Security overview by HC12100103421

VIEWS: 0 PAGES: 70

									               WELCOME
• Who Am I
  Eli Papatestas
  917-226-5582
  epapates@yahoo.com
• Experience
  Computer Hobbyist
  Help Desk
  System & Network Administrator
  Experience & Education
             My expectations
• Come to class prepared
    – Skim the chapters before and after class
    – Test yourself with Sample questions
•   Ask Questions
•   Study on your own
•   Plan on taking the test
•   Learn something new
           What’s in it for You
•   Prepare for Linux + exam
•   Learn new Operating System
•   Vendor Neutral Certification
•   Useful skills
           Testing Objectives
Domain               % of Examination
Installation         19%
Management           26%
Configuration        20%
Security             21%
Documentation        6%
Hardware             8%
Total                100%
                          Installation
•   This domain requires the knowledge and skills to determine
    installation methods, select appropriate settings, protocols and
    software packages, and validate correct performance. This domain
    covers activities as they relate to initial installation of the operating
    system. For example:
•   installing the Apache Web server is covered here, but starting the
    service is covered in Domain 2.0 and changing its configuration is
    covered in Domain 3.0.
•   The candidate is not expected to know how to install a specific
    distribution, but should be familiar with setting used by installers on
    the major distributions. The scope of the exam is limited to software
    and settings common to Linux software from Red Hat, SuSE,
    Mandrake, and TurboLinux. Students will need to know one, not all, of
    these distributions.
•   Candidates must be familiar with systems and peripherals (as well as
    their modules and utilities) used on 32-bit and 64-bit x86-based PCs
    and servers, as of October, 2004. Questions requiring knowledge of
    proprietary software will not be asked.
                       Installation
• 1.1 Identify all system hardware required (for example: CPU,
  memory, drive space, scalability) and check compatibility with Linux
  Distribution
• 1.2 Determine appropriate method of installation based on
  environment (for example: boot disk, CD-ROM, network (HTTP,
  FTP, NFS, SMB))
• 1.3 Install multimedia options (for example: video, sound, codecs)
• 1.4 Identify purpose of Linux machine based on predetermined
  customer requirements (for example:appliance, desktop system,
  database, mail server, web server, etc.)
• 1.5 Determine what software and services should be installed (for
  example: client applications for workstation, server services for
  desired task)
                        Installation
1.6 Partition according to pre-installation plan using fdisk (for example:
   /boot, /usr, /var, /home, swap, RAID/volume, hot-spare, lvm)
1.7 Configure file systems (for example: (ext2) or (ext3) or REISER)
1.8 Configure a boot manager (for example: LILO, ELILO, GRUB,
   multiple boot options)
1.9 Manage packages after installing the operating systems (for
   example: install, uninstall, update) (for example: RPM, tar, gzip)
1.10 Select appropriate networking configuration and protocols (for
   example: inetd, xinetd, modems, Ethernet)
1.11 Select appropriate parameters for Linux installation (for example:
   language, time zones, keyboard, mouse)
1.12 Configure peripherals as necessary (for example: printer, scanner,
   modem)
                Management
• Candidates must be able to demonstrate proficiency
  in everyday management of Linux-based clients and
  basic management of server systems. The six to 12
  month technician is expected to fully support,
  maintain, and troubleshoot Linux-based desktop
  systems. Server management questions will focus
  on day-to-day server operation and basic
  administration.
• The candidate is expected to be able to fully utilize
  vi, manage the Linux system completely from the
  command-line, including permission and user
  account management, and create basic shell scripts.
