Please fill up the below form
and our Career Consultant will
contact to you in next 12 hours!

Name:


E-mail:


Phone:


Course:


Question / Query / Confusions

Contact icon

Office: 022-24933060
Cell: 9920 436030

Email icon

info@linobox.com
Phone icon Live Practice Labs
test

Our live access labs provide full console access to a self-paced study lab environment. This is an ideal place to re-work lab exercises from class or to experiment with advanced configuration from your home or hotel room. Find out which works for you and get a downloadable eKit when you enroll.



LinoBox Certified Linux Security Expert - LCLSX is unparalleled in content, depth and expertise.
Linux Security Course prepares you or your organization for successfully securing GNU/Linux & Open Source-based solutions. As a by-product, many of the covered concepts, utilities and tricks are applicable to heterogeneous computing environments, ensuring your coverage of the fundamentals of securing corporate infrastructures.
Living with security threats is a fact of life for today's system administrators. The Internet provides a huge range of free security information and tools, but finding the truly useful sites, wading through the jargon and getting to grips with new tools is frequently hard and time-consuming. This course for system administrators covers security fundamentals, Linux/UNIX security facilities and powerful, free open-source tools and resources. Practical sessions allow students to get hands-on experience of tools, techniques and vulnerabilities.

Let Linux Security Workshop cost-effectively sharpen your GNU/Linux & Open Source Security skills!


Certificate of Course Completion
Every student who attends this course will be issued with a signed certificate of course completion, which we will be happy to "authenticate" upon future request.

Objective of the course
* To become proficient with the security aspects of building and maintaining Linux systems.

Pre-requisite
* Core Knowledge of OS (preferrably Linux, any flavour) and Networking concepts.
* Open mind & determination to master Linux and related open-source applications


Certification Phase

This certification has 3 phases:

Phase I - Security Fundamentals

Phase II - Linux Security Administration

Phase III - Advance Linux Security

Phase I

Security Fundamentals


UNIT 1: Concepts
 Basic Security Principles
Linux Default Install
Installer Firewall Options
Post-Install Firewall
Minimization - Discovery
Service Discovery
Hardening
Security Concepts

UNIT 2: Boot Security
Explain run-time boot loader vulnerabilities
Explore single-user mode (rootshell) and its inherent problems
Modify default GRUB startup options & examine results
Secure boot loader using MD5 hash

UNIT 3: Shell Security
Discuss Teletype Terminals (TTYs) and Pseudo Terminals (PTS)
Restrict privileged login
Identify user-logon history and correlate to TTYs
Identify current user-connections - console-based and network-based
Use lsof to identify open files and sockets

UNIT 4: Reconnaissance & Vulnerability Assessment Tools
Discuss Stage-1 host/network attack concepts
Usage of NMAP reconnaissance tool to increase effectiveness
Prepare system for Nessus vulnerability scanner installation - identify/install dependencies

UNIT 5: Password Security and PAM
Unix Passwords
Password Aging
Auditing Passwords
PAM Implementation, Management, and Control Statements
PAM Modules
Usage of John the Ripper
Cracklib
Using pam_listfile to Implement Arbitrary ACLs
Using pam_limits to Restrict Simultaneous Logins
Using pam_nologin to Restrict Logins
Using pam_access to Restrict Logins

UNIT 6: XINETD - TCPWrappers - Chattr - Lsattr - TCPDump
Configure XINETD to restrict communications at layer-3 and layer-4
Restrict access to XINETD-protected daemons/services based on time range
Discuss TCPWrappers security concepts & applications
Enhance Telnetd security with TCPWrappers
Discuss chattr applications & usage
Identify & flag key files as immutable to deter modifcation
Configure TCPDump to intercept Telnet & FTP - clear-text traffic
Use Ethereal to examine & reconstruct captured clear-text traffic

UNIT 7:GNU Privacy Guard (GPG) - Pretty Good Privacy (PGP) Compatible - PKI
Generate asymmetric RSA/DSA GPG/PGP usage keys - for multiple users
Create a local web of trust
Perform encrypts/decrypts and test data-exchanges
Import & export public keys for usage
Use GPG/PGP with Mutt Mail User Agent (MUA)

UNIT 8:Syslog Security
Discuss Syslog concepts and applications
Explain Syslog semantics - facilities & levels - message handling & routing
Focus on security-related Syslog facilities
Examine security logs managed by Syslog
Go Up

