-
Linux has a very good reputation as a secure and efficient operating system. It is therefore an indispensable building block in the construction of secure overall systems. This course provides in-depth knowledge about the use of various security technologies based on Linux, such as the configuration and operation of Linux systems as firewalls and routers or the secure shell. It also goes into detail about techniques that you can use to secure Linux systems yourself, for example those that act as web or mail servers. You will also learn the basics of working with intrusion detection systems such as Snort and security scanners such as OpenVAS.
-
Course Contents
-
- Security: Introduction
- Local security
- Tap-proof shell access with OpenSSH
- Securing server services
- Firewall concepts
- Packet filter with Netfilter (“iptables”)
- Security in the local network
- Security analysis
- Computer-based attack detection
- Network-based attack detection
-
Target Group
-
This course is aimed at network planners and operators as well as system administrators who want to acquire in-depth knowledge of security problems in IP networks and how to solve them on a Linux basis.
-
Knowledge Prerequisites
-
A sound basic knowledge of network terminology and in-depth protocol knowledge of the TCP/IP world contribute to an understanding of the subject areas. Experience with the basic administration of Linux machines is also necessary.
-
Complementary and Continuative Courses
-
Course Objective
-
You will gain in-depth knowledge of Linux security, including the configuration and operation of various security techniques and protective measures in Linux systems.
| 1 | Sicherheit: Einführung |
| 1.1 | Was ist Sicherheit? |
| 1.2 | Sicherheit als betriebswirtschaftliches Problem |
| 1.3 | Angriffe |
| 1.4 | Angreifer |
| 1.5 | Sicherheitskonzepte |
| 1.5.1 | Warum? |
| 1.5.2 | Risikoanalyse |
| 1.5.3 | Kosten-Nutzen-Analyse |
| 1.5.4 | Sicherheitsziele, Richtlinien und Empfehlungen |
| 1.5.5 | Audits |
| 1.6 | Sicherheit und Open-Source-Software |
| 1.7 | Informationsquellen |
| 2 | Lokale Sicherheit |
| 2.1 | Physische Sicherheit |
| 2.1.1 | Physische Sicherheit – warum? |
| 2.1.2 | Planung |
| 2.1.3 | Risiken |
| 2.1.4 | Diebstahl |
| 2.1.5 | Alte Medien |
| 2.2 | Minimalsysteme |
| 2.3 | Den Bootvorgang sichern |
| 2.3.1 | Bootvorgang und BIOS |
| 2.4 | Bootlader-Sicherheit |
| 2.4.1 | Grundsätzliches |
| 2.4.2 | GRUB 2 |
| 2.4.3 | GRUB Legacy |
| 2.4.4 | LILO |
| 3 | Die Secure Shell (für Fortgeschrittene) |
| 3.1 | Einführung |
| 3.2 | Grundlegende Funktionalität |
| 3.3 | Benutzer-Beschränkungen |
| 3.4 | Tipps und Tricks |
| 3.4.1 | Benutzer-Konfiguration für verschiedene Server |
| 3.4.2 | Feinheiten des Protokolls |
| 3.4.3 | Netz und doppelter Boden |
| 3.4.4 | Spaß mit öffentlichen Schlüsseln |
| 3.5 | OpenSSH-Zertifikate |
| 3.5.1 | Überblick |
| 3.5.2 | Benutzer-Schlüssel beglaubigen |
| 3.5.3 | OpenSSH-Zertifikate für Benutzer verwenden |
| 3.5.4 | Rechner-Schlüssel und -Zertifikate |
| 4 | Firewall-Konzepte |
| 4.1 | Firewalls und Sicherheit |
| 4.2 | Firewall-Bestandteile |
| 4.3 | Implementierung von Firewalls |
| 4.3.1 | Ein einfaches Beispiel: Heim-LAN |
| 4.3.2 | Ein Heim-LAN mit Router |
| 4.3.3 | Internet-Anbindung einer Firma mit DMZ |
| 4.3.4 | DMZ für Arme: Triple-Homed Host |
| 4.4 | Firewalls und gängige Protokolle |
| 5 | Paketfilter mit Netfilter (»iptables«) |
| 5.1 | Sinn und Zweck von Paketfiltern |
