Redhat Training RHCSS

Red Hat Linux Training With Techno-Ed (RHCSS)

The RHCSS is the most technically advanced certification available in Pakistan currently. An RHCSS enjoys the special status of being a systems administrator with an indepth understanding of Linux and its background services, in addition to being specialized on the subject of security. This certification is an ideal fit for an RHCE that is looking further advance their skillset by moving into the highly sought after area of data security specialization which is one of the hottest jobs in the IT market worldwide.

The pre-requisite of becoming an RHCSS is having a valid RHCE certification. The RHCSS requires the study and completion of three major modules RH 333, RH 423 and RH 429 which are required for the certification examination associated with this course.

RH 333 Course Details

RHS333 trains people with RHCE-level competency to understand, prevent, detect, and properly respond to sophisticated security threats aimed at enterprise systems. The course equips system administrators and security professionals with the skills and knowledge to harden computers against both internal and external attacks, providing in-depth analysis of the ever-changing threat models as they pertain to Red Hat Enterprise Linux. RH333 builds on the security skills developed in other Red Hat training courses so that administrators can design and implement an adequate security profile for critical enterprise systems.

RH 333 Course Outline

The Threat Model and Protection Methods

Internet threat model and the attacker's plan
System security and service availability
An overview of protection mechanisms

Basic Service Security

SELinux
Host-based access control
Firewalls using Netfilter and iptables
TCP wrappers
xinetd and service limits

Cryptography

Overview of cryptographic techniques
Management of SSL certificates
Using GnuPG

Logging and NTP

Time synchronization with NTP
Logging: syslog and its weaknesses
Protecting log servers

BIND and DNS Security

BIND vulnerabilities
DNS Security: attacks on DNS
Access control lists
Transaction signatures
Restricting zone transfers and recursive queries
DNS Topologies
Bogus servers and blackholes
Views
Monitoring and logging
Dynamic DNS security

Network File System

Overview of NFS versions 2, 3, and 4
Security in NFS versions 2 and 3
Improvements in security in NFS4
Troubleshooting NFS4
Client-side mount options

OpenSSH

Vulnerabilities
Server configuration and the SSH protocols
Authentication and access control
Client-side security
Protecting private keys
Port-forwarding and X11-forwarding issues

Electronic Mail with Sendmail

Vulnerabilities
Server topologies
Email encryption
Access control and STARTTLS
Anti-spam mechanisms

Postfix

Vulnerabilities
Security and Postfix design
Configuring SASL/TLS

FTP

Vulnerabilities
The FTP protocol and FTP servers
Logging
Anonymous FTP
Access control

Apache security

Vulnerabilities
Access control
Authentication: files, passwords, Kerberos
Security implications of common configuration options
CGI security
Server side includes
suEXEC

Intrusion Detection and Recovery

Intrusion risks
Security policy
Detecting possible intrusions
Monitoring network traffic and open ports
Detecting modified files
Investigating and verifying detected intrusions
Recovering from, reporting, and documenting intrusions

RH 423 Course Details

RH423 Red Hat Enterprise Directory Services and Authentication is an intensive course that provides four days of instruction and labs on cross-platform integration of directory services to provide authentication or information service across the enterprise using the Red Hat Directory Server.

RH 423 Course Outline

Introduction to Directory Services

What is a directory?
LDAP: models, schema, and attributes
Object classes
LDIF

The LDAP Naming Model

Directory information trees and Distingued Names
X.500 and "Internet" naming suffixes
Planning the directory hierarchy

Red Hat Directory Server: Basic Configuration

Installation and setup of Red Hat Directory Server
Using the Red Hat Console
Using logging to monitor Red Hat Directory Server activity
Backing up and restoring the directory
Basic performance tuning with indexes

Searching and Modifying the LDAP Directory

Using command line utilities to search the directory
Search filter syntax
Updating the directory

Red Hat Directory Server: Authentication and Security

Configuring TLS security
Using access control instructions (ACI's)
ACI's and the Red Hat Console

Linux User Authentication with NSS and PAM

Understanding authentication and authorization
Name service switch (NSS)
Advanced pluggable authentication modules (PAM) configuration

Centralized User Authentication with LDAP

Central account management with LDAP
Using migration scripts to migrate existing data into an LDAP server
LDAP user authentication

Kerberos and LDAP

Introduction to Kerberos
Configuring the Kerberos key distribution center (KDC) and clients
Configuring LDAP to support Kerberos

Directory Referrals and Replication

Referrals and replication
Single master configuration
Multiple master configuration
Planning for directory server availability

Cross-Platform Centralized Identity Management

Synchronizing Red Hat Directory Server with Active Directory
Managing users with Winbind and LDAP
Mapping attributes between Linux and Windows

Red Hat Enterprise IPA

Understanding IPA
IPA requirements
Configuring IPA server
Configuring IPA clients

RH 429 Course Details

RHS429 introduces advanced system administrators, security administrators, and applications programmers to SELinux policy writing. Participants in this course will learn how SELinux works; how to manage SELinux; and how to write an SELinux policy. This class culiminates in a major project to scope out and then write policies for previously unprotected services.

