue * Backing up and restoring IBM MQ object definitions High availability Monitoring and configuring IBM MQ for performance * Monitoring IBM MQ for performance * Monitoring resources with the IBM MQ Console ADDITIONAL COURSE DETAILS: Nexus Humans WM156G IBM MQ V9.1 System Administration (using Windows for labs) training program is a workshop that presents an invigorating mix of sessions, lessons, and masterclasses meticulously crafted to propel your learning expedition forward. This immersive bootcamp-style experience boasts interactive lectures, hands-on labs, and collaborative hackathons, all strategically designed to fortify fundamental concepts. Guided by seasoned coaches, each session offers priceless insights and practical skills crucial for honing your expertise. Whether you're stepping into the realm of professional skills or a seasoned professional, this comprehensive course ensures you're equipped with the knowledge and prowess necessary for success. While we feel this is the best course for the WM156G IBM MQ V9.1 System Administration (using Windows for labs) course and one of our Top 10 we encourage you to read the course outline to make sure it is the right content for you. Additionally, private sessions, closed classes or dedicated events are available both live online and at our training centres in Dublin and London, as well as at your offices anywhere in the UK, Ireland or across EMEA.

Duration 5 Days 30 CPD hours This course is intended for This is an introductory-level systems administration course geared for Systems Administrators and users who wish to learn how to how to install, configure and maintain an Enterprise Linux system in a networked environment. Overview This course is about 50% lab to lecture ratio, combining expert instructor-led discussions with practical hands-on skills that emphasize current techniques, best practices and standards. Working in this hands-on lab environment, guided by our expert practitioner, attendees will explore Installing the Linux operating system and configuring peripherals Performing and modifying startup and shutdown processes Configuring and maintaining basic networking services Creating and maintaining system users and groups Understanding and administering file permissions on directories and regular files Planning and creating disk partitions and file systems Performing maintenance on file systems Identifying and managing Linux processes Automating tasks with cron Performing backups and restoration of files Working with system log files Troubleshooting system problems Analyzing and taking measures to increase system performance Configuring file sharing with NFS Configuring Samba for file sharing with the Windows clients Setting up a basic Web server Understanding the components for setting up a LAMP server Implementing basic security measures Linux System Administration is a comprehensive hands-on course that teaches students how to install, configure and maintain an Enterprise Linux system in a networked environment. This lab-intensive class explores core administrative tasks such as: creating and managing users, creating and maintaining file systems, determining and implementing security measures and performing software installation and package management. Linux networking topics include installing and supporting SSH, NFS, Samba and the Apache Web server. Students will explore common security issues, as well as several tools, such as the PAM modules that help secure the operating system and network environment. Upon successful completion of this course, students will be prepared to maintain Linux systems in a networked business environment. Although the course includes installing and configuring a CentOS 7 / RHEL 7 Linux system, much of the course content also applies to Oracle, Ubuntu, Scientific and other current versions of mainstream Linux distributions. Labs include user and group maintenance, system backups and restoration, software management, administration tasks automation, file system creation and maintenance, managing remote access, working with cron, and configuring basic file sharing and Web services, as well as working with system logging utilities such as rsyslog and much more. SYSTEM ADMINISTRATION OVERVIEW * UNIX, Linux and Open Source * Duties of the System Administrator * Superusers and the Root Login * Sharing Superuser Privileges with Others (su and sudo Commands) * TCP/IP Networking Fundamentals * Online Help INSTALLATION AND CONFIGURATION * Planning: Hardware and Software Considerations * Site Planning * Installation Methods and Types * Installation Classes * Partitions * Logical Volume Manager - LVM * File System Overview * Swap Partition Considerations * Other Partition Considerations * The Linux Boot Loader: grub * Software Package Selection * Adding and Configuring Peripherals * Printers * Graphics Controllers * Basic Networking Configuration * Booting to Recovery Mode BOOTING AND SHUTTING DOWN LINUX * Boot Sequence * The systemd Daemon * The systemctl Command * Targets vs. Run Levels * Modifying a Target * Service Unit Scripts * Changing System States * Booting into Rescue Mode * Shutdown Commands MANAGING SOFTWARE AND DEVICES * Identifying Software Packages * Using rpm to Manage Software * Using yum to Manage Software * Installing and Removing Software * Identifying Devices * Displaying Device and System Information (PCI, USB) * Plug and Play Devices * Device Configuration Tools MANAGING USERS AND GROUPS * Setting Policies * User File Management * The /etc/passwd file * The /etc/shadow file * The /etc/group file * The /etc/gshadow file * Adding Users * Modifying User Accounts * Deleting User Accounts * Working with Groups * Setting User Environments * Login Configuration Files THE LINUX FILE SYSTEM * Filesystem Types * Conventional Directory Structure * Mounting a File System * The /etc/fstab File * Special Files (Device Files) * Inodes * Hard File Links * Soft File