View Weekly Course Schedule View Course Resources. View Project 1 requirements. View Project 2 requirements. View Project 3 requirements. View Project 4 requirements. View Project 5 requirements. View Project 6 requirements. View Project 7 requirements. View Project 8 requirements. |
Other interesting links: Visit the Tampa-St. Pete Linux User's Group (SLUG). This group holds monthly meetings. Most Unix and Linux software is actually GNU software (www.gnu.org), a project of the Free Software Foundation. Search for RPMs and download updates from RPMFind.net. You can download free distributions of Unix and Linux from distrowatch.com. Read the real Unix History article at Spectrum.IEEE.org. More information can be found at The Open Group. View Solaris Unix certification and Oracle Unix exam objectives. View Linux LPI certification and LPI-1 exam objectives. |
Time & Place: | Ref. No. 13831:
Monday, Wednesday 5:30 – 6:45
PM, Dale Mabry room
DTEC–461
This is an independent study class, with no scheduled meetings after orientation. | ||||||||
---|---|---|---|---|---|---|---|---|---|
Instructor: |
Name: Wayne Pollock E-mail: Internet: Office & Phone: DTEC–404, 253–7213 View my Office Hours.
Skype
ID: wpollock@hccfl.edu
Homepage URL:
https://wpollock.com/
|
||||||||
Texts: |
James Turnbull, Hardening Linux, ©2005 Apress.
ISBN:
1-59059-444-4.
This book is out of print, but still good if you can get it: Peter G. Smith, Linux Network Security. Originally ©2005 by Charles River Media, (ISBN: 1-58450-396-3), but now available free, from Archive.org. Optional: Evi Nemeth et. al., Unix and Linux System Administration Handbook, Fifth Edition. ©2017 Pearson Education, Inc. ISBN: 978-0-13-427755-4. | ||||||||
Description: |
(This course is 3 credit hours long.)
This course covers the concepts and administration of system and network
security on Unix and Linux systems.
Students will gain the skills needed to protect Unix and Linux servers
from various types of threats.
Students will understand, plan, and implement security on Linux servers
including developing security policies, local system security,
network security, monitoring systems and networks, basic firewall setup,
and the use of various security related tools (e.g.,
PAM,
sudo ).
| ||||||||
Objectives: | After completing this course, the student will be able to:
| ||||||||
Prerequisite: | CTS 2322 or permission of the instructor. Students enrolled in a degree or college credit certificate program must complete all prerequisites. Note! HCC registration computers may not check for prerequisites before allowing you to enroll. Be certain you have all required prerequisites or you won't have much of a chance of success. Also you may be dropped from the class. | ||||||||
Facilities: | Assignments can be performed on the Dale Mabry campus Linux computers,
which can be accessed from the classroom or from some computers the
open computer lab.
You will also use the YborStudent Wiki for some of your work and having class on-line discussions. You will need your own flash disk (preferably USB-3 compliant), writing materials, and Scantron 882–E or 882–ES forms. You can use HawkNet (WebAdvisor) to obtain your final grade for the course. You can use your assigned Hawkmail (Hawkmail365) email address or use Canvas, if you wish to discuss your grades via email. (Note, it may be possible to setup your Hawkmail account to forward all received emails to some outside email account; but you still must send mail from your official HCC account to discuss grades.) Most college systems now (or will in the future) use a single sign-on user ID, known as HCC “NetID”. Visit netid.hccfl.edu to register and to update your credentials. (Your initial password is your uppercase first name initial, lowercase last name initial, and your seven digit student ID number.) Note the quickest way to resolve login issues is the HCC Live Web Portal (hcclive.hccfl.edu).
The college provides wireless network connections for students and guests
on Dale Mabry campus.
For students, select the network
“ Hawk Alert text messaging service allows you to receive important information regarding campus closures or emergencies. You may also sign up for financial aid notifications and registration and payment deadlines. This is a free service, although some fees may be applied by your cellular service provider or plan for text messages. To sign up, or for more information, visit www.hccfl.edu/hawkalert/. HCC DM Open LabComputers with PuTTY installed are located in the computer science department open lab in DTEC–462. Additionally, the back-row has computers identical to the ones in our classroom. So if you need to work on your projects and the classroom is in use, you can request a lab tech to put your hard disk in one of the open lab computers. (You can call the open lab to determine if the classroom will be available, or to have them pull your hard disk in advance. The open lab phone number is: 253-7207.) Lab hours are:
(Note: Lab technicians (“Lab Techs”) are not teaching assistants or tutors, and shouldn't be expected to help you with your coursework.) Rules for Using HCC Facilities
| ||||||||
Grading: |
Grading scale:
A=90-100, B=80-89, C=70-79, D=65-69, F=0-64
(Collaborating on the class wiki counts as up to 5 points extra credit, as does active class participation. See below for details.) | ||||||||
Policies: |
| ||||||||
Projects: |
Projects will be assigned from the class web page at various times.
