大家论坛

 找回密码
 注册
查看: 25321|回复: 53

Linux安全视频教程 LinuxCBT Security Edition 五个安全管理模块ISO下载

[复制链接]
头像被屏蔽

222

主题

1175

帖子

7298

金币

大家网研究生二年级

Rank: 19Rank: 19Rank: 19

积分
5773

社区建设奖创作大师解答高手优秀斑竹

发表于 2008-8-11 08:34 | 显示全部楼层 |阅读模式
LinuxCBT系列中的安全视频一共有九部分,包罗Linux安全的各个方面,下面已经把9个部分一一列出,其中6到9已经发布(已给出链接)。
此ISO文件包括列出的前5个模块,即Basics, Proxy, Firewall, SELinux, NIDS五大部分。至此,LinuxCBT Security Edition分部9部分已收集完毕。

LinuxCBT.Security.Edition 5.Modules



LinuxCBT Security Edition encompasses 9 pivotal security modules:

   1. Security Basics (fundamentals)
   2. Proxy Security featuring Squid
   3. Firewall Security featuring IPTables
   4. SELinux Security - MAC-based Security Controls
   5. Network Intrusion Detection System (NIDS) Security featuring Snort® NIDS
   6. Packet | Capture | Analysis Security featuring Ethereal®
   7. Pluggable Authentication Modules (PAM) Security
   8. Open Secure Shell version 2 (OpenSSHv2) Security
   9. OpenPGP with Gnu Privacy Guard (GPG) Security

LinuxCBT Security Edition is unparalleled in content, depth and expertise. It entails 89-hours, or ~ 2-weeks of classroom training. LinuxCBT Security Edition prepares you or your organization for successfully securing GNU/Linux & Open Source-based solutions. As a by-product, many of the covered concepts, utilities and tricks are applicable to heterogeneous computing environments, ensuring your coverage of the fundamentals of securing corporate infrastructures.

Basic Security - Module 1

    * Boot Security
          o Explore Dell PowerEdge BIOS Security-related features
          o Discuss concepts & improve Dell PowerEdge BIOS security
          o Explain run-time boot loader vulnerabilities
          o Explore single-user mode (rootshell) and its inherent problems
          o Modify default GRUB startup options & examine results
          o Secure boot loader using MD5 hash
          o Identify key startup-related configuration files & define boot security measures
          o Identify key boot-related utilities
          o Confirm expected hardware configuration
          o Discuss INIT process, runlevel configuration & concepts
          o Explore & tighten the security of the INIT configuration

    * Shell Security
          o Confirm expected applications
          o Discuss Teletype Terminals (TTYs) and Pseudo Terminals (PTS)
          o Identify common TTYs and PTSs
          o Track current TTYs and PTSs - character devices
          o Discuss concepts related to privileged and non-privileged use
          o Restrict privileged login
          o Use SSH and discuss TTYs
          o Discuss the importance of consistent system-wide banners & messages
          o Define and configure system banners for pre and post-system-access
          o Identify user-logon history and correlate to TTYs
          o Identify current user-connections - console-based and network-based
          o Use lsof to identify open files and sockets

    * Syslog Security
          o Discuss Syslog concepts and applications
          o Explain Syslog semantics - facilities & levels - message handling & routing
          o Focus on security-related Syslog facilities
          o Examine security logs managed by Syslog
          o Configure Network Time Protocol (NTP) on interesting hosts
          o Secure NTP configuration
          o Ensure time consistency to preserve log-integrity
          o Configure Syslog replication to preserve log-integrity
          o Identify log discrepancies between Syslog hosts

    * Reconnaissance & Vulnerability Assessment Tools
          o Discuss Stage-1 host/network attack concepts
          o Upgrade NMAP reconnaissance tool to increase effectiveness
          o Identify NMAP files
          o Discuss TCP handshake procedure
          o Discuss half-open/SYN connections
          o Perform connect and SYN-based host/network reconnaissance
          o Identify potential vulnerabilities on interesting hosts derived from reconnaissance
          o Examine NMAP logging capabilities
          o Perform port sweeps to identify common vulnerabilities across exposed systems
          o Secure exposed daemons/services
          o Perform follow-up audit to ensure security policy compliance
          o Discuss vulnerability scanner capabilities and applications
          o Prepare system for Nessus vulnerability scanner installation - identify/install dependencies
          o Generate self-signed SSL/TLS certificates for secure client/server communications
          o Activate Nessus subscription, server and client components
          o Explore vulnerability scanner interface and features
          o Perform network-based reconnaissance attack to determine vulnerabilities
          o Examine results of the reconnaissance attack and archive results
          o Secure exposed vulnerabilities

