LinuxCBT Basic Security Edition d3x

Focus: Foundational Security Techniques
Duration: 16 Hours

Course Objective
Basic Security - Module I

Boot Security
Explore Dell PowerEdge BIOS Security-related features
Discuss concepts & improve Dell PowerEdge BIOS security
Explain run-time boot loader vulnerabilities
Explore single-user mode (rootshell) and its inherent problems
Modify default GRUB startup options & examine results
Secure boot loader using MD5 hash
Identify key startup-related configuration files & define boot security measures
Identify key boot-related utilities
Confirm expected hardware configuration
Discuss INIT process, runlevel configuration & concepts
Explore & tighten the security of the INIT configuration

Shell Security
Confirm expected applications
Discuss Teletype Terminals (TTYs) and Pseudo Terminals (PTS)
Identify common TTYs and PTSs
Track current TTYs and PTSs - character devices
Discuss concepts related to privileged and non-privileged use
Restrict privileged login
Use SSH and discuss TTYs
Discuss the importance of consistent system-wide banners & messages
Define and configure system banners for pre and post-system-access
Identify user-logon history and correlate to TTYs
Identify current user-connections - console-based and network-based
Use lsof to identify open files and sockets

Syslog Security
Discuss Syslog concepts and applications
Explain Syslog semantics - facilities & levels - message handling & routing
Focus on security-related Syslog facilities
Examine security logs managed by Syslog
Configure Network Time Protocol (NTP) on interesting hosts
Secure NTP configuration
Ensure time consistency to preserve log-integrity
Configure Syslog replication to preserve log-integrity
Identify log discrepancies between Syslog hosts

Reconnaissance & Vulnerability Assessment Tools
Discuss Stage-1 host/network attack concepts
Upgrade NMAP reconnaissance tool to increase effectiveness
Identify NMAP files
Discuss TCP handshake procedure
Discuss half-open/SYN connections
Perform connect and SYN-based host/network reconnaissance
Identify potential vulnerabilities on interesting hosts derived from reconnaissance
Examine NMAP logging capabilities
Perform port sweeps to identify common vulnerabilities across exposed systems
Secure exposed daemons/services
Perform follow-up audit to ensure security policy compliance
Discuss vulnerability scanner capabilities and applications
Prepare system for Nessus vulnerability scanner installation - identify/install dependencies
Generate self-signed SSL/TLS certificates for secure client/server communications
Activate Nessus subscription, server and client components
Explore vulnerability scanner interface and features
Perform network-based reconnaissance attack to determine vulnerabilities
Examine results of the reconnaissance attack and archive results
Secure exposed vulnerabilities

XINETD - TCPWrappers - Chattr - Lsattr - TCPDump - Clear Text Daemons
Install Telnet Daemon
Install Very Secure FTP Daemon (VSFTPD)
Explore XINETD configuration and explain directives
Configure XINETD to restrict communications at layer-3 and layer-4
Restrict access to XINETD-protected daemons/services based on time range
Examine XINETD logging via Syslog
Discuss TCPWrappers security concepts & applications
Enhance Telnetd security with TCPWrappers
Confirm XINETD & TCPWrappers security
Discuss chattr applications & usage
Identify & flag key files as immutable to deter modifcation
Confirm extended attributes (XATTRs)
Discuss TCPDump applications & usage
Configure TCPDump to intercept Telnet & FTP - clear-text traffic
Use Ethereal to examine & reconstruct captured clear-text traffic

Secure Shell (SSH) & MD5SUM Applications
Use Ethereal to examine SSH streams
Generate RSA/DSA PKI usage keys
Configure Public Key Infrastructure (PKI) based authentication
Secure PKI authentication files
Use SCP to transfer files securely in non-interactive mode
Use SFTP to transfer files securely in interactive mode
Configure SSH to support a pseudo-VPN using SSH-Tunnelling
Discuss MD5SUM concepts and applications
Compare & contrast modified files using MD5SUM
Use MD5SUM to verify the integrity of downloaded files

GNU Privacy Guard (GPG) - Pretty Good Privacy (PGP) Compatible - PKI
Discuss GPG concepts & applications - symmetric/asymmetric encryption
Generate asymmetric RSA/DSA GPG/PGP usage keys - for multiple users
Create a local web of trust
Perform encrypts/decrypts and test data-exchanges
Sign encrypted content and verify signatures @ recipient
Import & export public keys for usage
Use GPG/PGP with Mutt Mail User Agent (MUA)

AIDE File Integrity Implementation
Discuss file-integrity checker concepts & applications
Identify online repository & download AIDE
Install AIDE on interesting hosts
Configure AIDE to protect key files & directories
Alter file system objects and confirm modifications using AIDE
Audit the file system using AIDE

Rootkits
Discuss rootkits concepts & applications
Describe privilege elevation techniques
Obtain & install T0rnkit - rootkit
Identify system changes due to the rootkit
Implement T0rnkit with AIDE to identify compromised system objects
Implement T0rnkit with chkrootkit to identify rootkits
T0rnkit - rootkit - cleanup
Implement N-DU rootkit
Evaluate system changes

Bastille Linux - OS-Hardening
Discuss Bastille Linux system hardening capabilities
Obtain Bastille Linux & perform a system assessment
Install Bastille Linux
Evaluate hardened system components

NPING - Flexible Packet Crafting
Discuss benefits
Download and install
Explore typical usage

Nikto - Web Server Vulnerability Scanner
Download and install
Discuss configuration options
Scan web servers
Evaluate results