You will have sufficient of time to complete the projects,
at least a week but usually two weeks.
Although most projects will be group projects, there may be some individual
assignments, and you must work individually on the non-group
projects.
You may work together in small groups on group projects,
provided the names of all who worked together are listed.
Each student must still submit their own copy.
Projects are typically completed outside of regular class
hours.
Projects are graded on the following scale:
A = 95% (Excellent: Good design with good comments, style, and extras) Minor extras worth +5 points, minor omissions or poor design worth -5. Projects are not graded when turned in. They are graded later, usually after the project deadline has passed. Further details will be provided with your first project. (See also submitting assignments below.) | ||||||||
Wiki Assignment: |
Extra credit can be earned by updating the study guide on the
class wiki
with a substantial contribution based on the material covered
in class, from assigned readings, or from other resources you
have studied.
A substantial contribution means adding new material,
adding references (links), or elaborating (or correcting) some
previous submission.
You should use
wiki formatting and not HTML formatting when
possible, and be sure to spell-check your work.
The wiki will automatically send your instructor an email for each
update, so there is no need to add your name to your contribution.
Your instructor is the editor and moderator of this study guide (and for all material posted on this wiki site). While some time will be given for students to correct postings, in order to ensure an accurate study guide the instructor may edit, add to, or remove material posted by students. The wiki assignment will be graded on or after the following week (so you have through the weekend to post something for the previous week). Your contributions will be graded based on correctness, completeness, and clarity. Note regular posting is required to earn extra credit; one large post the last week of the term will not earn much (or any) extra credit. Do not post during class hours. Do not attempt to post you complete class notes for the day. Each submission should be on one or two (no more than three) items covered in that class. (You must leave something for the other students to post!) | ||||||||
Submitting Projects: |
Projects should be submitted by email via Canvas mail,
or directly to
.
Please use a subject such as “Unix/Linux Security Project #1
Submission” so I can tell which emails are submitted work.
Send only one assignment per email message.
Email your projects by copy-and-paste into your mail program.
(Please do not send as attachments!)
If possible, use the “text” and not the “HTML”
mode of your email program.
Do not send any email to wpollock@YborStudent.hccfl.edu as I may not read that
account regularly.
In the event a student submits more than once for the same assignment, I will ignore all but the last one received up to the deadline or until I have provided grading feedback. Assignments submitted after that will not count toward your grade except as allowed by the course late policy. You cannot resubmit an assignment for credit once it has been graded.
The HCC email server automatically accepts and
silently discards email with certain types of attachments.
If you must send email to my Internet (non-YborStudent) email
account please avoid using any attachments, but especially
“zip” files.
To send email with a “ To avoid having your submitted work rejected as “spam”, you can use Hawkmail365 to send email to professors. (This doesn't always work either!) The most reliable option currently is to send messages via Canvas. If you have an email problem, you may turn in a printout instead. Be sure your name is clearly written on the top of any pages turned in. Please staple multiple pages together (at the upper left). |
HCC Academic Calendar: | |
---|---|
Classes Begin: | Monday 8/19/2019 (First class meeting: Tuesday 8/20/2019) |
Add-Drop Ends: | Friday 8/23/2019 |
Orientation Period Ends: | Wednesday 8/28/2019 |
Last Day to Withdraw: | Saturday 10/26/2019 |
Classes End: | Tuesday 10/10/2019 |
Grades Available: | Thursday 10/12/2019 (from HawkNet) |
HCC is closed on: |
Saturday–Monday 8/31/2019–9/2/2019 (Labor Day), Tuesday 10/22/2019 (Faculty In-Service Day), Saturday–Monday 11/9/2019–11/11/2019 (Veterans' Day), Thursday–Sunday 11/28/2019–12/1/2019 (Thanksgiving Holiday) |
Consequences of Dropping or Withdrawing
Dropping or withdrawing may have an impact on financial aid, veteran’s benefits, or international student visa status. Students are encouraged to consult with a financial aid, the VA certifying official, or the international student advisor, as appropriate, prior to dropping or withdrawing from class.
Requests For Accommodations
If, to participate in this course, you require an accommodation due to a physical disability or learning impairment, you must contact the Office of Services to Students with Disabilities, Dale Mabry campus: Student Services Building (DSTU) Room 102, voice phone: (813) 259–6035, FAX: (813) 253–7336.
HCC has a religious observance policy that accommodates the religious observance, practices, and beliefs of students. Should students need to miss class or postpone examinations and assignments due to religious observances, they must notify their instructor at least one week prior to a religious observance.
