CTS 2311
Unix/Linux Security

Unix/Linux Security course syllabus
View Weekly Course Schedule 

View Course Resources.

View Project 1 requirements.
View Project 2 requirements.
View Project 3 requirements.
View Project 4 requirements.
View Project 5 requirements.
View Project 6 requirements.
View Project 7 requirements.
View Project 8 requirements.

              Other interesting links:

Visit the Tampa-St. Pete Linux User's Group (SLUG).  This group holds monthly meeting on the second Tuesday of each month, on our campus.
Most Unix and Linux software is actually GNU software (www.gnu.org), a project of the Free Software Foundation.
Search for RPMs and download updates from RPMFind.net.
A lot of Linux software can be found at www.FreshMeat.net.  You can get involved with open-source software at sourceforge.net.  You can download free distributions of Unix and Linux from distrowatch.com.
Read the real History of Unix, by one of its inventors.  More information can be found at The Open Group.
View Solaris certification and Sun's exam objectives.
View Linux LPI certification and LPI-1 exam objectives.
View SAGE home.

Syllabus

Fall 2009

Course policies
Time & Place: Ref No. 89822: Tuesday, Thursday 5:30 – 6:45 PM, Dale Mabry room DTEC–461
Instructor: Name:  Wayne Pollock
E-mail:  Internet:
Office & Phone:  DTEC–404, 253–7213.
DM Office Hours:  Monday–Thursday, 3:55–5:25 & 8:15–8:30;
On-line Office Hours:  Wednesday–Friday, 12:00 PM (noon)–1:00 PMor by appointment.
Contact Information
Instant Messenger ID (Yahoo Messenger):  waynepollocklive
Homepage URL:  http://www.hccfl.edu/pollock/ 		          Yahoo Messenger on-line status - click to chat or leave a message
Texts: James Turnbull, Hardening Linux, ©2005 Apress.  ISBN: 1-59059-444-4.
Peter G. Smith, Linux Network Security, ©2005 Charles River Media.  ISBN: 1-58450-396-3.
Optional:  AEleen Frisch, Essential System Administration, 3rd Edition.  ©2002 O'Reilly & Associates.  ISBN: 0-596-00343-9.
Description: This course covers the concepts and administration of system and network security on Unix and Linux systems.  Students will gain the skills needed to protect Unix and Linux servers from various types of threats.  Students will understand, plan, and implement security on Linux servers including developing security policies, local system security, network security, monitoring systems and networks, basic firewall setup, and the use of various security related tools (e.g., PAM, sudo).
Objectives: After completing this course, the student will be able to:
  1. Understand the historical perspective of security (government, military, financial/business, personal/medical)
  2. Understand modern computer and information security concepts: MAC, DAC, ACLs, capabilities, confidentiality, integrity, availability, identity, authorization, authentication, etc.
  3. Understand various system threats including reverse engineering, rootkits, buffer-overflows, etc.
  4. Understand Unix/Linux system security concepts including user and group permissions for files and directories, SetUID, ACLs, sudo (and RBAC for Solaris), backups, updates and patches (with digital signatures and message digests), intrusion detection/prevention systems (IDS/IPS), and disk quotas and resource limits
  5. Controlling access to system components and setting security policies using SELinux, Solaris zones and containers, Xen, and PAM
  6. Understand the basics of encryption and digital signatures, and the use of various encryption and digest tools and mechanisms such as GPG, MD5, SHA1, and SSH
  7. Develop and document system security policies and procedures
  8. Understand security incidents and how to detect and respond effectively to them
  9. Understand network security concepts and design, including auditing, intrusion detection, DMZs, bastion hosts, VPNs, Wi-Fi security issues, tunneling using SSH and SSL/TLS, and various network threats such as DoS (denial of service) and SQL Injection
  10. Understand and configure various network services securely, including using xinetd and TCP Wrappers to control access services such as FTP, printing, and file sharing
  11. Understand and configure SASL
  12. Configure security for various services (e.g., mail services, OpenLDAP, web services, sshd)
  13. Understand, deploy, and configure firewalls using iptables and access lists
  14. Describe the functions of authentication servers (such as RADIUS), PKI, and IPSec.
  15. Understand the basics of Kerberos, Windows security (active directory), and Samba
  16. Understand and configure firewalls using proxy servers such as squid
  17. Understand and configure a secure logging infrastructure
  18. Understanding justifications for and methodology of security audits and evaluations (and the difference between them)
  19. Monitor a network using various tools and techniques as logging, port scanning, network intrusion detection systems (NIDS), and packet sniffing
  20. Understand the basics of computer forensics
Prerequisite: CTS 2322 (previously called CGS-2764) or permission of the instructor.  Students enrolled in a degree or college credit certificate program must complete all prerequisites.
Facilities: Assignments can be performed on the Dale Mabry campus Linux computers, which can be accessed from the classroom or from some computers the open computer lab.  YborStudent.hccfl.edu (a Linux server) can be accessed from on or off campus and can be used to practice, examine configuration files, read man pages, and do some assignments.  From off-campus you can also practice using any Unix/Linux system available (or install Linux at home).  You will also use the YborStudent Wiki for some of your work and having class on-line discussions.  You will need your own floppy/flash disk, writing materials, and Scantron 882–E or 882–ES forms.  You can use HawkNet (WebAdvisor) to obtain your final grade for the course.  You can use CampusCrusier for email, college calendars, and course (and college related) resources.

