These classnotes are depreciated. As of 2005, I no longer teach the classes. Notes will remain online for legacy purposes
Classnotes | RecentChanges | Preferences Difference (from prior major revision)
(author diff )Removed: 182,184d181
The general homepage for this course is http://www.geekcomix.com/classnotes/
This course will introduce the student to major concepts and techniques involved in securing a Unix server or workstation. Linux is used as the learning environment, but concepts will be applicable to all Unix environments. The book for this course is "Real World Linux Security" by Bobn Toxen (with associated website, http://realworldlinuxsecurity.com/ )..
These classnotes are organized by topic. More often than not, these topics will also coincide with particular days in the class. The topics will be presented in the following order:
DAY ONE
General System Security Introduction
/On Terminology
/Myths of Unix Security
/Security Versus Obscurity
/Moving to Rings of Security
The Seven Most Deadly Sins (pp. 27-41)
1: /Weak and Default Passwords
PROJECT: /Scan for Weak Passwords
2: /Open Network Ports
PROJECT: /Turn Off Unneeded Services
3: /Old Software Versions
4: /Insecure and Badly Configured Programs
5: /Insufficient Resources and Misplaced Priorities
6: /Stale and Unnecessary Accounts
7: /Procrastination
PROJECT: [/Replace Weak Doors with Brick]?
Common Weaknesses
/Permission Problems
/Kernel Protocol Switches
PROJECT: /Kernel Protocol Switches at Boot
/X Server Security
/Physical Security
[/Secure Deletion]?
[/Destroying Old Confidential Data In Free Blocks]?
/Watching bash
/Executing Stealth Commands
/Pluggable Authentication Modules
PROJECT : /Enable Stronger Passwords
DAY TWO
SAMBA Security
/SAMBA Review
/SAMBA Versions
/Securing smb.conf
/Securing smbpasswd
/Other SAMBA Security
/ACL and SAMBA
PROJECT /Configure SAMBA Securely
SPAM and Viruses
/Why worry about Spam ?
/Realtime Blackhole Lists are bad
/Sendmail Security
Setting up an Anti-Spam Gateway - Part I: The Tools
/Postfix
/Procmail
/amavisd-new
/SpamAssassin
/DCC - Distributed Checksum Clearinghouse
/Vipul's Razor
Setting up an Anti-Spam Gateway - Part II: The Procedure
/Overview of System
/Install Components and Setup Users
/Configure Postfix
/Configure SpamAssassin
/Configure Razor
/Configure DCC
/Configure Amavisd
/Bayesian Learning Script
Adding Anti-Virus Protection
/Overview of AV Software For Linux
/Sophos For Linux
/Sophie - Quick Attachment Scanning
/Integrating Sophie With Amavisd
/Install Sophos
/Install Sophie
/Configure Amavisd for Sophie
/Add Sophie to init
DAY THREE
/Ports and Permissions
Apache Security
/Apache Review
/Server Side Includes and Script Issues
/Securing Apache Configuration
/Special Techniques for Web Servers Part 1
/Special Techniques for Web Servers Part 2
/CGI Scripts and Programs
Hardenning Apache
PROJECT: /Harden Apache
/Introduction to WPoison
PROJECT: /Install WPoison
PROJECT: /Set up detection for defaced web pages
FTP Security
/Introduction to WU-FTPD
Chrooting FTP for Guest Access
/Kinds of FTP Accounts
/Chroot setup in passwd
/Create home directory
/Populate home directory
/Build Contents of bin
/Build Contents of etc
/Extra Security Touches
/Limitting Login
Monitoring System Logs
/Scanning and monitoring system logs
LOGROTATE
/Introduction to Logrotate
/Configuring Logrotate
LOGCHECK
/Introduction to Logcheck
/Configuring Logcheck
LOGWATCH
/Introduction to Logwatch
/Configuring Logwatch
/AWStats Introduction
PROJECT : /Install AWStats
Establishing Security Policies
Homework: Read Chapter 7
DAY FOUR
Hardening Your System - Part I: Firewalling
/Packet FIltering Basics
/Firewalling Terminology
/ipchains and iptables - Small history of filtering under Linux
IPCHAINS
/Introduction to IPChains
/IPChains Commands
IPTABLES
/Introduction to IPTables
/IPTables advantages - disadvantages over IPChains
/IPTables- Fact and Myth
/IPTables Commands
/IPTables Firewall Scripts
PROJECT: Firewall off key ports
/Firewall SAMBA
/Firewall SOHO
TCPWrappers
/Introduction to TCPWrappers
/TCPWrappers usage
/TCPWrappers advanced usage
PROJECT: Adaptive Firewall
/Introduction to Adaptive Firewall
/Overview of Firewall System
/Install Scripts
/Configure Firewall
/Test Firewall
Scanning Your Own System
/Introduction to nmap
/nmap Usage
PROJECT: /Test Neighbors Firewall
DAY FIVE
/A Review
Linux Encryption
/Overview of Linux Encryption Options
/Kernel Space Encryption
/Encryption with aespipe
PROJECT : /Encrypt an archive
Monitoring Activity
Snort IDS
/Introduction to Snort
/Snort Install
/Snort Usage
/Snort Configuration
Shadow
/Introduction to Shadow
Trapping the Intruder
/Honeypots and Tarpits
/Introduction to thp
/Configuring thp
PROJECT /Setup Tiny Honeypot with Snort
/Introduction to TripWire
PROJECT /Setup Logcheck and TripWire
/Monitoring Attacks with Ethereal
Regaining Control
/General behavior
/Backing up the system
/Forensics analysis
/Handling Running Cracker's Processes
/Emergency Shutdown
/Booting Read Only
PROJECT : /Regain Control
Classnotes | RecentChanges | Preferences View other revisions (diff) 
