Internet Security Principles

Internet Security Principles

Prerequisites: Internet TCP/IP Fundamentals, or equivalent experience is needed

Audience: Individuals responsible for setting up and securing a connection to the Internet, the network security specialist, military and government information security officers, network administrators and information service providers.

Course Length: 2 days

Securing Your Internet Connection is designed to:

Discuss the theories and current methods of securing the students’ Internet connection.
Show students how to protect their Internet connection.

Key topics:

· treat classification and assessment

· TCP/IP overview

· securing the UNIX operating system

· NFS, NIS and AFS

· tools for protecting systems

· auditing tools

· secure communications

· firewalls and how to build them

· legal considerations

Course Outline

Introduction - Threat Classification and Assessment

Why is Security an Issue?

Classifications & Architecture

Threats

Attack Classifications

Security Strategies

Mechanisms for Security

Management of Security

Renowned Incursions

TCP/IP Security Issues

Introduction

Standard Service Types

Remote Procedure Calls

Understanding the Berkeley "r" Commands

Threats from X11 Services

Information Services Pitfalls

ISP0001 Continued...

Securing the UNIX Operating System

Protecting Passwords

Protecting and Monitoring Accounts

File and Directory Permissions

chmod, chown, chgrp

Monitoring File System Security

inetd

Denying Incoming and Outgoing Access

telnet versus rlogin

Securing the ‘r’ Commands

NFS & NIS

Introduction

NIS Security

NFS Security

Firewall Design

Bastion Hosts

Packet Filtering

Application Gateways

Circuit Gateways

Tunneling

What a Firewall Can’t Do

Building Application Firewalls

Hardware Options

Installation

Services

Administration

TIS Firewall Toolkit

Evaluating Firewall Effectiveness

Network Performance Implications

Configuring Services

FTP

SMTP

Telnet

Gopher

HTTP

Tools for Logging Activity

the Log Files?

Standard Daemons with Logging Capability

Tcpdump

Traceroute

Tools for Protecting Systems

TCPWrapper and Portmapper: Logging and Filtering Standard Services

SOCKS: Building Circuit Relays and Firewalls

S/Key from Bellcore: One-time password scheme

Proxy X11: X11 services through a firewall

ident and Swatch: Monitoring and reacting to system events

Screend: UNIX system packet filtering

Cool Tools

Crack: A password cracking program

Passwd +

COPS: Computer Oracle and Password Program

Tripwire: Monitor system integrity

SATAN: Security Administrator’s Tool for Analyzing Networks

Secure Communications

Basic Cryptography

Kerberos

Link Level

Network Level

Transport Level

Application Level

Return to Table of Contents