HCC DM Open Lab
Computers are located in the computer science department open lab in DTEC–462.  Lab hours are:
Dale Mabry campus open lab hours
Monday – Thursday8:00 AM to 10:00 PM
Friday 8:00 AM to 8:30 PM
Saturday 8:00 AM to 4:30 PM
Grading:
Grading Policy
Projects (about 6): 40%
Weekly homework assignments: 10%
3 equally weighted closed-book multiple choice exams     50%
Classroom participation: +5%

Grading scale:  A=90-100,   B=80-89,   C=70-79,   D=65-69,   F=0-64
(Or you can elect to audit the class during the add/drop period.)

Policies:
  • No makeup exams will be offered without the prior approval of the instructor.
  • Exams will be closed book and closed note multiple choice exams.  While the exams are non-cumulative, each does build upon knowledge acquired earlier.  Exams are based mostly upon material presented in class however some questions may be from assigned readings (the textbooks and on-line resources).
  • Exams will only cover material discussed in class or assigned as reading before the exam.  Should the class fall behind the course schedule, some topics shown on the syllabus due for an earlier exam will be tested on the following exam instead.
  • Regular attendance is imperative for the successful completion of this class.  The textbook and on-line resources should be considered as required course supplements; in other words the course is not based on the text.
  • All phones, pagers, and beepers must be turned off during class time, except with prior permission of the instructor.  No food or drink is permitted in HCC classrooms.
  • Attendance will be taken within 5 minutes of the start of class; after 4 unexcused absences and/or lateness, the student will lose 2 points off the final grade for each additional occurrence.
  • If you miss a class you are still responsible for the material covered in that class.  All students should exchange contact information (name, email address, phone number) with at least one other student in the class.  If you must miss a class, you should then contact another student and request they take class notes for you.  (Note Campus Cruiser has email and discussion board areas for our course.)
  • Credit for class participation includes attendance, preparedness, and adding to class discussions by asking questions and participating in discussions.  Playing computer games, surfing the Internet, or working on assignments for this or other classes during class time will lose you credit.
  • Additional time outside of class will be required.  For typical students an average of between 8 and 12 hours each week outside of class are required for preparation, practice, and projects.
  • Students are expected to prepare for each class by completing all reading assignments, reviewing examples and model solutions provided, and practicing outside of class.  This is important — you can't learn a skill such as Unix/Linux administration only by attending class and reading books.  You must practice several hours a few days each week!  If you won't have enough time available, consider auditing the course.
  • Students are expected to check the class website regularly.  Any syllabus changes, class cancellations, project assignments, and homework assignments are announced in class and posted to the website and the RSS feed for this class.
  • Working together on individual assignments is considered as cheating!  Turning in someone else's work without giving them credit is also considered cheating (plagiarism).  Cheating will result in an automatic F (zero) for the project for all parties.  Note that some projects may be group projects, where each member of a small group works together on a project.  It is also OK to ask a fellow student for class notes (in the event you miss a class) or for help in understanding the text or material given to the class (e.g., examples on the class website).  It is encouraged to study together as well.
  • You must follow the academic honesty policy for HCC.  A second cheating offense will result in an F for the course, and your name will be turned over to the Dean for further handling.  I take these matters very seriously.  You have been warned!
  • Communications Policy:  I will respond to your emails within 48 hours or two business days.  HCC policy is that grades can only be discussed in person during office hours, or via email only if you use your assigned HCC HawkNet (or Campus Cruiser) email account.
  • Every effort will be made to stick to the weekly schedule for our course.  However it may happen that we will fall behind the schedule at some point.  If so no topics will be skipped.  Instead we will attempt to catch up over the following weeks.
  • Please be aware that if we fall behind on the weekly schedule, the topics discussed may not match what shows on the syllabus.  The weekly schedule may (but probably won't be) updated in this case.
  • In the case we fall behind, homework assignments are automatically postponed until we do discuss that topic in class (i.e., the next class).  Projects and in-class exams will not be automatically postponed.  Should your instructor deem it necessary, projects and exams may be rescheduled; this will be announced in class.
  • Late Policies:  Late assignments (homework assignments, projects, or exams) generally will not be accepted.  An assignment is late if not turned in by the start of class on the day it is due.

