INTEGRATING LINUX AND MICROSOFT COURSE DESCRIPTION This course is designed for the enterprise-level Linux professional and represents the highest level of professional, distribution-neutral Linux certification within the industry. LPIC-3 300 covers administering Linux enterprise-wide with an emphasis on mixed environments. WHAT WILL YOU LEARN * Configure and troubleshoot OpenLDAP. * Use OpenLDAP as an authentication backend. * Manage software packages. * Use Samba - Share configuration - User and group management - Domain integration - Name services - with Linux and Windows clients INTEGRATING LINUX AND MICROSOFT COURSE DETAILS * Who will benefit: Enterprise-level Linux professionals. * Prerequisites: Delegates must have an active LPIC-2 certification to receive LPIC-3 certification, but the LPIC-2 and LPIC-3 exams may be taken in any order. * Duration 5 days INTEGRATING UNIX AND MICROSOFT COURSE CONTENTS * OPENLDAP CONFIGURATION * OpenLDAP replication Replication concepts, OpenLDAP replication, replication log files, replica hubs, LDAP referrals, LDAP sync replication. * Securing the Directory Securing the directory with SSL and TLS, Firewall considerations, Unauthenticated access methods, User/password authentication methods, Maintanence of SASL user DB, certificates. * OpenLDAP Server Performance Tuning Measure OpenLDAP performance, Tune software configuration to increase performance, indexes. * OPENLDAP AS AN AUTHENTICATION BACKEND LDAP * Integration with PAM and NSS Configure PAM to use LDAP for authentication, NSS to retrieve information from LDAP and PAM modules in UNIX. * Integrating LDAP with Active Directory and Kerberos Kerberos integration with LDAP, Cross platform authentication, Single sign-on concepts, Integration and compatibility limitations between OpenLDAP and Active Directory. * SAMBA BASICS * Samba Concepts and Architecture Samba daemons and components, key issues regarding heterogeneous network, Identify key TCP/UDP ports used with SMB/CIFS, Knowledge of Samba3 and Samba4 differences. * Configure Samba Samba server configuration file structure, variables and configuration parameters, Troubleshoot and debug configuration problems. * Regular Samba Maintenance Monitor and interact with running Samba daemons, Perform regular backups of Samba configuration and state data. * Troubleshooting Samba Samba logging, Backup TDB files, Restore TDB files, Identify TDB file corruption, Edit / list TDB file content. * Internationalization Internationalization character codes and code pages, differences in the name space between Windows and Linux/Unix with respect to share, names, user/group/computer naming in a non-English environment. * SAMBA SHARE CONFIGURATION * Linux File System and Share/Service Permissions File / directory permission control, Samba interaction with Linux file system permissions and ACLs, Use Samba VFS to store Windows ACLs. * Print Services Printer sharing, integration between Samba and CUPS, Manage Windows print drivers and configure downloading of print drivers, security concerns with printer sharing. * SAMBA USER AND GROUP MANAGEMENT * Managing User Accounts and Groups User and group accounts, mappings, user account management tools, smbpasswd, file/directory ownership of objects. * Authentication, Authorization and Winbind Local password database, password synchronization, passdb backends, Convert between passdb backends, Integrate Samba with LDAP, Winbind service, PAM and NSS. * SAMBA DOMAIN INTEGRATION * Samba as a PDC and BDC Domain membership and trust relationships, Create and maintain a PDC and BDC with Samba3/4, Add computers to an existing domain, logon scripts, roaming profiles, system policies. * Samba4 as an AD compatible Domain Samba 4 as an AD DC, smbclient, how Samba integrates with AD services: DNS, Kerberos, NTP, LDAP. * Configure Samba as a Domain Member Server Joining Samba to NT4 and AD domains, obtain a TGT from a KDC. * SAMBA NAME SERVICES * NetBIOS and WINS WINS concepts, NetBIOS concepts, local master browser, domain master browser, Samba as a WINS server, name resolution, WINS replication, NetBIOS browsing and browser elections, NETBIOS name types. * Active Directory Name Resolution DNS for Samba4 as an AD Domain Controller, DNS forwarding with the internal DNS server of Samba4. * WORKING WITH LINUX AND WINDOWS CLIENTS * CIFS Integration SMB/CIFS concepts, remote CIFS shares from a Linux client, securely storing CIFS credentials, features and benefits of CIFS, permissions and file ownership of remote CIFS shares. * Working with Windows Clients browse lists and SMB clients from Windows, Share file/print resources from Windows, the smbclient program, the Windows net utility.
