|
This extremely popular class focuses on network
security, and makes an excellent companion class to the
GL550: Enterprise
Linux Security Administration course.
After a detailed discussion of the TCP/IP suite component protocols and
Ethernet operation, the student practices using various tools to
capture, analyze, and generate IP traffic. Students then explore the
tools and techniques used to exploit protocol weaknesses and perform
more advanced network attacks. After building a thorough understanding
of network based attacks, course focus shifts to the defensive solutions
available. Students install, configure, and test one of the most popular
and powerful NIDS solutions available. Finally, students create a Linux
based router / firewall solution, including advanced functionality such
as NAT, policy routing, and traffic shaping.
Prerequisites: Since the tools used in class are compiled and run on a
Linux system, Linux or UNIX system experience is helpful, but not
necessary. A solid background in networking concepts will greatly aid
incomprehension. This is an intense class that covers many topics.
Ethernet and IP Operation
·
OSI
Network Model
·
Application Layers
·
Network
Services Layers
·
Moving
Data Through the Stack
·
Data Link
Layer Format
·
Ethernet
Operation
·
Hug and
Switch Operation
·
Ethernet
Security Issues
·
Detecting
Promiscuous NICs
·
Network
Packet Capture
·
tcpdump
·
Ethereal
·
IPv4
·
IP
Addressing Differentiated Services
·
IP
Fragmentation
·
Path MTU
Discovery
·
ARP
·
ICMP
ICMP Redirects
·
Important
ICMP Messages
·
ICMP
Security Issues
·
Protecting
Against ICMP Abuse
IP
and ARP Vulnerability Analysis
·
IP
security Issues
·
IP Routing
·
Routing
Protocol Security
·
Protecting
Against IP Abuse
·
ARP
Security Issues
·
Cache
Poisoning with ARP Replies
·
Cache
Poisoning with ARP Requests
·
ARP Cache
Poisoning Defense
UDP/TCP
Protocol and TELNET Vulnerability Analysis
·
User
Datagram Protocol
·
UDP
Segment Format
·
Transmission Control Protocol
·
TCP
Segment Format
·
TCP Port
Numbers
·
TCP
Sequence/ Acknowledgement #’s
·
TCP
Three-way Handshake
·
TCP Window
Size
·
The TCP
State Machine
·
TCP
Connection Termination
·
TCP SYN
Attack
·
TCP
Sequence Guessing
·
TCP
Connection Hijacking
·
Telnet
·
Telnet
Concepts-Options
·
Telnet
Concepts-Commands
·
Telnet
Security Concerns
FTP
and HTTP Vulnerability Analysis
·
FTP
·
Modes
·
Transfer
Methods
·
Security
Concerns
·
The Bounce
Attack
·
Minimizing
Risk
·
FTP-Port
Stealing
·
Brute-force Attacks
·
Access
Restriction
·
Privacy
·
HTTPv1.1
·
HTTP
Protocol Parameters
·
HTTP
Message
·
HTTP
Request/Method Definitions
·
Response/Status Codes
·
Proxies
·
Authentication
·
Security
Concerns
·
Personal
Information
·
Attacks On
File and Path Names
·
Header
Spoofing
·
Auth
Credentials and Idle Clients
·
Proxy
Servers
DNS
Protocol Vulnerability Analysis
·
DNS
·
DNS Basic
Concepts and Terms
·
DNS
Resolution
·
DNS Zone
Transfers
·
DNS
Spoofing
·
DNS Cache
Poisoning
·
DNS
Security Improvements
SSH
and HTTPS Protocol Vulnerability Analysis
·
SSH
Concepts
·
Initial
Connection
·
Protocols
·
SSH1
·
SSH2
·
Encryptions Vulnerabilities
·
SSH1
Insertion Attack
·
SSH Brute
Force Attack
·
SSH1 CRC
Compensation Attack
·
Bleichenbacher Oracle
·
SSH1
Session Key Recovery
·
Client
Authentication Forwarding
·
Host
Authentication Bypass
·
X Session
Forwarding
·
HTTPS
Protocol Analysis
·
SSL
Enabled Protocols
·
SSL
protocol
·
SSL Layers
·
The SSL
Handshake
·
SSL
Vulnerabilities
·
Intercepted Change Cipher Spec
·
Intercepted Key Exchange
·
Version
Rollback Attack
Remote Operating System Detection
·
OS
Detection
·
Banners
·
Commands
·
Less-direct Approaches
·
TCP/IP
Stack Fingerprinting
·
Remote
Fingerprinting Apps
·
nmap
Attacks and Basic Attack Detection
·
Sources of
Attack
·
Denial-of-Service Attacks
·
Methods of
Intrusion
·
Exploit
Software Bugs
·
Exploit
System Configuration
·
Exploit
Design Flaws
·
Password
Cracking
·
Typical
Intrusion Scenario
·
Intrusion
Detection
·
IDS
Considerations Attack Detection Tools
·
Klaxon
·
PortSentry
·
PortSentry
Design
·
Snort
Intrusion Detection Technologies
·
Intrusion
Detection Systems
·
Host Based
IDS
·
Network
Based IDS
·
Network
Node IDS
·
File
Integrity Checkers
·
Hybrid
NIDS
·
Honeypots
·
Focused
monitors
·
Snort
Architectures
·
Snort
Detection Rules
·
Snort Logs
and Alerts
·
Snort
rules
Advanced Snort Configuration
·
Advanced
snort Features
·
Snort
Add-ons
·
ACID Web
Console
·
The ACID
Interface
·
SnortCenter Management
Snort
Rules
·
Snort
Rules Format
·
Snort
Rules Options
·
Writing
Snort Rules
·
Example
Rules
Linux
and Static Routing
·
Linux As a
Router
·
Linux
Router Minimum Requirements
·
Router
Focused Distributions
·
Router
Specific Settings
|
