CTS 2311
Unix/Linux Security

Course Syllabus for Unix/Linux Security
View Weekly Course Schedule 

View Course Resources.

View Project 1 requirements.
View Project 2 requirements.
View Project 3 requirements.
View Project 4 requirements.
View Project 5 requirements.
View Project 6 requirements.
View Project 7 requirements.
View Project 8 requirements.
              Other interesting links:

Visit the Tampa-St. Pete Linux User's Group (SLUG).  This group holds monthly meetings.
Most Unix and Linux software is actually GNU software (www.gnu.org), a project of the Free Software Foundation.
Search for RPMs and download updates from RPMFind.net.
You can download free distributions of Unix and Linux from distrowatch.com.
Read the real Unix History article at Spectrum.IEEE.org.  More information can be found at The Open Group.
View Solaris Unix certification and Oracle Unix exam objectives.
View Linux LPI certification and LPI-1 exam objectives.

Syllabus

Fall 2019

Course policies
Time & Place: Ref. No. 13831: Monday, Wednesday 5:30 – 6:45 PM, Dale Mabry room DTEC–461
This is an independent study class, with no scheduled meetings after orientation.
Instructor: Name:  Wayne Pollock
E-mail:  Internet:
Office & Phone:  DTEC–404, 253–7213
View my Office Hours.
Skype ID:  wpollock@hccfl.edu    
Homepage URL:  https://wpollock.com/
Texts: James Turnbull, Hardening Linux, ©2005 Apress.  ISBN: 1-59059-444-4.
This book is out of print, but still good if you can get it:
Peter G. Smith, Linux Network Security.  Originally ©2005 by Charles River Media, (ISBN: 1-58450-396-3), but now available free, from Archive.org
Optional:  Evi Nemeth et. al., Unix and Linux System Administration Handbook, Fifth Edition.  ©2017 Pearson Education, Inc.  ISBN: 978-0-13-427755-4.

HCC bookstore on-line

Description: (This course is 3 credit hours long.)  This course covers the concepts and administration of system and network security on Unix and Linux systems.  Students will gain the skills needed to protect Unix and Linux servers from various types of threats.  Students will understand, plan, and implement security on Linux servers including developing security policies, local system security, network security, monitoring systems and networks, basic firewall setup, and the use of various security related tools (e.g., PAM, sudo).
Objectives: After completing this course, the student will be able to:
  1. Understand the historical perspective of security (government, military, financial/business, personal/medical),
  2. Understand modern computer and information security concepts: MAC, DAC, ACLs, capabilities, confidentiality, integrity, availability, identity, authorization, authentication, etc.,
  3. Understand various system threats including reverse engineering, rootkits, buffer-overflows, etc.,
  4. Understand Unix/Linux system security concepts including user and group permissions for files and directories, SetUID, ACLs, sudo (and RBAC), backups, updates and patches (with digital signatures and message digests), intrusion detection/prevention systems (IDS/IPS), and disk quotas and resource limits,
  5. Controlling access to system components and setting security policies using SE Linux, Solaris zones and containers, Xen, and PAM,
  6. Understand the basics of encryption and digital signatures, and the use of various encryption and digest tools and mechanisms such as GPG, MD5, SHA, and SSH,
  7. Develop and document system security policies and procedures,
  8. Understand security incidents and how to detect and respond effectively to them,
  9. Understand network security concepts and design, including auditing, intrusion detection, DMZs, bastion hosts, VPNs, Wi-Fi security issues, tunneling using SSH and SSL/TLS, and various network threats such as DoS (denial of service) and SQL Injection,
  10. Understand and configure various network services securely, including using xinetd and TCP Wrappers to control access services such as FTP, printing, and file sharing,
  11. Understand and configure SASL,
  12. Configure security for various services (e.g., mail services, OpenLDAP, web services, sshd),
  13. Understand, deploy, and configure firewalls using iptables and access lists,
  14. Describe the functions of authentication servers (such as RADIUS), PKI, and IPSec,
  15. Understand the basics of Kerberos, Windows security (active directory), and Samba,
  16. Understand and configure firewalls using proxy servers such as squid,
  17. Understand and configure a secure logging infrastructure,
  18. Understanding justifications for and methodology of security audits and evaluations (and the difference between them),
  19. Monitor a network using various tools and techniques as logging, port scanning, network intrusion detection systems (NIDS), and packet sniffing,
  20. Understand the basics of computer forensics.
Prerequisite: CTS 2322 or permission of the instructor.  Students enrolled in a degree or college credit certificate program must complete all prerequisites.  Note!  HCC registration computers may not check for prerequisites before allowing you to enroll.  Be certain you have all required prerequisites or you won't have much of a chance of success.  Also you may be dropped from the class.
Facilities: Assignments can be performed on the Dale Mabry campus Linux computers, which can be accessed from the classroom or from some computers the open computer lab.

YborStudent.hccfl.edu (a Linux server) can be accessed from on or off campus and can be used to practice, examine configuration files, read man pages, and do some assignments.  From off-campus, you can also practice using any Unix/Linux system available (or install Linux at home).  It may be possible to install your systems on USB-3 flash disks, can carry it with you to work on from anywhere.  (This may require extra configuration, so your system works on different computers.)

You will also use the YborStudent Wiki for some of your work and having class on-line discussions.

You will need your own flash disk (preferably USB-3 compliant), writing materials, and Scantron 882–E or 882–ES forms.

You can use HawkNet (WebAdvisor) to obtain your final grade for the course.  You can use your assigned Hawkmail (Hawkmail365) email address or use Canvas, if you wish to discuss your grades via email.  (Note, it may be possible to setup your Hawkmail account to forward all received emails to some outside email account; but you still must send mail from your official HCC account to discuss grades.)

Most college systems now (or will in the future) use a single sign-on user ID, known as HCC “NetID”.  Visit netid.hccfl.edu to register and to update your credentials.  (Your initial password is your uppercase first name initial, lowercase last name initial, and your seven digit student ID number.)  Note the quickest way to resolve login issues is the HCC Live Web Portal (hcclive.hccfl.edu).