Quotes: | “Tell me and I'll listen. Show me and I'll understand. Involve me and I'll learn.” | — Lakota Indian saying | |
---|---|---|---|
“Learning is not a spectator sport!” | — Chickering & Gamson |
Dates Mon Wed |
Topics, Assigned Readings, and Assignment Due Dates |
---|---|
8/19 8/21 |
Course introduction.
Review wiki.
Historical perspective of security.
Security organizations, certifications, and web resources.
Basic security concepts and terminology (CIA, AAA,
MAC, DAC, ACL, ...).
Security assessments, evaluations, and audits.
Calculating security
ROI.
Readings: Smith: Chapter 1, 8.1, 9.1, 11.1; on-line resources ("Information Security Overview"), on-line INFOSEC resources ("ROI calculation", "Security Assessments, Evaluations, Audits, and ROI calculation"), Story of 2010 Stuxnet worm investigation |
8/26 8/28 |
General issues of computer system security.
Issues with backups, updates and patches.
System security threats (e.g., reverse engineering, buffer overflows,
rootkits, ...).
Encryption: Symmetric (private key) including DES and
AES, and asymmetric (public key) including RSA
(used in PGP and GPG) and ECC.
Stream and block cyphers.
Readings: Smith: Chapter 2, 6.1, 6.3, 6.4, 6.6, 7.2 (pp. 270–280), 8.3, 8.4 (optional), Appendix E; Turnbull: Chapters 1 (pp. 1–46, 56–64, 61–66, 75–77), 4 (pp. 207–208, 229–231), 3 (pp. 137–140, 143); Frisch: security (pp. 330–373, 387–414); on-line resources ("Security Concepts and Term Definitions") Project #1 (Install) due 8/28. |
Sat 8/31 – Mon 9/2 | Labor Day — HCC Closed |
9/4 |
Key exchange including Diffie-Hellman and IKE.
PKI and issues of trust.
Message digests (checksum, CRC,
hash, FCS, ...).
Steganography.
Cryptography (and solving crypto-quotes).
Readings: Smith: Chapter 2, 6.1, 6.3, 6.4, 6.6, 7.2 (pp. 270–280), 8.3, 8.4 (optional), Appendix E; Turnbull: Chapters 1 (pp. 1–46, 56–64, 61–66, 75–77), 4 (pp. 207–208, 229–231), 3 (pp. 137–140, 143); Frisch: security (pp. 330–373, 387–414); Public key encryption and PKI articles ("Cryptography and PKI") |
9/9 9/11 |
General system hardening, using vulnerability scanners.
Password Security: good and bad passwords, file formats, policies (PAM),
using password generators (pwgen , apg ),
password auditing (John the Ripper), shadow suite, account locking,
password aging (/etc/login.defs ,
/etc/default/login ),
password algorithms (salt, crypt, MD5, ...).
Central password databases: NIS, LDAP,
Kerberos, SSSD.
Password cracking methods.
Single sign-on (SSO, identity management, and Internet
authentication methods (OpenID, OAUTH,and
especially FIDO2).
Readings: Smith: Chapter 2, 6.1, 6.3, 6.4, 6.6, 7.2 (pp. 270–280), 8.3, 8.4 (optional), Appendix E; Turnbull: Chapters 1 (pp. 1–46, 56–64, 61–66, 75–77), 4 (pp. 207–208, 229–231), 3 (pp. 137–140, 143); Frisch: Password management (pp. 277–301), security (pp. 330–373, 387–414); Password Security, Kerberos tutorial |
9/18 9/18 |
File system security (permissions, ACLs,
SetUID/SetGID, mount options).
Database security.
File locking (advisory vs. mandatory,
shared vs. exclusive), lock files.
Intrusion detection systems (HIDS, FIMs and FAMs) such as Tripwire. System (security) auditing and compliance issues. Credit card security (PCI-DSS) issues. Process Privileges (Capabilities). Using sudo and RBAC to reduce risks. Resource limiting: ulimit , disk quotas, PAM, and cgroups.
Readings: Smith: Chapters 6.2, 6.5, 8.1–8.4, 11.3; Turnbull: Chapters 1 (pp. 44–56), 4 (pp. 187–201, 204–229), 6 (281–295, 313–315, 318–320); Frisch: PAM (pp. 302–312); auditing resources, intrusion Detection resources, credit card (PCI-DSS) security, RBAC, sudo, and cgroup resources, PAM resources Project #2 (Harden) due 9/16. |
9/23 |
Developing and documenting security policies and procedures.
Understanding security incidents and how to detect
and respond effectively to them.
Readings: Turnbull: Chapter 11.5 (pp. 489–492); Frisch: Security (pp. 332–336) Incident response (pp. 405–406); Security Policy resources ("Guide to developing a Security Policy"), Incident Response resources ("SunWorld Article") |
9/30 10/2 |
Using crypto tools (GnuPG) and digest tools
(MD5, SHA1).
