KnowledgeStep: Network Security

Course GL510: Network Security

Return to Linux Security Course List

Start Date End Date Price Location Register
No scheduled dates - call for info $  


















This extremely popular class focuses on network security, and makes an excellent companion class to the GL550: Enterprise Linux Security Administration course. After a detailed discussion of the TCP/IP suite component protocols and ethernet operation, the student practices using various tools to capture, analyze, and generate IP traffic. Students then explore the tools and techniques used to exploit protocol weaknesses and perform more advanced network attacks. After building a thorough understanding of network based attacks, course focus shifts to the defensive solutions available. Students install, configure, and test two of the most popular and powerful NIDS solutions available. Finally, students create a Linux based router / firewall solution, including advanced functionality such as NAT, policy routing, and traffic shaping.

Prerequisites:

Since the tools used in class are compiled and run on a Linux system, Linux or UNIX system experience is helpful, but not necessary. A solid background in networking concepts will greatly aid in comprehension. This is an intense class that covers many topics. If you are unsure if you meet the prerequisites, please speak with a Guru Labs' representative.

Supported Distributions:
Fedora Core 1
Red Hat Enterprise Linux 3
Recommended Class Length:
5 days
Detailed Course Outline:
  • Ethernet and IP Operation
    • OSI Network Model
    • Application Layers
    • Network Services Layers
    • Moving Data Through The Stack
    • Data Link Layer Format
    • Ethernet Operation
    • Hub and Switch Operation
    • Ethernet Security Issues
    • Detecting Promiscuous NICs
    • Network Packet Capture
    • tcpdump
    • Ethereal
    • IPv4
    • IP Addressing
    • Differentiated Services
    • IP Fragmentation
    • Path MTU Discovery
    • ARP
    • ICMP
    • ICMP Redirects
    • Important ICMP Messages
    • ICMP Security Issues
    • Protecting Against ICMP Abuse
    Lab Tasks
    • Basic Traffic Generation, Capture, and Analysis
    • Capturing and analyzing ARP traffic
    • Capturing and analyzing ICMP echo, unreachable, and redirect messages
    • Exploring traffic capture utilities
  • IP And ARP Vulnerability Analysis
    • IP Security Issues
    • IP Routing
    • Routing Protocol Security
    • Protecting Against IP Abuse
    • ARP Security Issues
    • Cache Poisoning with ARP Replies
    • Cache Poisoning with ARP Requests
    • ARP Cache Poisoning Defense
    Lab Tasks
    • Advanced Traffic Generation, and Capture
    • Learning to forge headers
    • Using ARP cache 'poisoning'
    • Discovering promiscuous mode
  • UDP/TCP Protocol and TELNET Vulnerability Analysis
    • User Datagram Protocol
    • UDP Segment Format
    • Transmission Control Protocol
    • TCP Segment Format
    • TCP Port Numbers
    • TCP Sequence / Acknowledgment #'s
    • TCP Three-way Handshake
    • TCP Window Size
    • The TCP State Machine
    • The TCP State Transitions
    • TCP Connection Termination
    • TCP SYN Attack
    • TCP Sequence Guessing
    • TCP Connection Hijacking
    • Telnet
    • Telnet Concepts - Options, Commands,
    • Security Concerns
    Lab Tasks
    • Attacks on TCP
    • Using forged packets to slow and kill TCP sessions
    • Monitoring and hijacking a telnet session
  • FTP And HTTP Vulnerability Analysis
    • FTP Modes
    • Transfer Methods
    • Security Concerns
    • The Bounce Attack
    • Minimizing Risk
    • FTP - Port Stealing
    • Brute-force Attacks
    • Access Restriction
    • HTTPv1.1
    • HTTP Protocol Parameters
    • HTTP Message
    • HTTP Request/Method Definitions
    • Response/Status Codes
    • Proxies
    • Authentication
    • Security Concerns
    • Personal Information
    • Attacks On File and Path Names
    • Header Spoofing
    • Auth Credentials and Idle Clients
    • Proxy Servers
    Lab Tasks
    • Attacks on FTP and HTTP
    • Using dsniff
    • Using urlsnarf and webspy
  • DNS Protocol Vulnerability
    • Analysis
    • DNS
    • DNS Basic Concepts and Terms
    • DNS Resolution
    • DNS Zone Transfers
    • DNS Spoofing
    • DNS Cache Poisoning
    • DNS Security Improvements
    Lab Tasks
