LPIC-3 Exam 303: Security
Course Development Director in Content
This course is designed to prepare students to take the LPIC-3 Exam 303: Security certification. The course covers a wide variety of security topics and technologies in a platform agnostic manner. Students will gain practical insights and best practice regarding security on various Linux platforms.
Important Information about LPI Exam Discount Vouchers for 2019
Please view the following video for important information regarding LPI exam vouchers for 2019.
About this Course
This lesson provides a broad overview of what the course covers and the necessary pre-requisites. See exam objectives here: https://www.lpi.org/our-certifications/exam-303-objectives.
About the Training Architect
Meet the Training Architect behind this course!
Course Features and Tools
This video briefly covers some of the tools available through Linux Academy that can aid students in their study for the LPIC-3 303 Security Exam.
Topic 325: Cryptography
325.1 X.509 Certificates and Public Key Infrastructures
Cryptography Concepts Part 1
This lesson is the first part of a two part lecture on cryptography concepts. Concepts covered include a broad look at the uses of cryptography in IT as well a high-level discussion on encryption.
Cryptography Concepts Part 2
This lesson is the second part of a two part lecture on cryptography concepts. Concepts covered include the differences between symmetric and asymmetric encryption, and we break down on the concept of hashing.
PKI and Trust Chains
This lesson presents a conceptual overview of PKI and Trust Chains. The concepts covered will be demonstrated in the next video where keys will be created.
Request, Sign, and Manage Certificates
In this demonstration, the openssl command is used to create public and private keys. There is also a demonstration on how to create self-signed certificates and certificate signing requests.
Operating a Certificate Authority
After a brief overview of what a Certificate Authority does, we have a demonstration over how to set up openssl for use with the ca subcommand and how to use the ca subcommand that is provided.
325.2 X.509 Certificates for Encryption, Signing and Authentication
SSL, TLS, and, Apache HTTPD Server
This lecture lays out the foundation of implementing encryption on Apache's HTTPD server. SSL and TLS are compared and a broad overview of common transport layer security threats is covered. Note: TLS 1.3 has been published by the IETF as RFC 8446: https://tools.ietf.org/html/rfc8446
The ssl.conf File: Important Directives and Security Focused Configurations
In this video, we take a tour of Apache HTTPD Server's primary security configuration file that comes as part of mod_ssl. The most important directives with regard to the LPIC 303-200 exam are discussed.
Understanding SNI and HSTS
SNI and HSTS are relatively new technologies compared to the age of Apache's HTTPD server itself. This lecture discusses the issues that these technologies address.
Using the openssl Command to Work with Certificates and Web Servers
In this demonstration, the openssl command is used to establish an interactive TLS connection with a remote webserver which is followed by an analysis of TLS communication. We also see how the openssl command may be used to validate a certificate.
325.3 Encrypted File Systems
Creating Encrypted Volumes
A broad view of data encryption is discussed in this video lecture. Common tools and utilities are covered at a high level as well as the use cases of disk encryption.
Demo: Working with LUKS
This video provides a demonstration on how to use the cryptsetup package to encrypt and mount a block device using LUKS. There is also discussion on how to approach mounting a LUKS volume on boot.
325.4 DNS and Cryptography
Working with DNS
A general overview of DNS is provied in this lecture along with some common techniques used to secure BIND. A brief tour of the named.conf file is provided as well.
Securing DNS with DNSSEC
This lecture explains the concept of DNSSEC and talks about various Resource Records and key commands that are used in the administration of DNSSEC.
Learn how DANE may be used to further secure TLS certificate exchange using DNSSEC in this discussion.
Topic 326: Host Security
326.1 Host Hardening
Kernel Security Part 1
This video lecture covers a number of ways that security has been added to the Linux kernel over the course of its development. Topics covered include disabling any unneeded software, controlling access to system resources, tuning kernel parameters, ASLR, and the NX bit.
Kernel Security Part 2
This video begins with a demonstration of how to interact with kernel parameters using sysctl. There is also a discussion of chroot environments and what virtualization means for system security.
A brief discussion on boot security before a demonstration on how to implement password challenges in Grub2. Note: It is possible, if desired, to encrypt Grub2 passwords using grub-mkpasswd-pbkdf2. While this command is not covered in the exam objectives, it worth noting that there is an option for encryption in this case.
326.2 Host Intrusion Detection
In this lesson, we take a look at configuring AIDE for host intrusion detection after a brief discussion on host intrusion detection in general. AIDE is an important topic in the LPIC3-303 Security Exam.
Working with Maldet
The maldet command is a chief component of Linux Malware Detect which is demonstrated and discussed in this video. The latest version of LMD may be found at http://www.rfxn.com/downloads/maldetect-current.tar.gz.
Continuing with the topics covered in LPIC 303-200, this video lesson provides a brief discussion on what rootkits are as well as a demonstration of some methods of how to deal with them.
System Auditing in LInux
In this lesson, we discuss the audit system that is capable of monitoring system activity at the system call level. A demo is provided on the tools used to view work with the audit logs and how we can create custom audit rules.
326.3 User Management and Authentication
Linux Login Eseentials
A brief discussion over the basic foundations of Linux user management as relevant to the LPIC-3 303 certification, as well as a brief tour of /etc/nsswitch.conf.
The pam.d subsystem is explored in this video lecture. A brief review of pam configuration is provided along with some key module candidates for the LPIC-3 303 that you should be familiar with.
In this lecture, an overview of the kerberos process is provided along with some discussion around the kerberos configuration file. The conversation is focused on the objectives of the LPIC-3 303 exam.
