Course Code: 983

Enterprise Linux Network Services

Class Dates:
1/31/2022
12/6/2021
3/28/2022
Length:
5 Days
Cost:
$2495.00
Class Time:
Technology:
Network
Delivery:
Instructor-Led Training, Virtual Instructor-Led Training

Overview

  • Course Overview
  • This is an expansive course that covers a wide range of network services useful to every organization. Special attention is paid to the concepts needed to implement these services securely, and to the trouble-shooting skills which will be necessary for real-world administration of these network services. Like all our classes, the course material is designed to provide extensive hands-on experience.
    Topics include:
    • Security with SELinux and Netfilter, DNS concepts and implementation with Bind
    • LDAP concepts and implementation using OpenLDAP; Web services with Apache
    • FTP with vsftpd; caching, filtering proxies with Squid
    • SMB/CIFS (Windows networking) with Samba
    • E-mail concepts and implementation with Postfix combined with either Dovecot or Cyrus.


  • Audience
  • Supported Distributions:
    Red Hat Enterprise Linux 7
    SUSE Linux Enterprise 12

Prerequisites

  • Students should already be comfortable with basic Linux or Unix administration. Fundamentals such as the Linux filesystem, process management, and how to edit files will not be covered in class. A good understanding of network concepts, the TCP/IP protocol suite is also assumed.
  • Recommended Courses:

  • Linux Fundamentals
  • Enterprise Linux Security Administration

Course Details

  • Module 1. Securing Services
  • Xinetd, Xinetd Connection Limiting and Access Control
  • Xinetd: Resource limits, redirection, logging
  • TCP Wrappers, The /etc/hosts.allow & /etc/hosts.deny Files
  • /etc/hosts.{allow,deny} Shortcuts
  • Advanced TCP Wrappers, SUSE Basic Firewall Configuration
  • FirewallD, Netfilter: Stateful Packet Filter Firewall, Netfilter Concepts
  • Using the iptables Command, Netfilter Rule Syntax
  • Targets
  • Common match_specs
  • Extended Packet Matching Modules
  • Connection Tracking
  • Module 2: SELINUX And LSM
  • AppArmor
  • SELinux Security Framework
  • Choosing an SELinux Policy
  • SELinux Commands
  • SELinux Booleans
  • SELinux Policy Tools
  • Module 3: DNS Concepts
  • Naming Services
  • DNS A Better Way
  • The Domain Name Space
  • Delegation and Zones
  • Server Roles
  • Resolving Names
  • Resolving IP Addresses
  • Basic BIND Administration
  • Configuring the Resolver
  • Testing Resolution
  • Module 4: Configuring BIND
  • BIND Configuration Files, named.conf Syntax
  • named.conf Options Block, Creating a Site-Wide Cache
  • rndc Key Configuration
  • Zones In named.conf, Zone Database File Syntax
  • SOA Start of Authority
  • A, AAAA, & PTR Address & Pointer Records
  • NS Name Server
  • TXT, CNAME, & MX Text, Alias, & Mail Host
  • SRV – SRV Service Records
  • Abbreviations and Gotchas
  • $GENERATE, $ORIGIN, and $INCLUDE
  • Module 5: Creating DNS Hierarchies
  • Subdomains and Delegation
  • Subdomains
  • Delegating Zones
  • in-addr.arpa. Delegation
  • Issues with in-addr.arpa.
  • RFC2317 & in-addr.arpa.
  • Module 6: Advanced BIND DNS Features
  • Address Match Lists & ACLs
  • Split Namespace with Views
  • Restricting Queries
  • Restricting Zone Transfers
  • Running BIND in a chroot
  • Dynamic DNS Concepts
  • Allowing Dynamic DNS Updates
  • DDNS Administration with nsupdate
  • Common Problems
  • Securing DNS With TSIG
  • Module 7: Using Apache
  • HTTP Operation
  • Apache Architecture
  • Dynamic Shared Objects
  • Adding Modules to Apache
  • Apache Configuration Files
  • httpd.conf Server Settings, httpd.conf – Main Configuration
  • HTTP Virtual Servers
  • Virtual Hosting DNS Implications, httpd.conf – VirtualHost Configuration
  • Port and IP based Virtual Hosts
  • Name-based Virtual Host
  • Apache Logging, Log Analysis
  • The Webalizer
  • Module 8: Apache Security
  • Virtual Hosting Security Implications
  • Delegating Administration
  • Directory Protection
  • Directory Protection with AllowOverride
  • Common Uses for .htaccess
  • Symmetric Encryption Algorithms
  • Asymmetric Encryption Algorithms
  • Digital Certificates
  • TLS Using mod_ssl.so
  • Module 9: Apache Security
  • Dynamic HTTP Content
  • PHP: Hypertext Preprocessor
  • Developer Tools for PHP
  • Installing PHP
  • Configuring PHP
  • Securing PHP
  • Security Related php.ini Configuration
  • Java Servlets and JSP
  • Apache's Tomcat
  • Installing Java SDK
  • Installing Tomcat Manually
  • Using Tomcat with Apache
  • Module 10: Implementing an FTP Server
  • The FTP Protocol
  • Active Mode FTP
  • Passive Mode FTP
  • ProFTPD
  • Pure-FTPd
  • vsftpd
  • Configuring vsftpd
  • Anonymous FTP with vsftpd
  • Module 11: The Squid Proxy Server
  • Squid Overview
  • Squid File Layout
  • Squid Access Control Lists
  • Applying Squid ACLs
  • Tuning Squid & Configuring Cache Hierarchies
  • Bandwidth Metering
  • Monitoring Squid
  • Proxy Client Configuration
  • Module 12: SQL Fundamentals and MariaDB
  • Popular SQL Databases
  • SELECT Statements
  • INSERT Statements
  • UPDATE Statements
  • DELETE Statements
  • JOIN Clauses
  • MariaDB
  • MariaDB Installation and Security
  • MariaDB User Account Management
  • MariaDB Replication
  • Module 13: LDAP Cconcepts and Clients
  • LDAP: History and Uses
  • LDAP: Data Model Basics
  • LDAP: Protocol Basics
  • LDAP: Applications
  • LDAP: Search Filters
  • LDIF: LDAP Data Interchange Format
  • OpenLDAP Client Tools
  • Alternative LDAP Tools
  • Module 14: OpenLDAP Servers
  • Popular LDAP Server Implementations
  • OpenLDAP: Server Architecture
  • OpenLDAP: Backends
  • OpenLDAP: Replication
  • Managing slapd
  • OpenLDAP: Configuration Sections
  • OpenLDAP: Global Parameters
  • OpenLDAP: Database Parameters
  • OpenLDAP Server Tools
  • Native LDAP Authentication and Migration
  • Enabling LDAP-based Login
  • System Security Services Daemon (SSSD)
  • Module 15: Samba Concepts and Configuration
  • Introducing Samba
  • NetBIOS and NetBEUI
  • Samba Daemons
  • Accessing Windows/Samba Shares from Linux
  • Samba Utilities
  • Samba Configuration Files
  • Mapping Permissions and ACLs
  • Mapping Linux Concepts
  • Share Authentication
  • User-Level Access
  • Samba Account Database
  • User Share Restrictions
  • Module 16: SMTP Theory
  • SMTP
  • SMTP Terminology
  • SMTP Architecture
  • SMTP Commands
  • SMTP Extensions
  • SMTP AUTH
  • SMTPSTARTTLS
  • SMTP Session
  • Module 17: Postfix
  • Postfix Components, Architecture, Components, Configuration
  • master.cf, main.cf, Postfix Map Types, Postfix Pattern Matching, Advanced Postfix Options
  • Virtual Domains, Postfix Mail Filtering, Configuration Commands,
  • Management Commands, Postfix Logging
  • Logfile Analysis, Postfix, Relaying and SMTP AUTH
  • SMTP AUTH Server and Relay Control
  • SMTP AUTH Clients, Postfix / TLS
  • TLS Server Configuration
  • Postfix Client Configuration for TLS
  • Other TLS Clients
  • Ensuring TLS Security
  • Module 18: Mail Services and Retrieval
  • Filtering Email, Procmail, SpamAssassin
  • Bogofilter, amavisd-new Mail Filtering, Accessing Email
  • The IMAP4 Protocol, Dovecot POP3/IMAP Server
  • Cyrus IMAP/POP3 Server
  • Cyrus IMAP MTA Integration
  • Cyrus Mailbox Administration
  • Fetchmail, Cyrus Mailbox Administration
  • Roundcube Webmail
  • GNU Mailman
  • Mailman Configuration
  • NIS
  • NIS Overview
  • NIS Limitations and Advantages
  • NIS Client Configuration
  • NIS Server Configuration
  • NIS Troubleshooting Aids