Free register and download UseNet downloader, then you can FREE Download from UseNet.

    Download without Limit " LinuxCBT- Firewall Security Edition " from UseNet for FREE!

LinuxCBT Firewall Security - Module III
* Intro IPTables
o Discuss key IPTables concepts
o OSI Model discussion
o Determine if IPTables support is available in the current kernel
o Identify key IPTables modules and supporting files
o Explore and examine the default tables
o Learn IPTables Access Control List (ACL) syntax
o Discuss ACL management
o Learn to Save & Restore IPTables ACLs
*
* IPTables - Chain Management
o Explore the various chains in the default tables
o Discuss the purpose of each chain
o Examine packet counts & bytes traversing the various chains
o Focus on appending and inserting new ACLs into pre-defined chains
o Write rules to permit common traffic flows
o Delete & Replace ACLs to alter security policy
o Flush ACLs - reset the security policy to defaults
o Zero packet counts & bytes - bandwidth usage monitoring
o Create user-defined chains to perform additional packet handling
o Rename chains to suit the security policy/nomenclature
o Discuss & explore chain policy
*
* IPTables - Packet Matching & Handling
o Explain the the basics of packet matching
o Identify key layer-3/4 match objects - (Source/Dest IPs, Source/Dest Ports, etc.)
o Explore the multi-homed configuration
o Block traffic based on untrusted (Internet-facing) interface
o Perform packet matching/handling based on common TCP streams
o Perform packet matching/handling based on common UDP datagrams
o Perform packet matching/handling based on common ICMP traffic
o Write fewer rules (ACLs) by specifying lists of interesting layer-4 ports
o Discuss layer-3/4 IPTables default packet matching
o Discuss default layer-2 behavior
o Increase security by writing rules to match packets based on layer-2 addresses
*
* IPTables - State Maintenance - Stateful Firewall
o Discuss the capabilities of traditional packet-filtering firewalls
o Explain the advantages of stateful firewalls
o Examine the supported connection states
o Identify key kernel modules to support the stateful firewall
o Implement stateful ACLs & examine traffic flows
*
* IPTables - Targets - Match Handling
o Discuss the purpose of IPTables targets for packet handling
o Write rules with the ACCEPT target
o Write rules with the DROP target
o Write rules with the REJECT target
o Write rules with the REDIRECT target
o Confirm expected behavior for all targets
*
* IPTables - Logging
o Explore Syslog kernel logging configuration
o Define Access Control Entry (ACEs) to perform logging
o Explain the key fields captured by IPTables
o Log using user-defined chain for enhanced packet handling
o Log traffic based on security policy
o Define a catch-all ACE
o Use ACE negation to control logged packets
o Label log entries for enhanced parsing
*
* IPTables - Packet Routing
o Describe subnet layout
o Enable IP routing in the kernel - committ changes to disk
o Update routing tables on the other Linux Hosts on the network
o Update the Cisco PIX Firewall's routing tables
o Test routing through the Linux router, from a remote Windows 2003 Host
o Focus on the forward chain
o Write ACEs to permit routing
o Test connectivity
*
* IPTables - Network Address Translation (NAT)
o Discuss NAT features & concepts
o Discuss & implement IP masquerading
o Define Source NAT (SNAT) ACEs & test translations
o Create SNAT multiples
o Implement Destination NAT (DNAT) ACEs & test translations
o Define DNAT multiples
o Create NETMAP subnet mappings - one-to-one NATs
*
* IPTables - Demilitarized Zone (DMZ) Configuration
o Describe DMZ configuration
o Write Port Address Translation (PAT) rules to permit inbound traffic
o Test connectivity from connected subnets
o Configure DMZ forwarding (Routing)
o Implement Dual-DMZs - ideal for n-tiered web applications
*
* IPTables - IPv6
o Explore IPv6 configuration
o Peruse IPv6 IPTables management tools
o Log and Filter ICMPv6 traffic
o Log and Filter TCPv6 traffic
o Log and Filter UDPv6 traffic
o Use 'nping' to generate IPv6 traffic for analysis
o Create IPv6 Sub-Chains to manage rules
o Evaluate results

Links Are interchangeable | No Pass | Enjoy!