Readings: Smith: Chapter 10.1 (pp. 407–411), review Appendix E; Turnbull: Chapter 4 (pp. 202–204), 6 (281–295, 313–315, 318–320); Frisch: PAM (pp. 302–312); Security tools resources (“GnuPG mini-how-to”) Project #3 (Tripwire) due 9/30. |
10/7 10/9 |
Using SSH.
Securing SSH.
Readings: Smith: Chapter 10.2; Turnbull: Chapter 3 (pp. 169–185); SSH resources (“SSH Tutorial”) |
10/14 |
Implementing security policies with SELinux, chroot,
BSD jails, Solaris zones and containers, and
virtualization (Xen, VMware, VirtualBox,
KVM, …).
Cloud computing.
Readings: Smith: page 227, chapter 8.2 (pp. 294–301), 9; SELinux and Solaris zones resources ("Solaris Zones"), virtualization resources ("Virtualization for Dummies") Project #4 (Lockout) due 10/14. |
10/16
10/21 10/23
|
Network security concepts: Common network threats
(botnets, port scanning, DoS, dDoS,
spoofing, SQL injection, ...), spam and related email
threats and counter-measures, secure network design
(including DMZs, bastion hosts, proxy servers,
and packet filters), auditing, virtual private networks
(VPN), IPSec (OpenSwan,
FreeS/WAN).
Securing network services: using xinetd security features,
TCP Wrappers.
Enabling kernel network protection.
Readings: Smith: Chapters 2,4, 2.5, 3, 6.3 (pp. 233–235); Turnbull: pages 108–117, 124–129, 167–169; Networking resources ("Network security concepts", "VPN Tutorial") Project #5 (Crypto) due 10/23. |
10/28 | Review |
11/4 |
Understand packet filtering and deploy iptables (netfilter) firewall.
Also discuss firewalld and mention others.
Readings: Smith: Chapters 3.2, 3.3, 5, Appendixes B, C, D; Turnbull: Chapter 2, Appendix A; on-line firewall resources ("iptables overview") |
11/6 |
Wi-Fi security overview (WEP, WPA,
802.11i, 802.11x).
PPP Security (PAP,
CHAP, MS-CHAP),
EAP and EAP-TLS.
Readings: Smith: Pages 81–82; Wi-Fi security resources ("Wi-Fi Security", "802.11i Overview", "PPP Security", and "IEEE 802.1X Overview") |
Sat 11/9 – Mon 11/11 | Veterans' Day observed — HCC Closed |
11/13 |
Understanding and configuring SASL.
Readings: Turnbull: pages 387–402; on-line SASL resources ("SASL Overview") Project #6 (Firewall) due 11/13. |
11/18 11/20 |
Overview of PKI and certificates.
Securing web services (basic and digest,
using certificates and HTTPS).
Securing mail services (including SASL
and remote user authentication, SPF,
DKIM, and DMARC).
Readings: Turnbull: pages 137–152, 373–386, PKI lecture notes resource, NY Times article “Security issues with PKI” |
11/25 11/27 |
Using nmap, nessus.
Monitor a network using NIDS (with Snort, others).
Readings: Smith: Chapter 4, Turnbull: Chapter 6, on-line Monitoring resources ("NIDS and Snort") Project #7 (Virtualization) due 11/27. |
Thu 11/28 – Sun 12/1 | Thanksgiving Holiday — HCC Closed |
12/2 12/4 |
Review secure logging infrastructure (syslog and modern replacements).
Overview of computer forensics.
Securing DNS.