The college provides wireless network connections for students and guests on Dale Mabry campus.  For students, select the network “HCC_Wireless” from the list of available networks.  Follow the on-screen steps by entering your HCC email address and network password.  For HCC guests: Select “HCC_Guest” from available networks.  Follow the on-screen steps to complete registration.  This network will be available between 7:00 AM and 10:00 PM.  These are the only official HCC networks; don't use others that may appear.

Hawk Alert text messaging service allows you to receive important information regarding campus closures or emergencies.  You may also sign up for financial aid notifications and registration and payment deadlines.  This is a free service, although some fees may be applied by your cellular service provider or plan for text messages.  To sign up, or for more information, visit www.hccfl.edu/hawkalert/.

HCC DM Open Lab

Computers with PuTTY installed are located in the computer science department open lab in DTEC–462.  Additionally, the back-row has computers identical to the ones in our classroom.  So if you need to work on your projects and the classroom is in use, you can request a lab tech to put your hard disk in one of the open lab computers.  (You can call the open lab to determine if the classroom will be available, or to have them pull your hard disk in advance.  The open lab phone number is:  253-7207.)

Lab hours are:

Dale Mabry campus open lab hours
Monday – Thursday8:00 AM to 10:00 PM
Friday 8:00 AM to 4:30 PM
Saturday 8:00 AM to 2:30 PM

(Note:  Lab technicians (“Lab Techs”) are not teaching assistants or tutors, and shouldn't be expected to help you with your coursework.)

Rules for Using HCC Facilities

  1. No food or drinks near computer equipment.
  2. Students bringing their own laptops need to use the wireless network only.  Students cannot disconnect network cables from classroom's computers to connect their personal devices.
  3. Students are not allowed to disconnect monitors or computers to power their personal equipment.
Grading:
Grading Policy
Projects (8): 100%
3 equally weighted closed-book multiple choice exams     100%
Wiki (class study guide) assignment     +5
Classroom participation: +5%

Grading scale:  A=90-100,   B=80-89,   C=70-79,   D=65-69,   F=0-64
(You can elect to “audit” the class during the add/drop period.)

(Collaborating on the class wiki counts as up to 5 points extra credit, as does active class participation.  See below for details.)

Policies:
  • Course format is interactive lecture, with most projects done outside of scheduled class time.
  • No make-up exams will be offered without the prior approval of the instructor.  If a make-up exam is offered, you can take the exam in my office during my regular office hours, or from the Dale Mabry Testing Center.  (Check for their hours of operation, and make sure to give yourself sufficient time to complete an exam.)  You will need to make an appointment to schedule a make-up exam.)
  • Exams will be closed book and closed note multiple choice exams.  While the exams are non-cumulative, each does build upon knowledge acquired earlier.  Exams are based mostly upon material presented in class.  However some questions may be from assigned readings (the textbooks and on-line resources).
  • Exams will only cover material discussed in class or assigned as reading before the exam.  Should the class fall behind the course schedule, some topics shown on the syllabus due for an earlier exam will be tested on the following exam instead.
  • The schedule for the final week of the term may cause a conflict between our class schedule and another class's final exam.  It is up to you to determine if you will have a conflict, and to bring it to the attention of your instructor, so that appropriate arrangements can be made.
  • Regular attendance is imperative for the successful completion of this class.  The textbook and on-line resources should be considered as required course supplements; in other words, the course is not based on the text.
  • All phones, pagers, and beepers must be turned off during class time, except with prior permission of the instructor.  No food or drink is permitted in HCC classrooms.
  • Attendance will be taken within 5 minutes of the start of class; after 4 unexcused absences and/or lateness, the student will lose 2 points off the final grade for each additional occurrence.
  • If you miss a class, you are still responsible for the material covered in that class.  All students should exchange contact information (name, email address, phone number) with at least one other student in the class.  If you must miss a class, you should then contact another student and request they take class notes for you.  (Note, Hawknet has Hawkmail365 email for HCC students.)
  • Credit for class participation includes attendance, preparedness, and adding to class discussions by asking questions and participating in discussions.  Playing computer games, surfing the Internet, or working on assignments for this or other classes during class time will lose you credit.
  • Additional time outside of class will be required.  For typical students an average of between 8 and 12 hours each week outside of class are required for preparation, practice, and projects.
  • Students are expected to prepare for each class by completing all reading assignments, reviewing examples and model solutions provided, and practicing outside of class.  This is important — you cannot learn a skill such as Unix/Linux system administration only by attending class and reading books.  You must practice several hours a few days each week!  If you won't have enough time available, consider auditing the course.
  • Students are expected to check the class website regularly.  Any syllabus changes, class cancellations, project assignments, and homework assignments are announced in class and posted to the website and the RSS feed for this class.
  • A student shall not, without my express authorization, make or receive any recording, including but not limited to audio and video recordings, of any class, co-curricular meeting, organizational meeting, or meeting with me.  Further, you do not have my permission to post on the web or otherwise distribute my class lectures and other course materials.  (You can distribute freely any materials I make publicly available from the HCC (or the wpollock.com) website, without asking permission, provided you give me credit for the work and don't alter it.  Any other use will require expressly given permission.)
  • Working together on individual assignments is considered as cheating!  Turning in someone else's work without giving them credit is also considered cheating (plagiarism).  Cheating will result in an automatic F (zero) for the project for all parties.  Also, you can only earn credit for your own work and not someone else's, even if you do cite your sources.  Note that some projects may be group projects, where each member of a small group works together on a project.  It is also okay to ask a fellow student for class notes (in the event you miss a class) or for help in understanding the text or material given to the class (e.g., examples on the class website).  You are encouraged to study together as well.
  • Because you can learn a lot from your peers, both in the class and in the broader community, I encourage collaboration with both.  However, do not mistake this as a license to cheat.  It is one thing to learn from and with your peers; it is another to pass their work off as your own.  With respect to assignments for this class:
    • You are expected to document any collaboration that takes place.
    • Absolutely no electronic transfer (or other copying) of code between students is permitted.
    • Any code (shell commands) that you “find” on the Internet must be cited, with an active link to that code.
    • While you are encouraged to engage in conversations in online forums, under no circumstances are you permitted to solicit other individuals to complete your work for you.  (So, no posting assignments or homework questions and asking for answers.)
    • Ultimately, YOU are responsible for all aspects of your submissions.  Failure to be able to explain and defend your submission will be treated as a violation of academic integrity.
  • You must abide by the HCC Acceptable Use Policy (AUP) for computers and services.  In particular, you must not run network scanners, or attempt to obtain administrator (“root”) privileges or otherwise disrupt HCC computers and services.  In some explicitly stated circumstances, some parts of the AUP may not apply.  If in any doubt, ask!
  • You must follow the academic honesty policy and the student code of conduct for HCC.  A second cheating offense will result in an “F” for the course, and your name will be turned over to the dean for further handling.  I take these matters very seriously.  You have been warned!
  • Every effort will be made to stick to the weekly schedule for our course.  However it may happen that we will fall behind the schedule at some point.  If so, no topics will be skipped.  Instead we will attempt to catch up over the following weeks.
  • Please be aware that if we fall behind on the weekly schedule, the topics discussed may not match what shows on the syllabus.  The weekly schedule may (but probably won't be) updated in this case.
  • In case we do fall behind, homework assignments (if any) are automatically postponed until we do discuss that topic in class (i.e., the next class).  Projects and in-class exams will not be automatically postponed.  Should your instructor deem it necessary, projects and exams may be rescheduled; this will be announced in class and on the RSS feed.
  • Communications Policy:  I will respond to your emails within 48 hours or two business days.  HCC policy is that grades can only be discussed in person during office hours, or via email only if you use your assigned HCC HawkNet (Hawkmail365) email account.
  • No appointment is necessary to see me during my scheduled, on-campus office hours.  You can just “walk-in”.  You can make appointments for other times as long as I'm available.
  • Occasionally my office hours will be canceled on short (or no) notice, for example if the dean calls me for a meeting.  Before driving out to campus just for my office hours, you should contact me the day before to make sure I still plan to be there.
  • Late Policies:  Late assignments (homework assignments, projects, or exams) generally will not be accepted.  An assignment is late if not turned in by the start of class on the day it is due.

