Course Description
The GL275 is an expansive course that covers a wide range of network services useful to every organization. Special attention is paid to the concepts needed to implement these services securely, and to the trouble-shooting skills which will be necessary for real-world administration of these network services. Like all Guru Labs courses, the course material is designed to provide extensive hands-on experience. Topics include: Security with SELinux and Netfilter, DNS concepts and implementation with Bind; LDAP concepts and implementation using OpenLDAP; Web services with Apache; FTP with vsftpd; caching, filtering proxies with Squid; SMB/CIFS (Windows networking) with Samba; and e-mail concepts and implementation with Postfix combined with either Dovecot or Cyrus.
Agenda
Securing Services
1. Xinetd
2. Xinetd Connection Limiting and Access Control
3. Xinetd: Resource limits, redirection, logging
4. TCP Wrappers
5. The /etc/hosts.allow & /etc/hosts.deny Files
6. /etc/hosts.{allow,deny} Shortcuts
7. Advanced TCP Wrappers
8. Basic Firewall Activation
9. Netfilter: Stateful Packet Filter Firewall
10.Netfilter Concepts
11.Using the iptables Command
12.Netfilter Rule Syntax
13.Targets
14.Common match_specs
15.Connection Tracking
16.AppArmor
17.SELinux Security Framework
18.Choosing an SELinux Policy
19.SELinux Commands
20.SELinux Booleans
21.Graphical SELinux Policy Tools
2. DNS Concepts
1. Naming Services
2. DNS – A Better Way
3. The Domain Name Space
4. Delegation and Zones
5. Server Roles
6. Resolving Names
7. Resolving IP Addresses
8. Basic BIND Administration
9. Configuring the Resolver
10.Testing Resolution
3. Configuring BIND
1. BIND Configuration Files
2. named.conf Syntax
3. named.conf Options Block
4. Creating a Site-Wide Cache
5. rndc Key Configuration
6. Zones In named.conf
7. Zone Database File Syntax
8. SOA – Start of Authority
9. A & PTR – Address & Pointer Records
10.NS – Name Server
11.CNAME & MX – Alias & Mail Host
12.Abbreviations and Gotchas
13.$ORIGIN and $GENERATE
4. Creating DNS Hierarchies
1. Subdomains and Delegation
2. Subdomains
3. Delegating Zones
4. in-addr.arpa. Delegation
5. Issues with in-addr.arpa.
6. RFC2317 & in-addr.arpa.
5. Advanced BIND DNS Features
1. Address Match Lists & ACLs
2. Split Namespace with Views
3. Restricting Queries
4. Restricting Zone Transfers
5. Running BIND in a chroot jail
6. Dynamic DNS Concepts
7. Allowing Dynamic DNS Updates
8. DDNS Administration with nsupdate
9. Common Problems
10.Common Problems
11.Securing DNS With TSIG
6. LDAP Concepts and Clients
1. LDAP: History and Uses
2. LDAP: Data Model Basics
3. LDAP: Protocol Basics
4. LDAP: Applications
5. LDAP: Search Filters
6. LDIF: LDAP Data Interchange Format
7. OpenLDAP Client Tools
8. Alternative LDAP Tools
7. OpenLDAP Servers
1. Popular LDAP Server Implementations
2. OpenLDAP: Server Architecture
3. OpenLDAP: Backends
4. OpenLDAP: Replication
5. OpenLDAP: Configuration Options
6. OpenLDAP: Configuration Sections
7. OpenLDAP: Global Parameters
8. OpenLDAP: Database Parameters
9. OpenLDAP Server Tools
10.Enabling LDAP-based Login
11.System Security Services Daemon (SSSD)