Readings: Smith: Chapter 11.2, Turnbull: Chapter 5, on-line logging resources ("Syslog, Log File Rotation", "System Monitoring Tutorial"), DNSSEC tutorial, on-line Forensics resources ("RFC 3227") |
12/1 12/3 |
Additional topics, time permitting: Securing DNS, LDAP. Configure and deploy a proxy server (Squid). Configuring authentication servers (RADIUS, TACACS). Overview of Windows security (domains, active directory). Securing print services, printer quotas. Readings: Smith: Chapter 10.4, Turnbull: Chapter 11, RADIUS/TACACS on-line resources |
Resources | |||||
---|---|---|---|---|---|
NIST guide for continuously monitoring Information Security | Provides links to useful information | Bronze Age security | Lessons learned from Bronze age fortress design | ||
Security Concepts, Background, and Term Definitions (PDF) | Draft lecture notes | ||||
Soft Skills | Discusses certifications, job interviewing tips, and required non-technical skills needed to find and keep a job | ||||
RFC-4949 | Internet Security Glossary | Cyber Security Tips | Excellent collection of tips on keeping you safe on-line, from us-cert.gov. (See also RFC-2504, Users' Security Handbook) | ||
Network security tutorial | Tutorial on Internet security from iec.org, now available from The Internet Archive, and based in part on RFC 2196 | Home networking security tutorial | Tutorial on securing your home computer from cert.org | ||
US DoDD 8570 | Information about DoD directive 8570 required certifications (See also isc2.org/dodmandate and directive 8570 itself, from the DoD Issuances Website; Note that DoDD 8570 is slated to be renamed to DoDD 8140, “Cyber Security Workforce”) | cpni.gov.uk | The UK's version of us-cert.gov, (a merger of NISCC, MI-5, and other agencies) | ||
SAMATE Reference Dataset (SARD) | The SARD, provided by NIST.gov, provides a set of known bugs and flaws for a wide variety of languages, platforms, and compilers. This allows consumers to evaluate tools and developers to test their methods. | Top 25 Errors | A list of common security-related coding errors, from SANS.org and CWE.Mitre.org | ||
cert.org | CERT studies threats such as viruses and provides help, information, and training | iapsc.org | International Association of Professional Security Consultants | ||
sans.org | Highly regarded source of security training, also provides useful security information | EC-Council | Ethical hacking training, certification, and other resources | ||
IPSA | International Professional Security Association | LinuxSecurity.com | Information, advisories, how-to articles for Linux | ||
isc2.org | the International Information Systems Security Certification Consortium, provides CISSP certification (see also GIAC.org) | us-cert.gov | Provides thread advisories and other information for U.S. organizations, government, and citizens. Can use this site to report incidents or subscribe to various bulletins (such as Cyber Security Bulletins) | ||
NIST Special Publications, 800 series | A valuable collection of US government standards, regulations, and best practices for computer security. (See also the Guide to NIST Information Security Documents.) | Microsoft Security Center | Products, Updates, Tools, News for Microsoft software (with RSS feed) | ||
Post Install Task List | Lists and briefly describes many post install tasks. | NIST National Checklist Program Repository | U.S. government repository of publicly available security checklists that provide detailed guidance on setting the security configuration of operating systems and applications. | ||
SANS.org Critical Security Controls | List of most important security measures you should take | Council on Cyber Security Critical Controls | Critical Controls for Effective Cyber Defense (See also ASD Top 4 Strategies) | ||
NSA IAD top 10 (PDF) | Top 10 Information Assurance Mitigation Strategies | PCI Prioritized Approach | Advice on prioritizing DSS security control deployment | ||
Security tutorials | A library of tutorials on security | Kernel Parameters | How to set some kernel parameters (for network security) | ||
HTTPS Everywhere | EFF FireFox add-on | Panopticlick | EFF Browser identity uniqueness | ||
Security Risks of QR Codes | Describes some security risks of barcodes, QR codes (see wpollock.com QR code), and NFC technologies | Bitcoin: The Cryptoanarchists' Answer to Cash | A good article by Morgen E. Peck, from IEEE Spectrum June 2012 | ||
RSA's SecurID | A PNG image of the RSA SecurID 800 authentication token | Key Logger Hardware (JPEG) | An image of key logger hardware installed on a PC | ||
Cryptoquote | A cryptoquote puzzle | NSA Kids | Various crypto games and tutorials, making and breaking codes and ciphers | ||
National Software Reference Library (NSRL) | A list of digital signatures for known (good) software | Example cryptanalysis (Wikipedia) | This article includes a readable example of cracking an autokey cipher | ||
Public-key encryption | Tutorial on security and public-key encryption (from the old Netscape.com DevEdge site) | NIST CSRC tools | These include standards and usage notes, lists of approved algorithms, etc. | ||