In this lesson, we cover the System Security Service Daemon through a combination of lecture and demonstration. We reinforce these concepts in the learning activity at the end of this section.
326.4 FreeIPA Installation and Samba Integration
Overview of FreeIPA
This video provides an overview of what software makes up the FreeIPA suite and a brief discussion of the functionality provided. We also discuss the prerequisites to installing IPA.
Installing and Configuring FreeIPA
A discussion over some of the installation and configuration commands used in a FreeIPA set up. We pay particular attention to commands seen on the LPIC-3 303-200 Exam.
Working with FreeIPA
We demonstrate how to use the ipa command to interface with a FreeIPA installation. There is also an example of how to use the kinit command to establish a simple Kerberos session.
Topic 327: Access Control
327.1 Discretionary Access Control
Basic System Permissions
We briefly review Linux Discretionary Access Control and discuss and demonstrate the more advanced permissions such as SUID and SGID.
After a brief conceptual talk around extended file system attributes, we demonstrate how to set and interact with the attributes shown in this video.
This video demonstrates using file access control lists that are standard in most modern Linux distributions. We pay close attention to the setfacl and getfacl commands.
327.2 Mandatory Access Control
This lesson is a brief overview of mandatory access control and type enforcement. These topics cover the expectations outlined for the LPIC-3 303-200 exam.
This video provides a discussion on the key commands used to interact with SELinux as relevant to the LPIC-3 303-200 exam.
AppArmor and Smack: MAC alternatives
This lesson is a conceptual overview of AppArmor and Smack in contrast to SELinux. Key concepts and commands are highlighted as relevant to the LPIC-3 303-200 exam.
327.3 Network File Systems
This is a brief discussion about the distinguishing features of NFSv4, as they apply to the LPIC-3 303 Exam.
NFS in Practice
This is a quick review of NFS, with a focus on relvant security options that may appear on the LPIC-3 303 Exam. For a more thorough NFS review, check out section 209 of the LPIC2-202 course here: https://linuxacademy.com/cp/modules/view/id/111.
This video provides a discussion on how to write and set ACLs on an NFS export. NFSv4 ACLs are an objective covered in the LPIC-3 303 Security certification exam.
This video discusses some of the mount options as well as how to interact with ACLs on a CIFS filesystem paying particular attention to LPIC-3 303 objectives. See https://linuxacademy.com/cp/modules/view/id/111 topic 209 for the basics on Samba and CIFS.
Topic 328: Network Security
328.1 Network Hardening
This is a brief discussion about the essential configuration files and standard commands shipped with FreeRADIUS, as they apply to the LPIC-3 303.
Analyzing Network Traffic
This is discussion about packet capture utilities, with a focus on wireshark and tcpdump. We'll also discuss and generate some essential pcap filters.
Network Utilities and Threats
Here, we'll discuss several network utilities and threats that are relvant to the LPIC-3 303 Security exam. There's also a demonstration of basic nmap functionality.
328.2 Network Intrusion Detection
This video covers key details regarding some network monitoring solutions, such as ntop, that are covered in the LPIC-3 303 certificate exam.
Configure and Use Snort
This will be a broad overview of Snort, along with a discusson on Snort rule configuration. The discussion highlights key knowledge areas for the LPIC-3 303 exam.
This video provides a brief discussion on OpenVAS and NASL, and highlights several key commands.
328.3 Packet Filtering
This lesson provides a review of iptables and firewall concepts that are relevant to the LPIC-3 303 security exam. Note that the exam focuses on iptables, as opposed to firewalld. For those seeking a more thorough review, check out the LPIC-2 202 iptables lesson: https://linuxacademy.com/cp/courses/lesson/course/941/lesson/1/module/111. Also note that on more recent operating systems, firewalld is the default firewall software enabled and installed. Please see the "Configuring your system for iptables" download for more information on how to switch CentOS back so that it runs iptables.
Advanced Firewall Concepts
This lesson discusses some more advanced firewall concepts, including network address translation and IP sets. Some advanced iptables options are reviewed as well. Please note that on more recent operating systems, firewalld is the default firewall software enabled and installed. See the "Configuring your system for iptables" download for more information on how to switch CentOS back so that it uses iptables.
Ebtables and Nftables
This lesson highlights key information regarding ebtables and nftables, and how they fit in with firewall technology. It is targeted at the essentials that may appear on the LPIC-3 303 exam.
328.4 Virtual Private Networks
This lesson provides a broad overview of OpenVPN, highlighting key options and configuration relvant to the LPIC-3 303 Security certification. Students seeking more information on OpenVPN in general may also be interested in the LPIC-2 202 lessons regarding OpenVPN: https://linuxacademy.com/cp/courses/lesson/course/941/lesson/9/module/111 https://linuxacademy.com/cp/courses/lesson/course/941/lesson/10/module/111
This lecture discusses the essentail concepts and componenets regarding IPSec. There is a focus on the key commands involved, as well as the Security Association and Security Poloicy databaases.
Review and Next Steps
This video provides an overview of how to prepare for the LPIC-3 303-200 exam. The key preperation reasources provied in this course are identified.
Scheduling and Taking the Exam
A brief discussion on the scheduling the LPIC-3 303-200 exam as well as general tips for test day. Linux Academy has a list of single-use codes available. These codes are provided by request to students who need them. In order to get one of these codes, all you have to do is click 'Support' at the top, 'Ask a Question' and let us know that you need a discount voucher for the specific LPI exam you are taking. This creates a ticket in our system and our support staff will pick it up and reply with your code - that's it! Purchase your voucher at http://www.pearsonvue.com/lpi/
A discussion on some courses that students of the LPIC-3 303 may also find useful and / or interesting.