    Late assignments will be accepted late only if you obtain the instructor's permission prior to the due date of the assignment, or for a documented serious medical reason.  All late assignments are subject to a late penalty of at least one letter grade (10%) regardless of the reason for the delay.

    Projects and homework assignments later than one week will receive a more severe late penalty; very late assignments without adequate excuses will receive a grade of F (0).  However if you have a very good reason your instructor may waive any or all of the late penalty.  (Examples of good reasons include extended illness that prevents working, being out of town for work, or military service.  Remember documentation will be required.)

  • The current flu pandemic requires some changes to normal policies.  HCC is implementing the recommendations for institutions of higher learning of the CDC.  (See www.cdc.gov/h1n1flu/guidance/ and www.flu.gov/ for guidance from the CDC.)  You won't need documentation if you miss class due to the flu.  (But if you think you have the flu, you should see a doctor as soon as you can.)  In the unlikely event of a school closure, some plan to make up the missed work will be made.

    If you think you have the flu, stay home.  Do not come to HCC until 48 hours after your fever has broken.  People are infectious to others for a day or so before they have any symptoms.  Flu is spread by touching doorknobs, computer keyboards, railings on stairs, etc., that were touched by someone with the flu.  Avoid shaking hands; use the fist shake (touching of fists) if you must use a physical greeting.  The most effective way to prevent catching the flu is to wash your hands frequently, especially after touching something that was touched by others.  Avoid unnecessary touching of eyes, nose and mouth.  While not as good as properly washing hands, hand sanitizers have been installed throughout the campus; use them often.

Projects: Projects will be assigned from the class web page at various times.  You will have sufficient of time to complete the projects, at least a week but usually two weeks.  Although there will be some group assignments you must work individually on the non-group projects.  You may work together in small groups on group projects, provided the names of all who worked together are listed.  Each student must still submit their own copy.  Projects are typically completed outside of regular class hours. 

Projects are graded on the following scale:

A = 95% (Excellent: Good design with good comments, style, and extras)
B = 85% (Good: Good design, some comments, readable style, and it works)
C = 75% (Acceptable: Project objectives are met or are close to being met)
D = 65% (Unacceptable)
E = 10-64% (Variable credit: At least you tried)
F =  0% (Didn't hand in the project)

Minor extras worth +5 points, minor omissions or poor design worth -5.

Projects are not graded when turned in.  They are graded all at once, sometime after the project deadline has passed (usually the next weekend).  Further details will be provided with your first project.  (See also submitting assignments below.)

Homework
Assignments:		 For this course your weekly homework assignment is to update the study guide on the class wiki with a substantial contribution based on the material covered in class, from assigned readings, or from other resources you have studied.  A substantial contribution means adding new material, adding references (links), or elaborating (or correcting) some previous submission.  You should use wiki formatting and not HTML formatting when possible, and be sure to spell-check your work.  The wiki will automatically send your instructor an email for each update, so there is no need to add your name to your contribution.

Your instructor is the editor and moderator of this study guide (and for all material posted on this wiki site).  While some time will be given for students to correct postings, in order to ensure an accurate study guide the instructor may edit, add to, or remove material posted by students.

The homeworks will be graded on or after the following week (so you have the weekend to post your homework).  Your contribution will be graded based on correctness, completness, and clarity.  Each week (for at least 12 weeks), students can earn up to 8 points toward the homework grade.

