7 TSI courses

SECURING UNIX SYSTEMS TRAINING COURSE DESCRIPTION This course teaches you everything you need to know to build a safe Linux environment. The first section handles cryptography and authentication with certificates, openssl, mod_ssl, DNSSEC and filesystem encryption. Then Host security and hardening is covered with intrusion detection, and also user management and authentication. Filesystem Access control is then covered. Finally network security is covered with network hardening, packet filtering and VPNs. WHAT WILL YOU LEARN * Secure UNIX accounts. * Secure UNIX file systems. * Secure UNIX access through the network. SECURING UNIX SYSTEMS COURSE DETAILS * Who will benefit: Linux technical staff needing to secure their systems. * Prerequisites: Linux system administration (LPIC-1) * Duration 5 days SECURING UNIX SYSTEMS COURSE CONTENTS * Cryptography * Certificates and Public Key Infrastructures X.509 certificates, lifecycle, fields and certificate extensions. Trust chains and PKI. openssl. Public and private keys. Certification authority. Manage server and client certificates. Revoke certificates and CAs. * Encryption, signing and authentication SSL, TLS, protocol versions. Transport layer security threats, e.g. MITM. Apache HTTPD with mod_ssl for HTTPS service, including SNI and HSTS. HTTPD with mod_ssl to authenticate users using certificates. HTTPD with mod_ssl to provide OCSP stapling. Use OpenSSL for SSL/TLS client and server tests. * Encrypted File Systems Block device and file system encryption. dm-crypt with LUKS to encrypt block devices. eCryptfs to encrypt file systems, including home directories and, PAM integration, plain dm-crypt and EncFS. * DNS and cryptography DNSSEC and DANE. BIND as an authoritative name server serving DNSSEC secured zones. BIND as an recursive name server that performs DNSSEC validation, KSK, ZSK, Key Tag, Key generation, key storage, key management and key rollover, Maintenance and resigning of zones, Use DANE. TSIG. * Host Security * Host Hardening BIOS and boot loader (GRUB 2) security. Disable useless software and services, sysctl for security related kernel configuration, particularly ASLR, Exec-Shield and IP / ICMP configuration, Exec-Shield and IP / ICMP configuration, Limit resource usage. Work with chroot environments, Security advantages of virtualization. * Host Intrusion Detection The Linux Audit system, chkrootkit, rkhunter, including updates, Linux Malware Detect, Automate host scans using cron, AIDE, including rule management, OpenSCAP. * User Management and Authentication NSS and PAM, Enforce password policies. Lock accounts automatically after failed login attempts, SSSD, Configure NSS and PAM for use with SSSD, SSSD authentication against Active Directory, IPA, LDAP, Kerberos and local domains, Kerberos and local domains, Kerberos tickets. * FreeIPA Installation and Samba Integration FreeIPA, architecture and components. Install and manage a FreeIPA server and domain, Active Directory replication and Kerberos cross-realm trusts, sudo, autofs, SSH and SELinux integration in FreeIPA. * Access Control * Discretionary Access Control File ownership and permissions, SUID, SGID. Access control lists, extended attributes and attribute classes. * Mandatory Access Control TE, RBAC, MAC, DAC. SELinux, AppArmor and Smack. * etwork File Systems NFSv4 security issues and improvements, NFSv4 server and clients, NFSv4 authentication mechanisms (LIPKEY, SPKM, Kerberos), NFSv4 pseudo file system, NFSv4 ACLs. CIFS clients, CIFS Unix Extensions, CIFS security modes (NTLM, Kerberos), mapping and handling of CIFS ACLs and SIDs in a Linux system. * Network Security * Network Hardening FreeRADIUS, nmap, scan methods. Wireshark, filters and statistics. Rogue router advertisements and DHCP messages. * Network Intrusion Detection ntop, Cacti, bandwidth usage monitoring, Snort, rule management, OpenVAS, NASL. * Packet Filtering Firewall architectures, DMZ, netfilter, iptables and ip6tables, standard modules, tests and targets. IPv4 and IPv6 packet filtering. Connection tracking, NAT. IP sets and netfilter rules, nftables and nft. ebtables. conntrackd * Virtual Private Networks OpenVPN server and clients for both bridged and routed VPN networks. IPsec server and clients for routed VPN networks using IPsec-Tools / racoon. L2TP.

