H3541: HP-UX Security

$3,500.00


  • Virtual Classroom

  • Onsite

← Continue Searching

Duration: 5 Days

In this course, you will examine the most common HP-UX system security vulnerabilities and be introduced to a variety of tools and techniques that can be used to prevent hackers from exploiting these vulnerabilities. You will spend half of class in hands-on labs.

What You Will Learn

  • Use role based access control (RBAC), secure shell (SSH), host intrusion detection system (HIDS), software assistant (SWA), IPFilter, Bastille, and other HP supported tools to harden and secure HP-UX systems
  • Create and secure isolated execution environments for applications with HP-UX security compartments and secure resource partitions
  • Use Tripwire, John the Ripper, nmap, lsof, and other open source tools to improve HP-UX system security

Audience

Experienced system and network administrators responsible for securing and monitoring HP-UX systems

Prerequistes

  • HP-UX System and Network Administration I and HP-UX System and Network Administration II or equivalent experience
  • HP-UX for Experienced UNIX System Administrators or equivalent experience

Course Outline

1. Introduction

  • Security
  • HP-UX Security Tools
  • HP-UX Security Certifications

2. Securing User Accounts: User Passwords

  • /etc/passwd file
  • /etc/shadow file
  • DES-Based Password Encryption
  • SHA512 Password Encryption
  • Enabling Shadow Passwords
  • Enabling SHA512 Passwords
  • Enabling Long Passwords
  • Managing Passwords
  • Configuring Password Aging
  • Cracking Passwords with John the Ripper
  • Authenticating Users via PAM
  • Configuring /etc/pam.conf

3. Securing user accounts: special cases

  • Protecting User Accounts: Guidelines
  • Protecting the Root Account: Guidelines
  • Limiting Root and Operator Access Via
    • /etc/security
    • sudo
    • Restricted SAM Builder
    • SMH
  • Configuring Accounts for
    • Guest Users
    • Single Application Users
    • Teams and Groups
  • Preventing Dormant Accounts

4. Securing User Accounts: Standard Mode Security Extensions (SMSE)

  • Configuring SMSE User Security
  • Standard Mode Security Enhancements Benefits
  • SMSE Attributes and Repositories
  • Configuring
    • /etc/security.dsc
    • /etc/default/security
    • /etc/passwd and /etc/shadow
    • /var/adm/userdb/ via userdbset, userdbget, and userdbck
  • Enforcing SMSE Security Policies

5. Securing User Accounts: Role Based Access Control (RBAC)

  • RBAC Features and Benefits
  • Installing RBAC
  • Configuring and Assigning RBAC Roles
  • Configuring and Assigning RBAC Authorizations
  • Configuring RBAC Commands and Privileges
  • Verifying the RBAC Database
  • Configuring RBAC Logging and Auditing
  • Running Commands with privrun
  • Editing Files with privedit
  • Enabling RBAC Keystroke Logging

6. Protecting Data Via File Permissions and JFS Access Control Lists (ACLs)

  • Hackers Exploit Improper File and Directory Permissions
  • Viewing and Changing File Permissions
  • Searching for Files with Improper Permissions
  • Configuring and Using
    • SUID Bit
    • SGID Bit
    • sticky Bit
    • JFS ACLs

7. Protecting Data via swverify, md5sum, and Tripwire

  • File integrity Checking
  • Verifying Executable Integrity with swverify
  • Verifying File Integrity with md5sum
  • Verifying File Integrity with Tripwire
  • Installing Tripwire
  • Creating Tripwire Keys
  • Creating the Tripwire
    • Configuration File
    • Policy File
    • Database
  • Performing a Tripwire Integrity Check
  • Updating the Tripwire Database and Policy File

