- 积分
- 5520
- UID
- 139018
- 在线时间
- 93 小时
- 注册时间
- 2007-10-11
- 帖子
- 1139
- 精华
- 73
- 经验
- 3604 点
- 威望
- 19 点
- 金币
- 1703
  
- 积分
- 5520
- 帖子
- 1139
- 精华
- 73
- 经验
- 3604 点
- 威望
- 19 点
- 金币
- 1703
|
发表于 2008-8-11 08:34:18
|显示全部楼层
LinuxCBT系列中的安全视频一共有九部分,包罗Linux安全的各个方面,下面已经把9个部分一一列出,其中6到9已经发布(已给出链接)。
此ISO文件包括列出的前5个模块,即Basics, Proxy, Firewall, SELinux, NIDS五大部分。至此,LinuxCBT Security Edition分部9部分已收集完毕。
LinuxCBT.Security.Edition 5.Modules
LinuxCBT Security Edition encompasses 9 pivotal security modules:
1. Security Basics (fundamentals)
2. Proxy Security featuring Squid
3. Firewall Security featuring IPTables
4. SELinux Security - MAC-based Security Controls
5. Network Intrusion Detection System (NIDS) Security featuring Snort® NIDS
6. Packet | Capture | Analysis Security featuring Ethereal®
7. Pluggable Authentication Modules (PAM) Security
8. Open Secure Shell version 2 (OpenSSHv2) Security
9. OpenPGP with Gnu Privacy Guard (GPG) Security
LinuxCBT Security Edition is unparalleled in content, depth and expertise. It entails 89-hours, or ~ 2-weeks of classroom training. LinuxCBT Security Edition prepares you or your organization for successfully securing GNU/Linux & Open Source-based solutions. As a by-product, many of the covered concepts, utilities and tricks are applicable to heterogeneous computing environments, ensuring your coverage of the fundamentals of securing corporate infrastructures.
Basic Security - Module 1
* Boot Security
o Explore Dell PowerEdge BIOS Security-related features
o Discuss concepts & improve Dell PowerEdge BIOS security
o Explain run-time boot loader vulnerabilities
o Explore single-user mode (rootshell) and its inherent problems
o Modify default GRUB startup options & examine results
o Secure boot loader using MD5 hash
o Identify key startup-related configuration files & define boot security measures
o Identify key boot-related utilities
o Confirm expected hardware configuration
o Discuss INIT process, runlevel configuration & concepts
o Explore & tighten the security of the INIT configuration
* Shell Security
o Confirm expected applications
o Discuss Teletype Terminals (TTYs) and Pseudo Terminals (PTS)
o Identify common TTYs and PTSs
o Track current TTYs and PTSs - character devices
o Discuss concepts related to privileged and non-privileged use
o Restrict privileged login
o Use SSH and discuss TTYs
o Discuss the importance of consistent system-wide banners & messages
o Define and configure system banners for pre and post-system-access
o Identify user-logon history and correlate to TTYs
o Identify current user-connections - console-based and network-based
o Use lsof to identify open files and sockets
* Syslog Security
o Discuss Syslog concepts and applications
o Explain Syslog semantics - facilities & levels - message handling & routing
o Focus on security-related Syslog facilities
o Examine security logs managed by Syslog
o Configure Network Time Protocol (NTP) on interesting hosts
o Secure NTP configuration
o Ensure time consistency to preserve log-integrity
o Configure Syslog replication to preserve log-integrity
o Identify log discrepancies between Syslog hosts
* Reconnaissance & Vulnerability Assessment Tools
o Discuss Stage-1 host/network attack concepts
o Upgrade NMAP reconnaissance tool to increase effectiveness
o Identify NMAP files
o Discuss TCP handshake procedure
o Discuss half-open/SYN connections
o Perform connect and SYN-based host/network reconnaissance
o Identify potential vulnerabilities on interesting hosts derived from reconnaissance
o Examine NMAP logging capabilities
o Perform port sweeps to identify common vulnerabilities across exposed systems
o Secure exposed daemons/services
o Perform follow-up audit to ensure security policy compliance
o Discuss vulnerability scanner capabilities and applications
o Prepare system for Nessus vulnerability scanner installation - identify/install dependencies
o Generate self-signed SSL/TLS certificates for secure client/server communications
o Activate Nessus subscription, server and client components
o Explore vulnerability scanner interface and features
o Perform network-based reconnaissance attack to determine vulnerabilities