    * XINETD - TCPWrappers - Chattr - Lsattr - TCPDump - Clear Text Daemons
          o Install Telnet Daemon
          o Install Very Secure FTP Daemon (VSFTPD)
          o Explore XINETD configuration and explain directives
          o Configure XINETD to restrict communications at layer-3 and layer-4
          o Restrict access to XINETD-protected daemons/services based on time range
          o Examine XINETD logging via Syslog
          o Discuss TCPWrappers security concepts & applications
          o Enhance Telnetd security with TCPWrappers
          o Confirm XINETD & TCPWrappers security
          o Discuss chattr applications & usage
          o Identify & flag key files as immutable to deter modifcation
          o Confirm extended attributes (XATTRs)
          o Discuss TCPDump applications & usage
          o Configure TCPDump to intercept Telnet & FTP - clear-text traffic
          o Use Ethereal to examine & reconstruct captured clear-text traffic

    * Secure Shell (SSH) & MD5SUM Applications
          o Use Ethereal to examine SSH streams
          o Generate RSA/DSA PKI usage keys
          o Configure Public Key Infrastructure (PKI) based authentication
          o Secure PKI authentication files
          o Use SCP to transfer files securely in non-interactive mode
          o Use SFTP to transfer files securely in interactive mode
          o Configure SSH to support a pseudo-VPN using SSH-Tunnelling
          o Discuss MD5SUM concepts and applications
          o Compare & contrast modified files using MD5SUM
          o Use MD5SUM to verify the integrity of downloaded files

    * GNU Privacy Guard (GPG) - Pretty Good Privacy (PGP) Compatible - PKI
          o Discuss GPG concepts & applications - symmetric/asymmetric encryption
          o Generate asymmetric RSA/DSA GPG/PGP usage keys - for multiple users
          o Create a local web of trust
          o Perform encrypts/decrypts and test data-exchanges
          o Sign encrypted content and verify signatures @ recipient
          o Import & export public keys for usage
          o Use GPG/PGP with Mutt Mail User Agent (MUA)

    * AIDE File Integrity Implementation
          o Discuss file-integrity checker concepts & applications
          o Identify online repository & download AIDE
          o Install AIDE on interesting hosts
          o Configure AIDE to protect key files & directories
          o Alter file system objects and confirm modifications using AIDE
          o Audit the file system using AIDE

    * Rootkits
          o Discuss rootkits concepts & applications
          o Describe privilege elevation techniques
          o Obtain & install T0rnkit - rootkit
          o Identify system changes due to the rootkit
          o Implement T0rnkit with AIDE to identify compromised system objects
          o Implement T0rnkit with chkrootkit to identify rootkits
          o T0rnkit - rootkit - cleanup
          o Implement N-DU rootkit
          o Evaluate system changes

    * Bastille Linux - OS-Hardening
          o Discuss Bastille Linux system hardening capabilities
          o Obtain Bastille Linux & perform a system assessment
          o Install Bastille Linux
          o Evaluate hardened system components

Proxy Security - Module 2

    * Squid Proxy Initialization
          o Discuss Squid concepts & applications
          o Discuss DNS application
          o Configure DNS on primary SuSE Linux server for the Squid Proxy environment
          o Confirm DNS environment
          o Start Squid and evaluate default configuration
          o Install Squid Proxy server

    * General Proxy Usage
          o Configure web browser to utilize proxy services
          o Grant permissions to permit local hosts to utilize proxy services
          o Discuss ideal file system layout - partitioning
          o Explore key configuration files
          o Use client to test the performance of proxy services
          o Discuss HIT/MISS logic for serving content
          o Configure proxy support for text-based (lftp/wget/lynx) HTTP clients