              Management
2.1 Manage local storage devices and file systems
  (for example:: fsck, fdisk, mkfs) using CLI
  commands
2.2 Mount and unmount varied filesystems (for
  example: Samba, NFS) using CLI commands
2.3 Create files and directories and modify files
  using CLI commands
2.4 Execute content and directory searches using
  find and grep
2.5 Create linked files using CLI commands
                  Management
2.6 Modify file and directory permissions and ownership
   (for example: chmod, chown, sticky bit, octal
   permissions, chgrp) using CLI commands
2.7 Identify and modify default permissions for files and
   directories (for example: umask) using CLI commands
2.8 Perform and verify backups and restores (tar, cpio)
2.9 Access and write data to recordable media (for
   example: CDRW, hard drive, flash memory devices)
2.10 Manage runlevels and system initialization from the
   CLI and configuration files (for example: /etc/inittab and
   init command, /etc/rc.d, rc.local)
                  Management
2.11 Identify, execute, manage and kill processes (for
   example: ps, kill, killall, bg, fg, jobs, nice, renice, rc)
2.12 Differentiate core processes from non-critical services
   (for example: init, [kernel processes], PID, and PPID
   values)
2.13 Repair packages and scripts (for example: resolving
   dependencies, repairing, installing, updating
   applications)
2.14 Monitor and troubleshoot network activity (for
   example: ping, netstat, traceroute)
2.15 Perform text manipulation (for example: sed, awk, vi)
2.16 Manage print jobs and print queues (for example: lpd,
   lprm, lpq, CUPS)
                 Management
2.17 Perform remote management (for example: rsh, ssh,
   rlogin)
2.18 Perform NIS-related domain management (yp
   commands)
2.19 Create, modify, and use basic shell scripts
2.20 Create, modify, and delete user and group accounts
   (for example: useradd, groupadd, /etc/passwd, chgrp,
   quota, chown, chmod, grpmod) using CLI utilities
2.21 Manage and access mail queues (for example:
   sendmail, postfix, mail, mutt) using CLI utilities
2.22 Schedule jobs to execute in the future using "at" and
   "cron" daemons
2.23 Redirect output (for example: piping, redirection)
                   Configuration
• This domain requires the basic knowledge and skills to
  configure system settings, network services and access rights.
  Candidates must be able to configure files routinely used on
  client systems, such as mtab, fstab, hosts, resolv.conf, and
  inittab. Candidates need to identify which files are used to
  configure common server applications, but are not required to
  configure them. As they are often used on clients, some
  knowledge of Samba and HTTP service configuration is
  required.
• Special utilities, such as linuxconf, or distribution-specific
  utilities will not be used. Using compilers is not required, but
  candidates should understand basic makefile structure.
  Candidates must identify settings for the X.org (XFree86) X
  Window system and utilities that are used to configure it.
                 Configuration
3.1 Configure client network services and settings (for
   example: settings for TCP/IP)
3.2 Configure basic server network services (for example:
   DNS, DHCP, SAMBA, Apache)
3.3 Implement basic routing and subnetting (for example:
   /sbin/route, IP forward statement)
3.4 Configure the system and perform basic makefile
   changes to support compiling applications and drivers
3.5 Configure files that are used to mount drives or
   partitions (for example: fstab, mtab, SAMBA, nfs, syntax)
3.6 Implement DNS and describe how it works (for
   example: edit /etc/hosts, edit /etc/host.conf, edit
   /etc/resolv.conf, dig, host, named)
              Configuration
3.7 Configure a Network Interface Card (NIC) from
  a command line
3.8 Configure Linux printing (for example: CUPS,
  BSD LPD, SAMBA)
3.9 Apply basic printer permissions
3.10 Configure log files (for example: syslog,
  remote logfile storage)
3.11 Configure the X Window system
3.12 Set up environment variables (for example:
  $PATH, $DISPLAY, $TERM, $PROMPT, $PS1)
                   Security
• The domain requires that candidates
  describe common security terms and
  describe practices, as well as implement
  security options on client systems. The
  ability to configure security-related files is
  required.
• Candidates are not expected to create
  security policies, but must know which
  practices are commonly used and against
  what a practice protects.