INTEGRATING UNIX AND MICROSOFT COURSE DESCRIPTION This course is designed for the enterprise-level UNIX professional and represents the highest level of professional, distribution-neutral UNIX certification within the industry. It covers administering UNIX enterprise-wide with an emphasis on mixed environments. WHAT WILL YOU LEARN * Configure and troubleshoot OpenLDAP. * Use OpenLDAP as an authentication backend. * Manage software packages. * Use Samba - Share configuration - User and group management - Domain integration - Name services - with Linux and Windows clients INTEGRATING UNIX AND MICROSOFT COURSE DETAILS * Who will benefit: Enterprise-level UNIX professionals. * Prerequisites: UNIX network administration. * Duration 5 days INTEGRATING UNIX AND MICROSOFT COURSE CONTENTS * OPENLDAP CONFIGURATION * OpenLDAP replication Replication concepts, OpenLDAP replication, replication log files, replica hubs, LDAP referrals, LDAP sync replication. * Securing the Directory Securing the directory with SSL and TLS, Firewall considerations, Unauthenticated access methods, User/password authentication methods, Maintanence of SASL user DB, certificates. * OpenLDAP Server Performance Tuning Measure OpenLDAP performance, Tune software configuration to increase performance, indexes. * OPENLDAP AS AN AUTHENTICATION BACKEND LDAP * Integration with PAM and NSS Configure PAM to use LDAP for authentication, NSS to retrieve information from LDAP and PAM modules in UNIX. * Integrating LDAP with Active Directory and Kerberos Kerberos integration with LDAP, Cross platform authentication, Single sign-on concepts, Integration and compatibility limitations between OpenLDAP and Active Directory. * SAMBA BASICS * Samba Concepts and Architecture Samba daemons and components, key issues regarding heterogeneous network, Identify key TCP/UDP ports used with SMB/CIFS, Knowledge of Samba3 and Samba4 differences. * Configure Samba Samba server configuration file structure, variables and configuration parameters, Troubleshoot and debug configuration problems. * Regular Samba Maintenance Monitor and interact with running Samba daemons, Perform regular backups of Samba configuration and state data. * Troubleshooting Samba Samba logging, Backup TDB files, Restore TDB files, Identify TDB file corruption, Edit / list TDB file content. * Internationalization Internationalization character codes and code pages, differences in the name space between Windows and Linux/Unix with respect to share, names, user/group/computer naming in a non-English environment. * SAMBA SHARE CONFIGURATION * Linux File System and Share/Service Permissions File / directory permission control, Samba interaction with Linux file system permissions and ACLs, Use Samba VFS to store Windows ACLs. * Print Services Printer sharing, integration between Samba and CUPS, Manage Windows print drivers and configure downloading of print drivers, security concerns with printer sharing. * SAMBA USER AND GROUP MANAGEMENT * Managing User Accounts and Groups User and group accounts, mappings, user account management tools, smbpasswd, file/directory ownership of objects. * Authentication, Authorization and Winbind Local password database, password synchronization, passdb backends, Convert between passdb backends, Integrate Samba with LDAP, Winbind service, PAM and NSS. * SAMBA DOMAIN INTEGRATION * Samba as a PDC and BDC Domain membership and trust relationships, Create and maintain a PDC and BDC with Samba3/4, Add computers to an existing domain, logon scripts, roaming profiles, system policies. * Samba4 as an AD compatible Domain Samba 4 as an AD DC, smbclient, how Samba integrates with AD services: DNS, Kerberos, NTP, LDAP. * Configure Samba as a Domain Member Server Joining Samba to NT4 and AD domains, obtain a TGT from a KDC. * SAMBA NAME SERVICES * NetBIOS and WINS WINS concepts, NetBIOS concepts, local master browser, domain master browser, Samba as a WINS server, name resolution, WINS replication, NetBIOS browsing and browser elections, NETBIOS name types. * Active Directory Name Resolution DNS for Samba4 as an AD Domain Controller, DNS forwarding with the internal DNS server of Samba4. * WORKING WITH LINUX AND WINDOWS CLIENTS * CIFS Integration SMB/CIFS concepts, remote CIFS shares from a Linux client, securely storing CIFS credentials, features and benefits of CIFS, permissions and file ownership of remote CIFS shares. * Working with Windows Clients browse lists and SMB clients from Windows, Share file/print resources from Windows, the smbclient program, the Windows net utility.
