LPIC-3 Exam 303: Security

Course

Intro Video

Photo of Stosh Oldham

Stosh Oldham

Course Development Director in Content

I have been working with technology in some way or another ever since my high school days. After attaining my bachelor’s degree in computer science, I spent over a decade in IT working on anything from fixing printers to engineering enterprise IT systems. I now have the privilege of sharing my expertise as a Linux Training Architect for Linux Academy. When I am not sitting behind a terminal, I like going on holiday and spending time with my family.

Length

19:58:07

Difficulty

Advanced

Course Details

This course is designed to prepare students to take the LPIC-3 Exam 303: Security certification. The course covers a wide variety of security topics and technologies in a platform agnostic manner. Students will gain practical insights and best practice regarding security on various Linux platforms.

Syllabus

Introduction

Course Introduction

Important Information about LPI Exam Discount Vouchers for 2019

00:01:24

Lesson Description:

Please view the following video for important information regarding LPI exam vouchers for 2019.

About this Course

00:09:08

Lesson Description:

This lesson provides a broad overview of what the course covers and the necessary pre-requisites. See exam objectives here: https://www.lpi.org/our-certifications/exam-303-objectives.

About the Training Architect

00:00:35

Lesson Description:

Meet the Training Architect behind this course!

Course Features and Tools

00:04:05

Lesson Description:

This video briefly covers some of the tools available through Linux Academy that can aid students in their study for the LPIC-3 303 Security Exam.

Topic 325: Cryptography

325.1 X.509 Certificates and Public Key Infrastructures

Cryptography Concepts Part 1

00:08:24

Lesson Description:

This lesson is the first part of a two part lecture on cryptography concepts. Concepts covered include a broad look at the uses of cryptography in IT as well a high-level discussion on encryption.

Cryptography Concepts Part 2

00:06:08

Lesson Description:

This lesson is the second part of a two part lecture on cryptography concepts. Concepts covered include the differences between symmetric and asymmetric encryption, and we break down on the concept of hashing.

PKI and Trust Chains

00:07:19

Lesson Description:

This lesson presents a conceptual overview of PKI and Trust Chains. The concepts covered will be demonstrated in the next video where keys will be created.

Request, Sign, and Manage Certificates

00:11:10

Lesson Description:

In this demonstration, the openssl command is used to create public and private keys. There is also a demonstration on how to create self-signed certificates and certificate signing requests.

Operating a Certificate Authority

00:09:41

Lesson Description:

After a brief overview of what a Certificate Authority does, we have a demonstration over how to set up openssl for use with the ca subcommand and how to use the ca subcommand that is provided.

325.2 X.509 Certificates for Encryption, Signing and Authentication

SSL, TLS, and, Apache HTTPD Server

00:06:25

Lesson Description:

This lecture lays out the foundation of implementing encryption on Apache's HTTPD server. SSL and TLS are compared and a broad overview of common transport layer security threats is covered. Note: TLS 1.3 has been published by the IETF as RFC 8446: https://tools.ietf.org/html/rfc8446

The ssl.conf File: Important Directives and Security Focused Configurations

00:12:23

Lesson Description:

In this video, we take a tour of Apache HTTPD Server's primary security configuration file that comes as part of mod_ssl. The most important directives with regard to the LPIC 303-200 exam are discussed.

Understanding SNI and HSTS

00:07:03

Lesson Description:

SNI and HSTS are relatively new technologies compared to the age of Apache's HTTPD server itself. This lecture discusses the issues that these technologies address.

Using the openssl Command to Work with Certificates and Web Servers

00:10:50

Lesson Description:

In this demonstration, the openssl command is used to establish an interactive TLS connection with a remote webserver which is followed by an analysis of TLS communication. We also see how the openssl command may be used to validate a certificate.

Hands-on Labs are real live environments that put you in a real scenario to practice what you have learned without any other extra charge or account to manage.