                     Security
4.1 Configure security environment files (for example:
   hosts.allow, sudoers, ftpusers, sshd_config, PAM)
4.2 Delete accounts while maintaining data stored in that
   user's home directory
4.3 Given security requirements, implement appropriate
   encryption configuration (for example: blowfish 3DES,
   MD5)
4.4 Detect symptoms that indicate a machine's security has
   been compromised (for example: review logfiles for
   irregularities or intrusion attempts)
                      Security
4.5 Use appropriate access level for login (for example:
   root level vs user level activities, su, sudo)
4.6 Set process and special permissions (for example:
   SUID, GUID)
4.7 Identify different Linux Intrusion Detection Systems
   (IDS) (for example: Snort, PortSentry)
4.8 Given security requirements, implement basic IP
   tables/chains (note: requires knowledge of common
   ports)
4.9 Implement security auditing for files and authentication
                   Security
4.10 Identify whether a package or file has been
  corrupted / altered (for example: checksum,
  Tripwire)
4.11 Given a set of security requirements, set
  password policies to match (complexity / aging /
  shadowed passwords) (for example: identify
  systems not shadow passwords)
4.12 Identify security vulnerabilities within Linux
  services
4.13 Set up user-level security (for example: limits
  on logins, memory usage and processes)
           Documentation
• Candidates must be able to provide
  written documentation about any work
  they perform. They must identify
  information that should be recorded for
  an installation or change in
  configuration. In addition they must
  also be able to use system-generated
  files to monitor or diagnose systems.
                Documentation
5.1 Establish and monitor system performance baseline
   (for example: top, sar, vmstat, pstree)
5.2 Create written procedures for installation, configuration,
   security and management
5.3 Document installed configuration (for example: installed
   packages, package options, TCP/IP assignment list,
   changes -configuration and maintenance)
5.4 Troubleshoot errors using systems logs (for example:
   tail, head, grep)
5.5 Troubleshoot application errors using application logs
   (for example: tail, head, grep)
5.6 Access system documentation and help files (for
   example: man, info, readme, Web)
                  Hardware
• This domain includes hardware knowledge as it
  relates to typical Linux client and server systems.
• Candidates must be able to identify and describe
  components used in a 32 or 64-bit x86 client
  computer or laptop. They must also identify
  corresponding driver modules and common utilities
  used to configure or troubleshoot them. Proprietary
  hardware is not included in this domain.
• More detailed knowledge of ATAPI , SCSI, USB, RAID
  devices, and power management is expected.
                    Hardware
6.1 Describe common hardware components and
   resources (for example: connectors, IRQs, DMA, SCSI,
   memory addresses)
6.2 Diagnose hardware issues using Linux tools (for
   example: /proc, disk utilities, ifconfig, /dev, live CD
   rescue disk, dmesg)
6.3 Identify and configure removable system hardware (for
   example: PCMCIA, USB, IEEE1394)
6.4 Configure advanced power management and
   Advanced Configuration and Power Interface (ACPI)
6.5 Identify and configure mass storage devices and RAID
   (for example: SCSI, ATAPI, tape, optical recordable)
Any Questions?
        Introduction to Linux
Unit objectives
• Outline the key features of the Linux
  operating system
• Explain the common uses of Linux in the
  industry today
   Topic A: Linux as an operating
               system
1.1 Identify all system hardware required
  and check compatibility with Linux
  Distribution
  – CPU
  – Memory
1.22 Select appropriate parameters for Linux
  installation
  – language
  Components of a computer
• Hardware
  – Physical components inside a computer
• Potential Problems
  – Hardware compatibility
  – Legacy devices
  – PnP
Components of a computer
   Components of a computer
• Software
  – Instructions that understand how to use the
    hardware
• Applications
  – Games, WP, Daemons
• Operating System
  – Components to Control Hardware and support
    Applications.
 Role of the Operating system
• The operating system carries out tasks by
  interacting with users, applications, and
  computer hardware
   Operating system components
• Device driver
  – Software containing instructions to control
    computer hardware
• User interface
  – What the user sees and uses to interact with
    OS and application programs
• System Services
  – Handle Printing, scheduling, Network Access
     • CUPS, CRON, etc.
Graphical user interface (GUI)
Any Questions?