    Late assignments will be accepted late only if you obtain the instructor's permission prior to the due date of the assignment, or for a documented serious medical reason.  All late assignments are subject to a late penalty of at least one letter grade (10%) regardless of the reason for the delay.

    Projects and homework assignments later than one week will receive a more severe late penalty; very late assignments without adequate excuses will receive a grade of “F” (0).  However if you have a very good reason your instructor may waive any or all of the late penalty.  (Examples of good reasons include extended illness that prevents working, being out of town for work, or military service.  Remember, documentation will be required.)

  • The dangers of the flu or another contagious disease require some changes to normal policies.  HCC has implemented the recommendations for institutions of higher learning of the CDC.  (See www.cdc.gov/h1n1flu/guidance/ and www.flu.gov/ for guidance from the CDC.)  You won't need documentation if you miss class due to the flu.  (But if you think you have the flu, you should see a doctor as soon as you can.)  In the unlikely event of a school closure due to the flu, some plan to make up the missed work will be made.

    If you think you have the flu, stay home.  Do not come to HCC until 48 hours after your fever has broken as you are still infectious.  Also, people are infectious to others for a day or so before they have any symptoms.  Flu is spread by touching doorknobs, computer keyboards, railings on stairs, etc., that were touched by someone with the flu.  Avoid shaking hands; use the “fist shake” (touching of fists) if you must use a physical greeting.  The most effective way to avoid catching the flu is to wash your hands frequently, especially after touching something that was touched by others.  Avoid unnecessary touching of eyes, nose and mouth.  While not as good as properly washing hands, hand sanitizers have been installed throughout the campus; use them often.

Projects: Projects will be assigned from the class web page at various times.  You will have sufficient of time to complete the projects, at least a week but usually two weeks.  Although most projects will be group projects, there may be some individual assignments, and you must work individually on the non-group projects.  You may work together in small groups on group projects, provided the names of all who worked together are listed.  Each student must still submit their own copy.  Projects are typically completed outside of regular class hours.

Projects are graded on the following scale:

A = 95% (Excellent: Good design with good comments, style, and extras)
B = 85% (Good: Good design, some comments, readable style, and it works)
C = 75% (Acceptable: Project objectives are met or are close to being met)
D = 65% (Unacceptable)
E = 10-64% (Variable credit: At least you tried)
F =  0% (Didn't hand in the project)

Minor extras worth +5 points, minor omissions or poor design worth -5.

Projects are not graded when turned in.  They are graded later, usually after the project deadline has passed.  Further details will be provided with your first project.  (See also submitting assignments below.)

Homework
Assignments:
For this course your weekly homework assignment is to update the study guide on the class wiki with a substantial contribution based on the material covered in class, from assigned readings, or from other resources you have studied.  A substantial contribution means adding new material, adding references (links), or elaborating (or correcting) some previous addition made by you or another student.  You should add at least two, but no more than five items.  (This is to ensure that all students have a chance to add something.)  Do not work on the wiki during class.

You should use wiki formatting and not HTML formatting when possible, and be sure to spell-check your work.  The wiki will automatically send to your instructor an email for each update, so there is no need to add your name to your contribution.  However, be sure your wiki account name is something your instructor will recognize as belonging to you!

Your instructor is the editor and moderator of this study guide (and for all material posted on this wiki site).  While some time will be given for students to correct postings, in order to ensure an accurate study guide the instructor may edit, add to, or remove material posted by students.

The homeworks will be graded on or after the following week (so you have the weekend to post your homework).  Your contribution will be graded based on correctness, completeness, and clarity.  Each week (for at least 12 weeks), students can earn up to 8 points toward the homework grade.

Wiki
Assignment:
Extra credit can be earned by updating the study guide on the class wiki with a substantial contribution based on the material covered in class, from assigned readings, or from other resources you have studied.  A substantial contribution means adding new material, adding references (links), or elaborating (or correcting) some previous submission.  You should use wiki formatting and not HTML formatting when possible, and be sure to spell-check your work.  The wiki will automatically send your instructor an email for each update, so there is no need to add your name to your contribution.

Your instructor is the editor and moderator of this study guide (and for all material posted on this wiki site).  While some time will be given for students to correct postings, in order to ensure an accurate study guide the instructor may edit, add to, or remove material posted by students.