SECURITY+ TRAINING COURSE DESCRIPTION A hands on course aimed at getting delegates successfully through the CompTia Security+ examination. WHAT WILL YOU LEARN * Explain general security concepts. * Describe the security concepts in communications. * Describe how to secure an infrastructure. * Recognise the role of cryptography. * Describe operational/organisational security. SECURITY+ TRAINING COURSE DETAILS * Who will benefit: Those wishing to pass the Security+ exam. * Prerequisites: TCP/IP foundation for engineers * Duration 5 days SECURITY+ TRAINING COURSE CONTENTS * General security concepts Non-essential services and protocols. Access control: MAC, DAC, RBAC. Security attacks: DOS, DDOS, back doors, spoofing, man in the middle, replay, hijacking, weak keys, social engineering, mathematical, password guessing, brute force, dictionary, software exploitation. Authentication: Kerberos, CHAP, certificates, usernames/ passwords, tokens, biometrics. Malicious code: Viruses, trojan horses, logic bombs, worms. Auditing, logging, scanning. * Communication security Remote access: 802.1x, VPNs, L2TP, PPTP, IPsec, RADIUS, TACACS, SSH. Email: S/MIME, PGP, spam, hoaxes. Internet: SSL, TLS, HTTPS, IM, packet sniffing, privacy, Javascript, ActiveX, buffer overflows, cookies, signed applets, CGI, SMTP relay. LDAP. sftp, anon ftp, file sharing, sniffing, 8.3 names. Wireless: WTLS, 802.11, 802.11x, WEP/WAP. * Infrastructure security Firewalls, routers, switches, wireless, modems, RAS, PBX, VPN, IDS, networking monitoring, workstations, servers, mobile devices. Media security: Coax, UTP, STP, fibre. Removable media. Topologies: Security zones, DMZ, Intranet, Extranet, VLANs, NAT, Tunnelling. IDS: Active/ passive, network/host based, honey pots, incident response. Security baselines: Hardening OS/NOS, networks and applications. * Cryptography basics Integrity, confidentiality, access control, authentication, non-repudiation. Standards and protocols. Hashing, symmetric, asymmetric. PKI: Certificates, policies, practice statements, revocation, trust models. Key management and certificate lifecycles. Storage: h/w, s/w, private key protection. Escrow, expiration, revocation, suspension, recovery, destruction, key usage. * Operational/Organisation security Physical security: Access control, social engineering, environment. Disaster recovery: Backups, secure disaster recovery plans. Business continuity: Utilities, high availability, backups. Security policies: AU, due care, privacy, separation of duties, need to know, password management, SLAs, disposal, destruction, HR policies. Incident response policy. Privilege management: Users, groups, roles, single sign on, centralised/decentralised. Auditing. Forensics: Chain of custody, preserving and collecting evidence. Identifying risks: Assets, risks, threats, vulnerabilities. Role of education/training. Security documentation.