   The Linux operating system
• Runs many applications on a variety of different
  hardware
• A multi-user and multitasking OS
• Boot Process
  –   Load Kernel
  –   Load Device Drivers
  –   Load programs for UI
  –   System starts services
       • Network
       • Server functionality
   Advantages of Open Source software

• Developed rapidly through widespread
  collaboration
• Bugs are promptly noted and fixed
• Features evolve quickly based on users’
  needs
• Value of the software increases, as it is
  based on usefulness, not price
           Versions of Linux
• Kernel/release
  – Controls hardware via device drivers
  – Continually improved and expanded
  – Version of the kernel is major factor in
    identifying version of the OS
• New versions, new features
  – USB
  – FireWire
  – New Technologies
      Identifying kernel versions
• Major number
• Minor number
  – If odd, developmental kernel
  – If even, production kernel
• Revision number
• 2.4.21
  – Major release 2
  – Minor 4
     • Production Kernel
  – Release 21
     • 21st update of release 2.4
               Kernel.org


• Keeps current and past versions of kernel
• Bugs, Mailing list, etc
• Installation HOW-TO
Any Questions?
         Linux distributions
• Use the commonly developed Linux
  kernel
• Packaged with add-on software
• Provide convenience and integration
         Linux distributions
• Differentiate on different ideas
  – Hardware Support
  – Tools
  – Options
  – User Interfaces
     • GNOME
     • KDE
  Package managers and tarballs
• Package manager
  – Software used to install, maintain, and remove other
    software programs by storing information in a central
    database
  – Rpm, Apt-get, Yum
• Tarball
  – Compressed archive of files that contain scripts that
    install software
  – Can be source (needs compiling) or binary (compiled
    for your system)
  – Harder to manage
       Major Linux distributions
•   Fedora Project
•   Red Hat Enterprise Edition
•   SuSe Linux
•   Slackware Linux
•   Debian Linux
•   TurboLinux
•   Mandrake Linux
     Major Linux distributions
• www.linux.org
• www.linuxiso.org
Any Questions?
Topic B:Common uses for Linux
1.1 Identify all system hardware required (for
  example: CPU, memory, drive space, scalability)
  and check compatibility with Linux Distribution
1.4 Identify purpose of Linux machine based on
  predetermined customer requirements (for
  example: appliance, desktop system, database,
  mail server, web server, etc.)
2.21 Manage and access mail queues (for
  example: sendmail, postfix, mail, mutt) using CLI
  utilities
       Common uses of Linux
• Internet servers
• File & print servers
   – SMB, NFS
• Application servers
• Supercomputers
   – GRID, etc
• Scientific/Engineering computations
• Desktop operating systems
   – Workstations
             Internet servers
•   Mail services
•   Routing
•   FTP services
•   Firewalls and proxy services
•   Web services
•   News services
•   DNS services
                   Mail services
• Mail Transfer Agents (MTAs)
  – An e-mail server
     • Sendmail
• Mail Delivery agent (MDA)
  – Service that downloads e-mail from an MTA
     • Procmail, fetch
• Mail User Agent (MUA)
  – Program that allows e-mail to be read and composed
     • Outlook
     • Mutt, pine, elm
                  Routing
• Core service that is necessary for Internet
  to function
• Linux provides support for routing and is
  easily customizable
  – www.linuxrouter.org
            FTP Services
• Share files
• Allow uploading or downloading
                 Firewalls
• Protect companies from outside intruders
  – Between private network and connection to
    internet
• Linux firewall support built into the kernel
• Proxy Services
  – Handles all internet requests
  – Keep track with Network Address Translation
    (NAT) Table
                 Firewalls
• ipchains, netfilter/iptables
  – Some Proxy ability
• Squid
  – Fully featured caching proxy server
  – www.squid-cahce.org
      Web & News Services
• Web Server
  – Apache
    • Host web sites
    • More on this later
• News Services
  – Newsgroups
  – Check out google groups
              DNS Services

• Computers communicating on a network
  need to be uniquely identified
  – Each computer is assigned a number called
    an Internet Protocol (IP) address
  – IP addresses are matched to user-friendly
    names
  – Names are called Fully Qualified Domain
    Name (FQDN)
      DNS Services & Appliances

• Berkeley Internet Name Daemon
  – BIND
• Appliances
  – Set tops
  – Embedded versions of OS