Public Key Encryption Overview | Public key encryption tutorial from Wikipedia.org | Public Key Demo | Illustrates the RSA public key system;
see also this rsa.c
C program,
or this rsa.bc version, written
using bc |
||
ASN.1 decoder | A decoder for ASN.1, used with RSA, DSA, SNMP, etc., from lapo.it/asn1js/ | Elliptic Curve Cryptography Primer | An excellent article on ECC from Ars Technica | ||
Diffie-Hellman Key Exchange | A short description | Cryptography and PKI (PDF) | Readable introductory NIST publication #SP800-32 | ||
FIPS-180 | U.S. Approved Secure Hashing Algorithms (See other NIST Computer Security Resource Center tools and publications) | xor.c | Demo C program showing XOR encryption | ||
Cracking encryption | xkcd.com cartoon showing how encryption is really cracked | HackAttack.txt | Fun (and probably untrue) IRC log of a script-kiddie trying to attack someone | ||
sectools.org security tool list | A listing, description, and rating of the top 125 security related tools | sectool home | sectool is a Fedora security auditing tool,
i.e. a host vulnerability scanner and IDS
for RPM based systems |
||
rkhunter.txt | Sample daily rkhunter run | OpenVAS | OpenVAS security/vulnerability scanner home | ||
secstate sample results | The results of running the secstate audit command on
a Fedora system |
sectool sample report | Results of running sectool on a Fedora host |
||
OpenSCAP sample results | The results of running the oscap xccdf eval
command on a Fedora system |
NIST approved SCAP tool list | SCAP compliant tools approved by the NIST | ||
SCAP home | The Security Content Automation Protocol (SCAP) - NIST | OpenSCAP home | An open source implementation of SCAP standards, including
various tools (such as secstate ) and other resources |
||
Mitre OVAL Repository | Includes OVAL content for use with SCAP tools | U.S. DoD STIGs | Security checklists (and scripts) required to connect hosts to any DoD network (See also the NSA Security Guides) | ||
Password Security Overview | An overview of password security techniques, management, policies, and auditing best practices | NIST Guide to enterprise Password Management | See also FIPS-112 (Password Use), FIPS-181 (APG: A Password Generator), And the modern replacement for those, NIST SP-800-63b | ||
OpenID.net | An older Internet SSO solution | Oauth.net | A relatively popular Internet SSO solution | ||
FIDO2 | A new (2018) approach to authenticating clients to services across the Internet, without passwords | Time To Brute-Force Passwords | Chart showing the time it takes to guess a password based on complexity | ||
DKIM tutorial | “Signing emails with DomainKeys Identified Mail” 12/2008 article from H-Online | NFSv4 ACLs | Table of NT-style (or NFSv4 style) ACL privileges and inheritance flags | ||
Unix file permissions | More than you wanted to know about Unix permissions | Tripwire (sourgeforge) | Complex HIDS/File Integrity Monitor (Open source version of commercial Tripwire (company)) | ||
Credit card (PCI-DSS) Security Standards | Payment Card Industry security standards | PCISecurityStandards.org | PCI DSS standard | ||
RBAC | Solaris Role Based Access Control Demo | cgroups | Fedora control groups (cgroups) resource management guide | ||
sssd | Fedora system security services daemon (sssd) guide | /etc/sudoers | A sample /etc/sudoers file |
||
Quota Administration | Shows how to setup and manage disk quotas | PAM Tutorial | Shows how to configure and use PAM (See also Solaris 11 PAM Guide and Linux PAM System Administrator's Guide.) | ||
Unix/Linux Intrusion Detection (PDF) | How to check a Linux/Unix system for signs of intrusion | Introduction to Intrusion Detection Systems | Article about IDSes | ||
Intrusion Detection FAQ (from SANS) | Useful Information about intrusion detection | ISACA home | Information Systems Audit and Control Association | ||
FrSIRT | Security Research and Cyber Threat Monitoring | helpnetsecurity.com | Many resources, including information and software | ||
Etherape | Graphic network monitor tool | ||||
Auditor Resources | System auditor resources and links | Unix Auditor's Practical Handbook | Overview of security auditing Unix systems | ||
SANS audit policy template (PDF) | A skeleton auditing policy document | FreeIPA.org | A system for managing users and groups (single sign-on). (IPA stands for Identity, Policy, and Audit, but currently (2015) only “I” functionality is supported.) | ||
Guide to developing a Security Policy (PDF) | Building and Implementing a Successful Information Security Policy | NIST Security Handbook (PDF) | A guide for Security, Auditing, policies, etc. | ||
Sample Security Policies | Over two dozen sample security policies and templates | Inside story of the 2011 HBGary break-in by Anonymous | Facinating account of how the security firm was hacked by the group Anonymous, with many valuable security lessons | ||
RFC-2350 | Computer Security Incident Response | Incident Response (expired SunWorld Article) | A short intro to incident response | ||
FIRST.org | Resources for Incident Response | Incident Management | A guide from us-cert.gov | ||
Responding to Security Incidents (4 parts) | Solaris current best practice for security incident response | Incident Response (PDF) | Detailed FCC guide to incident response (hosted by NIST) | ||