NETGEAR SWITCHES TRAINING COURSE DESCRIPTION A hands on course covering the product specifics of Netgear switches. Installation, configuration, maintenance and troubleshooting are all covered in a practical oriented way. WHAT WILL YOU LEARN * Install Netgear switches. * Use the command line interface and the web based interface to manage Netgear switches. * Configure and troubleshoot Netgear switches. * Perform software upgrades. NETGEAR SWITCHES TRAINING COURSE DETAILS * Who will benefit: Anyone working with Netgear switches. Particularly aimed at engineers and technicians supporting Netgear switches. * Prerequisites: None. * Duration 2 days NETGEAR SWITCHES TRAINING COURSE CONTENT * Introduction How Ethernet works with hubs, How Ethernet works with switches. Installing Netgear switches. Hands on Building a network with a hub, building a network with a Netgear switch. * Basic troubleshooting The Netgear switch range, LEDs, cabling issues, factory resets, default settings. Hands on Building a network with multiple Netgear switches. * Configuration methods Managed vs. unmanaged switches, Console port access, telnet, web based access, SNMP, saving configurations, NVRAM, switch stacks, stacking ports. Hands on Accessing the switch using the console, IP address configuration, telnet. * Console interface Password protection, the menus, menu options. Hands on Setting a password, displaying the switch configuration. * Web based interface Getting started, basic format. Hands on Configuring the switch using the web interface. * Port configuration Common port configuration tasks, port trunking. Hands on Configuring ports. * STP configuration What is STP? Configuring STP. Hands on Enabling and disabling STP, configuring STP * VLAN configuration What are VLANS? 802.1Q, tagged/untagged, creating VLANS, applying VLANS. Hands on Setting up VLANS, setting up 802.1Q, Inter VLAN traffic. * Housekeeping TFTP, upgrades Hands on Boot from net. * SNMP SNMP configuration, NMS's. Hands on Using SNMP to manage a Netgear switch, putting it all together: troubleshooting.
HARDENING CISCO DEVICES TRAINING COURSE DESCRIPTION A hands on course focusing on how to lock down Cisco IOS routers and switches. WHAT WILL YOU LEARN * Harden Cisco devices. HARDENING CISCO DEVICES TRAINING COURSE DETAILS * Who will benefit: Technical network staff. Technical security staff. * Prerequisites: TCP/IP foundation for engineers. * Duration 5 days HARDENING CISCO DEVICES TRAINING COURSE CONTENT * Introduction Router security, Switch security, Cisco IOS, IOS versions, Cisco advisories, the management plane, control plane, data plane. Hands on Checking IOS versions and advisories. * Access control Infrastructure ACLs, Transit ACLs. Hands on Restricting access to the device, Filtering data traffic. * Management plane: Securing operations Passwords, privilege levels, AAA, TACACS+, RADIUS. Hands on Password management. * Management plane: Other general hardening Logging best practices, secure protocols, encrypting management sessions, configuration management. Hands on Hardening the management plane. * Control plane Disabling reception and transmission of certain messages, Limiting CPU impact of control plane traffic, securing routing protocols. Hands on Hardening the control plane. * Data plane Transit ACLs, disabling unused services, disabling unnecessary protocols, anti spoofing, limiting CPU impact of data plane traffic, identifying and tracing traffic, Netflow, VLANs, port security. Hands on hardening the data plane.