    • Attacks on DNS
    • Using dnsspoof
    • Using forged DNS responses
  • SSH and HTTPS Protocol Vulnerability Analysis
    • SSH Concepts
    • Initial Connection
    • Protocols
    • SSH1
    • SSH2
    • Encryption Vulnerabilities
    • SSH Vulnerabilities
    • SSH1 Insertion Attack
    • SSH Brute Force Attack
    • SSH1 CRC Compensation Attack
    • Bleichenbacher Oracle
    • SSH1 Session Key Recovery
    • Client Authentication Forwarding
    • Host Authentication Bypass
    • X Session Forwarding
    • HTTPS Protocol Analysis
    • SSL Enabled Protocols
    • SSL protocol
    • SSL Layers
    • The SSL Handshake
    • SSL Vulnerabilities
    • Intercepted Change Cipher Spec
    • Intercepted Key Exchange
    • Version Rollback Attack
    Lab Tasks
    • HTTPS and SSH
    • Performing a man-in-the-middle attack
    • Performing a timing and packet length attack
  • Remote Operating System
    • Detection
    • OS Detection
    • Banners
    • Commands
    • Less-direct Approaches
    • TCP/IP Stack Fingerprinting
    • Remote Fingerprinting Apps
    • nmap
    Lab Tasks
    • Using the Nmap utility network sweep scans
    • Using Nmap for scans on a host
    • Using Nmap for TCP/IP fingerprinting
  • Attacks and Basic Attack Detection
    • Sources of Attack
    • Denial-of-Service Attacks
    • Methods of Intrusion
    • Exploit Software Bugs
    • Exploit System Configuration
    • Exploit Design Flaws
    • Password cracking
    • Typical Intrusion Scenario
    • Intrusion Detection
    • IDS Considerations
    • Attack Detection Tools
    • Klaxon
    • PortSentry
    • PortSentry Design
    • Snort
    Lab Tasks
    • Basic Scan Detection
    • Examining standard system logs and statistics
    • Configuring PortSentry for logging port scans from nmap
    • Configuring PortSentry for active response to port scans
  • Intrusion Detection Technologies
    • Intrusion Detection Systems
    • Host Based IDS
    • Network Based IDS
    • Network Node IDS
    • File Integrity Checkers
    • Hybrid IDS
    • Honeypots
    • Focused Monitors
    • Snort Architecture
    • Snort Detection Rules
    • Snort Logs and Alerts
    • Snort Rules
    Lab Tasks
    • Exploring Snort
    • Installing snort
    • Testing Snort for Nmap scans
    • Examining network traffic in decoded text format
    • Capturing all network packets
    • Using ethereal
    • Logging to SYSLOG
  • Advanced Snort Configuration
    • Advanced Snort Features
    • Snort Add-ons
    • ACID Web Console
    • The ACID Interface
    • SnortCenter Management
    Lab Tasks
    • Snort Tools
    • Setting up a new database for snort
    • Configuring snort with database
    • Configuring ACID analysis tool
    • Configuring SnortCenter
    • Configuring the Linux SnortCenter Sensor Agent
  • Snort Rules
    • Snort Rules Format
    • Snort Rules Options
    • Writing Snort Rules
    • Example Rules
    Lab Tasks
    • Custom Snort Rules
    • Capturing packets from exploit
    • Writing a custom rules for snort
    • Verifying exploit detection
  • Linux and Static Routing
    • Linux As a Router
    • Linux Router Minimum Requirements
    • Router Focused Distributions
    • Router Specific Settings
    Lab Tasks
    • Static Routing
    • Configuring a host router
    • Configuring anti-spoofing protection
  • Linux Firewalls
    • Types of Firewalls
    • Application Firewalls:TCP Wrappers
    • Application Firewalls: Squid
    • Packet Filter: ipchains
    • Stateful Packet Filter: iptables
    • Firewall Topology
    • Recommended Firewall Rules
    • Firewall Limitations
    • iptables Concepts
    • Using iptables
    • Advanced iptables Actions
    • iptables: A More Secure Approach
    Lab Tasks
    • Iptables
    • Filtering traffic
    • Logging traffic
  • Network and Port Address
    • Translation
    • Address Translation
    • Configuring NAT and PAT
    • NAT Limitations
    • Security Using NAT and PAT
    • Detecting NAT
    Lab Tasks
    • NAT
    • Performing SNAT
    • Configuring DNAT
    • Configure a 1 to 1 IP mapping
  • IP Policy Routing
    • Advanced Routing
    • Replacing ifconfig with ip
    • Replacing route and arp
    • Policy Routing
    • Linux Policy Routing
    • Linux Policy Routing Rules
    Lab Tasks
    • Marking packets based on protocol
    • Routing telnet and ssh packets
    • Routing using tcpdump