HP

• Fundamentals of UNIX System
• HP- Ignite-UX
• HP-UX System and Network Administration I
• HP-UX System and Network Administration II
• HP-UX System & Network Admins for experienced UNIX Systems Admins

• HP-UX System and Network Administration I & II (H3064S & H3065S)
• HP-UX for experienced UNIX system administrators (H5875S)

Introduction

• •Corporate security risks
• •IT managers' security risks
• •Areas of computer security
• •Changes in the computing environment: security implications
• •Changes system administrator roles: security implications
• •Overview of UNIX security

How hackers gather information about a target system

• •Understanding how and why hackers gather information about target systems
• •Preventing hackers from gathering information via login banners
• •Preventing hackers from gathering information via finger, rwho, and rusers
• •Preventing hackers from gathering information via sendmail/SMTP
• •Preventing hackers from gathering information via SDUX
• •Preventing hackers from gathering information via RPC services
• •Preventing hackers from gathering information via SNMP
• •Preventing hackers from gathering information via nmap and other port scanners
• •Preventing hackers from gathering information via social engineering
• •Preventing hackers from gathering information via onsite visits

How hackers gain access to a target system: Software vulnerabilities

• •Understanding the dangers of bugs and known vulnerabilities
• •Obtaining and understanding to US-CERT advisories
• •Obtaining and understanding HP-UX security bulletins
• •Identifying critical security patches with security_patch_check
• •Installing and managing security patches with SDUX
• •Isolating compromised applications
• •Limiting buffer overflow attacks with executable_stack and chatr
• •Limiting file access with chroot
• •Overview: Limiting privileged kernel function access with Fine Grained Privileges
• •Overview: Limiting IPC, network, and other resource access with Compartments

How hackers gain access to a target system: Unsecured terminals

• •Understanding how hackers get to a login prompt
• •Securing dial-In Lines
• •Securing workstation console access
• •Securing MP server console access
• •Securing terminal device files and X-windows displays
• •Securing network service access
• •Configuring a screen lock

How hackers gain privileges: Unsecured passwords

• •Understanding how hackers exploit HP-UX password authentication vulnerabilities
• •Understanding the /etc/passwd file
• •Understanding the /etc/shadow file
• •Encrypting passwords
• •Managing user passwords
• •Configuring shadow passwords
• •Configuring password aging
• •Cracking passwords with John the Ripper
• •Authenticating users via PAM
• •Configuring /etc/pam.conf

Solution: Configuring SMSE user security

• •Understanding Standard Mode Security Enhancements Benefits
• •Understanding SMSE Attributes
• •Configuring /etc/security.dsc
• •Configuring /etc/default/security
• •Configuring /etc/passwd and /etc/shadow
• •Configuring /var/adm/userdb/
• •Managing attributes with the secweb GUI
• •Managing attributes with the secweb TUI
• •Enforcing security policies

How hackers gain privileges: Unsecured user accounts

• •Understanding how hackers exploit HP-UX user account vulnerabilities
• •Protecting user accounts: guidelines
• •Protecting the root account: guidelines
• •Limiting root access via /etc/security
• •Limiting root access via sudo
• •Limiting root access via the restricted SAM builder
• •Configuring accounts for guest users
• •Configuring accounts for single application users
• •Configuring accounts for teams and groups
• •Preventing dormant accounts

Solution: Configuring Role Based Access Control (RBAC)

• •Understanding RBAC’s features and benefits
• •Installing RBAC
• •Configuring & assigning RBAC roles
• •Configuring & assigning RBAC authorizations
• •Configuring RBAC commands & privileges
• •Verifying the RBAC database
• •Configuring RBAC auditing
• •Running commands with privrun
• •Editing files with privedit

Solution: Securing UNIX file systems

• •Understanding how hackers exploit improper file and directory permissions
• •Viewing and Changing File Permissions
• •Searching for Files with Improper Permissions
• •Configuring and using the SUID bit
• •Configuring and using the SGID bit
• •Configuring and using the sticky bit
• •Configuring and using JFS ACLs

How hackers monitor and hide system activity

• •Understanding how hackers monitor and hide system activity
• •Monitoring log files
• •Monitoring network connections
• •Monitoring logins
• •Monitoring processes
• •Monitoring log files
• •Monitoring file access attempts
• •Monitoring system activity via syslogd
• •Configuring /etc/syslog.conf
• •Compiling lsof
• •Monitoring log files
• •Hiding connections, processes, and
• arguments
• •Doctoring log files and time stamps