Phase II

Linux Security Administration


UNIT 1: Secure Network Time Protocol (NTP)
The Importance of Time
Time Measurements
Terms and Definitions
Synchronization Methods
NTP Evolution
Time Server Hierarchy
Operational Modes
NTP Clients
Configuring NTP Clients and Servers
Securing NTP
NTP Packet Integrity
Useful NTP Commands

UNIT 2: AIDE
Host Intrusion Detection
Using RPM as an HIDS
Introduction to AIDE
Concepts of AIDE
AIDE Installation
AIDE Policies
AIDE Usage

UNIT 3: Rootkits
Discuss rootkits concepts & applications
Describe privilege elevation techniques
Obtain & install T0rnkit - rootkit
Identify system changes due to the rootkit
Implement T0rnkit with AIDE to identify compromised system objects
Implement T0rnkit with chkrootkit to identify rootkits
T0rnkit - rootkit - cleanup
Implement N-DU rootkit
Evaluate system changes

UNIT 4: Bastille Linux - OS-Hardening
Discuss Bastille Linux system hardening capabilities
Obtain Bastille Linux & perform a system assessment
Install Bastille Linux
Evaluate hardened system components

UNIT 5: OpenSSHv2 Security
Introduction - Topology - Features
Identify Key OpenSSHv2 Components
OpenSSHv2 Client - /ssh/
Secure Copy Program (SCP) - /scp/
Secure File Transfer Program (SFTP) - /sftp/
SSH Key Scan Utility - /ssh-keyscan/
SSH Key Generation Utility - /ssh-keygen/
Public Key Infrastructure (PKI) - Password-less Logins
Port Forwarding - Pseudo-VPN Support - /Local|Remote|Gateway/
Secure OpenSSHv2 Implementation
Go Up

Phase III

Advance Linux Security

UNIT 1: Securing APACHE
Apache Overview
Default Configuration
Configuring CGI
Turning Off Unneeded modules
Configuration Delegation and Scope
ACL by IP Address
HTTP User Authentication
Standard Auth Modules
HTTP Digest Authentication
Authentication via SQL, LDAP, and Kerberos
Scrubbing HTTP Headers
Metering HTTP Bandwidth

UNIT 2: Securing Email Systems
SMTP Overview
SMTP Implementations
Selecting an MTA
Security Considerations
Postfix Overview
Chrooting Postfix
Connections and Relays
SMTP AUTH & StartTLS/SSL
Secure Cyrus IMAP Config
Using GSSAPI/Kerberos Auth

UNIT 3: Network Intrusion Detection System (NIDS) Security
Installation
Sniffer Mode
Logging Mode
Berkeley Packet Filters (BPFs)
Network Intrusion Detection System (NIDS) Mode
Output Plugin - Barnyard Configuration
Snort - BASE - MySQL® Implementation
Rules Configuration & Updates

UNIT 4: Firewall Security
Intro IPTables
Chain Management
Packet Matching & Handling
State Maintenance - Stateful Firewall
Targets - Match Handling Logging
Packet Routing
Network Address Translation (NAT)
Demilitarized Zone (DMZ) Configuration

UNIT 5: SELinux Concepts
DAC vs. MAC
Shortcomings of Traditional Unix Security
SELinux Goals, Evolution, and Modes
Gathering Information
SELinux Virtual Filesystem
SELinux Contexts
Managing Contexts
SELinux Troubleshooting

UNIT 6: SELinux Policy
The SELinux Policy
Choosing a Policy
Policy Layout
Tuning and Adapting Policy
Booleans
Managing Booleans
Managing File Contexts
Managing Port Contexts
Managing SELinux graphically
Examining Policy


Whitepaper Work
Students can research a topic and can submit a paperwork on the selected subject. LinoBox Trainers will guide them for the preparation of it.

Projects
By the end of the course, students are put into live projects on linux networking or shell programming. Students are given facility to come up with some innovative projects. LinoBox Trainers will be their guidance till the completion of project work

Placement Workshop
LinoBox offers 100% job assured programmes which make you employable by providing all necessary hot skills supplemented by softskill modules. LinoBox arranges a one-day interview preparation campaign for this program. Students are nurtured to cater face some intenseThe job assured programmes run on a cautiously crafted syllabus, thus providing complete value for your time and money.

Trainings
Onsite Training
These courses are available for on-site delivery for groups of 5 or more students. LinoBox offers discounted training for on-site courses of more than 5 students - contact Sanjeet Vanamala at sanjeet@linobox.com or 91-9819586142 to schedule training and arrange details or for any kind of information..