The wiki assignment will be graded on or after the following week (so you have through the weekend to post something for the previous week).  Your contributions will be graded based on correctness, completeness, and clarity.  Note regular posting is required to earn extra credit; one large post the last week of the term will not earn much (or any) extra credit.

Do not post during class hours.  Do not attempt to post you complete class notes for the day.  Each submission should be on one or two (no more than three) items covered in that class.  (You must leave something for the other students to post!)

Submitting Projects: Projects should be submitted by email via Canvas mail, or directly to .  Please use a subject such as “Unix/Linux Security Project #1 Submission” so I can tell which emails are submitted work.  Send only one assignment per email message.  Email your projects by copy-and-paste into your mail program.  (Please do not send as attachments!)  If possible, use the “text” and not the “HTML” mode of your email program.  Do not send any email to wpollock@YborStudent.hccfl.edu as I may not read that account regularly.

In the event a student submits more than once for the same assignment, I will ignore all but the last one received up to the deadline or until I have provided grading feedback.  Assignments submitted after that will not count toward your grade except as allowed by the course late policy.  You cannot resubmit an assignment for credit once it has been graded.

The HCC email server automatically accepts and silently discards email with certain types of attachments.  If you must send email to my Internet (non-YborStudent) email account please avoid using any attachments, but especially “zip” files.  To send email with a “.zip” attachment you must first rename the file extension to “.zap” and then send the renamed file as an attachment.

To avoid having your submitted work rejected as “spam”, you can use Hawkmail365 to send email to professors.  (This doesn't always work either!)  The most reliable option currently is to send messages via Canvas.

If you have an email problem, you may turn in a printout instead.  Be sure your name is clearly written on the top of any pages turned in.  Please staple multiple pages together (at the upper left).

Academic Calendar
HCC Academic Calendar:
Classes Begin: Monday  8/19/2019   (First class meeting: Tuesday 8/20/2019)
Add-Drop Ends: Friday   8/23/2019
Orientation Period Ends:  Wednesday   8/28/2019
Last Day to Withdraw:  Saturday  10/26/2019
Classes End: Tuesday  10/10/2019 
Grades Available:  Thursday  10/12/2019  (from HawkNet)
HCC is closed on: Saturday–Monday  8/31/2019–9/2/2019 (Labor Day),
Tuesday  10/22/2019 (Faculty In-Service Day),
Saturday–Monday  11/9/2019–11/11/2019 (Veterans' Day),
Thursday–Sunday  11/28/2019–12/1/2019 (Thanksgiving Holiday)

Consequences of Dropping or Withdrawing

Dropping or withdrawing may have an impact on financial aid, veteran’s benefits, or international student visa status.  Students are encouraged to consult with a financial aid, the VA certifying official, or the international student advisor, as appropriate, prior to dropping or withdrawing from class.

Requests For Accommodations

If, to participate in this course, you require an accommodation due to a physical disability or learning impairment, you must contact the Office of Services to Students with Disabilities, Dale Mabry campus: Student Services Building (DSTU) Room 102, voice phone: (813) 259–6035,  FAX: (813) 253–7336.

HCC has a religious observance policy that accommodates the religious observance, practices, and beliefs of students.  Should students need to miss class or postpone examinations and assignments due to religious observances, they must notify their instructor at least one week prior to a religious observance.

 

Quotes on learning
Quotes:         Tell me and I'll listen.
Show me and I'll understand.
Involve me and I'll learn.
    — Lakota Indian saying
        Learning is not a spectator sport!     — Chickering & Gamson