CERT/CC CSIRT Handbook (PDF) | Management of Computer Security Incident Response Teams | cert.org security incident response resources | Computer Security Incident Response Teams (CSIRTs) resources | ||
ICE takedown (JPEG) | Screen-shot of web site showing Immigrations and Customs Enforcement (ICE) domain (website) takedown notice | ||||
Security Tools Demo | Shows how to use MD5 checksums and GPG to verify a downloaded chkrootkit tar-ball. | Journalist's Toolbox | A good list of privacy and other security tools, presented for professional journalists but usable by anyone | ||
GnuPG (GPG) home | How-tos, FAQs on GPG | GnuPG (GPG) mini-how-to | A short cookbook for using GPG | ||
SSH Sample Configurations | Sample SSH client and server files | /etc/sysctl.conf | A sample sysctl.conf file,
setting kernel security parameters |
||
SSH Tutorial | A Sun Blueprints (now OTN) article, part 1. (The resources list has great links!) | TCP Wrappers | A short tutorial on TCP Wrappers | ||
SELinux Home | NSA's homepage for the Security Enhanced Linux project | Fedora SELinux Guide | See also SELinux FAQs (NSA), Fedora SELinux wiki | ||
Visual how-to guide for SELinux policy enforcement | A clear description from Dan Walsh of Red Hat | Red Hat 7 SELinux User Guide | An excellent overview and how-to guide | ||
SELinux for Mere Mortals | 2012 Red Hat Summit meeting (YouTube video) A PDF of the slides is available from people.redhat.com/.../SELinuxMereMortals.pdf | Mandatory Access Control (MAC) with SELinux | 2009 article from Linux Magazine, for Sys Admins | ||
Getting Started with SE Linux | An old but readable (and still useful) HOW-TO document | AppArmor | Used mostly by Ubuntu & SuSE) | ||
Virtualization Wiki | Overview of virtualization | Virtualization for Dummies (PDF) | A guide downloaded from Sun.com | ||
Comparison of virtualization solutions | Article from Wikipedia.org | Solaris Zones | Oracle Admin Guide: Solaris Zones and Containers | ||
Vagrant | Software to define and manage virtual machines easily from the command line (often used by developers) | Solaris Zones | Oracle Admin Guide: Solaris Zones and Containers | ||
VirtualBox.org | Popular virtualization product from Oracle (previously Sun) | VMware Player | The free version of the “gold standard” in the virtualization universe, VMware | ||
Sandboxing and Virtualization (PDF) | Interesting article from Compute Now (IEEE) magazine, in the MARCH/APRIL 2011 issue | Cloud Computing | Some papers describing and defining Cloud computing, from NIST.gov | ||
Docker Demo | A walk-thru showing Docker setup and use on a simple example | Docker Home | Useful documentation, software, and public images | ||
Docker docs | Official Docker tutorials and information | Docker Hub | A public repo of Docker images | ||
LinuxContainers.org | Information on LXC technology | Core OS | Software stack for managing containers | ||
The Illustrated Children's Guide to Kubernetes | Short and understandable introduction to Kubernetes - YouTube.com | Kubernetes vs Mesos vs Swarm | A brief comparison of the major container orchestration engines COEs - SumLogic.com | ||
Internet Mapping Project | View pictures of the Internet (12/98 Wired pic, Selected snap-shots; see also IPv4 changes in Yugoslavia during the 1999 war) | Unix Security Links | A good list of Unix security resources, found at andercheran.aiind.upv.es/toni/unix/ | ||
TCP/IP tutorial | From IBM's Redbook website | VPN Tutorial (PDF) | Virtual Private Networks Tutorial, excerpted from this Cisco book. (See also this simpler overview and tutorial from HomeNetHelp.com, or this tutorial from Netgear.com (PDF)) | ||
Openswan | IPsec for Linux | FreeS/WAN Project | IPsec for Linux, popular but no longer maintained | ||
p0f | A (passive) OS fingerprinting tool | SamSpade.org | Web-based security tools | ||
Network security concepts | Network security lecture notes | ||||
iptables overview | Draft lecture notes for iptables | iptables server rules demo | Example set of iptables rules for a decommissioned real web server (See also this simpler iptables sample rules) | ||
iptables/netfilter home | Many iptables resources | iptables tutorial | An older but good tutorial | ||
FireStarter | A GUI front-end for iptables | Shoreline Firewall ("Shorewall") | A high-level tool for creating iptables firewalls | ||
...Using Firewalld on CentOS 7 | A nice tutorial for firewalld | ||||
Moron's Guide to Kerberos | Kerberos overview. See also this tutorial from Kerberos.org. | Introduction to Kerberos — Sun.com | A good introduction to Kerberos. | ||
Wi-Fi Security | Draft Wi-Fi overview and security lecture notes | 802.11i Overview (PDF) | 24 page description of wireless 802.11i security, from SANS.org | ||
PPP Security | PAP, CHAP, MS-CHAP, EAP, and EAP-TLS | IEEE 802.1X Overview | 802.1X is the security standard used for 802.11 networking, and wired networks too. | ||
SASL Resources | See also Gnu SASL manual | Cyrus SASL | A guide for system administrators | ||
RFC-2222 (SASL) | RFC for SASL | SASL Overview | SASL lecture notes | ||