o Examine results of the reconnaissance attack and archive results
o Secure exposed vulnerabilities
* XINETD - TCPWrappers - Chattr - Lsattr - TCPDump - Clear Text Daemons
o Install Telnet Daemon
o Install Very Secure FTP Daemon (VSFTPD)
o Explore XINETD configuration and explain directives
o Configure XINETD to restrict communications at layer-3 and layer-4
o Restrict access to XINETD-protected daemons/services based on time range
o Examine XINETD logging via Syslog
o Discuss TCPWrappers security concepts & applications
o Enhance Telnetd security with TCPWrappers
o Confirm XINETD & TCPWrappers security
o Discuss chattr applications & usage
o Identify & flag key files as immutable to deter modifcation
o Confirm extended attributes (XATTRs)
o Discuss TCPDump applications & usage
o Configure TCPDump to intercept Telnet & FTP - clear-text traffic
o Use Ethereal to examine & reconstruct captured clear-text traffic
* Secure Shell (SSH) & MD5SUM Applications
o Use Ethereal to examine SSH streams
o Generate RSA/DSA PKI usage keys
o Configure Public Key Infrastructure (PKI) based authentication
o Secure PKI authentication files
o Use SCP to transfer files securely in non-interactive mode
o Use SFTP to transfer files securely in interactive mode
o Configure SSH to support a pseudo-VPN using SSH-Tunnelling
o Discuss MD5SUM concepts and applications
o Compare & contrast modified files using MD5SUM
o Use MD5SUM to verify the integrity of downloaded files
* GNU Privacy Guard (GPG) - Pretty Good Privacy (PGP) Compatible - PKI
o Discuss GPG concepts & applications - symmetric/asymmetric encryption
o Generate asymmetric RSA/DSA GPG/PGP usage keys - for multiple users
o Create a local web of trust
o Perform encrypts/decrypts and test data-exchanges
o Sign encrypted content and verify signatures @ recipient
o Import & export public keys for usage
o Use GPG/PGP with Mutt Mail User Agent (MUA)
* AIDE File Integrity Implementation
o Discuss file-integrity checker concepts & applications
o Identify online repository & download AIDE
o Install AIDE on interesting hosts
o Configure AIDE to protect key files & directories
o Alter file system objects and confirm modifications using AIDE
o Audit the file system using AIDE
* Rootkits
o Discuss rootkits concepts & applications
o Describe privilege elevation techniques
o Obtain & install T0rnkit - rootkit
o Identify system changes due to the rootkit
o Implement T0rnkit with AIDE to identify compromised system objects
o Implement T0rnkit with chkrootkit to identify rootkits
o T0rnkit - rootkit - cleanup
o Implement N-DU rootkit
o Evaluate system changes
* Bastille Linux - OS-Hardening
o Discuss Bastille Linux system hardening capabilities
o Obtain Bastille Linux & perform a system assessment
o Install Bastille Linux
o Evaluate hardened system components
Proxy Security - Module 2
* Squid Proxy Initialization
o Discuss Squid concepts & applications
o Discuss DNS application
o Configure DNS on primary SuSE Linux server for the Squid Proxy environment
o Confirm DNS environment
o Start Squid and evaluate default configuration
o Install Squid Proxy server
* General Proxy Usage
o Configure web browser to utilize proxy services
o Grant permissions to permit local hosts to utilize proxy services
o Discuss ideal file system layout - partitioning
o Explore key configuration files
o Use client to test the performance of proxy services
o Discuss HIT/MISS logic for serving content
o Configure proxy support for text-based (lftp/wget/lynx) HTTP clients
* Squid Proxy Logs
o Discuss Squid Proxy logging mechanism
o Identify key log files
o Discuss & explore the Access log to identify HITS and/or MISSES
o Discuss & explore the Store log to identify cached content
o Convert Squid logs to the Common Log Format (CLF) for easy processing
o Discuss key CLF fields
o Configure Webalizer to process Squid-CLF logs
o Revert to Squid Native logs
o Discuss key Native log fields
o Configure Webalizer to process Squid Native logs
* Squid Network Configuration & System Stats
o Discuss cachemgr.cgi Common Gateway Interface(CGI) script
o Explore the available metrics provided by cachemgr.cgi
o Change default Squid Proxy port
o Modify text/graphical clients and test communications