01:00:00

325.3 Encrypted File Systems

Creating Encrypted Volumes

00:06:27

Lesson Description:

A broad view of data encryption is discussed in this video lecture. Common tools and utilities are covered at a high level as well as the use cases of disk encryption.

Demo: Working with LUKS

00:09:11

Lesson Description:

This video provides a demonstration on how to use the cryptsetup package to encrypt and mount a block device using LUKS. There is also discussion on how to approach mounting a LUKS volume on boot.

Hands-on Labs are real live environments that put you in a real scenario to practice what you have learned without any other extra charge or account to manage.

00:30:00

325.4 DNS and Cryptography

Working with DNS

00:13:20

Lesson Description:

A general overview of DNS is provied in this lecture along with some common techniques used to secure BIND. A brief tour of the named.conf file is provided as well.

Securing DNS with DNSSEC

00:12:45

Lesson Description:

This lecture explains the concept of DNSSEC and talks about various Resource Records and key commands that are used in the administration of DNSSEC.

Understanding DANE

00:03:52

Lesson Description:

Learn how DANE may be used to further secure TLS certificate exchange using DNSSEC in this discussion.

Topic 326: Host Security

326.1 Host Hardening

Kernel Security Part 1

00:10:30

Lesson Description:

This video lecture covers a number of ways that security has been added to the Linux kernel over the course of its development. Topics covered include disabling any unneeded software, controlling access to system resources, tuning kernel parameters, ASLR, and the NX bit.

Kernel Security Part 2

00:08:06

Lesson Description:

This video begins with a demonstration of how to interact with kernel parameters using sysctl. There is also a discussion of chroot environments and what virtualization means for system security.

Securing Grub

00:07:56

Lesson Description:

A brief discussion on boot security before a demonstration on how to implement password challenges in Grub2. Note: It is possible, if desired, to encrypt Grub2 passwords using grub-mkpasswd-pbkdf2. While this command is not covered in the exam objectives, it worth noting that there is an option for encryption in this case.

Hands-on Labs are real live environments that put you in a real scenario to practice what you have learned without any other extra charge or account to manage.

00:30:00

326.2 Host Intrusion Detection

Threat Detection

00:13:02

Lesson Description:

In this lesson, we take a look at configuring AIDE for host intrusion detection after a brief discussion on host intrusion detection in general. AIDE is an important topic in the LPIC3-303 Security Exam.

Working with Maldet

00:12:06

Lesson Description:

The maldet command is a chief component of Linux Malware Detect which is demonstrated and discussed in this video. The latest version of LMD may be found at http://www.rfxn.com/downloads/maldetect-current.tar.gz.

Understanding Rootkits

00:08:50

Lesson Description:

Continuing with the topics covered in LPIC 303-200, this video lesson provides a brief discussion on what rootkits are as well as a demonstration of some methods of how to deal with them.

System Auditing in LInux

00:16:25

Lesson Description:

In this lesson, we discuss the audit system that is capable of monitoring system activity at the system call level. A demo is provided on the tools used to view work with the audit logs and how we can create custom audit rules.

Hands-on Labs are real live environments that put you in a real scenario to practice what you have learned without any other extra charge or account to manage.

01:00:00

326.3 User Management and Authentication

Linux Login Eseentials

00:09:38

Lesson Description:

A brief discussion over the basic foundations of Linux user management as relevant to the LPIC-3 303 certification, as well as a brief tour of /etc/nsswitch.conf.

PAM Concepts

00:10:00

Lesson Description:

The pam.d subsystem is explored in this video lecture. A brief review of pam configuration is provided along with some key module candidates for the LPIC-3 303 that you should be familiar with.

Kerberos Concepts

00:09:08

Lesson Description:

In this lecture, an overview of the kerberos process is provided along with some discussion around the kerberos configuration file. The conversation is focused on the objectives of the LPIC-3 303 exam.

Understanding SSSD

00:15:05

Lesson Description:

In this lesson, we cover the System Security Service Daemon through a combination of lecture and demonstration. We reinforce these concepts in the learning activity at the end of this section.