    * Squid Proxy Logs
          o Discuss Squid Proxy logging mechanism
          o Identify key log files
          o Discuss & explore the Access log to identify HITS and/or MISSES
          o Discuss & explore the Store log to identify cached content
          o Convert Squid logs to the Common Log Format (CLF) for easy processing
          o Discuss key CLF fields
          o Configure Webalizer to process Squid-CLF logs
          o Revert to Squid Native logs
          o Discuss key Native log fields
          o Configure Webalizer to process Squid Native logs

    * Squid Network Configuration & System Stats
          o Discuss cachemgr.cgi Common Gateway Interface(CGI) script
          o Explore the available metrics provided by cachemgr.cgi
          o Change default Squid Proxy port
          o Modify text/graphical clients and test communications
          o Discuss Safe Ports - usage & applications

    * Squid Access Control Lists (ACLs)
          o Intro to Access Control Lists (ACLs) - syntax
          o Define & test multiple HTTP-based ACLs
          o Define & test ACL lists - to support multiple hosts/subnets
          o Define & test time-based ACLs
          o Nest ACLs to tighten security
          o Implement destination domain based ACLs
          o Exempt destination domains from being cached to ensure content freshness
          o Define & test Anded ACLs
          o Discuss the benefits of Regular Expressions (Regexes)
          o Implement Regular Expressions ACLs to match URL patterns
          o Exempt hosts/subnets from being cached or using the Squid cache
          o Force cache usage
          o Configure enterprise-class Cisco PIX firewall to deny outbound traffic
          o Configure DNS round-robin with multiple Squid Proxy caches for load-balancing
          o Discuss delay pool concepts & applications - bandwidth management
          o Configure delay pools - to support rate-limiting
          o Examine results of various delay pool classes
          o Enforce maximum connections to deter Denial of Service (DoS) attacks
          o Verify maximum connections comply with security policy

    * Squid Proxy Hierarchies
          o Discuss Squid cache hierarchy concepts & applications
          o Ensure communications through a primary cache server - double-auditing
          o Discuss and configure parent-child bypass based on ACLs
          o Configure Intranet ACLs for peer-cache bypass
          o Discuss & implement Squid cache hierarchy siblings
          o Configure transparent proxy services

Firewall Security - Module 3

    * Intro IPTables
          o Discuss key IPTables concepts
          o OSI Model discussion
          o Determine if IPTables support is available in the current kernel
          o Identify key IPTables modules and supporting files
          o Explore and examine the default tables
          o Learn IPTables Access Control List (ACL) syntax
          o Discuss ACL management
          o Learn to Save & Restore IPTables ACLs

    * IPTables - Chain Management
          o Explore the various chains in the default tables
          o Discuss the purpose of each chain
          o Examine packet counts & bytes traversing the various chains
          o Focus on appending and inserting new ACLs into pre-defined chains
          o Write rules to permit common traffic flows
          o Delete & Replace ACLs to alter security policy
          o Flush ACLs - reset the security policy to defaults
          o Zero packet counts & bytes - bandwidth usage monitoring
          o Create user-defined chains to perform additional packet handling
          o Rename chains to suit the security policy/nomenclature
          o Discuss & explore chain policy

    * IPTables - Packet Matching & Handling
          o Explain the the basics of packet matching
          o Identify key layer-3/4 match objects - (Source/Dest IPs, Source/Dest Ports, etc.)
          o Explore the multi-homed configuration
          o Block traffic based on untrusted (Internet-facing) interface
          o Perform packet matching/handling based on common TCP streams
          o Perform packet matching/handling based on common UDP datagrams
          o Perform packet matching/handling based on common ICMP traffic
          o Write fewer rules (ACLs) by specifying lists of interesting layer-4 ports
          o Discuss layer-3/4 IPTables default packet matching
          o Discuss default layer-2 behavior
          o Increase security by writing rules to match packets based on layer-2 addresses

    * IPTables - State Maintenance - Stateful Firewall
          o Discuss the capabilities of traditional packet-filtering firewalls
          o Explain the advantages of stateful firewalls
          o Examine the supported connection states
          o Identify key kernel modules to support the stateful firewall
          o Implement stateful ACLs & examine traffic flows

