|
These classnotes are depreciated. As of 2005, I no longer teach the classes. Notes will remain online for legacy purposes
Classnotes | RecentChanges | Preferences
Instructor: Sam Hart (hart@physics.arizona.edu)
The general homepage for this course is http://www.geekcomix.com/classnotes/
This course will introduce the student to major concepts and techniques involved in securing a Unix server or workstation. Linux is used as the learning environment, but concepts will be applicable to all Unix environments. The book for this course is "Real World Linux Security" by Bobn Toxen (with associated website, http://realworldlinuxsecurity.com/)..
These classnotes are organized by topic. More often than not, these topics will also coincide with particular days in the class. The topics will be presented in the following order:
DAY ONE
- General System Security Introduction
- /On Terminology
- /Myths of Unix Security
- /Security Versus Obscurity
- /Moving to Rings of Security
- The Seven Most Deadly Sins (pp. 27-41)
- 1: /Weak and Default Passwords
- PROJECT: /Scan for Weak Passwords
- 2: /Open Network Ports
- PROJECT: /Turn Off Unneeded Services
- 3: /Old Software Versions
- 4: /Insecure and Badly Configured Programs
- 5: /Insufficient Resources and Misplaced Priorities
- 6: /Stale and Unnecessary Accounts
- 7: /Procrastination
- PROJECT: [/Replace Weak Doors with Brick]?
- Common Weaknesses
- /Permission Problems
- /Kernel Protocol Switches
- PROJECT: /Kernel Protocol Switches at Boot
- /X Server Security
- /Physical Security
- [/Secure Deletion]?
- [/Destroying Old Confidential Data In Free Blocks]?
- /Watching bash
- /Executing Stealth Commands
- /Pluggable Authentication Modules
- PROJECT : /Enable Stronger Passwords
DAY TWO
- SAMBA Security
- /SAMBA Review
- /SAMBA Versions
- /Securing smb.conf
- /Securing smbpasswd
- /Other SAMBA Security
- /ACL and SAMBA
- PROJECT /Configure SAMBA Securely
- SPAM and Viruses
- /Why worry about Spam?
- /Realtime Blackhole Lists are bad
- /Sendmail Security
- Setting up an Anti-Spam Gateway - Part I: The Tools
- /Postfix
- /Procmail
- /amavisd-new
- /SpamAssassin
- /DCC - Distributed Checksum Clearinghouse
- /Vipul's Razor
- Setting up an Anti-Spam Gateway - Part II: The Procedure
- /Overview of System
- /Install Components and Setup Users
- /Configure Postfix
- /Configure SpamAssassin
- /Configure Razor
- /Configure DCC
- /Configure Amavisd
- /Bayesian Learning Script
- Adding Anti-Virus Protection
- /Overview of AV Software For Linux
- /Sophos For Linux
- /Sophie - Quick Attachment Scanning
- /Integrating Sophie With Amavisd
- /Install Sophos
- /Install Sophie
- /Configure Amavisd for Sophie
- /Add Sophie to init
DAY THREE
- /Ports and Permissions
- Apache Security
- /Apache Review
- /Server Side Includes and Script Issues
- /Securing Apache Configuration
- /Special Techniques for Web Servers Part 1
- /Special Techniques for Web Servers Part 2
- /CGI Scripts and Programs
- Hardenning Apache
- PROJECT: /Harden Apache
- /Introduction to WPoison
- PROJECT: /Install WPoison
- PROJECT: /Set up detection for defaced web pages
- FTP Security
- /Introduction to WU-FTPD
- Chrooting FTP for Guest Access
- /Kinds of FTP Accounts
- /Chroot setup in passwd
- /Create home directory
- /Populate home directory
- /Build Contents of bin
- /Build Contents of etc
- /Extra Security Touches
- /Limitting Login
- Monitoring System Logs
- /Scanning and monitoring system logs
- LOGROTATE
- /Introduction to Logrotate
- /Configuring Logrotate
- LOGCHECK
- /Introduction to Logcheck
- /Configuring Logcheck
- LOGWATCH
- /Introduction to Logwatch
- /Configuring Logwatch
- /AWStats Introduction
- PROJECT : /Install AWStats
- Establishing Security Policies
- Homework: Read Chapter 7
DAY FOUR
- Hardening Your System - Part I: Firewalling
- /Packet FIltering Basics
- /Firewalling Terminology
- /ipchains and iptables - Small history of filtering under Linux
- IPCHAINS
- /Introduction to IPChains
- /IPChains Commands
- IPTABLES
- /Introduction to IPTables
- /IPTables advantages - disadvantages over IPChains
- /IPTables- Fact and Myth
- /IPTables Commands
- /IPTables Firewall Scripts
- PROJECT: Firewall off key ports
- /Firewall SAMBA
- /Firewall SOHO
- TCPWrappers
- /Introduction to TCPWrappers
- /TCPWrappers usage
- /TCPWrappers advanced usage
- PROJECT: Adaptive Firewall
- /Introduction to Adaptive Firewall
- /Overview of Firewall System
- /Install Scripts
- /Configure Firewall
- /Test Firewall
- Scanning Your Own System
- /Introduction to nmap
- /nmap Usage
- PROJECT: /Test Neighbors Firewall
DAY FIVE
- /A Review
- Linux Encryption
- /Overview of Linux Encryption Options
- /Kernel Space Encryption
- /Encryption with aespipe
- PROJECT : /Encrypt an archive
- Monitoring Activity
- Snort IDS
- /Introduction to Snort
- /Snort Install
- /Snort Usage
- /Snort Configuration
- Shadow
- /Introduction to Shadow
- Trapping the Intruder
- /Honeypots and Tarpits
- /Introduction to thp
- /Configuring thp
- PROJECT /Setup Tiny Honeypot with Snort
- /Introduction to TripWire
- PROJECT /Setup Logcheck and TripWire
- /Monitoring Attacks with Ethereal
- Regaining Control
- /General behavior
- /Backing up the system
- /Forensics analysis
- /Handling Running Cracker's Processes
- /Emergency Shutdown
- /Booting Read Only
- PROJECT : /Regain Control
| 