Hands-on Labs are real live environments that put you in a real scenario to practice what you have learned without any other extra charge or account to manage.

00:30:00

Hands-on Labs are real live environments that put you in a real scenario to practice what you have learned without any other extra charge or account to manage.

01:00:00

326.4 FreeIPA Installation and Samba Integration

Overview of FreeIPA

00:06:13

Lesson Description:

This video provides an overview of what software makes up the FreeIPA suite and a brief discussion of the functionality provided. We also discuss the prerequisites to installing IPA.

Installing and Configuring FreeIPA

00:05:24

Lesson Description:

A discussion over some of the installation and configuration commands used in a FreeIPA set up. We pay particular attention to commands seen on the LPIC-3 303-200 Exam.

Working with FreeIPA

00:05:51

Lesson Description:

We demonstrate how to use the ipa command to interface with a FreeIPA installation. There is also an example of how to use the kinit command to establish a simple Kerberos session.

Hands-on Labs are real live environments that put you in a real scenario to practice what you have learned without any other extra charge or account to manage.

01:00:00

Topic 327: Access Control

327.1 Discretionary Access Control

Basic System Permissions

00:06:08

Lesson Description:

We briefly review Linux Discretionary Access Control and discuss and demonstrate the more advanced permissions such as SUID and SGID.

Extended Attributes

00:06:08

Lesson Description:

After a brief conceptual talk around extended file system attributes, we demonstrate how to set and interact with the attributes shown in this video.

Using ACLs

00:04:23

Lesson Description:

This video demonstrates using file access control lists that are standard in most modern Linux distributions. We pay close attention to the setfacl and getfacl commands.

Hands-on Labs are real live environments that put you in a real scenario to practice what you have learned without any other extra charge or account to manage.

01:00:00

327.2 Mandatory Access Control

Understanding MAC

00:03:15

Lesson Description:

This lesson is a brief overview of mandatory access control and type enforcement. These topics cover the expectations outlined for the LPIC-3 303-200 exam.

SELinux

00:11:18

Lesson Description:

This video provides a discussion on the key commands used to interact with SELinux as relevant to the LPIC-3 303-200 exam.

AppArmor and Smack: MAC alternatives

00:04:19

Lesson Description:

This lesson is a conceptual overview of AppArmor and Smack in contrast to SELinux. Key concepts and commands are highlighted as relevant to the LPIC-3 303-200 exam.

Hands-on Labs are real live environments that put you in a real scenario to practice what you have learned without any other extra charge or account to manage.

00:30:00

327.3 Network File Systems

NFSv4 Improvements

00:03:16

Lesson Description:

This is a brief discussion about the distinguishing features of NFSv4, as they apply to the LPIC-3 303 Exam.

NFS in Practice

00:06:58

Lesson Description:

This is a quick review of NFS, with a focus on relvant security options that may appear on the LPIC-3 303 Exam. For a more thorough NFS review, check out section 209 of the LPIC2-202 course here: https://linuxacademy.com/cp/modules/view/id/111.

NFS4 ACLs

00:08:55

Lesson Description:

This video provides a discussion on how to write and set ACLs on an NFS export. NFSv4 ACLs are an objective covered in the LPIC-3 303 Security certification exam.

CIFS Configuration

00:10:43

Lesson Description:

This video discusses some of the mount options as well as how to interact with ACLs on a CIFS filesystem paying particular attention to LPIC-3 303 objectives. See https://linuxacademy.com/cp/modules/view/id/111 topic 209 for the basics on Samba and CIFS.

Hands-on Labs are real live environments that put you in a real scenario to practice what you have learned without any other extra charge or account to manage.

01:00:00

Topic 328: Network Security

328.1 Network Hardening

Configuring FreeRADIUS

00:07:28

Lesson Description:

This is a brief discussion about the essential configuration files and standard commands shipped with FreeRADIUS, as they apply to the LPIC-3 303.

Analyzing Network Traffic

00:11:35

Lesson Description:

This is discussion about packet capture utilities, with a focus on wireshark and tcpdump. We'll also discuss and generate some essential pcap filters.

