Courses by Category
Click on a category below to see a listing of courses.

This course is available for customized on-site delivery for groups of 3 or more students.
Contact us today at 877-258-8987 for more information or a quote.

Scroll down the page for a list of upcoming course dates in our public calendar.

SUSE Linux Security (Novell Course 3058) (5 days)

The Novell SUSE Linux Security training (Course 3058) focuses on various security related aspects in the system administration of SUSE Linux Enterprise Server 9.

This Novell training course takes a look at system administration from a security perspective and covers cryptography, firewalls, and VPNs.

These skills, along with those taught in SUSE Linux Network Services (Course 3057) Novell training course, prepare you to take the Novell Certified Linux Engineer 9 (Novell CLE 9) certification practicum test.

SUSE Linux Security (Novell Course 3058) Course Calendar (5 days)


Call for upcoming dates or on-site delivery.
¹ Includes airfare from anywhere in the continental United States and some parts of Canada as well as accommodation and shuttle services. ² Include course and course materials only. ³ Requires a broadband internet connection and microphone. Note that Virtual LIVE courses are led by an instructor, and as such start and end in local time (based on the course location), this my differ from your time zone. For government and education pricing, please contact us.

Recommended Pre-requisites

Students attending this Novell training course should have taken or required the pre-requisite courses for Novell Certified Linux Professional 9 (3036, 3037, 3038).

Course Outline/Agenda

This course covers the following topics:

General Considerations & Definition of Terms
- Creating a security concept
  - Understanding the basics of a security concept
  - Performing a communication analysis
  - Analyzing protection requirements
  - Analyzing the current security situation and necessary enhancements
- Understanding frequently used terms
  - Firewall
  - Secure Network
  - Insecure Network
  - Demilitarized Zone (DMZ)
  - Packet Filters
  - Screening Router
  - Application Gateways
  - Virtual Private Networks (VPN)
  - Remote Access Service (RAS)
Host Security
- Limiting Physical Access to Server Systems
  - Place the server in a secure, locked room
  - Securing the BIOS with a password
  - Securing GRUB with a password
- Partitioning and File System Security
  - Harddisk Partitioning
  - Basic rules for user read and write access
  - Understanding special permission bits and system security
  - Installing SLES9 with a customized partiton scheme
- Limiting installed software
- Understanding Linux User Authentication
  - Understanding PAM
  - Configuring PAM
  - Secure password requirements
  - Disabling graphical logon using PAM
- Configuring Security Settings with YaST
- Subscribing to security lists
- Applying security updates
  - Registering SLES9
  - Using YaST Online Update (YOU)
- Testing and Documenting System Configuration
  - Netstat
  - Using Ethereal (WireShark)
  - Port Scanning with nmap
  - Performing system scans with nessus
- Using Logging and Accounting
  - Logging
  - Process accounting
  - Automating log file checking
Crytography: Basics and Practical Applications
- Cryptography Basics
  - Encryption & Decryption
  - Cryptographic Hash algorithms and digital signatures
- Creating a Certificate Authority (CA) and Issuing Certificates
  - Creating the Root CA
  - Creating signed certificates
  - Managing a Certificate Revocation List (CRL)
- Using YaST to create a Certificate Authority and perform Certificate Management
  - Using YaST to create a root CA
  - Using YaST to create signed certificates
  - Using YaSET to create a CRL
- Using GNU Privacy Guard (GPG)
Network Security
- Understanding Services & Protocols
  - Infrastructure
  - Remote Access
  - RPC-Based Services
  - Email
  - The World Wide Web
  - File Transfer
  - Wireless Networks
- Security Access with TCP Wrappers
  - Configuring TCP Wrappers
- Using SSL to secure services
  - Configuring TCP Wrappers
- Secure Clients
General Firewall Design
- Understanding Firewall Concepts and Purpose
- Describing firewall components
  - Packet Filters
  - Application-Level Gateways
  - Demilitarized Zone
- Understanding Advantages and Disadvantages of firewall configurations
  - Packet Filters
  - Application-Level Gateways
  - Caution
Packet Filters
- Understanding Packet Filters
  - TCP/IP Basics
  - Routing
  - Static Packet Filters
  - Stateful Packet Filters
- Understanding iptables Basicas
  - Chains
  - Policies
  - Basic Syntax
- Understanding iptables Advanced Features
  - Modules and targets
  - User-Defined Chains
  - Creating & Deleting iptables rules
- Understanding Network Address Translation (NAT)
  - PREROUTING and POSTROUTING chains
  - Types of NAT
Application-Level Gateways
- Describe Application Level Gateways
  - Understanding the Purpose of Application-Level Gateways
  - Understanding how Application-Level Gateways work
- Configuring & Using Squid
  - Understanding the basics of HTTP
  - Understanding how Squid works
  - Install Squid on SLES9
  - Understanding the Squid Configuration File
  - Controlling Access to Squid
  - Configuring WWW Browsers to use Squid
  - Understanding Squid and SSL
  - Configuring SSL in Squid
  - Configuring Proxy Authentication
  - Configuring URL Filtering
  - Configuring Content Filtering
  - Configuring a Transparent Proxy Server
  - Analyzing the Squid Log File
- Configuring & Using Dante
  - Understanding SOCKS
  - Installing & Configuring Dante
  - Configuring Clients to use a SOCKS Server
  - Using Dante
- Configuring & using rinetd
  - Configuring Forwarding Rules
  - Configuring Allow & Deny Rules
  - Configuring Logging
  - Configuring rinetd
Virtual Private Networks (VPNs)
- VPN and IPSec Basics
- Configuring & Establishing IPSec Connections
  - Connecting two sites using IPSec (Site-to-Site)
  - Connecting a Single Computer with a Site (End-to-Site)
  - Connecting Two Single Computers (End-to-End)
  - Establishing a Connection
  - Testing the Established Connection
- Configuring IPSec using YaSET
  - Creating a VPN using YaST
- Understanding VPN Traffic Packet Filtering
  - Filtering IPSec Packets
  - Connections Initiated from External Users to Internal Hosts
  - Connections from Internal Hosts to External Hosts
  - Filtering IPSec Traffic
Intrusion Detection & Incident Response
- Evaluating Log Files
  - Logging to separate hosts
  - Remote host logging
  - Log File Evaluation
- Host-Based Intrusion Detection
  - AIDE
  - RPM
- Network-Based Intrusion Detection
  - Using snort
  - Using arpwatch
  - Using Argus
  - Using scanlogd
  - Using a Honeypot
- Incident Response
  - Immediate Reaction
  - Information
  - Documentation & Investigation
  - New Installations
  - Re-evaluating your Security Policy

Class Size

This class is limited to a maximum of 12 students.

On-Site Delivery

This course is available for on-site delivery for groups of 3 or more students.

OTG offers discounted training for on-site courses of more than 3 students - call us at 877-258-8987 (or submit the form on the upper right side of this page) for more information.

Course Details

This course is taught by a Novell Certified Instructor (CNI) and delivered using Novell Curriculum.

Instructional Materials

The following materials are used to deliver this course:

Novell SUSE Linux Security 9 Course Pack (Novell)
OTG Course Guide

Enroll in this course

Novell Gold Partner Logo

View upcoming course calendar

info@otg-nc.com
877-258-8987