Course schedule for CTS 2311

Day by day course schedule
Dates
Mon         Wed
Topics, Assigned Readings, and Assignment Due Dates
  8/19     8/21   Course introduction.  Review wiki.  Historical perspective of security.  Security organizations, certifications, and web resources.  Basic security concepts and terminology (CIA, AAA, MAC, DAC, ACL, ...).  Security assessments, evaluations, and audits.  Calculating security ROI.
Readings:  Smith: Chapter 1, 8.1, 9.1, 11.1;   on-line resources ("Information Security Overview"), on-line INFOSEC resources ("ROI calculation", "Security Assessments, Evaluations, Audits, and ROI calculation"), Story of 2010 Stuxnet worm investigation
  8/26     8/28   General issues of computer system security.  Issues with backups, updates and patches.  System security threats (e.g., reverse engineering, buffer overflows, rootkits, ...).  Encryption: Symmetric (private key) including DES and AES, and asymmetric (public key) including RSA (used in PGP and GPG) and ECC.  Stream and block cyphers. 
Readings:  Smith: Chapter 2, 6.1, 6.3, 6.4, 6.6, 7.2 (pp. 270–280), 8.3, 8.4 (optional), Appendix E;   Turnbull: Chapters 1 (pp. 1–46, 56–64, 61–66, 75–77), 4 (pp. 207–208, 229–231), 3 (pp. 137–140, 143);   Frisch: security (pp. 330–373, 387–414);  on-line resources ("Security Concepts and Term Definitions")
Project #1 (Install) due 8/28.
Sat 8/31 – Mon 9/2 Labor Day  —  HCC Closed
  9/4   Key exchange including Diffie-Hellman and IKEPKI and issues of trust.  Message digests (checksum, CRC, hash, FCS, ...).  Steganography.  Cryptography (and solving crypto-quotes).
Readings:  Smith: Chapter 2, 6.1, 6.3, 6.4, 6.6, 7.2 (pp. 270–280), 8.3, 8.4 (optional), Appendix E;   Turnbull: Chapters 1 (pp. 1–46, 56–64, 61–66, 75–77), 4 (pp. 207–208, 229–231), 3 (pp. 137–140, 143);   Frisch: security (pp. 330–373, 387–414);  Public key encryption and PKI articles ("Cryptography and PKI")
  9/9     9/11   General system hardening, using vulnerability scanners.  Password Security: good and bad passwords, file formats, policies (PAM), using password generators (pwgen, apg), password auditing (John the Ripper), shadow suite, account locking, password aging (/etc/login.defs, /etc/default/login), password algorithms (salt, crypt, MD5, ...).  Central password databases: NIS, LDAP, Kerberos, SSSD.  Password cracking methods.  Single sign-on (SSO, identity management, and Internet authentication methods (OpenID, OAUTH,and especially FIDO2).
Readings:  Smith: Chapter 2, 6.1, 6.3, 6.4, 6.6, 7.2 (pp. 270–280), 8.3, 8.4 (optional), Appendix E;   Turnbull: Chapters 1 (pp. 1–46, 56–64, 61–66, 75–77), 4 (pp. 207–208, 229–231), 3 (pp. 137–140, 143);   Frisch: Password management (pp. 277–301), security (pp. 330–373, 387–414);  Password SecurityKerberos tutorial
  9/18     9/18   File system security (permissions, ACLs, SetUID/SetGID, mount options).  Database security.  File locking (advisory vs. mandatory, shared vs. exclusive), lock files.
Intrusion detection systems (HIDS, FIMs and FAMs) such as Tripwire.  System (security) auditing and compliance issues.  Credit card security (PCI-DSS) issues.  Process Privileges (Capabilities).  Using sudo and RBAC to reduce risks.  Resource limiting: ulimit, disk quotas, PAM, and cgroups. 
Readings:  Smith: Chapters 6.2, 6.5, 8.1–8.4, 11.3;   Turnbull: Chapters 1 (pp. 44–56), 4 (pp. 187–201, 204–229), 6 (281–295, 313–315, 318–320);   Frisch: PAM (pp. 302–312);   auditing resources, intrusion Detection resources, credit card (PCI-DSS) security, RBAC, sudo, and cgroup resources, PAM resources
Project #2 (Harden) due 9/16.
  9/23   Developing and documenting security policies and procedures.  Understanding security incidents and how to detect and respond effectively to them.
Readings:  Turnbull: Chapter 11.5 (pp. 489–492);   Frisch: Security (pp. 332–336) Incident response (pp. 405–406);   Security Policy resources ("Guide to developing a Security Policy"), Incident Response resources ("SunWorld Article")
  9/25    Exam 1
  9/30     10/2   Using crypto tools (GnuPG) and digest tools (MD5, SHA1).
Readings:  Smith: Chapter 10.1 (pp. 407–411), review Appendix E;   Turnbull: Chapter 4 (pp. 202–204), 6 (281–295, 313–315, 318–320);   Frisch: PAM (pp. 302–312);   Security tools resources (“GnuPG mini-how-to”)
Project #3 (Tripwire) due 9/30.
  10/7     10/9   Using SSH.  Securing SSH.
Readings:  Smith: Chapter 10.2;   Turnbull: Chapter 3 (pp. 169–185);   SSH resources (“SSH Tutorial”)
  10/14   Implementing security policies with SELinux, chroot, BSD jails, Solaris zones and containers, and virtualization (Xen, VMware, VirtualBox, KVM, …).  Cloud computing.
Readings:  Smith: page 227, chapter 8.2 (pp. 294–301), 9;  SELinux and Solaris zones resources ("Solaris Zones"), virtualization resources ("Virtualization for Dummies")
Project #4 (Lockout) due 10/14.
  10/16  

  10/21     10/23  
Network security concepts: Common network threats (botnets, port scanning, DoS, dDoS, spoofing, SQL injection, ...), spam and related email threats and counter-measures, secure network design (including DMZs, bastion hosts, proxy servers, and packet filters), auditing, virtual private networks (VPN), IPSec (OpenSwan, FreeS/WAN).  Securing network services: using xinetd security features, TCP Wrappers.  Enabling kernel network protection.
Readings:  Smith: Chapters 2,4, 2.5, 3, 6.3 (pp. 233–235);  Turnbull: pages 108–117, 124–129, 167–169;  Networking resources ("Network security concepts", "VPN Tutorial")
Project #5 (Crypto) due 10/23.
  10/19 (Fri.) College Day  —  HCC Closed to Students
  10/28   Review
  10/30     Exam 2
  11/4   Understand packet filtering and deploy iptables (netfilter) firewall.  Also discuss firewalld and mention others.
Readings:  Smith: Chapters 3.2, 3.3, 5, Appendixes B, C, D;  Turnbull: Chapter 2, Appendix A;  on-line firewall resources ("iptables overview")
  11/6   Wi-Fi security overview (WEP, WPA, 802.11i, 802.11x).  PPP Security (PAP, CHAP, MS-CHAP), EAP and EAP-TLS.
Readings:  Smith: Pages 81–82;  Wi-Fi security resources ("Wi-Fi Security", "802.11i Overview", "PPP Security", and "IEEE 802.1X Overview")
Sat 11/9 – Mon 11/11 Veterans' Day observed  —  HCC Closed
  11/13   Understanding and configuring SASL.
Readings:  Turnbull: pages 387–402;  on-line SASL resources ("SASL Overview")
Project #6 (Firewall) due 11/13.
  11/18     11/20   Overview of PKI and certificates.  Securing web services (basic and digest, using certificates and HTTPS).  Securing mail services (including SASL and remote user authentication, SPF, DKIM, and DMARC).
Readings:  Turnbull: pages 137–152, 373–386, PKI lecture notes resource, NY Times article “Security issues with PKI
  11/25     11/27   Using nmap, nessus.  Monitor a network using NIDS (with Snort, others). 
Readings:  Smith: Chapter 4, Turnbull: Chapter 6, on-line Monitoring resources ("NIDS and Snort")
Project #7 (Virtualization) due 11/27.
Thu 11/28 – Sun 12/1 Thanksgiving Holiday  —  HCC Closed
  12/2     12/4   Review secure logging infrastructure (syslog and modern replacements).  Overview of computer forensics.  Securing DNS.
Readings:  Smith: Chapter 11.2, Turnbull: Chapter 5, on-line logging resources ("Syslog, Log File Rotation", "System Monitoring Tutorial"), DNSSEC tutorial, on-line Forensics resources ("RFC 3227")
12/1     12/3 Additional topics, time permitting:
Securing DNS, LDAP.  Configure and deploy a proxy server (Squid).  Configuring authentication servers (RADIUS, TACACS).  Overview of Windows security (domains, active directory).  Securing print services, printer quotas.
Readings:  Smith: Chapter 10.4, Turnbull: Chapter 11, RADIUS/TACACS on-line resources
  12/10     Exam 3
Project #8 (Email part 2, PKI) due 12/10.