NSA's INFOSEC Assessment Methodology | How to perform security policy audits | NSA's INFOSEC Evaluation Methodology | How to perform security evaluations | ||
ROI calculation | Security ROI (ROSI) sample calculation | Security Assessments, Evaluations, Audits, and ROI calculation | Lecture notes for security ROI (ROSI) calculation, ... | ||
PKI lecture notes | Public-key Infrastructure and certificate overview | SSL/TLS Setup | Configuring Apache, Postfix, IMAP to support SSL/TLS (also creating a CA certificate) | ||
SSL/TLS Introduction | Good overview from Apache docs | Apache authentication and authorization docs | Configuring Apache for “basic” authentication | ||
SSL/TLS Ciphers in your browser | A list of the key exchange, encryption, and checksum algorithms your web browser advertises | Apache configuration for PFS | Configuring Apache for perfect forward secrecy | ||
Configuring Apache, Nginx, and OpenSSL for Forward Secrecy | A good blog post from Qualys | Configuring Server-side TLS | Best current practive on SSL/TLS= configuration, from Mozilla | ||
HTTP Authentication | A capture using Firefox "LiveHTTP" extension of the HTTP protocol showing BASIC authentication | GoDaddy.com SSL | Cheap Server Certificates from GoDaddy.com (which in turn are currently validated by the CA Valicert.com, a.k.a. Tumbleweed Comm.) | ||
Let's Encrypt | PKI Certificate Authority that provides free web server certificates via the certbot command line tool | instantssl.com | Free Server Certificates (30-day expiration) from Comodo root CA | ||
Dogtag CA system | Open source (from Red Hat) certificate authority (CA) software that supporting all aspects of certificate management including key archival, OCSP, etc. | Security issues with PKI | NY Times article, “Experts Warn of a Weak Link in the Security of Web Sites”, published on 8/14/2010 | ||
Nagios.org | Nagios host and network scanner | SAINT | SAINT network vulnerability scanner | ||
Samhain HIDS | Popular File Integrity Monitor | ||||
Snort.org | Snort network scanner | Nessus.org | Nessus Host and network vulnerability scanner | ||
NIDS and Snort | Lecture notes, including snort build directions | System Management | A list of tools available (see also Wikipedia comparison of open source configuration management tools | ||
Center for Internet Security | Excellent vulnerability scanners (“benchmarks”) and info | Nikto Web server vulnerability scanner | The name comes from a famous Sci-fi movie The day the Earth Stood Still | ||
Webmasters help for hacked sites | Google's resources for webmasters of hacked web sites | Google's Safe Browsing malware map | One of Google's Transparency Report tools | ||
SNMP Setup | Shows how to setup and configure Linux SNMP | docwiki.cisco.com SNMP | A detailed tutorial on SNMP, part of Cisco's Internetworking Technology Handbook | ||
SNMP MIB | SNMPv2 MIB for Cisco MPLS Router | ||||
Building a Secure Logging Infrastructure | Logging lecture notes | ||||
System Monitoring Tutorial | A brief overview of the basics | Syslog, Log File Rotation | A tutorial including examples | ||
Forensic Examination of Digital Evidence: A Guide for Law Enforcement | A U.S. Dept. of Justice publication, 2004 | Electronic Crime Scene Investigation: A Guide for First Responders | A U.S. Dept. of Justice publication, 2001 | ||
RFC-3227 | Guidelines for Evidence Collection and Archiving | Forensic Procedures Overview | A short article last accessed in 2017 from IACIS | ||
Portable Linux Auditing CD | Forensic toolkit on bootable CD. | ||||
www.porcupine.org | Wietse Venema's forensic site with many resources | Verizon DataBreachReport (pdf) | A 2008 report analyzing security breaches | ||
RADIUS Overview | A short description of RADIUS authentication server | RADIUS and TACACS compared | Cisco's versions of RADIUS and TACACS+ are compared | ||
RADIUS | Description of Cisco's version of RADIUS | ||||
suidDemo.tgz | Shows how suid can be used to control access to files. | System Tuning | Basic system performance monitoring and tuning | ||
Anonymous FTP Site Setup | Shows how to setup and configure FTP. | httpd SSL configuration | Minimal httpd (Apache) configuration for
SSL/TLS
(HTTPS ). |
||
httpd configuration | Sample httpd (Apache) configuration files. | DNS Resources | Sample DNS configuration files plus other resources | ||
File Sharing Overview | File and print sharing using NFS and SMB | Understanding DNSSEC | A readable but slightly dated tutorial about DNSSEC (See also this 2016 DNSSEC tutorial PDF) | ||
SMTP AUTH, TLS | Walk-thru of Postfix setup for SMTP AUTH with SASL, TLS | Email Service Resources | Sample DNS, SpamAssassin, ClamAV, Amavis, SASL, Postfix, and IMAP/POP configuration files, plus other resources | ||
NFS Demo | Setup and use of NFS | Samba Demo | A log of commands needed for setup and use of a minimal Samba server | ||
Shell Scripts (and Other Demos) | |||||
LDP: Bash scripting guide and reference) | Shows how to write Bash shell scripts. complete Bash man page | SSC's Bash shell reference card | (Posted here by permission of SSC, Inc.) | ||
suidDemo.tgz | Shows how suid can be used to control access to files. | find-world-writable | A security script that shows all dangerous world writable files. |