    * IPTables - Targets - Match Handling
          o Discuss the purpose of IPTables targets for packet handling
          o Write rules with the ACCEPT target
          o Write rules with the DROP target
          o Write rules with the REJECT target
          o Write rules with the REDIRECT target
          o Confirm expected behavior for all targets

    * IPTables - Logging
          o Explore Syslog kernel logging configuration
          o Define Access Control Entry (ACEs) to perform logging
          o Explain the key fields captured by IPTables
          o Log using user-defined chain for enhanced packet handling
          o Log traffic based on security policy
          o Define a catch-all ACE
          o Use ACE negation to control logged packets
          o Label log entries for enhanced parsing

    * IPTables - Packet Routing
          o Describe subnet layout
          o Enable IP routing in the kernel - committ changes to disk
          o Update routing tables on the other Linux Hosts on the network
          o Update the Cisco PIX Firewall's routing tables
          o Test routing through the Linux router, from a remote Windows 2003 Host
          o Focus on the forward chain
          o Write ACEs to permit routing
          o Test connectivity

    * IPTables - Network Address Translation (NAT)
          o Discuss NAT features & concepts
          o Discuss & implement IP masquerading
          o Define Source NAT (SNAT) ACEs & test translations
          o Create SNAT multiples
          o Implement Destination NAT (DNAT) ACEs & test translations
          o Define DNAT multiples
          o Create NETMAP subnet mappings - one-to-one NATs

    * IPTables - Demilitarized Zone (DMZ) Configuration
          o Describe DMZ configuration
          o Write Port Address Translation (PAT) rules to permit inbound traffic
          o Test connectivity from connected subnets
          o Configure DMZ forwarding (Routing)
          o Implement Dual-DMZs - ideal for n-tiered web applications

SELinux Security - Module 4

    * Access Control Models
          o Describe Access Control Model (ACM) theories (DAC/MAC/nDAC)
          o Explain features & shortcomings of Discretionary Access Control (DAC) models
          o Identify key DAC-based utilities
          o Discuss the advantages & caveats of Mandatory Access Control (MAC)models
          o Explore DAC-based programs

    * SELinux - Basics
          o Discuss subjects & objects
          o Explain how SELinux is implemented in 2.6.x-based kernels
          o Confirm SELinux support in the kernel
          o Identify key SELinux packages
          o Use sestatus to obtain the current SELinux mode
          o Discuss subject & object labeling
          o Describe the 3 SELinux operating modes
          o Identify key utilities & files, which dictate the current SELinux operating mode
          o Focus on the features of SELinux permissive mode
          o Explore the boot process as it relates to SELinux

    * SELinux - Object Labeling
          o Discuss subject & object labeling
          o Discuss the role of extended attributes (XATTRs)
          o Expose the labels of specific objects
          o Alter the lables of specific objects
          o Configure SELinux to automatically label objects per security policy
          o Reset the system and confirm labels on altered objects
          o Explain security tuples
          o Use fixfiles to restore object labels on running system per security policy

    * SELinux - Type Contexts - Security Labels Applied to Objects
          o Intro to object security tuples - security labels
          o Attempt to serve HTML content using Apache in SELinux enforcing mode
          o Identify problematic object security labels
          o Serve HTML content in SELinux permissive mode
          o Use chcon to alter object security labels
          o Switch to enforcing mode & confirm the ability to serve HTML content
          o Use restorecon to restore object security context (labels)

    * SELinux - Basic Commands - Type & Domain Exposition
          o ps - reveal subjects' security context (security label) - Domains
          o ls - reveal objects' security label - Types
          o cp - preserve/inherit security labels
          o mv - preserve security labels
          o id - expose subject security label

    * SELinux - Targeted Policy - Binary
          o Explain the Targeted Policy's features
          o Discuss policy transitions for domains
          o Compare & contrast confined & unconfined states
          o Exempt Apache daemon from the auspicies of the targeted policy's confined state
          o Evaluate results after exemption
          o Explain the security contexts applied to subjects & objects
          o Peruse key targeted binary policy files
          o Identify the daemons protected by the targeted policy
          o Discuss the unconfined_t domain - subject label