Links * Creating New File Systems with mkfs * The lost+found Directory * Repairing File Systems with fsck * The Journaling Attribute * File and Disk Management Tools LINUX FILE SECURITY * File Permissions * Directory Permissions * Octal Representation * Changing Permissions * Setting Default Permissions * Access Control Lists (ACLs) * The getfacl and setfacl commands * SUID Bit * SGID Bit * The Sticky Bit CONTROLLING PROCESSES * Characteristics of Processes * Parent-Child Relationship * Examining Running Processes * Background Processes * Controlling Processes * Signaling Processes * Killing Processes * Automating Processes * cron and crontab * at and batch * System Processes (Daemons) WORKING WITH THE LINUX KERNEL * Linux Kernel Components * Types of Kernels * Kernel Configuration Options * Recompiling the Kernel SHELL SCRIPTING OVERVIEW * Shell Script Fundamentals * Bash Shell Syntax Overview * Shell Script Examples SYSTEM BACKUPS * Backup Concepts and Strategies * User Backups with the tar Command * System Backup Options * The xfsdump and xfsrestore Commands TROUBLESHOOTING THE SYSTEM * Common Problems and Symptoms * Troubleshooting Steps * Repairing General Boot Problems * Repairing the GRUB 2 Boot Loader * Hard Drive Problems * Restoring Shared Libraries * System Logs and rsyslogd BASIC NETWORKING * Networking Services Overview * NetworkManager Introduction * Network Configuration Files Locations and Formats * Enabling and Restarting Network Services with systemtcl * Configuring Basic Networking Manually * Configuring Basic Networking with NetworkManager LAMP SERVER BASICS * LAMP Overview * Configuring the Apache Web Server * Common Directives * Apache Virtual Hosting * Configuring an Open Source Database * MySQL * MariaDB * PHP Basics * Perl CGI Scripting INTRODUCTION TO SYSTEM SECURITY * Security Overview * Maintaining System Security * Server Access * Physical Security * Network Security * Security Tools * Port Probing with nmap * Intrusion Detection and Prevention * PAM Security Modules * Scanning the System * Maintaining File Integrity * Using Firewalls * Introduction to firewalld THE SAMBA FILE SHARING FACILITY * Configure Samba for Linux to Linux/UNIX File Sharing * Configure Samba for Linux to Windows File Sharing * Use the smbclient Utility to Transfer Files * Mount/Connect Samba Shares to Linux and Windows Clients NETWORKED FILE SYSTEMS (NFS) * Using NFS to Access Remote File Systems * Configuring the NFS Server * Configuring the NFS Client * Exporting File Systems from the NFS Server to the NFS Client

Duration 2 Days 12 CPD hours This course is intended for This course is for IT network or security professionals who have practical experience with the ProxySG in the field and wish to master the advanced network security of the ProxySG. Overview Solve common authentication and SSL issuesUnderstand the underlying architecture of SGOSMonitor and analyze ProxySG performanceUse policy tracing as a troubleshooting tool The ProxySG 6.6 Advanced Administration course is intended for IT professionals who wish to learn to master the advanced features of the ProxySG. USING AUTHENTICATION REALMS * Describe the benefits of enabling authentication on the ProxySG * Describe, at a high level, the ProxySG authentication architecture * Understand the use of IWA realms, with both IWA Direct and IWA BCAAA connection * methods UNDERSTANDING AUTHENTICATION CREDENTIALS * Describe how NTLM and Kerberos authentication work in both IWA direct and IWA BCAAA deployments * Configure the ProxySG to use Kerberos authentication UNDERSTANDING AUTHENTICATION MODES * Describe authentication surrogates and authentication modes * Describe ProxySG authentication in both explicit and transparent deployment mode UNDERSTANDING HTTPS * Describe key components of SSL encryption * Describe how the SSL handshake works * Describe some of the legal and security considerations related to use of the SSL proxy MANAGING SSL TRAFFIC ON THE PROXYSG * Describe how the SSL proxy service handles SSL traffic * Describe the standard keyrings that are installed by default on the ProxySG * Identify the types of security certificates that the ProxySG uses OPTIMIZING SSL INTERCEPTION PERFORMANCE * Configure the ProxySG to process SSL traffic according to best practices for performance SGOS ARCHITECTURE * Identify key components of SGOS * Explain the interaction among client workers and software workers in processing client * requests * Explain the significance of policy checkpoints * Describe key characteristics of the SGOS storage subsystem * Explain the caching behavior of the ProxySG CACHING ARCHITECTURE * Describe the benefits of object caching on the ProxySG * Explain the caching-related steps in a ProxySG transaction * Identify and describe the HTTP request and response headers related to caching * Describe, in general terms, how the ProxySG validates cached objects to ensure freshness * Explain how the ProxySG uses cost-based deletion, popularity contests, and pipelining to improve object caching SYSTEM DIAGNOSTICS * Describe the use of the health monitor and health checks * Explain the use of the event and access logs * Describe the information available in advanced URLs and sysinfo files * Describe the function of policy tracing and packet captures INTRODUCTION TO CONTENT POLICY LANGUAGE (CPL) * Describe the fundamental concepts and purposes of ProxySG policy transactions * Understand the relationship of layers, rules, conditions, properties, and triggers * Describe the two types of actions in CPL * Describe how to write, edit, and upload CPL code USING POLICY TRACING FOR TROUBLESHOOTING * Identify the two main types of ProxySG policy traces * Describe the various sections of a policy trace result * Configure a global and policy-driven trace * Access and interpret policy trace results PROXYSG INTEGRATION * Identify other Symantec products that can be used as part of a complete security solution