o Discuss Safe Ports - usage & applications
* Squid Access Control Lists (ACLs)
o Intro to Access Control Lists (ACLs) - syntax
o Define & test multiple HTTP-based ACLs
o Define & test ACL lists - to support multiple hosts/subnets
o Define & test time-based ACLs
o Nest ACLs to tighten security
o Implement destination domain based ACLs
o Exempt destination domains from being cached to ensure content freshness
o Define & test Anded ACLs
o Discuss the benefits of Regular Expressions (Regexes)
o Implement Regular Expressions ACLs to match URL patterns
o Exempt hosts/subnets from being cached or using the Squid cache
o Force cache usage
o Configure enterprise-class Cisco PIX firewall to deny outbound traffic
o Configure DNS round-robin with multiple Squid Proxy caches for load-balancing
o Discuss delay pool concepts & applications - bandwidth management
o Configure delay pools - to support rate-limiting
o Examine results of various delay pool classes
o Enforce maximum connections to deter Denial of Service (DoS) attacks
o Verify maximum connections comply with security policy
* Squid Proxy Hierarchies
o Discuss Squid cache hierarchy concepts & applications
o Ensure communications through a primary cache server - double-auditing
o Discuss and configure parent-child bypass based on ACLs
o Configure Intranet ACLs for peer-cache bypass
o Discuss & implement Squid cache hierarchy siblings
o Configure transparent proxy services
Firewall Security - Module 3
* Intro IPTables
o Discuss key IPTables concepts
o OSI Model discussion
o Determine if IPTables support is available in the current kernel
o Identify key IPTables modules and supporting files
o Explore and examine the default tables
o Learn IPTables Access Control List (ACL) syntax
o Discuss ACL management
o Learn to Save & Restore IPTables ACLs
* IPTables - Chain Management
o Explore the various chains in the default tables
o Discuss the purpose of each chain
o Examine packet counts & bytes traversing the various chains
o Focus on appending and inserting new ACLs into pre-defined chains
o Write rules to permit common traffic flows
o Delete & Replace ACLs to alter security policy
o Flush ACLs - reset the security policy to defaults
o Zero packet counts & bytes - bandwidth usage monitoring
o Create user-defined chains to perform additional packet handling
o Rename chains to suit the security policy/nomenclature
o Discuss & explore chain policy
* IPTables - Packet Matching & Handling
o Explain the the basics of packet matching
o Identify key layer-3/4 match objects - (Source/Dest IPs, Source/Dest Ports, etc.)
o Explore the multi-homed configuration
o Block traffic based on untrusted (Internet-facing) interface
o Perform packet matching/handling based on common TCP streams
o Perform packet matching/handling based on common UDP datagrams
o Perform packet matching/handling based on common ICMP traffic
o Write fewer rules (ACLs) by specifying lists of interesting layer-4 ports
o Discuss layer-3/4 IPTables default packet matching
o Discuss default layer-2 behavior
o Increase security by writing rules to match packets based on layer-2 addresses
* IPTables - State Maintenance - Stateful Firewall
o Discuss the capabilities of traditional packet-filtering firewalls
o Explain the advantages of stateful firewalls
o Examine the supported connection states
o Identify key kernel modules to support the stateful firewall
o Implement stateful ACLs & examine traffic flows
* IPTables - Targets - Match Handling
o Discuss the purpose of IPTables targets for packet handling
o Write rules with the ACCEPT target
o Write rules with the DROP target
o Write rules with the REJECT target
o Write rules with the REDIRECT target
o Confirm expected behavior for all targets
* IPTables - Logging
o Explore Syslog kernel logging configuration
o Define Access Control Entry (ACEs) to perform logging
o Explain the key fields captured by IPTables
o Log using user-defined chain for enhanced packet handling
o Log traffic based on security policy
o Define a catch-all ACE
o Use ACE negation to control logged packets
o Label log entries for enhanced parsing
* IPTables - Packet Routing
o Describe subnet layout
o Enable IP routing in the kernel - committ changes to disk