Submitting Projects: Projects should be submitted by email to .  Please use a subject such as Unix/Linux Security Project #1 Submission so I can tell which emails are submitted work.  Send only one assignment per email message.  Email your projects by copy-and-paste into your mail program.  (Please do not send as attachments!)  If possible, use the text and not the HTML mode of your email program.  Do not send any email to wpollock AT YborStudent.hccfl.edu.

In the event a student submits more than once for the same assignment, I will ignore all but the last one received up to the deadline.  Projects submitted after the deadline will not count toward your grade except as allowed by the course late policy.

The HCC email server automatically accepts and silently discards email with certain types of attachments.  If you must send email to my Internet (non-YborStudent) email account please avoid using any attachments, but especially zip files.  To send email with a .zip attachment you must first rename the file extension to .zap and then send the renamed file as an attachment.

To avoid having your submitted work rejected as spam, you can use CampusCruiser to send email to professors.

If you have an email problem you may turn in a printout instead.  Be sure your name is clearly written on the top of any pages turned in.  Please staple multiple pages together (at the upper left).

Academic Calendar
Classes Begin: Monday  8/24/09   (First class meeting: Tuesday 8/25/09)
Add-Drop Ends: Friday   8/28/09
Last Day to Withdraw:  Monday  11/2/09
Classes End: Monday  12/14/09  (Last regularly scheduled class: Thursday 12/10/09)
Grades Available:  Thursday  12/17/09 (from FACTS.org or HawkNet)
HCC is closed on: Monday  9/7/09 (Labor Day),
Friday  10/16/09 (All-college Day),
Wednesday  11/11/09 (Veterans Day),
Thursday–Saturday  11/26/09–11/28/09 (Thanksgiving Holiday)

Request For Accommodation

If, to participate in this course, you require an accommodation due to a physical disability or learning impairment, you must contact the Office of Services to Students with Disabilities, Dale Mabry campus: Student Services Building (DSTU) Room 204, voice phone: (813) 259–6035,  TTD: (813) 253–7035,  FAX: (813) 253–7336.  Brandon campus: voice phone: (813) 253–7914.

HCC has a religious observance policy that accommodates the religious observance, practices, and beliefs of students.  Should students need to miss class or postpone examinations and assignments due to religious observances, they must notify their instructor at least one week prior to a religious observance.

 

Quotes on learning
Quotes:         Tell me and I'll listen.
Show me and I'll understand.
Involve me and I'll learn. 		    — Lakota Indian saying
        Learning is not a spectator sport!     — Chickering & Gamson

Course schedule for CTS 2311

Day by day course schedule
Dates
Tue       Thu 		Topics, Assigned Readings, and Assignment Due Dates
  8/25   Course introduction.  Review wiki.  Pass out Linux CDs, assign installation project.  Installing Linux (basic IP network setup, common installation issues).  Historical perspective of security.  Basic security concepts (CIA, AAA, MAC, DAC, ACL, ...).  Security assessments, evaluations, and audits.  Calculating security ROI.
Readings:  Smith: Chapter 1, 8.1, 9.1, 11.1;   on-line resources ("Information Security Overview"), on-line INFOSEC resources ("ROI calculation", "Security Assessments, Evaluations, Audits, and ROI calculation")
  8/27  

  9/1  
 Home football game 8/27 @8:00 PM, Parking pass (and extra commuting time) will be required.
General issues of computer system security.  Issues with backups, updates and patches.  System security threats (e.g., reverse engineering, buffer overflows, rootkits, ...).  Encryption: Symmetric (private key) including DES and AES, and asymmetric (public key) including RSA (used in PGP and GPG) and EEC.  Stream and block cyphers.  Key exchange including Diffie-Hellmen and IKEPKI and issues of trust.  Message digests (checksum, CRC, hash, FCS, ...).  Steganography.  Crytography (and solving crypto-quotes).
Readings:  Smith: Chapter 2, 6.1, 6.3, 6.4, 6.6, 7.2 (pp. 270–280), 8.3, 8.4 (optional), Appendix E;   Turnbull: Chapters 1 (pp. 1–46, 56–64, 61–66, 75–77), 4 (pp. 207–208, 229–231), 3 (pp. 137–140, 143);   Frisch: Password management (pp. 277–301), security (pp. 330–373, 387–414);  on-line resources ("Security Concepts and Term Definitions"), Public key encryption and PKI articles ("Cryptography and PKI")
  9/3  