Class resources
Resources
NIST guide for continuously monitoring Information Security Provides links to useful information     Bronze Age security Lessons learned from Bronze age fortress design
    Security Concepts, Background, and Term Definitions (PDF) Draft lecture notes
Soft Skills Discusses certifications, job interviewing tips, and required non-technical skills needed to find and keep a job        
RFC-4949 Internet Security Glossary     Cyber Security Tips Excellent collection of tips on keeping you safe on-line, from us-cert.gov.  (See also RFC-2504, Users' Security Handbook)
Network security tutorial Tutorial on Internet security from iec.org, now available from The Internet Archive, and based in part on RFC 2196     Home networking security tutorial Tutorial on securing your home computer from cert.org
US DoDD 8570 Information about DoD directive 8570 required certifications  (See also isc2.org/dodmandate and directive 8570 itself, from the DoD Issuances Website;  Note that DoDD 8570 is slated to be renamed to DoDD 8140, “Cyber Security Workforce”)     cpni.gov.uk The UK's version of us-cert.gov, (a merger of NISCC, MI-5, and other agencies)
SAMATE Reference Dataset (SARD) The SARD, provided by NIST.gov, provides a set of known bugs and flaws for a wide variety of languages, platforms, and compilers.  This allows consumers to evaluate tools and developers to test their methods.     Top 25 Errors A list of common security-related coding errors, from SANS.org and CWE.Mitre.org
cert.org CERT studies threats such as viruses and provides help, information, and training     iapsc.org International Association of Professional Security Consultants
sans.org Highly regarded source of security training, also provides useful security information     EC-Council Ethical hacking training, certification, and other resources
IPSA International Professional Security Association     LinuxSecurity.com Information, advisories, how-to articles for Linux
isc2.org the International Information Systems Security Certification Consortium, provides CISSP certification  (see also GIAC.org)     us-cert.gov Provides thread advisories and other information for U.S. organizations, government, and citizens.  Can use this site to report incidents or subscribe to various bulletins (such as Cyber Security Bulletins)
NIST Special Publications, 800 series A valuable collection of US government standards, regulations, and best practices for computer security.  (See also the Guide to NIST Information Security Documents.)     Microsoft Security Center Products, Updates, Tools, News for Microsoft software (with RSS feed)
Post Install Task List Lists and briefly describes many post install tasks.     NIST National Checklist Program Repository U.S. government repository of publicly available security checklists that provide detailed guidance on setting the security configuration of operating systems and applications.
SANS.org Critical Security Controls List of most important security measures you should take     Council on Cyber Security Critical Controls Critical Controls for Effective Cyber Defense  (See also ASD Top 4 Strategies)
NSA IAD top 10 (PDF) Top 10 Information Assurance Mitigation Strategies     PCI Prioritized Approach Advice on prioritizing DSS security control deployment
Security tutorials A library of tutorials on security     Kernel Parameters How to set some kernel parameters (for network security)
HTTPS Everywhere EFF FireFox add-on     Panopticlick EFF Browser identity uniqueness
Security Risks of QR Codes Describes some security risks of barcodes, QR codes (see wpollock.com QR code), and NFC technologies     Bitcoin: The Cryptoanarchists' Answer to Cash A good article by Morgen E. Peck, from IEEE Spectrum June 2012
RSA's SecurID A PNG image of the RSA SecurID 800 authentication token     Key Logger Hardware (JPEG) An image of key logger hardware installed on a PC
Cryptoquote A cryptoquote puzzle     NSA Kids Various crypto games and tutorials, making and breaking codes and ciphers
National Software Reference Library (NSRL) A list of digital signatures for known (good) software     Example cryptanalysis (Wikipedia) This article includes a readable example of cracking an autokey cipher
Public-key encryption Tutorial on security and public-key encryption (from the old Netscape.com DevEdge site)     NIST CSRC tools These include standards and usage notes, lists of approved algorithms, etc.
Public Key Encryption Overview Public key encryption tutorial from Wikipedia.org     Public Key Demo Illustrates the RSA public key system;  see also this rsa.c C program, or this rsa.bc version, written using bc
ASN.1 decoder A decoder for ASN.1, used with RSA, DSA, SNMP, etc., from lapo.it/asn1js/     Elliptic Curve Cryptography Primer An excellent article on ECC from Ars Technica
Diffie-Hellman Key Exchange A short description     Cryptography and PKI (PDF) Readable introductory NIST publication #SP800-32
FIPS-180 U.S. Approved Secure Hashing Algorithms  (See other NIST Computer Security Resource Center tools and publications)     xor.c Demo C program showing XOR encryption
Cracking encryption xkcd.com cartoon showing how encryption is really cracked     HackAttack.txt Fun (and probably untrue) IRC log of a script-kiddie trying to attack someone
sectools.org security tool list A listing, description, and rating of the top 125 security related tools     sectool home sectool is a Fedora security auditing tool, i.e. a host vulnerability scanner and IDS for RPM based systems
rkhunter.txt Sample daily rkhunter run     OpenVAS OpenVAS security/vulnerability scanner home
secstate sample results The results of running the secstate audit command on a Fedora system     sectool sample report Results of running sectool on a Fedora host
OpenSCAP sample results The results of running the oscap xccdf eval command on a Fedora system     NIST approved SCAP tool list SCAP compliant tools approved by the NIST
SCAP home The Security Content Automation Protocol (SCAP) - NIST     OpenSCAP home An open source implementation of SCAP standards, including various tools (such as secstate) and other resources
Mitre OVAL Repository Includes OVAL content for use with SCAP tools     U.S. DoD STIGs Security checklists (and scripts) required to connect hosts to any DoD network  (See also the NSA Security Guides)
Password Security Overview An overview of password security techniques, management, policies, and auditing best practices     NIST Guide to enterprise Password Management See also FIPS-112 (Password Use), FIPS-181 (APG: A Password Generator), And the modern replacement for those, NIST SP-800-63b