Network Utilities and Threats

00:09:23

Lesson Description:

Here, we'll discuss several network utilities and threats that are relvant to the LPIC-3 303 Security exam. There's also a demonstration of basic nmap functionality.

Hands-on Labs are real live environments that put you in a real scenario to practice what you have learned without any other extra charge or account to manage.

01:00:00

328.2 Network Intrusion Detection

Network Monitoring

00:04:11

Lesson Description:

This video covers key details regarding some network monitoring solutions, such as ntop, that are covered in the LPIC-3 303 certificate exam.

Configure and Use Snort

00:13:14

Lesson Description:

This will be a broad overview of Snort, along with a discusson on Snort rule configuration. The discussion highlights key knowledge areas for the LPIC-3 303 exam.

OpenVAS Overview

00:04:48

Lesson Description:

This video provides a brief discussion on OpenVAS and NASL, and highlights several key commands.

328.3 Packet Filtering

Firewall Concepts

00:09:34

Lesson Description:

This lesson provides a review of iptables and firewall concepts that are relevant to the LPIC-3 303 security exam. Note that the exam focuses on iptables, as opposed to firewalld. For those seeking a more thorough review, check out the LPIC-2 202 iptables lesson: https://linuxacademy.com/cp/courses/lesson/course/941/lesson/1/module/111. Also note that on more recent operating systems, firewalld is the default firewall software enabled and installed. Please see the "Configuring your system for iptables" download for more information on how to switch CentOS back so that it runs iptables.

Advanced Firewall Concepts

00:11:23

Lesson Description:

This lesson discusses some more advanced firewall concepts, including network address translation and IP sets. Some advanced iptables options are reviewed as well. Please note that on more recent operating systems, firewalld is the default firewall software enabled and installed. See the "Configuring your system for iptables" download for more information on how to switch CentOS back so that it uses iptables.

Ebtables and Nftables

00:03:10

Lesson Description:

This lesson highlights key information regarding ebtables and nftables, and how they fit in with firewall technology. It is targeted at the essentials that may appear on the LPIC-3 303 exam.

Hands-on Labs are real live environments that put you in a real scenario to practice what you have learned without any other extra charge or account to manage.

00:30:00

328.4 Virtual Private Networks

OpenVPN

00:08:01

Lesson Description:

This lesson provides a broad overview of OpenVPN, highlighting key options and configuration relvant to the LPIC-3 303 Security certification. Students seeking more information on OpenVPN in general may also be interested in the LPIC-2 202 lessons regarding OpenVPN: https://linuxacademy.com/cp/courses/lesson/course/941/lesson/9/module/111 https://linuxacademy.com/cp/courses/lesson/course/941/lesson/10/module/111

IPSec Concepts

00:08:00

Lesson Description:

This lecture discusses the essentail concepts and componenets regarding IPSec. There is a focus on the key commands involved, as well as the Security Association and Security Poloicy databaases.

Hands-on Labs are real live environments that put you in a real scenario to practice what you have learned without any other extra charge or account to manage.

01:30:00

Conclusion

Review and Next Steps

Exam Review

00:05:31

Lesson Description:

This video provides an overview of how to prepare for the LPIC-3 303-200 exam. The key preperation reasources provied in this course are identified.

Scheduling and Taking the Exam

00:04:11

Lesson Description:

A brief discussion on the scheduling the LPIC-3 303-200 exam as well as general tips for test day. Linux Academy has a list of single-use codes available. These codes are provided by request to students who need them. In order to get one of these codes, all you have to do is click 'Support' at the top, 'Ask a Question' and let us know that you need a discount voucher for the specific LPI exam you are taking. This creates a ticket in our system and our support staff will pick it up and reply with your code - that's it! Purchase your voucher at http://www.pearsonvue.com/lpi/

After Certification

00:03:23

Lesson Description:

A discussion on some courses that students of the LPIC-3 303 may also find useful and / or interesting.

Linux Security

01:30:00