  9/8  
 General system hardening.  Password Security: good and pad passwords, file formats, policies (PAM), using password generators (pwgen, apg), password auditing (John the Ripper), shadow suite, password aging (/etc/login.defs, /etc/default/login), password algorithms (salt, crypt, MD5, ...).  Central password databases: NIS, LDAP, Kerberos.  Password cracking methods.
Readings:  Smith: Chapter 2, 6.1, 6.3, 6.4, 6.6, 7.2 (pp. 270–280), 8.3, 8.4 (optional), Appendix E;   Turnbull: Chapters 1 (pp. 1–46, 56–64, 61–66, 75–77), 4 (pp. 207–208, 229–231), 3 (pp. 137–140, 143);   Frisch: Password management (pp. 277–301), security (pp. 330–373, 387–414);  Password security
Project #1 (Install) due 9/3.
  9/10  

  9/15  
 File system security (permissions, ACLs, SetUID/SetGID, mount options).  File locking review (advisory vs. mandatory, shared vs. exclusive).
Vulnerability scanners and host intrusion detection systems (HIDS, FIMs and FAMs) such as Tripwire.  System (security) auditing and compliance issues.  Credit card security (PCI-DSS) issues.  Process Privileges (Capabilities).  Using sudo and RBAC to reduce risks.  Resource limiting: ulimit, disk quotas, PAM. 
Readings:  Smith: Chapters 6.2, 6.5, 8.1–8.4, 11.3;   Turnbull: Chapters 1 (pp. 44–56), 4 (pp. 187–201, 204–229), 6 (281–295, 313–315, 318–320);   Frisch: PAM (pp. 302–312);   auditing resources, intrusion Detection resources, credit card (PCI-DSS) security, RBAC and sudo resources, PAM tutorial
  9/17   Developing and documenting security policies and procedures.  Understanding security incidents and how to detect and respond effectively to them.
Readings:  Turnbull: Chapter 11.5 (pp. 489–492);   Frisch: Security (pp. 332–336) Incident response (pp. 405–406);   Security Policy resources ("Guide to developing a Security Policy"), Incident Response resources ("SunWorld Article")
Project #2 (Harden) due 9/17.
9/22       9/24 Using crypto tools (GnuPG) and digest tools (MD5, SHA1).  Using SSH.  Securing SSH.
Readings:  Smith: Chapter 10.1 (pp. 407–411), 10.2, review Appendix E;   Turnbull: Chapter 3 (pp. 169–185), 4 (pp. 202–204), 6 (281–295, 313–315, 318–320);   Frisch: PAM (pp. 302–312);   Security tools resources ("GnuPG mini-how-to")
  9/29    Exam 1
  10/1  

  10/6  
 Implementing security policies with SELinux, chroot, BSD jails, Solaris zones and containers, and virtualization (Xen, Vmware, …).
Readings:  Smith: page 227, chapter 8.2 (pp. 294–301), 9;  SELinux and Solaris zones resources ("Solaris Zones"), virtualization resources ("Virtualization for Dummies")
  10/8  