PENETRATION TESTING TRAINING COURSE DESCRIPTION An advanced technical hands on course focusing on hacking and counter hacking. The course revolves around a series of exercises based on "hacking" into a network (pen testing the network) and then defending against the hacks. WHAT WILL YOU LEARN * Perform penetration tests. * Explain the technical workings of various penetration tests. * Produce reports on results of penetration tests. * Defend against hackers. PENETRATION TESTING TRAINING COURSE DETAILS * Who will benefit: Technical support staff, auditors and security professionals. Staff who are responsible for network infrastructure integrity. * Prerequisites: IP Security IP VPNs * Duration 5 days PENETRATION TESTING TRAINING COURSE CONTENTS * Introduction Hacking concepts, phases, types of attacks, 'White hacking', What is penetration testing? Why use pen testing, black box vs. white box testing, equipment and tools, security lifecycles, counter hacking, pen testing reports, methodologies, legal issues. * Physical security and social engineering Testing access controls, perimeter reviews, location reviews, alarm response testing. Request testing, guided suggestions, trust testing. Social engineering concepts, techniques, counter measures, Identity theft, Impersonation on social media, Footprints through social engineering * Reconnaissance (discovery) Footprinting methodologies, concepts, threats and countermeasures, WHOIS footprinting, Gaining contacts and addresses, DNS queries, NIC queries, ICMP ping sweeping, system and server trails from the target network, information leaks, competitive intelligence. Scanning pen testing. * Gaining access Getting past passwords, password grinding, spoofed tokens, replays, remaining anonymous. * Scanning (enumeration) Gaining OS info, platform info, open port info, application info. Routes used, proxies, firewalking, Port scanning, stealth port scanning, vulnerability scanning, FIN scanning, Xmas tree scanning, Null scanning, spoofed scanning, Scanning beyond IDS. Enumeration concepts, counter measures and enumeration pen testing. * Hacking Hacking webservers, web applications, Wireless networks and mobile platforms. Concepts, threats, methodology, hacking tools and countermeasures. * Trojan, Backdoors, Sniffers, Viruses and Worms Detection, concepts, countermeasures, Pen testing Trojans, backdoors, sniffers and viruses. MAC attacks, DHCP attacks, ARP poisoning, DNS poisoning Anti-Trojan software, Malware analysis Sniffing tools. * Exploiting (testing) vulnerabilities Buffer overflows,, simple exploits, brute force methods, UNIX based, Windows based, specific application vulnerabilities. * DoS/DDoS Concepts, techniques, attack tools, Botnet, countermeasures, protection tools, DoS attack pen testing. * SQL Injection Types and testing, Blind SQL Injection, Injection tools, evasion and countermeasures. * Securing networks 'Hurdles', firewalls, DMZ, stopping port scans, IDS, Honeypots, Router testing, firewall testing, IDS testing, Buffer Overflow. * Cryptography PKI, Encryption algorithms, tools, Email and Disk Encryption. * Information security Document grinding, privacy.
SAMBA TRAINING COURSE DESCRIPTION Samba enables UNIX/Linux machines to act as Microsoft File and Print servers. This two day hands on training course progresses from the basics of installing samba and simple configurations through to authentication issues and troubleshooting. WHAT WILL YOU LEARN * Install and configure Samba. * Administrate file and printer sharing. * Secure Samba servers. * Troubleshoot Samba SAMBA TRAINING COURSE DETAILS * Who will benefit: Technical staff working with Samba. * Prerequisites: Intro to UNIX Systems Administration TCP/IP Foundation. * Duration 2 days SAMBA TRAINING COURSE CONTENTS * What is Samba? File and print servers, Samba server roles, Windows networking, NetBIOS, SMB. Hands on Microsoft File and Print shares, analysing the network traffic. * Installing Samba Source, binaries, where to find samba, building and compiling Samba. Hands on Download and install Samba. * Controlling Samba Samba daemons, starting and stopping Samba, smbcontrol, Samba net command, smb.conf. Viewing Samba status, smbclient. Hands on Starting and stopping Samba, testing the server. * Samba configuration Simple shares, smb.conf variables, configuration from a web browser, swat, enabling access to swat. Hands on Configuring samba servers and clients. * File sharing Basic shares, [homes], locking options, UNIX file permissions, controlling user access, Windows ACLs, virtual samba servers, browsing. Hands on File sharing and browsing. * Print sharing Sharing printers, UNIX printing, CUPS, printer drivers, [printers], PRINT$. Hands on Samba print server. * Authentication Workgroups, domains, users and passwords, Samba domain security, Samba password backends: smbpasswd, tdbsam, nisplus, mysql, Active Directory. Hands on Securing samba shares. * Troubleshooting Logging options, controlling logs, Samba utilities, network protocols, .SMB/CIFS. Performance tuning. Hands on Troubleshooting Samba
