RHCSS Boot Camp | RHCSS Training | RHCSS Training Course

Red Hat Certified Security Specialist

Today's organizations must counter the ingenuity and determination of criminals and pranksters with equal ingenuity and determination. The IT security requires people who are qualified to implement security solutions.

RHCSS is a performance based security certification that requires advanced skill using Red Hat Enterprise Linux, SELinux and Red Hat Directory Server. An RHCSS can help the company meet security requirements of today's enterprise environment.

RHCSS Track:

RH-333: Red Hat Enterprise Security: Network Services - 32 hours

RHS333 goes beyond the essential security coverage offered in the RHCE curriculum and delves deeper into the security features, capabilities, and risks associated with the most commonly deployed services. Among the topics covered in this 32 hours or four-day, hands-on course are the following:


1. Mastering basic service security

	* Review of host security * Advanced TCP wrappers configuration * Advanced xinetd configuration

2. Understanding cryptography

	* Overview of cryptographic techniques * Management of SSL certificates

3. Logging system activity

	* Clock synchronization with NTP * Configuring centralized syslog management

4. Securing BIND and DNS

	* Name server topology and "views" * Configuration of appropriate recursion and response policies * Using TSIG authentication keys * Running BIND in a chroot environment

5. Network user authentication security

	* Managing portmap and NIS risks * Using Kerberos authentication

6. Improving NFS security

	* NFS security limitations * Configurations to avoid

7. The secure shell: OpenSSH

	* Protocol and service security * Protecting public-key authentication * Port-forwarding and X11-forwarding issues

8. Securing E-mail with Sendmail and Postfix

	* User mail spool access issues * Overview of Postfix configuration * Access control and STARTTLS * Anti-spam features * Introduction to Procmail

9. Managing FTP access

	* Controlling local and anonymous users

10. Apache security

	* User authentication and access control * Common misconfigurations * Containing CGI risks

11. Basics of intrusion response

	* Monitoring for suspicious activity * Verifying suspected intrusions * Recovering from an intrusion.

RH423 Red Hat Enterprise Directory Services and Authentication - 32 hours

RH423 is aimed at senior Red Hat Enterprise Linux system administrators and other IT professionals who need to provide enterprise-wide authentication or information services or who desire training in the management of LDAP-based directory services and customization of Linux authentication using the Red Hat Directory Server. Topics in this 32 hours / 4 days course includes:


1. Introduction to Directory Services

	* What is a directory? * LDAP: models, schema, and attributes * Object classes * LDIF

2. The LDAP Naming Model

	* Directory information trees and Distingued Names * X.500 and "Internet" naming suffixes * Planning the directory hierarchy

3. Red Hat Directory Server: Basic Configuration

	* Installation and setup of Red Hat Directory Server * Using the Red Hat Console * Using logging to monitor Red Hat Directory Server activity * Backing up and restoring the directory * Basic performance tuning with indexes

4. Red Hat Directory Server: Authentication and Security

	* Configuring TLS security * Using access control instructions (ACI´s) * ACI´s and the Red Hat Console

5. Searching and Modifying the LDAP Directory

	* Using command line utilities to search the directory * Search filter syntax * Updating the directory * Using graphical LDAP client utilities

6. Linux User Authentication with NSS and PAM

	* Understanding authentication and authorization * Name service switch (NSS) * Advanced pluggable authentication modules (PAM) configuration

7. Centralized User Authentication with LDAP

	* Central account management with LDAP * Using migration scripts to migrate existing data into an LDAP server * LDAP user authentication

8. Kerberos and LDAP

	* Introduction to Kerberos * Configuring the Kerberos key distribution center (KDC) and clients * Configuring LDAP to support Kerberos * Access control with Simple Authentication and Security Layer (SASL)

9. Directory Referrals and Replication

	* Referrals and replication * Single master configuration * Multiple master configuration * Planning for directory server availability

10. Authenticating Windows Clients

	* Windows networking overview * Configuring a Samba primary domain controller (PDC) using LDAP

11. Windows Domain Authentication and Linux Clients

	* Active Directory servers * Linux as a client * Active Directory and NSS * OpenLDAP * Winbind

RHS429 - Red Hat Enterprise SELinux Policy Administration - 32 hours

RHS429 introduces advanced system administrators, security administrators, and applications programmers to SELinux policy writing. Participants in this course will learn how SELinux works; how to manage SELinux; and how to write an SELinux policy. This class culiminates in a major project to scope out and then write policies for previously unprotected services.

RHS429 Red Hat Enterprise SELinux Policy Administration

Among the most significant features of Red Hat Enterprise Linux is SELinux (Security Enhanced Linux), a powerful, kernel-level security layer that provides fine-grained control over what users and processes may access and execute on a system. By default, SELinux is enabled on Red Hat Enterprise Linux systems, enforcing a set of mandatory access controls that Red Hat calls the targeted policy. These access controls substantially enhance the security of the network services they target, but can sometimes affect the behavior of third-party applications and scripts that worked under previous versions of Red Hat Enterprise Linux.

RHS429 provides a 32 hours / four day tutorial on SELinux and SELinux policy writing. The first day of the course provides a introduction to SELinux, how it operates within the Red Hat targeted policy, and the tools used to manipulate it. The class then will spend the remaining days learning how policies are written, compiled, and debugged.

This culminates in a project in which participants will create a set of policies from scratch for a previously unprotected service. The class will analyze the service, determining its security needs; design and implement a set of policies; test and fix the policies; document the service´s new policies so that others can effectively administer the service.