  10/13  
 Network security concepts: Common network threats (port scanning, DoS, dDoS, spoofing, SQL injection, ...), secure network design (including DMZs, bastion hosts, proxy servers, and packet filters), auditing, virtual private networks (VPN), IPSec (OpenSwan, FreeS/WAN).  Securing network services: using xinetd security features, TCP Wrappers.  Enabling kernel network protection.
Readings:  Smith: Chapters 2,4, 2.5, 3, 6.3 (pp. 233–235);  Turnbull: pages 108–117, 124–129, 167–169;  Networking resources ("Network security concepts", "VPN Tutorial")
  10/15
10/20  
 Understand packet filtering and deploy iptables (netfilter) firewall.
Readings:  Smith: Chapters 3.2, 3.3, 5, Appendixes B, C, D;  Turnbull: Chapter 2, Appendix A;  on-line firewall resources ("iptables overview")
  10/22
10/27  
 Wi-Fi security (WEP, WPA, 802.11i, 802.11x).  PPP Security (PAP, CHAP, MS-CHAP), EAP and EAP-TLS.
Readings:  Smith: Pages 81–82;  Wi-Fi security resources ("Wi-Fi Security", "802.11i Overview", "PPP Security", and "IEEE 802.1X Overview")
Project #3 (Lockout) due 10/27.
  10/29   Understanding and configuring SASL.
Readings:  Turnbull: pages 387–402;  on-line SASL resources ("SASL Overview")
  11/3     Exam 2
  11/5
11/10  
 Overview of PKI and certificates.  Securing web services (basic and digest, using certificates and HTTPS).  Securing mail services (including SASL and remote user authentication).
Readings:  Turnbull: pages 137–152, 373–386, PKI lecture notes
Project #4 (Tripwire) due 11/5.
  11/12
11/17  
 Using nmap, nessus.  Monitor a network using NIDS (with Snort). 
Readings:  Smith: Chapter 4, Turnbull: Chapter 6, on-line Monitoring resources ("NIDS and Snort")
  11/19
11/24  
 Building a secure logging infrastructure (syslog and modern replacements).  Overview of computer forensics.
Readings:  Smith: Chapter 11.2, Turnbull: Chapter 5, on-line logging resources ("Syslog, Log File Rotation", "System Monitoring Tutorial"), on-line Forensics resources ("RFC-3227")
Project #5 (Crypto) due 11/19.
11/26 Thanksgiving Holiday  —  HCC Closed
12/1     12/3

12/8
Additional topics, time permitting:
Configure and deploy a proxy server (Squid).  Configuring authentication servers (RADIUS, TACACS).  Overview of Windows security (domains, active directory).  Securing print services, printer quotas.  Securing LDAP, DNS.
Readings:  Smith: Chapter 10.4, Turnbull: Chapter 11, RADIUS/TACACS on-line resources
12/10   Exam 3

 


Class name: CTS 2311 (Unix/Linux Security)  Day: Tues, Thurs Time: 5:30 PM

Student Information Sheet

Student Name: ___________________________

Student ID: _____________________________

Phone (optional):  ______________________

Email (optional):  ______________________



Student Certification Statement

I have read and understand all of the information contained in the syllabus,
and agree to abide by the conditions of this course, especially the following
areas  (initial each area):

		_____  Test Policy

		_____  Honesty Policy

		_____  Attendance Policy

		_____  Grading Policy

		_____  Class Conduct

					_________________________________
						Student Signature

 