    * SELinux - Targeted Policy - Source
          o Install the targeted policy source files
          o Identify & discuss TE and FC files
          o Explore file_contexts - context definition for objects
          o Discuss the file context syntax
          o Explain the purpose of using run_init to initiate SELinux-protected daemons
          o Switch between permissive & enforcing modes and evaluate behavior
          o Peruse the key files in the targeted source policy

    * SELinux - Miscellaneous Utilities - Logging
          o Use tar to archive SELinux-protected objects
          o Confirm security labels on tar-archived objects
          o Use the tar substitute 'star' to archive extended attributes(XATTRs)
          o Confirm security labels on star-archived objects
          o Discuss the role of the AVC
          o Examine SELinux logs - /var/log/messages
          o Alter Syslog configuration to route SELinux messages to an ideal location
          o Use SETools, shell-based programs to output real-time statistics
          o Install & use SEAudit graphical SELinux log-management tool

Network Intrusion Detection System (NIDS) Security - Module 5

    * Snort NIDS - Installation
          o Peruse the LinuxCBT Security Edition classroom network topology
          o Download Snort
          o Import G/PGP public key and verify package integrity
          o Identify & download key Snort dependencies
          o Install current libpcap - Packet Capture Library
          o Establish security configuration baseline

    * Snort NIDS - Sniffer Mode
          o Discuss sniffer mode concepts & applications
          o Sniff IP packet headers - layer-3/4
          o Sniff data-link headers - layer-2
          o Sniff application payload - layer-7
          o Sniff application/ip packet headers/data-link headers - all layers except physical
          o Examine packets & packet loss
          o Sniff traffic traversing interesting interfaces
          o Sniff clear-text traffic
          o Sniff encrypted streams

    * Snort NIDS - Logging Mode
          o Discuss logging mode concepts & applications
          o Log traffic using default PCAP/TCPDump format
          o Log traffic using ASCII mode & examine output
          o Discuss directory structure created by ASCII logging mode
          o Control verbosity of ASCII logging mode & examine output
          o Enhance packet logging analysis by defaulting to binary logging
          o Discuss default nomenclature for binary/TCPDump files
          o Alter binary output options
          o Use Snort NIDS to read binary/TCPDump files

    * Snort NIDS - Berkeley Packet Filters (BPFs)
          o Explain the advantages to utilizing BPFs
          o Discuss BPF directional, type, and protocol qualifiers
          o Identify clear-text based network applications and define appropriate BPFs
          o Execute Snort NIDS in sniffer mode with BPFs enabled to match interesting traffic
          o Log to the active pseudo-terminal console and examine the packet flows
          o Combine BPF qualifiers to increase packet-matching capabilities
          o Use logical operators to define more flexible BPFs
          o Read binary TCPDump files using Snort & BPFs
          o Execute Snort NIDS in logging/daemon mode

    * Snort NIDS - Cisco Switch Configuration
          o Examine the current network configuration
          o Identify Snort NIDS sensors and centralized DBMS Server
          o Create multiple VLANs on the Cisco Switch
          o Secure the Cisco Switch configuration
          o Isolate internal and external hosts, sensors and DBMS systems
          o Configure SPAN - Port Mirroring for internal and external Snort NIDS Sensors
          o Examine internal and external packet flows

    * Snort NIDS - Network Intrusion Detection System (NIDS) Mode
          o Discuss NIDS concepts & applications
          o Prepare /etc/snort - configuration directory for NIDS operation
          o Explore the snort.conf NIDS configuration file
          o Discuss all snort.conf sections
          o Download & install community rules
          o Execute Snort in NIDS mode with TCPDump compliant output plugin
          o Download & install Snort Vulnerability Research Team (VRT) rules
          o Compare & contrast community rules to VRT rules

    * Snort NIDS - Output Plugin - Barnyard Configuration
          o Discuss features & benefits
          o Configure Syslog based logging and examine results
          o Configure Snort to log sequentially to multiple output locations
          o Implement unified binary output logging to enhance performance
          o Discuss concepts & features associated with post-processing Snort logs
          o Download and install current barnyard post-processor
          o Use barnyard to post-process logs to multiple output destinations

