Solaris Operating System Network Intrusion Detection (SC-345)

Please note that Oracle courses running at London training centres are subject to a 10% surcharge.

Overview

The Solaris Operating System Network Intrusion Detection course provides students with the knowledge and skills necessary to perform the advanced administration skills required to firewall, monitor, log, identify and respond to network security breaches.

Who Can Benefit
Students who can benefit from this course are experienced system administrators who are tasked with protecting Sun Solaris systems in a non-trusted environment such as the Internet or a LAN environment with multiple unknown/untrusted users 

Prerequisites

• Install, configure, and maintain a Solaris product line server
• Configure a Solaris NIC for LAN and Internet access
• Have a firm understanding of the TCP/IP protocol stack and IP routing
• Configure Solaris logging daemons like syslog
• Install open source utilities like tcpdump and libpcap

Recommended prerequisite courses include:

• Solaris 8 TCP/IP Network Admin (SA-389)
• Administering Security on the Solaris Operating System (SC-300)

 

Delegates will learn how to

• Identify and protect against design flaws in standard networking protocols (such as TCP, UDP, IP, ICMP, SSL, SSH, HTTP and ARP)
• List possible ways that an intruder can gather information about a server or a whole network
• Describe all types of network based security attacks like SYN/ACK attack, man-in-the-middle attack, ARP spoofing, session hijacking and Buffer Overflow attacks
• Install a Network Intrusion Detection System and a host based firewall
• Identify, in real time, a network security breach and respond

 

Course outline

Module 1 – Ethernet and IP Operation

• Review OSI network model
• Review application and network service layers
• Identify Ethernet security issues
• Review IPv4 addressing
• Understand IP fragmentation
• Identify ICMP security issues
• Implement basic traffic capture and analysis

Module 2 – IP and ARP Vulnerability Analysis

• Identify IP security issues
• Describe IP routing and routing protocol security
• Protect against IP abuse
• Identify ARP security issues
• Execute attacks against ARP
• Protect against ARP abuse
• Implement advanced packet capture and analysis

 

Module 3 – UDP/TCP Protocol and TELNET Vulnerability Analysis

• Discuss characteristics of UDP and TCP
• Identify TCP security issues
• Describe common TCP abuses: SYN attack, sequence guessing, connection hijacking
• Discuss characteristics of TELNET
• Identify TELNET security issues
• Execute attacks on TCP and TELNET
• Protect against TCP and TELNET abuse

Module 4 – FTP and HTTP Vulnerability Analysis

• Discuss characteristics of FTP
• Describe FTP transfer methods and modes
• Identify FTP security issues
• Describe common FTP abuses: FTP bounce attack, port stealing, brute force
• Discuss characteristics of HTTPv1.1
• Describe role of HTTP proxy servers and HTTP authentication
• Identify HTTP security issues
• Describe common HTTP abuses: path name stealing, header spoofing, proxy poisoning
• Execute attacks on FTP and HTTP
• Protect against FTP and HTTP abuse

Module 5 – DNS Vulnerability Analysis

• Discuss characteristics of DNS
• Identify DNS security issues
• Describe common DNS abuses: DNS spoofing, DNS cache poisoning, unauthorized zone transfers
• Execute attacks on DNS
• Protect against DNS abuse

Module 6 – SSH and HTTPS Vulnerability Analysis

• Discuss characteristics of SSH
• Describe differences between SSH1 and SSH2 protocol
• Identify SSH security issues
• Describe common SSH abuses: insertion attack, brute force attack, CRC compensation attack
• Describe characteristics HTTPS (SSL)
• Discuss other SSL enabled protocols
• Identify SSL issues
• Describe common SSL abuses: man-in-the-middle and version rollback attack

Module 7 – Remote Operating System Detection

• Use standard system commands and exploit default settings to guess remote operating systems
• Use open source utilities to guess remote operating systems by scanning open ports
• Describe TCP/IP stack fingerprinting
• Install and use nmap for remote OS detection

Module 8 – Network Attack Techniques and Basic Attack Detection

• Identify sources of network attacks
• Discuss methods of intrusion
• Describe common network attacks: denial-of-service, software buffer overflow, poor system configuration, password guessing/cracking
• Describe a typical intrusion scenario
• Introduce the concept of an Intrusion Detection System (IDS)
• List some of the most popular IDS tools: Klaxon, Portsentry, snort
• Implement basic scan detection

Module 9 – Implementing Intrusion Detection Technologies

• Identify the difference between host based and network based IDS
• Discuss different types of IDS implementation: hybrid NIDS and honeypots
• Describe core components of a NIDS using the snort NIDS
• Compile and install the snort NIDS

Module 10 – Advanced NIDS Configuration

• Discuss advanced snort features like “real time response” and snort log monitors
• Install a database (mysql) to log snort alerts
• Install the graphical user interfaces (GUI) Demarc and ACID to better interpret snort logs by querying the snort database
• Generate outside attacks that trigger snort alerts
• Interpret GUI snort monitors to identify attacks
   

Module 11 – Writing snort rules

• Describe the different components of a snort rule
• Configure different snort rule options
• Write custom snort rules to watch for specific traffic patterns
• Execute attacks against custom snort rules and interpret GUI snort monitors to identify attacks

Module 12 – Solaris Routing

• List requirements for a Solaris host to be a router
• Implement a Solaris host as a router
• Use the ndd utility to secure a Solaris router

Module 13 – Solaris Firewalls

• Describe different types of Solaris firewalls: application firewalls and packet filters
• Identify two of the most common Solaris firewall products: Sunsceen Lite and IPfilter
• Learn firewall policy basics
• Write firewall rules for network or host based firewalls
• Install an IPfilter firewall on a Solaris host

Module 14 – Solaris Network (NAT) and Port Translation (PAT)

• Describe NAT and PAT concepts
• Implement NAT to secure a private network behind a Solaris firewall