8. Protecting Data via Encrypted Volumes and File Systems (EVFS)

  • EVFS, EVS, and EFS Features and Benefits
  • EVFS Architecture
  • EVFS Volumes
  • EVFS Volume Encryption Keys, User Keys, and Recovery Keys
    • Step 1: Installing and Configuring EVS Software
    • Step 2: Creating User Keys
    • Step 3: Creating Recovery Keys
    • Step 4: Creating an LVM or VxVM Volume
    • Step 5: Creating EVS Device Files
    • Step 6: Creating and Populating the volume's EMD
    • Step 7: Enabling the EVS Volume
    • Step 8: Creating and Mounting a File System
    • Step 9: Enabling Autostart
    • Step 10: Migrating Data to the EVS Volume
    • Step 11: Backing Up the EVS configuration
  • Managing EVS Volume Users
  • Managing the EVS Key Database
  • Extending an EVS Volume
  • Reducing an EVS Volume
  • Removing EVS Volumes
  • Backing up EVS Volumes
  • EVS Limitations
  • EVS and TPM/TCS Integration

9. Securing Network Services: inetd and tcpwrapper

  • inetd Service
  • inetd Configuration File
  • Securing inetd
  • Securing the inetd Internal Services
  • Securing the RPC Services
  • Securing the Berkeley Services
  • Securing FTP
  • Securing FTP Service Classes
  • Securing Anonymous FTP
  • Securing Guest FTP
  • Securing Other ftpaccess Security Features
  • Securing Other inetd Services
  • Securing Other non-inetd Services
  • Securing inetd via TCPwrapper

10. Securing Network Services: SSH

  • Legacy Network Service Vulnerabilities:
    • DNS
    • Sniffers
    • IP spoofing
  • Solution:
    • Securing the Network Infrastructure
    • Using Symmetric Key Encryption
    • Using Public Key Encryption
    • Using Public Key Authentication
  • HP-UX Encryption and Authentication Product
  • Configuring SSH Encryption and Server Authentication
  • Configuring SSH Client/User Authentication
  • Configuring SSH Single Sign-On
  • Managing SSH Keys
  • Using the UNIX SSH Clients
  • Using PuTTY SSH Clients

11. Securing Network Services: IPFilter and nmap

  • Firewall
  • Packet Filtering Firewalls
  • Network Address Translation Firewalls
  • Host vs. Perimeter Firewalls
  • Installing IPFilter
  • Managing IPFilter rulesets
  • Configuring a Default Deny Policy
  • Preventing IP and Loopback Spoofing
  • Controlling ICMP Service Access
  • Controlling Access to UDP Services
  • Controlling Access to TCP Services
  • Controlling Access via Active and Passive FTP
  • Testing IPFilter rulesets with ipftest
  • Testing IPFilter rulesets with nmap
  • Monitoring IPFilter and Nessus

12. Hardening HP-UX with Bastille

  • Bastille
  • Installing Bastille
  • Generating a Bastille Assessment
  • Creating a Bastille Configuration File
  • Applying a Bastille Configuration File
  • Applying a Pre-Configured Bastille Configuration File
  • Applying a Pre-Configured Bastille Configuration via Ignite-UX
  • Reviewing the Bastille Logs
  • Monitoring Changes with bastille_drift
  • Reverting to the Pre-Bastille Configuration
  • Integrating Bastille and HP SIM

13. Monitoring Activity via System Log Files

  • Monitoring Log Files
  • Monitoring Logins Via Last, lastb, and Who
  • Monitoring Processes via ps, top, and whodo
  • Monitoring File Access via ll, fuser, and lsof
  • Monitoring Network Connections via netstat, idlookup, and lsof
  • Monitoring inetd Connections
  • Monitoring System Activity via syslogd
  • Configuring /etc/syslog.conf
  • Hiding Connections, Processes, and Arguments
  • Doctoring Log Files and Time Stamps

14. Monitoring Activity via SMSE Auditing

  • Auditing
  • Trusted System vs. SMSE Auditing
  • Enabling and Disabling Auditing
  • Verifying Auditing & System Calls to Audit
  • Selecting Users to Audit
  • Selecting System Calls, Aliases, and Events to Audit
  • Creating and Applying an Audit Profile
  • Viewing and Filtering Audit Trails via auditdp
  • Switching Audit Trails
  • Audomon AFS and FSS Switches
  • Audomon Audit Trail Names
  • Configuring audomon Parameters
  • Configuring audomon Custom ScriptsCourse Labs