Školení: SC-345
Solaris[tm] OE Network Intrusion Detection
Nejbližší termíny:
Kurz není v nejbližší době naplánován.
Kontaktujte nás a pokusíme se Vám vyjít vstříc.
Podrobnosti:
The Solaris Operating System Network Intrusion Detection course provides students with the knowledge and skills necessary to perform the advanced administration skills required to firewall, monitor, log, identify and respond to network security breaches.Students who can benefit from this course:Experienced System Administrators and Security Administrators who are tasked with protecting Sun Solaris systems in a non-trusted environment such as the Internet or a LAN environment with multiple unknown/untrusted users
Vstupní předpoklady:
- Configuring Security on the Solaris 10 Operating System (SC-301-S10)
- Configure Solaris logging daemons like syslog
- Install, configure, and maintain a Solaris product line server
- Install open source utilities like tcpdump and libpcap
- Configure a Solaris NIC for LAN and Internet access
- Have a firm understanding of the TCP/IP protocol stack and IP routing
Co se u nás naučíte:
- Identify and protect against design flaws in standard networking protocols (such as TCP, UDP, IP, ICMP, SSL, SSH, HTTP and ARP)
- List possible ways that an intruder can gather information about a server or a whole network
- Describe all types of network based security attacks like SYN/ACK attack, man-in-the-middle attack, ARP spoofing, session hijacking and Buffer Overflow attacks
- Install a Network Intrusion Detection System and a host-based firewall
- Identify, in real time, a network security breach and respond
Osnova:
Ethernet and IP Operation
- Review OSI network model
- Review application and network service layers
- Identify Ethernet security issues
- Review IPv4 addressing
- Understand IP fragmentation
- Identify ICMP security issues
- Implement basic traffic capture and analysis
IP and ARP Vulnerability Analysis
- Identify IP security issues
- Describe IP routing and routing protocol security
- Protect against IP abuse
- Identify ARP security issues
- Execute attacks against ARP
- Protect against ARP abuse
- Implement advanced packet capture and analysis
UDP/TCP Protocol and TELNET Vulnerability Analysis
- Discuss characteristics of UDP and TCP
- Identify TCP security issues
- Describe common TCP abuses: SYN attack, sequence guessing, connection hijacking
- Discuss characteristics of TELNET
- Identify TELNET security issues
- Execute attacks on TCP and TELNET
- Protect against TCP and TELNET abuse
FTP and HTTP Vulnerability Analysis
- Describe FTP transfer methods and modes and identify FTP security issues
- Describe common FTP abuses: FTP bounce attack, port stealing, brute force
- Discuss characteristics of HTTPv1.1
- Describe role of HTTP proxy servers and HTTP authentication
- Identify HTTP security issues
- Describe common HTTP abuses: path name stealing, header spoofing, proxy poisoning
- Execute attacks on FTP and HTTP
- Protect against FTP and HTTP abuse
DNS Vulnerability Analysis
- Discuss characteristics of DNS
- Identify DNS security issues
- Describe common DNS abuses: DNS spoofing, DNS cache poisoning, unauthorized zone transfers
- Execute attacks on DNS
- Protect against DNS abuse
SSH and HTTPS Vulnerability Analysis
- Discuss characteristics of SSH
- Describe differences between SSH1 and SSH2 protocol
- Identify SSH security issues
- Describe common SSH abuses: insertion attack, brute force attack, CRC compensation attack
- Describe characteristics HTTPS (SSL)
- Discuss other SSL enabled protocols
- Describe common SSL abuses: man-in-the-middle and version rollback attack
Remote Operating System Detection
- Use standard system commands and exploit default settings to guess remote operating systems
- Use open source utilities to guess remote operating systems by scanning open ports
- Describe TCP/IP stack fingerprinting
- Install and use nmap for remote OS detection
Network Attack Techniques and Basic Attack Detection
- Identify sources of network attacks
- Discuss methods of intrusion
- Describe common network attacks: denial-of-service, software buffer overflow, poor system configuration, password guessing/cracking
- Describe a typical intrusion scenario
- Introduce the concept of an Intrusion Detection System (IDS)
- List some of the most popular IDS tools: Klaxon, Portsentry, snort
- Implement basic scan detection
- Implementing Intrusion Detection Technologies
Identify the difference between host based and network based IDS
- Discuss different types of IDS implementation: hybrid NIDS and honeypots
- Describe core components of a NIDS using the snort NIDS
- Compile and install the snort NIDS
Advanced NIDS Configuration
- Discuss advanced snort features like "real time response" and snort log monitors
- Install a database (mysql) to log snort alerts
- Install the graphical user interfaces (GUI) Demarc and ACID to better interpret snort logs by querying the snort database
- Generate outside attacks that trigger snort alerts
- Interpret GUI snort monitors to identify attacks
Writing snort rules
- Describe the different components of a snort rule
- Configure different snort rule options
- Write custom snort rules to watch for specific traffic patterns
- Execute attacks against custom snort rules and interpret GUI snort monitors to identify attacks
Solaris Routing
- List requirements for a Solaris host to be a router
- Implement a Solaris host as a router
- Use the ndd utility to secure a Solaris router
Solaris Firewalls
- Describe different types of Solaris firewalls: application firewalls and packet filters
- Identify two of the most common Solaris firewall products: Sunsceen Lite and IPfilter
- Learn firewall policy basics
- Write firewall rules for network or host based firewalls
- Install an IPfilter firewall on a Solaris host
Solaris Network (NAT) and Port Translation (PAT)
- Describe NAT and PAT concepts
- Implement NAT to secure a private network behind a Solaris firewall