| 5.2 | Der Paketfilter in Linux-Systemen |
| 5.2.1 | Konzeption |
| 5.2.2 | Arbeitsweise |
| 5.2.3 | Einbindung im Kernel |
| 5.3 | Das Kommandozeilenwerkzeug iptables |
| 5.3.1 | Grundlagen |
| 5.3.2 | Erweiterungen |
| 5.3.3 | Festlegung der Aktion |
| 5.3.4 | Operationen auf eine komplette Kette |
| 5.3.5 | Sichern der Filterregeln |
| 5.3.6 | PraxisbeispieL |
| 5.4 | Adressumsetzung (Network Address Translation) |
| 5.4.1 | Anwendungsfälle für NAT |
| 5.4.2 | Varianten von NAT |
| 5.4.3 | NAT per Netfilter |
| 5.4.4 | Besonderheiten von NAT |
| 6 | Sicherheitsanalyse |
| 6.1 | Einleitung |
| 6.2 | Netzanalyse mit nmap |
| 6.2.1 | Grundlagen |
| 6.2.2 | Syntax und Optionen |
| 6.2.3 | Beispiele |
| 6.3 | Der Sicherheitsscanner OpenVAS |
| 6.3.1 | Einleitung |
| 6.3.2 | Struktur |
| 6.3.3 | OpenVAS benutzen |
| 7 | Rechnerbasierte Angriffserkennung |
| 7.1 | Einleitung |
| 7.2 | Tripwire |
| 7.2.1 | Aufbau |
| 7.2.2 | Vorbereitende Arbeiten |
| 7.2.3 | Regel-Betrieb |
| 7.2.4 | Festlegung der Überwachungsrichtlinien |
| 7.3 | AIDE |
| 7.3.1 | Einleitung |
| 7.3.2 | Arbeitsmodi von AIDE |
| 7.3.3 | Konfiguration von AIDE |
| 7.3.4 | Beispielkonfiguration von AIDE |
| 8 | Netzbasierte Angriffserkennung |
| 8.1 | Einleitung |
| 8.2 | Portscans erkennen – scanlogd |
| 8.3 | Angreifer aussperren – fail2ban |
| 8.3.1 | Überblick |
| 8.3.2 | Struktur |
| 8.4 | Snort: Schweinereien in Echtzeit erkennen |
| 8.4.1 | Grundlagen |
| 8.4.2 | Snort installieren und testen |
| 8.4.3 | Snort als IDS |
| 9 | Virtuelle private Netze mit OpenVPN |
| 9.1 | Warum VPN? |
| 9.2 | OpenVPN |
| 9.2.1 | Grundlagen |
| 9.2.2 | Allgemeine Konfiguration |
| 9.2.3 | Einfache Tunnel |
| 9.2.4 | OpenVPN mit TLS und X.509-Zertifikaten |
| 9.2.5 | Server-Modus |
| A | Musterlösungen |
| B | X.509-Crashkurs |
| B.1 | Einleitung: Kryptografie, Zertifikate und X.509 |
| B.2 | Eine Zertifizierungsstelle generieren |
| B.3 | Server-Zertifikate generieren |
| C | Kommando-Index |
| Index |
-
Classroom training
- Do you prefer the classic training method? A course in one of our Training Centers, with a competent trainer and the direct exchange between all course participants? Then you should book one of our classroom training dates!
-
Hybrid training
- Hybrid training means that online participants can additionally attend a classroom course. The dynamics of a real seminar are maintained, and the online participants are able to benefit from that. Online participants of a hybrid course use a collaboration platform, such as WebEx Training Center or Saba Meeting. To do this, a PC with browser and Internet access is required, as well as a headset and ideally a Web cam. In the seminar room, we use specially developed and customized audio- and video-technologies. This makes sure that the communication between all persons involved works in a convenient and fault-free way.
-
Online training
- You wish to attend a course in online mode? We offer you online course dates for this course topic. To attend these seminars, you need to have a PC with Internet access (minimum data rate 1Mbps), a headset when working via VoIP and optionally a camera. For further information and technical recommendations, please refer to.
-
Tailor-made courses
-
You need a special course for your team? In addition to our standard offer, we will also support you in creating your customized courses, which precisely meet your individual demands. We will be glad to consult you and create an individual offer for you.