Class resources
Resources
Lecture on history of Information Security Windows Media Player video by Whitfield Duffie.     Bronze Age security Lessons learned from Bronze age fortress design
Information Security Overview Draft lecture notes     Security Concepts and Term Definitions Draft lecture notes
RFC-4949 Internet Security Glossary        
Network security tutorial Tutorial on Internet security from iec.com     Home networking security tutorial Tutorial on securing your home computer from cert.org
CERT.org Computer Emergency Response Team Coordination Center (See also US-CERT)     cpni.gov.uk The UK's version of cert.org, (a merger of NISCC, MI-5, and other agencies
SecurityCertified.net Information about DoD directive 8570 required certifications SCNS, SCNP, and SCNA     CISSP certification The most widely recognized security certification, approved by ANSI and ISO, from (ISC)2
Post Install Task List Lists and briefly describes many post install tasks.     NIST National Checklist Program Repository U.S. government repository of publicly available security checklists that provide detailed guidance on setting the security configuration of operating systems and applications.
Hacker Attack IRC chat log Story of a dumb script-kiddie     Securing Solaris Hardening a Solaris system (pre-Solaris 10)
Security tutorials A library of tutorials on security     Kernel Parameters How to set some kernel parameters (for network security)
Cryptoquote A cryptoquote puzzle     xor.c Demo C program showing XOR encryption
Public-key encryption Tutorial on security and public-key encryption (from Netscape.com's DevEdge site)     NIST CSRC tools These include standards and usage notes, lists of approved algorithms, etc.
Public key encryption overview Public key encryption tutorial from Wikipedia.org     Public Key Demo Illustrates the RSA public key system  (See rsa.c C program)
Diffie-Hellman Key Exchange A short description     Cryptography and PKI (PDF) Readable introductory NIST publication #SP800-32
Password Security An overview of password security techniques, management, policies, and auditing best practices     NIST CSRC Password tools These include FIPS-112 (Password Use) and FIPS-181 (A Password Generator)
RBAC Solaris Role Based Access Control Demo     NFSv4 ACLs Table of NT-style (or NFSv4 style) ACL privileges and inheritance flags
Moron's Guide to Kerberos Kerberos overview        
Unix file permissions More than you wanted to know about Unix permissions.     Tripwire Complex HIDS/File Integrity Monitor (Open source version of commercial Tripwire)
Credit card (PCI-DSS) security Payment Card Industry security standards     PCISecurityStandards.org PCI DSS standard
PCIAnswers.com PCI DSS compliance questions and answers     /etc/sudoers A sample /etc/sudoers file
Quota Administration Shows how to setup and manage disk quotas     PAM Tutorial Shows how to configure and use PAM.  (See also Solaris 10 PAM Guide and Linux PAM Sys. Admin. Guide)
Unix/Linux Intrusion Detection (PDF) How to check a Linux/Unix system for signs of intrusion     Introduction to Intrusion Detection Systems Article about IDSes
Intrusion Detection FAQ (from SANS) Useful Information about intrusion detection     ISACA home Information Systems Audit and Control Association
FrSIRT Security Research and Cyber Threat Monitoring     net-security.org Many resources, including information and software
Bastille System hardening Script to help harden a Linux/Unix system     Etherape Graphic network monitor tool
Auditor Resources System auditor resources and links     Unix Auditor's Practical Handbook Overview of security auditing Unix systems
SANS audit policy template (PDF) A skeleton auditing policy document        
Guide to developing a Security Policy (PDF) Building and Implementing a Successful Information Security Policy     NIST Security Handbook (PDF) A guide for Security, Auditing, policies, etc.
Sample Security Policies Over two dozen sample security policies and templates        
RFC-2350 Computer Security Incident Response     Incident Response (expired SunWorld Article) A short intro to incident response
FIRST.org Resources for Incident Response     Incident Management A guide from us-cert.gov
Responding to Security Incidents (4 parts) Solaris current best practice for security incident response     Incident Response (PDF) Detailed FCC guide to incident response (hosted by NIST)
CERT/CC CSIRT Handbook (PDF) Management of Computer Security Incident Response Teams     cert.org security incident response resources Computer Security Incident Response Teams (CSIRTs) resources
Security Tools Demo Shows how to use MD5 checksums and GPG to verify a downloaded chkrootkit tar-ball.     FIPS-180 Approved Secure Hashing Algorithms See other NIST Computer Security Resource Center tools and publications
GnuPG (GPG) home How-tos, FAQs on GPG.     GnuPG (GPG) mini-how-to A short cookbook for using GPG.
SSH Sample Configurations Sample SSH client and server files     /etc/sysctl.conf A sample sysctl.conf file, setting kernel security parameters
SSH Tutorial A Sun Blueprints article, part 1.  (The resources list has great links!)     TCP Wrappers A short tutorial on TCP Wrappers
SELinux Home NSA's homepage for the Security Enhanced Linux project     SELinux FAQs Fedora FAQ and other docs for SELinux
Getting Started with SE Linux A HOW-TO document     Solaris Zones Overview of Solaris 10 Zones and Containers