OpenID.net An older Internet SSO solution     Oauth.net A relatively popular Internet SSO solution
FIDO2 A new (2018) approach to authenticating clients to services across the Internet, without passwords     Time To Brute-Force Passwords Chart showing the time it takes to guess a password based on complexity
DKIM tutorial “Signing emails with DomainKeys Identified Mail” 12/2008 article from H-Online     NFSv4 ACLs Table of NT-style (or NFSv4 style) ACL privileges and inheritance flags
Unix file permissions More than you wanted to know about Unix permissions     Tripwire (sourgeforge) Complex HIDS/File Integrity Monitor (Open source version of commercial Tripwire (company))
Credit card (PCI-DSS) Security Standards Payment Card Industry security standards     PCISecurityStandards.org PCI DSS standard
RBAC Solaris Role Based Access Control Demo     cgroups Fedora control groups (cgroups) resource management guide
sssd Fedora system security services daemon (sssd) guide     /etc/sudoers A sample /etc/sudoers file
Quota Administration Shows how to setup and manage disk quotas     PAM Tutorial Shows how to configure and use PAM  (See also Solaris 11 PAM Guide and Linux PAM System Administrator's Guide.)
Unix/Linux Intrusion Detection (PDF) How to check a Linux/Unix system for signs of intrusion     Introduction to Intrusion Detection Systems Article about IDSes
Intrusion Detection FAQ (from SANS) Useful Information about intrusion detection     ISACA home Information Systems Audit and Control Association
FrSIRT Security Research and Cyber Threat Monitoring     helpnetsecurity.com Many resources, including information and software
Etherape Graphic network monitor tool        
Auditor Resources System auditor resources and links     Unix Auditor's Practical Handbook Overview of security auditing Unix systems
SANS audit policy template (PDF) A skeleton auditing policy document     FreeIPA.org A system for managing users and groups (single sign-on).  (IPA stands for Identity, Policy, and Audit, but currently (2015) only “I” functionality is supported.)
Guide to developing a Security Policy (PDF) Building and Implementing a Successful Information Security Policy     NIST Security Handbook (PDF) A guide for Security, Auditing, policies, etc.
Sample Security Policies Over two dozen sample security policies and templates     Inside story of the 2011 HBGary break-in by Anonymous Facinating account of how the security firm was hacked by the group Anonymous, with many valuable security lessons
RFC-2350 Computer Security Incident Response     Incident Response (expired SunWorld Article) A short intro to incident response
FIRST.org Resources for Incident Response     Incident Management A guide from us-cert.gov
Responding to Security Incidents (4 parts) Solaris current best practice for security incident response     Incident Response (PDF) Detailed FCC guide to incident response (hosted by NIST)
CERT/CC CSIRT Handbook (PDF) Management of Computer Security Incident Response Teams     cert.org security incident response resources Computer Security Incident Response Teams (CSIRTs) resources
ICE takedown (JPEG) Screen-shot of web site showing Immigrations and Customs Enforcement (ICE) domain (website) takedown notice        
Security Tools Demo Shows how to use MD5 checksums and GPG to verify a downloaded chkrootkit tar-ball.     Journalist's Toolbox A good list of privacy and other security tools, presented for professional journalists but usable by anyone
GnuPG (GPG) home How-tos, FAQs on GPG     GnuPG (GPG) mini-how-to A short cookbook for using GPG
SSH Sample Configurations Sample SSH client and server files     /etc/sysctl.conf A sample sysctl.conf file, setting kernel security parameters
SSH Tutorial A Sun Blueprints (now OTN) article, part 1.  (The resources list has great links!)     TCP Wrappers A short tutorial on TCP Wrappers
SELinux Home NSA's homepage for the Security Enhanced Linux project     Fedora SELinux Guide See also SELinux FAQs (NSA), Fedora SELinux wiki
Visual how-to guide for SELinux policy enforcement A clear description from Dan Walsh of Red Hat     Red Hat 7 SELinux User Guide An excellent overview and how-to guide
SELinux for Mere Mortals 2012 Red Hat Summit meeting (YouTube video)  A PDF of the slides is available from people.redhat.com/.../SELinuxMereMortals.pdf     Mandatory Access Control (MAC) with SELinux 2009 article from Linux Magazine, for Sys Admins
Getting Started with SE Linux An old but readable (and still useful) HOW-TO document     AppArmor Used mostly by Ubuntu & SuSE)
Virtualization Wiki Overview of virtualization     Virtualization for Dummies (PDF) A guide downloaded from Sun.com
Comparison of virtualization solutions Article from Wikipedia.org     Solaris Zones Oracle Admin Guide: Solaris Zones and Containers
Vagrant Software to define and manage virtual machines easily from the command line (often used by developers)     Solaris Zones Oracle Admin Guide: Solaris Zones and Containers
VirtualBox.org Popular virtualization product from Oracle (previously Sun)     VMware Player The free version of the “gold standard” in the virtualization universe, VMware
Sandboxing and Virtualization (PDF) Interesting article from Compute Now (IEEE) magazine, in the MARCH/APRIL 2011 issue     Cloud Computing Some papers describing and defining Cloud computing, from NIST.gov
Docker Demo A walk-thru showing Docker setup and use on a simple example     Docker Home Useful documentation, software, and public images
Docker docs Official Docker tutorials and information     Docker Hub A public repo of Docker images
LinuxContainers.org Information on LXC technology     Core OS Software stack for managing containers
The Illustrated Children's Guide to Kubernetes Short and understandable introduction to Kubernetes - YouTube.com     Kubernetes vs Mesos vs Swarm A brief comparison of the major container orchestration engines COEs - SumLogic.com
Internet Mapping Project View pictures of the Internet (12/98 Wired pic, Selected snap-shots; see also IPv4 changes in Yugoslavia during the 1999 war)     Unix Security Links A good list of Unix security resources, found at andercheran.aiind.upv.es/toni/unix/
TCP/IP tutorial From IBM's Redbook website     VPN Tutorial (PDF) Virtual Private Networks Tutorial, excerpted from this Cisco book.  (See also this simpler overview and tutorial from HomeNetHelp.com, or this tutorial from Netgear.com (PDF))