You can find the complete description of this course with dates and prices ready for download at as PDF.-
Linux has a very good reputation as a secure and efficient operating system. It is therefore an indispensable building block in the construction of secure overall systems. This course provides in-depth knowledge about the use of various security technologies based on Linux, such as the configuration and operation of Linux systems as firewalls and routers or the secure shell. It also goes into detail about techniques that you can use to secure Linux systems yourself, for example those that act as web or mail servers. You will also learn the basics of working with intrusion detection systems such as Snort and security scanners such as OpenVAS.
-
Course Contents
-
- Security: Introduction
- Local security
- Tap-proof shell access with OpenSSH
- Securing server services
- Firewall concepts
- Packet filter with Netfilter (“iptables”)
- Security in the local network
- Security analysis
- Computer-based attack detection
- Network-based attack detection
-
Target Group
-
This course is aimed at network planners and operators as well as system administrators who want to acquire in-depth knowledge of security problems in IP networks and how to solve them on a Linux basis.
-
Knowledge Prerequisites
-
A sound basic knowledge of network terminology and in-depth protocol knowledge of the TCP/IP world contribute to an understanding of the subject areas. Experience with the basic administration of Linux machines is also necessary.
-
Complementary and Continuative Courses
-
Course Objective
-
You will gain in-depth knowledge of Linux security, including the configuration and operation of various security techniques and protective measures in Linux systems.
| 1 | Sicherheit: Einführung |
| 1.1 | Was ist Sicherheit? |
| 1.2 | Sicherheit als betriebswirtschaftliches Problem |
| 1.3 | Angriffe |
| 1.4 | Angreifer |
| 1.5 | Sicherheitskonzepte |
| 1.5.1 | Warum? |
| 1.5.2 | Risikoanalyse |
| 1.5.3 | Kosten-Nutzen-Analyse |
| 1.5.4 | Sicherheitsziele, Richtlinien und Empfehlungen |
| 1.5.5 | Audits |
| 1.6 | Sicherheit und Open-Source-Software |
| 1.7 | Informationsquellen |
| 2 | Lokale Sicherheit |
| 2.1 | Physische Sicherheit |
| 2.1.1 | Physische Sicherheit – warum? |
| 2.1.2 | Planung |
| 2.1.3 | Risiken |
| 2.1.4 | Diebstahl |
| 2.1.5 | Alte Medien |
| 2.2 | Minimalsysteme |
| 2.3 | Den Bootvorgang sichern |
| 2.3.1 | Bootvorgang und BIOS |
| 2.4 | Bootlader-Sicherheit |
| 2.4.1 | Grundsätzliches |
| 2.4.2 | GRUB 2 |
| 2.4.3 | GRUB Legacy |
| 2.4.4 | LILO |
| 3 | Die Secure Shell (für Fortgeschrittene) |
| 3.1 | Einführung |
| 3.2 | Grundlegende Funktionalität |
| 3.3 | Benutzer-Beschränkungen |
| 3.4 | Tipps und Tricks |
| 3.4.1 | Benutzer-Konfiguration für verschiedene Server |
| 3.4.2 | Feinheiten des Protokolls |
| 3.4.3 | Netz und doppelter Boden |
| 3.4.4 | Spaß mit öffentlichen Schlüsseln |
| 3.5 | OpenSSH-Zertifikate |
| 3.5.1 | Überblick |
| 3.5.2 | Benutzer-Schlüssel beglaubigen |
| 3.5.3 | OpenSSH-Zertifikate für Benutzer verwenden |
| 3.5.4 | Rechner-Schlüssel und -Zertifikate |
| 4 | Firewall-Konzepte |
| 4.1 | Firewalls und Sicherheit |
| 4.2 | Firewall-Bestandteile |
| 4.3 | Implementierung von Firewalls |
| 4.3.1 | Ein einfaches Beispiel: Heim-LAN |
| 4.3.2 | Ein Heim-LAN mit Router |
| 4.3.3 | Internet-Anbindung einer Firma mit DMZ |
| 4.3.4 | DMZ für Arme: Triple-Homed Host |
| 4.4 | Firewalls und gängige Protokolle |
| 5 | Paketfilter mit Netfilter (»iptables«) |
| 5.1 | Sinn und Zweck von Paketfiltern |
| 5.2 | Der Paketfilter in Linux-Systemen |