o Update routing tables on the other Linux Hosts on the network
o Update the Cisco PIX Firewall's routing tables
o Test routing through the Linux router, from a remote Windows 2003 Host
o Focus on the forward chain
o Write ACEs to permit routing
o Test connectivity
* IPTables - Network Address Translation (NAT)
o Discuss NAT features & concepts
o Discuss & implement IP masquerading
o Define Source NAT (SNAT) ACEs & test translations
o Create SNAT multiples
o Implement Destination NAT (DNAT) ACEs & test translations
o Define DNAT multiples
o Create NETMAP subnet mappings - one-to-one NATs
* IPTables - Demilitarized Zone (DMZ) Configuration
o Describe DMZ configuration
o Write Port Address Translation (PAT) rules to permit inbound traffic
o Test connectivity from connected subnets
o Configure DMZ forwarding (Routing)
o Implement Dual-DMZs - ideal for n-tiered web applications
SELinux Security - Module 4
* Access Control Models
o Describe Access Control Model (ACM) theories (DAC/MAC/nDAC)
o Explain features & shortcomings of Discretionary Access Control (DAC) models
o Identify key DAC-based utilities
o Discuss the advantages & caveats of Mandatory Access Control (MAC)models
o Explore DAC-based programs
* SELinux - Basics
o Discuss subjects & objects
o Explain how SELinux is implemented in 2.6.x-based kernels
o Confirm SELinux support in the kernel
o Identify key SELinux packages
o Use sestatus to obtain the current SELinux mode
o Discuss subject & object labeling
o Describe the 3 SELinux operating modes
o Identify key utilities & files, which dictate the current SELinux operating mode
o Focus on the features of SELinux permissive mode
o Explore the boot process as it relates to SELinux
* SELinux - Object Labeling
o Discuss subject & object labeling
o Discuss the role of extended attributes (XATTRs)
o Expose the labels of specific objects
o Alter the lables of specific objects
o Configure SELinux to automatically label objects per security policy
o Reset the system and confirm labels on altered objects
o Explain security tuples
o Use fixfiles to restore object labels on running system per security policy
* SELinux - Type Contexts - Security Labels Applied to Objects
o Intro to object security tuples - security labels
o Attempt to serve HTML content using Apache in SELinux enforcing mode
o Identify problematic object security labels
o Serve HTML content in SELinux permissive mode
o Use chcon to alter object security labels
o Switch to enforcing mode & confirm the ability to serve HTML content
o Use restorecon to restore object security context (labels)
* SELinux - Basic Commands - Type & Domain Exposition
o ps - reveal subjects' security context (security label) - Domains
o ls - reveal objects' security label - Types
o cp - preserve/inherit security labels
o mv - preserve security labels
o id - expose subject security label
* SELinux - Targeted Policy - Binary
o Explain the Targeted Policy's features
o Discuss policy transitions for domains
o Compare & contrast confined & unconfined states
o Exempt Apache daemon from the auspicies of the targeted policy's confined state
o Evaluate results after exemption
o Explain the security contexts applied to subjects & objects
o Peruse key targeted binary policy files
o Identify the daemons protected by the targeted policy
o Discuss the unconfined_t domain - subject label
* SELinux - Targeted Policy - Source
o Install the targeted policy source files
o Identify & discuss TE and FC files
o Explore file_contexts - context definition for objects
o Discuss the file context syntax
o Explain the purpose of using run_init to initiate SELinux-protected daemons
o Switch between permissive & enforcing modes and evaluate behavior
o Peruse the key files in the targeted source policy
* SELinux - Miscellaneous Utilities - Logging
o Use tar to archive SELinux-protected objects
o Confirm security labels on tar-archived objects
o Use the tar substitute 'star' to archive extended attributes(XATTRs)
o Confirm security labels on star-archived objects
o Discuss the role of the AVC
o Examine SELinux logs - /var/log/messages
o Alter Syslog configuration to route SELinux messages to an ideal location