    • can be done with linksys routers
  – Limited user interface
                  File Servers
• File servers provide
  – Storage
  – Security
  – Sharing
  – Portability
• Network File Services (NFS)
  – Traditional UNIX file sharing
• Server Message Blocks (SMB)
  – Windows
         Application servers
• Application server
  – Between client and database
• Database Management Systems
  – Collection of programs and tools designed to
    allow for the creation, modification,
    manipulation, maintenance, and access of
    information from databases
  – MySQL, Oracle, Sybase, etc
           Supercomputers
• Scalability
  – Ability of computers to increase workload as
    the number of processors increases
• Clustering
  – Several smaller computers acting as one
    large supercomputer
  – Beowulf clustering
  Scientific/engineering workstations

• Many OSS programs are available for
  many different fields
  – Physics, astrophysics, and biophysics
  – Fluid dynamics and geophysics
  – Bio-computation
  – Materials and polymer chemistry
  – General mathematics and optimization
  – Data mining
  – Number theory
            Office workstation
• Text editors
    – vi
• Word processors
    – Usually do layout
•   Graphic editing software
•   Desktop publishing software
•   Financial software
•   Office productivity suites
            Unit summary
• Outlined the key features of the Linux
  operating system
• Explained the common uses of Linux in
  the industry
Any Questions?
         Sample Questions
A business wants to be able to track all
  Websites that are visited by its employees.
Which of the following Linux packages
  would BEST serve this need?
A. BIND
B. Samba
C. Apache
D. Squid
                  Sample Questions
A business wants to be able to track all Websites that are visited by its
   employees.
Which of the following Linux packages would BEST serve this need?
A. BIND
B. Samba
C. Apache
D. Squid
Answer: D
Explanation: squid is a high-performance proxy caching server for web clients,
supporting FTP, gopher and HTTP data objects. Squid keeps meta data and
especially hot objects cached in RAM, caches DNS lookup, supports non-
   locking DNS lookups and implements negative caching of failed requests.
   As well as you can apply the rules to block the site, can trap the site visited
   by the users etc. Squid program belongs to squid package.
         Sample Questions
What services would need to be installed to
  build a combination Web server and
  Domain
Name Server (DNS)?
A. Apache and BIND
B. Apache and Squid
C. ipchains and BIND
D. Squid and ipchains
               Sample Questions
What services would need to be installed to build a combination Web
   server and Domain
Name Server (DNS)?
A. Apache and BIND
B. Apache and Squid
C. ipchains and BIND
D. Squid and ipchains
Answer: A.
Explanation: The Linux web server software is called Apache and the
   Linux DNS software is called BIND.
Incorrect Answers:
B. Squid is a proxy server program.
C. IPChains is a firewall program.
D. Squid is a proxy server program and IPChains is a firewall program.
             Sample Questions
A user complains that they can send and receive mail on
   the Internet, but cannot browse the Web. They have tried
   using different Web browsers in X. Working offline is
   disabled.
What is most likely to be the problem?
A. The user is not typing the Web address correctly.
B. Web support was not added during the initial installation.
C. X dropped Web access to the browser and needs to be
   restarted.
D. There is a proxy sever that the browsers have not been
   configured to use.
                   Sample Questions
A user complains that they can send and receive mail on the Internet, but cannot browse
the Web. They have tried using different Web browsers in X. Working offline is disabled.
What is most likely to be the problem?
A. The user is not typing the Web address correctly.
B. Web support was not added during the initial installation.
C. X dropped Web access to the browser and needs to be restarted.
D. There is a proxy sever that the browsers have not been configured to use.
Answer: D.
Explanation: If you have a proxy server configured on the network, the client
computers need to be configured to use it to access the internet.
Reference: http://www.squid-cache.org/
Incorrect Answers:
A. An incorrect web address would return a page not found error or a different website.
B. Web support is added by default in most installations.
C. This is not something that X can do.
Any Questions?

								
To top