Red Hat Linux: Amministrazione della Rete e della Sicurezza

OBIETTIVI:

In questo corso verranno trattati sia il sistema operativo Red Hat Linux che la configurazione dei servizi di rete e relativa sicurezza. Verranno presentati, con senso critico e imparzialità, i vantaggi e gli svantaggi del sistema. Nel corso verranno trattati anche argomenti più specifici e mirati da un pubblico più tecnico e competente, affrontando sia le nozioni di base relative alla sicurezza dei sistemi o a quali siano i mezzi più comuni per attaccarli sia concetti più complessi come ad esempio la protezione tramite firewall e crittografia.

Al termine del corso il partecipante sarà in grado di:

Configurare i servizi di Networking su Red Hat Linux relativamente al setup dei server di: DNS, Apache, SMB, DHCP, Mail, FTP.

Gestione della sicurezza relativamente agli utenti, al filesystem, alle password, al kernel, ai firewall.

Rispondee ad un tentativo di intrusione

Descrizione degli elementi di sicurezza



PREREQUISITI:

Al partecipante sono richieste conoscenze di Amministrazione di Sistema Linux acquisibili frequentando il corso "Red Hat Linux: Amministrazione del Sistema" o conoscenze equivalenti.

AGENDA:

Domain Name Service with BIND

DNS Features

Internet DNS Hierarchy

Zone Authoritative Name Server Hierarchy

Client-Side DNS Operation

Berkeley Internet Name Domain (BIND)

Configuring BIND

Configuration File Basics

Cache Only Name Service

Round Robin Load Sharing Through DNS

BIND Utilities

Lab: Introduction to DNS through BIND 8

2 SAMBA

SAMBA Introduction

SAMBA History

SAMBA Services

SAMBA Servers

Configuring SAMBA

Overview of smb.conf Sections

Configuring File and Directory Sharing

Enabling WINS Support

Printing to the Samba Server

Authentication Methods

Configuration Test Tool

SAMBA Client Tools: smbclient

SAMBA Client Tools: nmblookup

Linux-Exclusive Features: smbmount

Linux-Exclusive Features: SAMBA mounts in /etc/fstab

Working with Encrypted Passwords

Passwords

Using Encrypted Passwords in SAMBA

Working with Unencrypted -Passwords in Windows

Network Information Service (NIS)

NIS Overview

NIS History

NIS Servers and Clients

NIS Server Topological Overview

Configuring a NIS Master or Slave Server

/etc/nsswitch.conf
Configuring a Master Server

Configuring a Slave Server

Debugging NIS with rpcinfo

NIS Client-Side Basics

Client-Side NIS Configuration

Client Configuration using authconfig

Client- Side Tools

Lightweight Directory Access Protocol (LDAP)

LDAP Support in Red Hat Linux

LDAP Configuration

4 Mail Delivery with sendmail

sendmail Overview

sendmail Features

Security and "Anti-Spam" Features

An e-mail Review

Simple Operational Overview

Main Configuration Files

Other Configuration Files

Client Configuration

Configuration with the m4 Macro Language

sendmail m4 Macro File: Introduction

sendmail m4 Macro File: Features

Other Valuable m4 directives

Advanced /etc/mail Fles

/etc/mail/virtusertable

/etc/mail/access

Blacklisting Recipients

Debugging sendmail

procmail Local Delivery

procmail Simple Configuration

Apache: Serving the World Wide Web

Apache Overview

Apache Features

Apache Configuration

Apache Server Configuration

Apache Configuration: Virtual Hosts Example

Apache Namespace Configuration

Using .htaccess Files

NFS, ftpd, DHCP and pppd

FTP

NFS File Sharing

NFS Server

Client-Side NFS

Red Hat Linux Network Installation Server

DHCP Overview

Setting up a DHCP Server

DHCP Configuration Example

7 Introduction to Security

Security Defined

Basic Security Implementation

Definitions of Common Terms

Common Security Breaches

Physical Security

Single User Mode with LILO

Boot Load Security with LILO

Basic Network Security

Securing and Fine Tuning Network Services

Securing Network Services - Client/Server Packages

Security Policy

Backup Policies

Local User Securit

Securing User Accounts

Introducing Authentication with PAM

PAM Configuration Files

PAM Application Configuration: File Syntax

PAM Central Configuration

Restricting Root Logins

Restricting User Login: the Flexible Way

Restricting User Login: Keeping out Everyone

Restricting User Login: by Time

Allowing Console Users Root Privileges with sudo

Monitoring the Local System

Files and Filesystem Security

Set User and Group ID Permissions

Additional File Modes

Typical Problematic Permissions

House Cleaning: Files and Directories

Data Integrity with tripwire

Configuring tripwire

10 Password Security and Encrypted Communications

The Need for Encryption

Cryptographic Building Blocks

Symmetric Encryption

Asymmetric Encryption

Applications: RPM

Public Key Infrastructures

Digital Certificates

Generating digital Certificates

Applications: openssh

Applications: stunnel

Display Security

Process Security and System Monitoring

Monitoring and Limiting Processes

Monitoring Processes with top

Monitoring Processes Graphically

Limiting Processes

Process Accounting Tools

Using Logs to Monitor Processes

Service-Based Security and Firewall

Types of Firewall

The xinetd daemon

tcp_wrappers

tcp_wrappers Syntax

Linus as Router and Masquerader

Static and Dynamic Routes

Firewall diagram

Basic Packet Filtering Firewall Tasks

Pre-Firewall System Check

Compiling the Linux Kernel for Packet Firewalling

Building Packet Firewalls

What is ipchains ?

Path of Packets through the Kernel

Operational Overview of ipchains

Basic Chain Handling

Simple ipchains Commands

Building a Firewall with ipchains

IP Masquerading

Enabling Masquerading

Security Tools

Host Auditing Tools

Packet Sniffers

Using tcpdump to Monitor Traffic

tcpdump Options

Network Monitoring Tools

NOTE:

Dettagli

Calendario

19/02/2007 Roma

17/04/2007 Roma

15/10/2007 Roma

19/11/2007 Roma

DURATA

4 gg

PREZZO

1380 Euro

LINGUA

ITA

TIPO DI CORSO

DESTINATARI

- Amministratori di sistema

- Sviluppatori