RH 429 Course Outline

Unit 1 - Introduction to SELinux

Discretionary Access Control vs. Mandatory Access Control
SELinux History and Architecture Overview
Elements of the SELinux security model:
user identity and role
domain and type
sensitivity and categories
security context
SELinux Policy and Red Hat's Targeted Policy
Configuring Policy with Booleans
Setting and Displaying Extended Attributes
Hands-on Lab: Understanding SELinux

Unit 2 - Using SELinux

Controlling SELinux
File Contexts
Relabeling Files and Filesystems
Mount options
Hand-on Lab: Working with SELinux

Unit 3 - The Red Hat Targeted Policy

Identifying and Toggling Protected Services
Apache Security Contexts and Configuration Booleans
Name Service Contexts and Configuration Booleans
NIS Client Contexts
Other Services
File Context for Special Directory Trees
Troubleshooting and avc Denial Messages
setroubleshootd and Logging
Hands-on Lab: Understanding and Troubleshooting the Red Hat Targeted Policy

Unit 4 - Introduction to Policies

Policy Overview and Organization
Compiling and Loading the Monolithic Policy and Policy Modules
Policy Type Enforcement Module Syntax
Object Classes
Domain Transition
Hands-on Lab: Understanding policies

Unit 5 - Policy Utilities

Tools available for manipulating and analyzing policies
apol
seaudit and seaudit_report
checkpolicy
sepcut
sesearch
sestatus
audit2allow and audit2why sealert
avcstat
seinfo
semanage and semodule
Man pages
Hands-on Lab: Exploring Utilities

Unit 6 - User and Role Security

Role-based Access Control
Multi Category Security
Defining a Security Administrator
Multi-Level Security
The strict Policy
User Identification and Declaration
Role Identification and Declaration
Roles in Use in Transitions
Role Dominance
Hands-on Lab: Implementing User and Role Based Policy Restrictions

Unit 7 - Anatomy of a Policy

Policy Macros
Type Attributes and Aliases
Type Transitions
When and How do Files Get Labeled
restorecond
Customizable Types
Hands-on Lab: Building Policies

Unit 8 - Manipulating Policies

Installing and Compiling Policies
The Policy Language
Access Vector
SELinux logs
Security Identifiers - SIDs
Filesystem Labeling Behavior
Context on Network Objects
Creating and Using New Booleans
Manipulating Policy by Example
Macros
Enableaudit
Hands-on Lab: Compiling Policies

Unit 9 - Project

Best practices
Create File Contexts, Types and Typealiases
Edit and Create Network Contexts
Edit and Create Domains
Hands-on Lab: Editing and Writing Policy

TECHNO-ED Lahore Moved To A Larger Premises

Techno-Ed Lahore has shifted to a new location: Plaza No. 58, 1st Floor, Main Boulevard, Cavalry Ground, Lahore Cantt. Please note that is the one and only Techno-Ed Center in Lahore. Anyone else claiming to be affiliated with Techno-Ed at another location is a phony or fake, beware!
TECHNO-ED Launches Its New Website

Techno-Ed recently launched its new website that contains updated information on its new training offerings and will now include up to date information on timings for upcoming and current trainings!
Telenor Selects Techno-Ed For oracle 10g XML Fundamentals Corporate Training

Telenor one of Pakistans largest data and telecommunications providers has selected Techno-Ed (Pvt) Ltd. as their corporate training partner to provide instruction on Oracle 10g XML Fundamentals.
Mobilink Selects Techno-Ed for Oracle E-Business Suite 11i (ERP) Training

Mobilink selects Techno-Ed (Pvt) Ltd. as its training partner to provide instruction on Oracle E-Business Suite modules in 11i: Essentials for Implementers, General Ledger, Payables and Purchasing.
NADRA Selects Techno-Ed For Corporate Training

National Database & Registration Authority selects Techno-Ed (Pvt) Ltd. to provide Oracle Database 10g Administration training.
CMA Recieves Red Hat Linux (RHCE) Corporate Training From Techno-Ed

CMA selected Techno-Ed as its corporate training parter for Red Hat's premier certification track, Red Hat Certified Engineer (RHCE).
Benazir Bhutto Shaheed Youth Development Program (BBYSDP) Selects Techno-Ed

Techno-Ed was selected to provide training to over a HUNDRED students in the fields of Call Center Agent and Data Entry Operator Training Tracks through the BBYSDP program that is revolutionizing the approach to enabling the youth of Pakistan in various IT related fields.
ISO 9001 + Techno-Ed = Success

Techno-Ed launches ISO 9001:2000 and ISO 9001:2008 lead auditor training courses in Karachi.
Computer Information System Auditor Training (CISA) launched!

echno-Ed will now offer CISA certifications which made the list of the top 10 most desired IT certifications globally. The technical skills and practices that CISA promotes and evaluates are the building blocks of success in the field. Possessing the CISA designation demonstrates proficiency and is the basis for measurement in the profession. With a growing demand for professionals possessing IS audit, control and security skills, CISA has become a preferred certification program by individuals and organizations around the world. CISA certification ...