    * Snort NIDS - BASE - MySQL® Implementation
          o Discuss benefits of centralized console reporting for 1 or more Snort sensors
          o Re-compile Snort on both sensors to support MySQL logging
          o Configure MySQL on Database Management System (DBMS) Host
          o Implement Snort database schema on DBMS Host
          o Configure Snort to log output to MySQL DBMS Host
          o Confirm output logging to the MySQL DBMS Host
          o Prepare DBMS Host for BASE console installation
          o Install BASE and complete schema extension
          o Peruse BASE interface

    * Snort® NIDS - Rules Configuration & Updates
          o Discuss the concept of rules as related to Snort NIDS
          o Examine Snort rule syntax
          o Peruse pre-defined Snort rules
          o Download & configure oinkmaster to automatically update Snort rules
          o Confirm oinkmaster operation

[ 本帖最后由 leapApple 于 2008-11-11 16:45 编辑 ]

本帖子中包含更多资源

您需要 登录 才可以下载或查看,没有帐号?注册

x

本帖被以下淘专辑推荐:

回复

使用道具 举报

0

主题

7

帖子

50

金币

大家网小学一年级

Rank: 2Rank: 2

积分
23
发表于 2008-8-13 10:56 | 显示全部楼层
看来大家全都忙着看奥运了,这么好的帖子居然没人顶,太没人性了
回复

使用道具 举报

0

主题

56

帖子

316

金币

大家网小学六年级

Rank: 7Rank: 7Rank: 7

积分
256
发表于 2008-8-14 14:27 | 显示全部楼层
支持一下,很好的,就是不知道怎么用
回复

使用道具 举报

0

主题

0

帖子

147

金币

大家网小学三年级

Rank: 4Rank: 4

积分
103
发表于 2008-8-14 20:00 | 显示全部楼层
没办法,顶一下。
回复

使用道具 举报

0

主题

2

帖子

31

金币

大家网幼儿园

Rank: 1

积分
8
发表于 2008-8-15 10:09 | 显示全部楼层
谢谢楼主分享,学习了

不知有没有文档资料?
回复

使用道具 举报

0

主题

1

帖子

37

金币

大家网小学一年级

Rank: 2Rank: 2

积分
12
发表于 2008-8-16 14:07 | 显示全部楼层
下来看看哦
回复

使用道具 举报

0

主题

1

帖子

23

金币

大家网幼儿园

Rank: 1

积分
2
发表于 2008-8-16 16:14 | 显示全部楼层
支持一下!!!
回复

使用道具 举报

39

主题

161

帖子

619

金币

大家网初中三年级

Rank: 10Rank: 10

积分
405
发表于 2008-8-18 09:13 | 显示全部楼层
原帖由 voclub 于 2008-8-15 10:09 发表
谢谢楼主分享,学习了

不知有没有文档资料?


文档资料?
回复

使用道具 举报

0

主题

5

帖子

36

金币

大家网小学一年级

Rank: 2Rank: 2

积分
11
发表于 2008-8-18 09:57 | 显示全部楼层
一节节听起来还是比较费时间的。但是浅显易懂。
回复

使用道具 举报

头像被屏蔽

6456

主题

6753

帖子

4万

金币

大家网博士后

Rank: 22Rank: 22Rank: 22Rank: 22

积分
26304
发表于 2008-8-22 14:22 | 显示全部楼层
原帖由 nickolas 于 2008-8-18 09:57 发表
一节节听起来还是比较费时间的。但是浅显易懂。


可以有选择性的听一下啊,不用老是看书或是在网上漫无目的search了
签名被屏蔽
回复

使用道具 举报

您需要登录后才可以回帖 登录 | 注册

本版积分规则



诚聘英才|移动端|Archiver|版权声明|大家论坛 ( 京ICP备06071611号,京公网安备11010802018363号 )

GMT+8, 2018-6-19 06:31 , Processed in 0.261731 second(s), 25 queries .

Powered by Discuz!

© Comsenz Inc.

快速回复 返回顶部 返回列表