GL510:Enterprise Linux Network Security

Mål

This extremely popular class focuses on network security, and makes an excellent companion class to the GL550: Enterprise Linux Security Administration course. After a detailed discussion of the TCP/IP suite component protocols and ethernet operation, the student practices using various tools to capture, analyze, and generate IP traffic. Students then explore the tools and techniques used to exploit protocol weaknesses and perform more advanced network attacks. After building a thorough understanding of network based attacks, course focus shifts to the defensive solutions available. Students install, configure, and test two of the most popular and powerful NIDS solutions available. Finally, students create a Linux based router / firewall solution, including advanced functionality such as NAT, policy routing, and traffic shaping.

Förkunskaper

Since the tools used in class are compiled and run on a Linux system, Linux or UNIX system experience is helpful, but not necessary. A solid background in networking concepts will greatly aid in comprehension.

DAY 1
Ethernet and IP Operation
TCP/IP Protocol vulnerability analysis (Layer 2/3)
Tools for frame capture, analysis, and creation Tools for packet capture, analysis, and creation
IP and ARP Vulnerability Analysis
ARP spoofing, IP address spoofing, ICMP abuse
Protecting against IP abuse
ARP cache poisoning defense

DAY 2
UDP/TCP Vulnerability Analysis
TCP format, state, and operations
SYN attack, sequence guessing, hijacking
TELNET Protocol Vulnerability Analysis
FTP Vulnerability Analysis
Bounce attack, port stealing, brute-force
HTTP Vulnerability Analysis
Attacks on file and pathnames
Header spoofing
Auth credentials and cookies
DNS Protocol Vulnerability Analysis

DAY 3
SSH Protocol Vulnerability Analysis
Insertion attack, brute force, CRC attack
Host authentication bypass
HTTPS Vulnerability Analysis
SSL protocol structure
Intercepted key exchange
Version rollback attack
Remote O/S detection
TCP/IP stack fingerprinting
Attacks and Basic Attack Detection
Sources of attack
Denial of service attacks
Remote intrustion expoits
Attack detection tools

DAY 4
Intrusion Detection Technologies
Host, network, hybrid IDS
Honeypots
Focused Monitors
Using snort
Advanced snort Configuration
snort addons
Writing snort Rules
ACID and SnortCenter

DAY 5
Linux as a router
Types of firewalls
Proxies: squid
Packet filters: stateless and stateful
Firewall limitations
Configuring iptables
NAT and PAT on Linux
Advanced policy routing