APACHE TRAINING COURSE DESCRIPTION A hands on training course covering installation, configuration and management of the Apache web server. WHAT WILL YOU LEARN * Install Apache. * Configure Apache. * Manage Apache. * Build static and dynamic web sites with Apache. * Secure Apache. APACHE TRAINING COURSE DETAILS * Who will benefit: Technical staff working with Apache. * Prerequisites: TCP/IP foundation for engineers. UNIX fundamentals * Duration 3 days APACHE TRAINING COURSE CONTENTS * Installing Apache What is Apache? Apache versions, history, downloading Apache, source distribution, compilation, binary distribution, installation, platform considerations. Hands on Downloading and installing Apache. * Controlling the Apache server Running Apache, automatic Apache start, starting, stopping, restarting Apache. Checking Apache status. Hands on Server control. * Configuration Serving webpages, setting the document root, applying configuration changes, Configuration files, httpd.conf, syntax, directives, modules, utilities, turning features on/off. Hands on basic Apache configuration. * More configuration MIME, URL mapping, content negotiation, indexing, performance tuning. * Logging log file content, configuration, log file locations, error logging, browser errors, error page configuration, forbidden index pages. Hands on Log files. * Security File permissions, .htaccess, protecting files with passwords, password files, authentication, restricting access by IP address. * Secure HTTP HTTPS, installing mod_ssl, certificates, configuring mod_ssl, http and https coexistence * Virtual hosts Multiple sites on one server, separate configuration files, IP based, name based, port based, virtual host names, enabling, defining, configuring, aliases, testing, https virtual hosts. Hands on Virtual hosts. * Dynamic sites Dynamic sites, CGI, PHP, PERL, CGI programs, example CGI scripts, Apache and CGI, CGI parameters, CGI issues, PHP, mod_php, Perl and Apache, mod_perl, installing mod_perl. Hands on CGI, PHP and Perl with Apache. * Modules What are modules, standard modules, loading modules, mod_speling, mod_rewrite, other special purpose modules, URL rewriting, redirection, URL transformation, browser dependent pages. Hands on Working with modules.
SIP SECURITY TRAINING COURSE DESCRIPTION A hands-on course covering SIP security. It is assumed that delegates already know SIP as this course focuses purely on the security issues in SIP IP telephony networks. Hands-on practicals follow each major theory session and include use of various SIP security tools such as vomit, sipp, sipsak and sivus amongst others. WHAT WILL YOU LEARN * Secure SIP networks * Use various SIP security tools SIP SECURITY TRAINING COURSE DETAILS * Who will benefit: Technical staff working with SIP. Technical security staff. * Prerequisites: SIP for engineers * Duration 2 days SIP SECURITY TRAINING COURSE CONTENTS * SIP review SIP infrastructure and entities, example SIP session. Hands on Simple SIP network with and without authentication. * SIP security attacks DOS attacks, infrastructure attacks, eavesdropping, spoofing, replay, message integrity. Hands on Basic SIP packet capture, infrastructure attacks. * SIP tools SIP packet creation: Sivus, SIPsak, PROTOS, SFTF, SIP bomber, SIPp, Seagull, Nastysip. SIP packet generators: SIPNess, NetDude. Monitoring: Wireshark, Cain & Abel, Vomit, Oreka, VoiPong. Scripts and tools: SIP-Fun, Skora.net, kphone-ddos, sip-scan, sip-kill, sip-redirectrtp. Health of different tools. Hands on Generating SIP packets, rebuilding conversations from captured packets, password cracking. * VPNs and SIP IPSec, AH, ESP, transport mode, tunnel mode, Pre Shared Keys, Public keys. Hands on SIP calls over IPSec. * Secure SIP signaling SIP relationship with HTTP, Deprecated HTTP 1.0 basic authentication, HTTP 1.1 Digest authentication, S/MIME, SIPS, SIPS URI, TLS, DTLS, PKI infrastructures. Hands on SIP with TLS. * Secure media streams SRTP, features, packet format, default encryption, default authentication, key distribution. S/MIME, MIKEY, SDP security descriptions. SIP security agreements. Hands on Analysing SRTP packets. * Firewalls NAT traversal. Impact of firewall on infrastructure attacks. TLS and firewalls. SIP specific firewalls. Hands on SIP calls through a firewall.