| 5.2.1 | Konzeption |
| 5.2.2 | Arbeitsweise |
| 5.2.3 | Einbindung im Kernel |
| 5.3 | Das Kommandozeilenwerkzeug iptables |
| 5.3.1 | Grundlagen |
| 5.3.2 | Erweiterungen |
| 5.3.3 | Festlegung der Aktion |
| 5.3.4 | Operationen auf eine komplette Kette |
| 5.3.5 | Sichern der Filterregeln |
| 5.3.6 | PraxisbeispieL |
| 5.4 | Adressumsetzung (Network Address Translation) |
| 5.4.1 | Anwendungsfälle für NAT |
| 5.4.2 | Varianten von NAT |
| 5.4.3 | NAT per Netfilter |
| 5.4.4 | Besonderheiten von NAT |
| 6 | Sicherheitsanalyse |
| 6.1 | Einleitung |
| 6.2 | Netzanalyse mit nmap |
| 6.2.1 | Grundlagen |
| 6.2.2 | Syntax und Optionen |
| 6.2.3 | Beispiele |
| 6.3 | Der Sicherheitsscanner OpenVAS |
| 6.3.1 | Einleitung |
| 6.3.2 | Struktur |
| 6.3.3 | OpenVAS benutzen |
| 7 | Rechnerbasierte Angriffserkennung |
| 7.1 | Einleitung |
| 7.2 | Tripwire |
| 7.2.1 | Aufbau |
| 7.2.2 | Vorbereitende Arbeiten |
| 7.2.3 | Regel-Betrieb |
| 7.2.4 | Festlegung der Überwachungsrichtlinien |
| 7.3 | AIDE |
| 7.3.1 | Einleitung |
| 7.3.2 | Arbeitsmodi von AIDE |
| 7.3.3 | Konfiguration von AIDE |
| 7.3.4 | Beispielkonfiguration von AIDE |
| 8 | Netzbasierte Angriffserkennung |
| 8.1 | Einleitung |
| 8.2 | Portscans erkennen – scanlogd |
| 8.3 | Angreifer aussperren – fail2ban |
| 8.3.1 | Überblick |
| 8.3.2 | Struktur |
| 8.4 | Snort: Schweinereien in Echtzeit erkennen |
| 8.4.1 | Grundlagen |
| 8.4.2 | Snort installieren und testen |
| 8.4.3 | Snort als IDS |
| 9 | Virtuelle private Netze mit OpenVPN |
| 9.1 | Warum VPN? |
| 9.2 | OpenVPN |
| 9.2.1 | Grundlagen |
| 9.2.2 | Allgemeine Konfiguration |
| 9.2.3 | Einfache Tunnel |
| 9.2.4 | OpenVPN mit TLS und X.509-Zertifikaten |
| 9.2.5 | Server-Modus |
| A | Musterlösungen |
| B | X.509-Crashkurs |
| B.1 | Einleitung: Kryptografie, Zertifikate und X.509 |
| B.2 | Eine Zertifizierungsstelle generieren |
| B.3 | Server-Zertifikate generieren |
| C | Kommando-Index |
| Index |
-
Classroom training
- Do you prefer the classic training method? A course in one of our Training Centers, with a competent trainer and the direct exchange between all course participants? Then you should book one of our classroom training dates!
-
Hybrid training
- Hybrid training means that online participants can additionally attend a classroom course. The dynamics of a real seminar are maintained, and the online participants are able to benefit from that. Online participants of a hybrid course use a collaboration platform, such as WebEx Training Center or Saba Meeting. To do this, a PC with browser and Internet access is required, as well as a headset and ideally a Web cam. In the seminar room, we use specially developed and customized audio- and video-technologies. This makes sure that the communication between all persons involved works in a convenient and fault-free way.
-
Online training
- You wish to attend a course in online mode? We offer you online course dates for this course topic. To attend these seminars, you need to have a PC with Internet access (minimum data rate 1Mbps), a headset when working via VoIP and optionally a camera. For further information and technical recommendations, please refer to.
-
Tailor-made courses
-
You need a special course for your team? In addition to our standard offer, we will also support you in creating your customized courses, which precisely meet your individual demands. We will be glad to consult you and create an individual offer for you.
You can find the complete description of this course with dates and prices ready for download at as PDF.
Guaranteed date
Hybrid Training
Trainer language German