o Use SETools, shell-based programs to output real-time statistics
o Install & use SEAudit graphical SELinux log-management tool
Network Intrusion Detection System (NIDS) Security - Module 5
* Snort NIDS - Installation
o Peruse the LinuxCBT Security Edition classroom network topology
o Download Snort
o Import G/PGP public key and verify package integrity
o Identify & download key Snort dependencies
o Install current libpcap - Packet Capture Library
o Establish security configuration baseline
* Snort NIDS - Sniffer Mode
o Discuss sniffer mode concepts & applications
o Sniff IP packet headers - layer-3/4
o Sniff data-link headers - layer-2
o Sniff application payload - layer-7
o Sniff application/ip packet headers/data-link headers - all layers except physical
o Examine packets & packet loss
o Sniff traffic traversing interesting interfaces
o Sniff clear-text traffic
o Sniff encrypted streams
* Snort NIDS - Logging Mode
o Discuss logging mode concepts & applications
o Log traffic using default PCAP/TCPDump format
o Log traffic using ASCII mode & examine output
o Discuss directory structure created by ASCII logging mode
o Control verbosity of ASCII logging mode & examine output
o Enhance packet logging analysis by defaulting to binary logging
o Discuss default nomenclature for binary/TCPDump files
o Alter binary output options
o Use Snort NIDS to read binary/TCPDump files
* Snort NIDS - Berkeley Packet Filters (BPFs)
o Explain the advantages to utilizing BPFs
o Discuss BPF directional, type, and protocol qualifiers
o Identify clear-text based network applications and define appropriate BPFs
o Execute Snort NIDS in sniffer mode with BPFs enabled to match interesting traffic
o Log to the active pseudo-terminal console and examine the packet flows
o Combine BPF qualifiers to increase packet-matching capabilities
o Use logical operators to define more flexible BPFs
o Read binary TCPDump files using Snort & BPFs
o Execute Snort NIDS in logging/daemon mode
* Snort NIDS - Cisco Switch Configuration
o Examine the current network configuration
o Identify Snort NIDS sensors and centralized DBMS Server
o Create multiple VLANs on the Cisco Switch
o Secure the Cisco Switch configuration
o Isolate internal and external hosts, sensors and DBMS systems
o Configure SPAN - Port Mirroring for internal and external Snort NIDS Sensors
o Examine internal and external packet flows
* Snort NIDS - Network Intrusion Detection System (NIDS) Mode
o Discuss NIDS concepts & applications
o Prepare /etc/snort - configuration directory for NIDS operation
o Explore the snort.conf NIDS configuration file
o Discuss all snort.conf sections
o Download & install community rules
o Execute Snort in NIDS mode with TCPDump compliant output plugin
o Download & install Snort Vulnerability Research Team (VRT) rules
o Compare & contrast community rules to VRT rules
* Snort NIDS - Output Plugin - Barnyard Configuration
o Discuss features & benefits
o Configure Syslog based logging and examine results
o Configure Snort to log sequentially to multiple output locations
o Implement unified binary output logging to enhance performance
o Discuss concepts & features associated with post-processing Snort logs
o Download and install current barnyard post-processor
o Use barnyard to post-process logs to multiple output destinations
* Snort NIDS - BASE - MySQL® Implementation
o Discuss benefits of centralized console reporting for 1 or more Snort sensors
o Re-compile Snort on both sensors to support MySQL logging
o Configure MySQL on Database Management System (DBMS) Host
o Implement Snort database schema on DBMS Host
o Configure Snort to log output to MySQL DBMS Host
o Confirm output logging to the MySQL DBMS Host
o Prepare DBMS Host for BASE console installation
o Install BASE and complete schema extension
o Peruse BASE interface
* Snort® NIDS - Rules Configuration & Updates
o Discuss the concept of rules as related to Snort NIDS
o Examine Snort rule syntax
o Peruse pre-defined Snort rules
o Download & configure oinkmaster to automatically update Snort rules
o Confirm oinkmaster operation
[ 本帖最后由 leapApple 于 2008-11-11 16:45 编辑 ] |
附件: 你需要登录才可以下载或查看附件。没有帐号?注册
|
狗仔卡
抢沙发
千斤顶
显身卡
发表于 2008-8-22 14:22:01