SECURING UNIX SYSTEMS TRAINING COURSE DESCRIPTION This course teaches you everything you need to know to build a safe Linux environment. The first section handles cryptography and authentication with certificates, openssl, mod_ssl, DNSSEC and filesystem encryption. Then Host security and hardening is covered with intrusion detection, and also user management and authentication. Filesystem Access control is then covered. Finally network security is covered with network hardening, packet filtering and VPNs. WHAT WILL YOU LEARN * Secure UNIX accounts. * Secure UNIX file systems. * Secure UNIX access through the network. SECURING UNIX SYSTEMS COURSE DETAILS * Who will benefit: Linux technical staff needing to secure their systems. * Prerequisites: Linux system administration (LPIC-1) * Duration 5 days SECURING UNIX SYSTEMS COURSE CONTENTS * Cryptography * Certificates and Public Key Infrastructures X.509 certificates, lifecycle, fields and certificate extensions. Trust chains and PKI. openssl. Public and private keys. Certification authority. Manage server and client certificates. Revoke certificates and CAs. * Encryption, signing and authentication SSL, TLS, protocol versions. Transport layer security threats, e.g. MITM. Apache HTTPD with mod_ssl for HTTPS service, including SNI and HSTS. HTTPD with mod_ssl to authenticate users using certificates. HTTPD with mod_ssl to provide OCSP stapling. Use OpenSSL for SSL/TLS client and server tests. * Encrypted File Systems Block device and file system encryption. dm-crypt with LUKS to encrypt block devices. eCryptfs to encrypt file systems, including home directories and, PAM integration, plain dm-crypt and EncFS. * DNS and cryptography DNSSEC and DANE. BIND as an authoritative name server serving DNSSEC secured zones. BIND as an recursive name server that performs DNSSEC validation, KSK, ZSK, Key Tag, Key generation, key storage, key management and key rollover, Maintenance and resigning of zones, Use DANE. TSIG. * Host Security * Host Hardening BIOS and boot loader (GRUB 2) security. Disable useless software and services, sysctl for security related kernel configuration, particularly ASLR, Exec-Shield and IP / ICMP configuration, Exec-Shield and IP / ICMP configuration, Limit resource usage. Work with chroot environments, Security advantages of virtualization. * Host Intrusion Detection The Linux Audit system, chkrootkit, rkhunter, including updates, Linux Malware Detect, Automate host scans using cron, AIDE, including rule management, OpenSCAP. * User Management and Authentication NSS and PAM, Enforce password policies. Lock accounts automatically after failed login attempts, SSSD, Configure NSS and PAM for use with SSSD, SSSD authentication against Active Directory, IPA, LDAP, Kerberos and local domains, Kerberos and local domains, Kerberos tickets. * FreeIPA Installation and Samba Integration FreeIPA, architecture and components. Install and manage a FreeIPA server and domain, Active Directory replication and Kerberos cross-realm trusts, sudo, autofs, SSH and SELinux integration in FreeIPA. * Access Control * Discretionary Access Control File ownership and permissions, SUID, SGID. Access control lists, extended attributes and attribute classes. * Mandatory Access Control TE, RBAC, MAC, DAC. SELinux, AppArmor and Smack. * etwork File Systems NFSv4 security issues and improvements, NFSv4 server and clients, NFSv4 authentication mechanisms (LIPKEY, SPKM, Kerberos), NFSv4 pseudo file system, NFSv4 ACLs. CIFS clients, CIFS Unix Extensions, CIFS security modes (NTLM, Kerberos), mapping and handling of CIFS ACLs and SIDs in a Linux system. * Network Security * Network Hardening FreeRADIUS, nmap, scan methods. Wireshark, filters and statistics. Rogue router advertisements and DHCP messages. * Network Intrusion Detection ntop, Cacti, bandwidth usage monitoring, Snort, rule management, OpenVAS, NASL. * Packet Filtering Firewall architectures, DMZ, netfilter, iptables and ip6tables, standard modules, tests and targets. IPv4 and IPv6 packet filtering. Connection tracking, NAT. IP sets and netfilter rules, nftables and nft. ebtables. conntrackd * Virtual Private Networks OpenVPN server and clients for both bridged and routed VPN networks. IPsec server and clients for routed VPN networks using IPsec-Tools / racoon. L2TP.