Solution: monitoring activity with SMSE auditing

• •Comparing trusted system vs. SMSE auditing
• •Installing SMSE auditing
• •Enabling & disabling SMSE auditing
• •Auditing system calls and events
• •Auditing users
• •Viewing audit logs
• •Managing audit logs
• •Managing the audit monitoring daemon
• •Understanding audomon log messages

Solution: monitoring suspicious activity with HIDS

• •Understanding the role of intrusion detection software
• •Installing HP's HIDS product
• •Configuring HIDS detection templates and properties
• •Configuring HIDS surveillance groups
• •Configuring HIDS surveillance schedules
• •Configuring HIDS response scripts
• •Monitoring HIDS alerts and errorsIDS Architecture

How hackers exploit backdoors

• •Understanding how hackers use system backdoors to gain root privileges
• •Protecting device files
• •Protecting cron files
• •Protecting executable directories
• •Protecting startup scripts
• •Protecting root's hidden files
• •Preventing backdoors with proper file permissions
• •Identifying backdoors with Aide

How hackers exploit TCP/IP vulnerabilities

• •Understanding how hackers exploit TCP/IP vulnerabilities to gain privileges
• •Understanding the dangers posed by DNS vulnerabilities, sniffers, and IP spoofing
• •Using symmetric key encryption
• •Using public key encryption and authentication
• •Configuring SSH
• •Configuring SSH client/user authentication
• •Configuring SSH single sign-on
• •Using SSH client utilities

How hackers exploit internet service vulnerabilities

• •Understanding how hackers exploit internet service vulnerabilities to gain privileges
• •Securing inetd, berkeley, and rpc services
• •Securing real, guest, and anonymous FTP access
• •Securing non-inetd services
• •Improving security via TCPWrapper

Solution: scanning for vulnerabilities with Nessus

• •Understanding the purpose of host and network scanners
• •Installing Nessus & Nessus Plugins
• •Connecting to a Nessus server
• •Selecting Nessus plugins
• •Selecting Nessus targets
• •Starting a Nessus scan
• •Viewing Nessus results
• •Saving Nessus reports

Solution: hardening HP-UX hosts with bastille

• •Understanding the purpose of a "hardened" host
• •Installing Bastille
• •Using the Bastille GUI
• •Saving the Bastille configuration file
• •Applying the Bastille configuration file
• •Reverting to the pre-Bastille configuration
• •Using Bastille’s install-time security bundles

Solution: configuring IPFilter firewalls

• •Understanding the purpose of host and perimeter firewalls
• •Understanding the purpose of a packet filtering firewall
• •Understanding the purpose of a NAT firewall
• •Understanding the purpose of a proxy firewall
• •Installing IPFilter
• •Managing IPFilter rulesets
• •Configuring a default deny policy
• •Preventing IP and loopback spoofing
• •Controlling ICMP service access
• •Controlling access to TCP and UDP Services
• •Controlling access via active and passive FTP
• •Testing IPFilter rulesets
• •Monitoring IPFilter

How hackers perform damaging tasks

• •Understanding how hackers perpetrate denial of service attacks
• •Preventing process table DoS attacks
• •Preventing file system DoS attacks
• •Preventing network-based DoS attacks
• •Protecting against programmed threats

Appendices

• •Solution: improving user and password security with trusted systems
• --•Understanding the relative advantages of shadow and trusted systems
• --•Configuring password format policies
• --•Configuring password aging policies
• --•Configuring user account policies
• --•Configuring terminal security policies
• --•Configuring access control policies
• --•Configuring password aging policies
• --•Understanding the /tcb directory structure
• •How hackers exploit NFS vulnerabilities
• --•Understanding how hackers exploit NFS service vulnerabilities to gain privileges
• --•Controlling NFS client access
• --•Controlling NFS root acces
• --•Controlling Access with Netgroups
• --•Improving security with NFS client side mount options
• --•Preventing NFS spoofing with firewalls
• --•Preventing NFS spoofing with firewalls
• --•Monitoring NFS access
• •How hackers exploit NIS vulnerabilities
• --•Understanding how hackers exploit NIS service vulnerabilities to gain privileges
• --•Limiting access to NIS clients
• --•Limiting access to NIS servers
• --•Limiting access with NIS netgroups
• --•Verifying an NIS server's IP address and port number
• --•Verifying an NIS client's IP address

For organizational purchases, please send us a message at salesinfo@eno.com or complete and submit this form .

• Complete Training Catalog
• Oracle Applications Training and Consulting
• Peoplesoft Applications Training and Consulting
• SAP Applications Training and Consulting
• Security Technologies Training and Consulting
• Telecommunications Training and Consulting
• Wireless Technology Training and Consulting