Virtualization Wiki Overview of virtualization     Virtualization for Dummies (PDF) A guide downloaded from Sun.com
Comparison of virtualization solutions Article from Wikipedia.org        
Internet Mapping Project View pictures of the Internet (12/98 Wired pic, Yugoslavia during the 1999 war)     Unix Security Links An excellent list of Unix security resources
TCP/IP tutorial From Cisco's website     VPN Tutorial Virtual Private networks Tutorial from IEC
Openswan IPsec for Linux     FreeS/WAN Project IPsec for Linux, popular but no longer maintained
p0f A (passive) OS fingerprinting tool     SamSpade.org Web-based security tools
Network security concepts Network security lecture notes        
iptables overview Draft lecture notes for iptables     iptables server rules demo Example set of iptables rules for a server
iptables/netfilter home Many iptables resources     iptables tutorial An older but good tutorial
FireStarter A GUI front-end for iptables     Shoreline Firewall ("Shorewall") A high-level tool for creating iptables firewalls
Wi-Fi Security Draft Wi-Fi overview and security lecture notes     802.11i Overview (PDF) 24 page description of wireless 802.11i security, from SANS.org
PPP Security PAP, CHAP, MS-CHAP, EAP, and EAP-TLS     IEEE 802.1X Overview 802.1X is the security standard used for 802.11 networking, and wired networks too.
SASL Resources Links for SASL (Simple Authentication and Security Layer)     Cyrus SASL A guide for system administrators
RFC-2222 (SASL) RFC for SASL     SASL Overview SASL lecture notes
NSA's INFOSEC Assessment Methodology How to perform security policy audits     NSA's INFOSEC Evaluation Methodology How to perform security evaluations
ROI calculation Security ROI (ROSI) sample calculation     Security Assessments, Evaluations, Audits, and ROI calculation Lecture notes for security ROI (ROSI) calculation, ...
PKI lecture notes Public-key Infrastructure and certificate overview     SSL/TLS Setup Configuring Apache, Postfix, IMAP to support SSL/TLS (also creating a CA certificate)
HTTP Authentication A capture using Firefox "LiveHTTP" extention of the HTTP protocol showing BASIC authentication     GoDaddy.com Cheap Server Certificates from GoDaddy.com (which in turn are currently validated by the CA Valicert.com, a.k.a. Tumbleweed Comm.)
CACert.org PKI Certificate Authority that provides free certificates     instantssl.com Free Server Certificates (30-day expiration) from Comodo root CA
Nagios.org Nagios host and network scanner     SAINT SAINT network vulnerability scanner
Samhain HIDS Popular File Integrity Monitor        
Snort.org Snort network scanner     Nessus.org Nessus Host and network vulnerability scanner
NIDS and Snort Lecture notes, including snort build directions     System Management A list of tools available (see also ftp.opensysmon.com/
Center for Internet Security Excellent vulnerability scanners (benchmarks) and info     sectool Host vulnerability scanner and IDS for RPM based systems
Nikto Web server vulnerability scanner The name comes from a famous Sci-fi movie The day the Earth Stood Still.        
SNMP Setup Shows how to setup and configure Linux SNMP.     www.cisco.com/.../SNMP.htm A detailed tutorial on SNMP.
SNMP MIB SNMPv2 MIB for Cisco MPLS Router.        
Building a Secure Logging Infrastructure Logging lecture notes        
System Monitoring Tutorial A brief overview of the basics     Syslog, Log File Rotation A tutorial including examples
Forensic Examination of Digital Evidence: A Guide for Law Enforcement A U.S. Dept. of Justice publication, 2004     Electronic Crime Scene Investigation: A Guide for First Responders A U.S. Dept. of Justice publication, 2001
RFC-3227 Guidelines for Evidence Collection and Archiving     Forensic Procedures Overview A short article from IACIS
FIRE: Forensic and Incident Response Environment A bootable CD with forensic tools     Portable Linux Auditing CD Forensic toolkit on bootable CD.
www.porcupine.org Wietse Venema's forensic site with many resources     Verizon DataBreachReport (pdf) A 2008 report analyzing security breaches
RADIUS Overview A short description of RADIUS authentication server     RADIUS and TACACS compared Cisco's versions of RADIUS and TACACS+ are compared
RADIUS Description of Cisco's version of RADIUS        
suidDemo.tgz Shows how suid can be used to control access to files.     System Tuning Basic system performance monitoring and tuning
Anonymous FTP Site Setup Shows how to setup and configure FTP.     httpd SSL configuration Minimal httpd (Apache) configuration for SSL/TLS (HTTPS).
httpd configuration Sample httpd (Apache) configuration files.     DNS Resources Sample DNS configuration files plus other resources
File Sharing Overview File and print sharing using NFS and CIFS (SMB)     Email Service Resources Sample DNS, SpamAssassin, ClamAV, Amavis, SASL, Postfix, and IMAP/POP configuration files, plus other resources
SMTP AUTH, TLS Walk-thru of Postfix setup for SMTP AUTH with SASL, TLS
NFS Demo Setup and use of NFS     Samba Demo A log of commands needed for setup and use of a minimal Samba server
Shell Scripts (and Other Demos)
LDP: Bash scripting guide and reference) Shows how to write Bash shell scripts.  complete Bash man page     SSC's Bash shell reference card (Posted here by permission of SSC, Inc.)
suidDemo.tgz Shows how suid can be used to control access to files.     find-world-writable A security script that shows all dangerous world writable files.

[Valid RSS]

RSS iconXML iconRSS feed for this page

What is RSS?