LINUX NETWORK ADMINISTRATION 2 COURSE DESCRIPTION LPIC-2 is the second certification in LPI's multi level professional certification program. This course teaches the skills necessary to pass the LPI 202 exam; the second of two LPIC-2 exams. Specifically, the course covers the administration of Linux systems in small to medium sized mixed networks. WHAT WILL YOU LEARN * Install and configure fundamental network services. LINUX NETWORK ADMINISTRATION 2 COURSE DETAILS * Who will benefit: Linux administrators. * Prerequisites: Linux engineer certification 1 (LPIC-2) * Duration 5 days LINUX NETWORK ADMINISTRATION 2 COURSE CONTENTS * Part II The LPI 202 Exam * Organizing Email Services The Linux Mail System, Mail Transfer Agent, Mail Delivery Agent, Mail User Agent, Email Protocols, SMTP, POP, IMAP, Using Email Servers, Sendmail, Postfix, Local Email Delivery, Procmail Basics, Sieve, Remote Email Delivery, Courier, Dovecot. * DNS DNS and BIND, Configuring a DNS Server, Starting, Stopping, and Reloading BIND, Configuring BIND Logging, Creating and Maintaining DNS Zones, BIND Zone Files, Managing BIND Zones, Securing a DNS Server, ailing BIND, DNSSEC, TSIG, Employing DANE. * Offering Web Services Web Servers, HTTP, The Apache Web Server, Installing and configuring Apache, Hosting Dynamic Web Applications, Secure Web Servers, Proxy Servers, Installing and configuring Squid, Configuring Clients, Nginx Server, Installing Nginx, Configuring Nginx. * Sharing Files Samba, Configuring Samba, Troubleshooting Samba, NFS, Configuring NFS, Securing NFS, Troubleshooting NFS, FTP Servers, Configuring vsftpd, Configuring Pure-FTPd. * Managing Network Clients Assigning Network Addresses, DHCP, Linux DHCP Software, Installing and configuring a DHCP Server and clients, Authentication Service, PAM Basics, Configuring PAM, PAM Application Files, Network Directories, LDAP Basics, OpenLDAP Server, LDAP Clients. * Setting Up System Security Server Network Security, Port Scanning, Intrusion Detection Systems, External Network Security, iptables, Routing in Linux, Connecting Securely to a Server, OpenSSH, OpenVPN, Security Resources, US-CERT, SANS Institute, Bugtraq.

UNIX NETWORKING TRAINING COURSE DESCRIPTION A course covering the complete range of standard UNIX networking products from the basic TCP/IP configuration through DNS, NIS, NFS and Samba. Hands-on exercises follow most theory sessions. WHAT WILL YOU LEARN * Install and configure fundamental network services. * Describe TCP/IP, Apache, DNS, NIS, NIS+, NFS, Samba and sendmail. * Configure and administrate TCP/IP. * Install and administrate a DNS server. * Configure and administrate a NIS+ network. * Administrate NFS. * Setup a sendmail server. UNIX NETWORKING TRAINING COURSE DETAILS * Who will benefit: System Administrators. Network Administrators. * Prerequisites: Linux engineer certification 1 (LPIC-2) * Duration 5 days UNIX NETWORKING TRAINING COURSE CONTENTS * Organizing Email Services The UNIX Mail System, Mail Transfer Agent, Mail Delivery Agent, Mail User Agent, Email Protocols, SMTP, POP, IMAP, Using Email Servers, Sendmail, Postfix, Local Email Delivery, Procmail Basics, Sieve, Remote Email Delivery, Courier, Dovecot. * DNS DNS and BIND, Configuring a DNS Server, Starting, Stopping, and Reloading BIND, Configuring BIND Logging, Creating and Maintaining DNS Zones, BIND Zone Files, Managing BIND Zones, Securing a DNS Server, ailing BIND, DNSSEC, TSIG, Employing DANE. * Offering Web Services Web Servers, HTTP, The Apache Web Server, Installing and configuring Apache, Hosting Dynamic Web Applications, Secure Web Servers, Proxy Servers, Installing and configuring Squid, Configuring Clients, Nginx Server, Installing Nginx, Configuring Nginx. * Sharing Files Samba, Configuring Samba, Troubleshooting Samba, NFS, Configuring NFS, Securing NFS, Troubleshooting NFS, FTP Servers, Configuring vsftpd, Configuring Pure-FTPd. * Managing Network Clients Assigning Network Addresses, DHCP, UNIX DHCP Software, Installing and configuring a DHCP Server and clients, Authentication Service, PAM Basics, Configuring PAM, PAM Application Files, Network Directories, LDAP Basics, OpenLDAP Server, LDAP Clients. * Setting Up System Security Server Network Security, Port Scanning, Intrusion Detection Systems, External Network Security, iptables, Routing in UNIX, Connecting Securely to a Server, OpenSSH, OpenVPN, Security Resources, US-CERT, SANS Institute, Bugtraq.