Openswan IPsec for Linux     FreeS/WAN Project IPsec for Linux, popular but no longer maintained
p0f A (passive) OS fingerprinting tool     SamSpade.org Web-based security tools
Network security concepts Network security lecture notes        
iptables overview Draft lecture notes for iptables     iptables server rules demo Example set of iptables rules for a decommissioned real web server  (See also this simpler iptables sample rules)
iptables/netfilter home Many iptables resources     iptables tutorial An older but good tutorial
FireStarter A GUI front-end for iptables     Shoreline Firewall ("Shorewall") A high-level tool for creating iptables firewalls
...Using Firewalld on CentOS 7 A nice tutorial for firewalld        
Moron's Guide to Kerberos Kerberos overview.  See also this tutorial from Kerberos.org.     Introduction to Kerberos — Sun.com A good introduction to Kerberos.
Wi-Fi Security Draft Wi-Fi overview and security lecture notes     802.11i Overview (PDF) 24 page description of wireless 802.11i security, from SANS.org
PPP Security PAP, CHAP, MS-CHAP, EAP, and EAP-TLS     IEEE 802.1X Overview 802.1X is the security standard used for 802.11 networking, and wired networks too.
SASL Resources See also Gnu SASL manual     Cyrus SASL A guide for system administrators
RFC-2222 (SASL) RFC for SASL     SASL Overview SASL lecture notes
NSA's INFOSEC Assessment Methodology How to perform security policy audits     NSA's INFOSEC Evaluation Methodology How to perform security evaluations
ROI calculation Security ROI (ROSI) sample calculation     Security Assessments, Evaluations, Audits, and ROI calculation Lecture notes for security ROI (ROSI) calculation, ...
PKI lecture notes Public-key Infrastructure and certificate overview     SSL/TLS Setup Configuring Apache, Postfix, IMAP to support SSL/TLS (also creating a CA certificate)
SSL/TLS Introduction Good overview from Apache docs     Apache authentication and authorization docs Configuring Apache for “basic” authentication
SSL/TLS Ciphers in your browser A list of the key exchange, encryption, and checksum algorithms your web browser advertises     Apache configuration for PFS Configuring Apache for perfect forward secrecy
Configuring Apache, Nginx, and OpenSSL for Forward Secrecy A good blog post from Qualys     Configuring Server-side TLS Best current practive on SSL/TLS= configuration, from Mozilla
HTTP Authentication A capture using Firefox "LiveHTTP" extension of the HTTP protocol showing BASIC authentication     GoDaddy.com SSL Cheap Server Certificates from GoDaddy.com (which in turn are currently validated by the CA Valicert.com, a.k.a. Tumbleweed Comm.)
Let's Encrypt PKI Certificate Authority that provides free web server certificates via the certbot command line tool     instantssl.com Free Server Certificates (30-day expiration) from Comodo root CA
Dogtag CA system Open source (from Red Hat) certificate authority (CA) software that supporting all aspects of certificate management including key archival, OCSP, etc.     Security issues with PKI NY Times article, “Experts Warn of a Weak Link in the Security of Web Sites”, published on 8/14/2010
Nagios.org Nagios host and network scanner     SAINT SAINT network vulnerability scanner
Samhain HIDS Popular File Integrity Monitor        
Snort.org Snort network scanner     Nessus.org Nessus Host and network vulnerability scanner
NIDS and Snort Lecture notes, including snort build directions     System Management A list of tools available (see also Wikipedia comparison of open source configuration management tools
Center for Internet Security Excellent vulnerability scanners (“benchmarks”) and info     Nikto Web server vulnerability scanner The name comes from a famous Sci-fi movie The day the Earth Stood Still
Webmasters help for hacked sites Google's resources for webmasters of hacked web sites     Google's Safe Browsing malware map One of Google's Transparency Report tools
SNMP Setup Shows how to setup and configure Linux SNMP     docwiki.cisco.com SNMP A detailed tutorial on SNMP, part of Cisco's Internetworking Technology Handbook
SNMP MIB SNMPv2 MIB for Cisco MPLS Router        
Building a Secure Logging Infrastructure Logging lecture notes        
System Monitoring Tutorial A brief overview of the basics     Syslog, Log File Rotation A tutorial including examples
Forensic Examination of Digital Evidence: A Guide for Law Enforcement A U.S. Dept. of Justice publication, 2004     Electronic Crime Scene Investigation: A Guide for First Responders A U.S. Dept. of Justice publication, 2001
RFC-3227 Guidelines for Evidence Collection and Archiving     Forensic Procedures Overview A short article last accessed in 2017 from IACIS
        Portable Linux Auditing CD Forensic toolkit on bootable CD.
www.porcupine.org Wietse Venema's forensic site with many resources     Verizon DataBreachReport (pdf) A 2008 report analyzing security breaches
RADIUS Overview A short description of RADIUS authentication server     RADIUS and TACACS compared Cisco's versions of RADIUS and TACACS+ are compared
RADIUS Description of Cisco's version of RADIUS        
suidDemo.tgz Shows how suid can be used to control access to files.     System Tuning Basic system performance monitoring and tuning
Anonymous FTP Site Setup Shows how to setup and configure FTP.     httpd SSL configuration Minimal httpd (Apache) configuration for SSL/TLS (HTTPS).
httpd configuration Sample httpd (Apache) configuration files.     DNS Resources Sample DNS configuration files plus other resources
File Sharing Overview File and print sharing using NFS and SMB     Understanding DNSSEC A readable but slightly dated tutorial about DNSSEC  (See also this 2016 DNSSEC tutorial PDF)
SMTP AUTH, TLS Walk-thru of Postfix setup for SMTP AUTH with SASL, TLS     Email Service Resources Sample DNS, SpamAssassin, ClamAV, Amavis, SASL, Postfix, and IMAP/POP configuration files, plus other resources
NFS Demo Setup and use of NFS     Samba Demo A log of commands needed for setup and use of a minimal Samba server
Shell Scripts (and Other Demos)
LDP: Bash scripting guide and reference) Shows how to write Bash shell scripts.  complete Bash man page     SSC's Bash shell reference card (Posted here by permission of SSC, Inc.)
suidDemo.tgz Shows how suid can be used to control access to files.     find-world-writable A security script that shows all dangerous world writable files.

[Valid RSS]

RSS iconXML iconRSS feed for this page

What is RSS?