SECURING LINUX SYSTEMS TRAINING COURSE DESCRIPTION This course teaches you everything you need to know to build a safe Linux environment. The first section handles cryptography and authentication with certificates, openssl, mod_ssl, DNSSEC and filesystem encryption. Then Host security and hardening is covered with intrusion detection, and also user management and authentication. Filesystem Access control is then covered. Finally network security is covered with network hardening, packet filtering and VPNs. WHAT WILL YOU LEARN * Secure Linux accounts. * Secure Linux file systems. * Secure Linux access through the network. SECURING LINUX SYSTEMS TRAINING COURSE DETAILS * Who will benefit: Linux technical staff needing to secure their systems. * Prerequisites: Linux system administration (LPIC-1) * Duration 5 days SECURING LINUX SYSTEMS TRAINING COURSE CONTENTS * Cryptography * Certificates and Public Key Infrastructures X.509 certificates, lifecycle, fields and certificate extensions. Trust chains and PKI. openssl. Public and private keys. Certification authority. Manage server and client certificates. Revoke certificates and CAs. * Encryption, signing and authentication SSL, TLS, protocol versions. Transport layer security threats, e.g. MITM. Apache HTTPD with mod_ssl for HTTPS service, including SNI and HSTS. HTTPD with mod_ssl to authenticate users using certificates. HTTPD with mod_ssl to provide OCSP stapling. Use OpenSSL for SSL/TLS client and server tests. * Encrypted File Systems Block device and file system encryption. dm-crypt with LUKS to encrypt block devices. eCryptfs to encrypt file systems, including home directories and, PAM integration, plain dm-crypt and EncFS. * DNS and cryptography DNSSEC and DANE. BIND as an authoritative name server serving DNSSEC secured zones. BIND as an recursive name server that performs DNSSEC validation, KSK, ZSK, Key Tag, Key generation, key storage, key management and key rollover, Maintenance and resigning of zones, Use DANE. TSIG. * Host Security * Host Hardening BIOS and boot loader (GRUB 2) security. Disable useless software and services, sysctl for security related kernel configuration, particularly ASLR, Exec-Shield and IP / ICMP configuration, Exec-Shield and IP / ICMP configuration, Limit resource usage. Work with chroot environments, Security advantages of virtualization. * Host Intrusion Detection The Linux Audit system, chkrootkit, rkhunter, including updates, Linux Malware Detect, Automate host scans using cron, AIDE, including rule management, OpenSCAP. * User Management and Authentication NSS and PAM, Enforce password policies. Lock accounts automatically after failed login attempts, SSSD, Configure NSS and PAM for use with SSSD, SSSD authentication against Active Directory, IPA, LDAP, Kerberos and local domains, Kerberos and local domains, Kerberos tickets. * FreeIPA Installation and Samba Integration FreeIPA, architecture and components. Install and manage a FreeIPA server and domain, Active Directory replication and Kerberos cross-realm trusts, sudo, autofs, SSH and SELinux integration in FreeIPA. * Access Control * Discretionary Access Control File ownership and permissions, SUID, SGID. Access control lists, extended attributes and attribute classes. * Mandatory Access Control TE, RBAC, MAC, DAC. SELinux, AppArmor and Smack. * etwork File Systems NFSv4 security issues and improvements, NFSv4 server and clients, NFSv4 authentication mechanisms (LIPKEY, SPKM, Kerberos), NFSv4 pseudo file system, NFSv4 ACLs. CIFS clients, CIFS Unix Extensions, CIFS security modes (NTLM, Kerberos), mapping and handling of CIFS ACLs and SIDs in a Linux system. * Network Security * Network Hardening FreeRADIUS, nmap, scan methods. Wireshark, filters and statistics. Rogue router advertisements and DHCP messages. * Network Intrusion Detection ntop, Cacti, bandwidth usage monitoring, Snort, rule management, OpenVAS, NASL. * Packet Filtering Firewall architectures, DMZ, netfilter, iptables and ip6tables, standard modules, tests and targets. IPv4 and IPv6 packet filtering. Connection tracking, NAT. IP sets and netfilter rules, nftables and nft. ebtables. conntrackd * Virtual Private Networks OpenVPN server and clients for both bridged and routed VPN networks. IPsec server and clients for routed VPN networks using IPsec-Tools / racoon. L2TP.

DNS TRAINING COURSE DESCRIPTION This three-day hands on DNS training course studies both the UNIX BIND and the Microsoft (MS DNS) implementations. The course starts with the big picture of how DNS works, then client configuration. Primary and secondary servers are then configured, progressing to DDNS, subdomains and security issues. Hands on sessions follow all sections ensuring that troubleshooting techniques are used throughout the course. Students choose whether to use Windows or UNIX for the hands on sessions. WHAT WILL YOU LEARN * Describe the architecture of DNS. * Explain how DNS works. * Install, configure, maintain and troubleshoot DNS DNS TRAINING COURSE DETAILS * Who will benefit: Technical staff wanting to learn DNS including: Network personnel System administrators. * Prerequisites: UNIX Fundamentals (or Windows knowledge). TCP/IP foundation for engineers. * Duration 3 days DNS TRAINING COURSE CONTENTS * What is DNS? Hostnames, Name resolution, host files, host file problems, What is DNS? The DNS namespace, TLDs, gTLDs, registering domains, Nameservers, how DNS works. Hands on Testing DNS servers on the Internet. * DNS clients Ways to use DNS, dynamic and static configuration, multiple nameservers, domain name, searchlist, resolution issues, testing the configuration. Hands on Client configuration. * DNS server software Implementations, Microsoft, BIND, daemons and services, installation, starting and stopping servers. Hands on Setting up a DNS server. * DNS zone files What is a zone, Zone file overview, Forward zones, Reverse zones, Resource records, A records, PTR, CNAME, Root hints, local zone file. BIND and Microsoft configuration. Hands on Server configuration files. * NS and applications MX records, Mail server load balancing, SPF, SRV records, VoIP and SRV, Microsoft and SRV, NAPTR. Hands on Testing records with dig and nslookup. * DNS slaves and other servers DNS server types, Server resilience, Slaves, Zone transfers, SOA records, Serial numbers, recommendations, polling based zone transfers, NOTIFY, AD integration, DNS caching, Negative caching, TTL, Caching only servers. Hands on Masters, slaves and zone transfers. * The DNS protocol The DNS stack, DNS port numbers, DNS queries, The DNS header, header section format, question format, other section format. Hands on Troubleshooting DNS with Wireshark. * Dynamic DNS DHCP, DDNS, IXFR, WINS integration. Hands on Dynamic DNS. * Subdomains Root servers, root server selection, Authority, delegation, NS records, subdomain with and without delegation, reverse delegation. Hands on Delegation, setting up a subdomain server. * DNS security Restricting queries, DNS and firewalls, Split DNS, forwarders, internal root servers, the use of proxy servers, DNSSEC, TSIG. Hands on Hardening a DNS server. * DNS and IPv6 What is IPv6, IPv6 addressing, IPv6 DNS issues, AAAA, IPv6 reverse delegation. * Troubleshooting DNS Problem solving, DNS troubleshooting, Zone file checking, Some common errors, Log files, tools, nslookup, dig, host, DNS design, performance, load balancing. Hands on Putting it all together. * Summary Useful books, Internet sites, RFCs. * Appendix: ENUM What is ENUM, How ENUM works, NAPTR.

ADVANCED DNS TRAINING COURSE DESCRIPTION This two-day hands on DNS training course studies both the UNIX BIND and the Microsoft (MS DNS) implementations. The course follows on from our Definitive DNS for engineers course starting with best practices. The majority of the course is spent on securing DNS and in particular DNSSEC. Some parts are specific to BIND. Students choose whether to use Windows or UNIX for the hands on sessions. WHAT WILL YOU LEARN * Implement DNS best practices. * Harden DNS servers. * Install, configure, maintain and troubleshoot DNSSEC. ADVANCED DNS TRAINING COURSE DETAILS * Who will benefit: Technical staff wanting to learn DNS including: Network personnel. System administrators. * Prerequisites: Total DNS for engineers * Duration 2 days ADVANCED DNS TRAINING COURSE CONTENTS * Best practices MX and PTR records, lame delegations, disallowing recursion, TTLs, online testing. Hands on Review of your DNS servers. * Split DNS Partitioning internal and external DNS, views. Hands on Implementing split DNS. * Hardening DNS ACLs, recursion, queries, trusted sources, chroot jail, secure BIND template. Hands on Securing the DNS server. * DNSSEC What is DNSSEC? DNSSEC benefits, DNSSEC RRs. DNSKEY, RRSIG, NSEC, DS. Hands on Creating DNSSEC keys. * Securing zone transfers TSIG, shared secret. Securing DDNS. Hands on Secure file transfers. * Zone integrity Trusted anchors, Chains of trust, Zone status, Zone signing, Keys. ZSK, KSK, adding keys to a zone file. Secure delegations. Hands on Zone signing * Maintaining Signed zones Key rollover, pre publish, double signing, rollover cache.