08:45-10:45 First session 10:45-11:00 Tea 11:00-13:00 Second session 13:00-14:00 Lunch 14:00-16:00 Third session 16:00-16:15 Tea/Coffe 16:15-18:15 Fourth session 19:30-21:00 Evening session SANOG IV OPEN SOURCE IP SERVICES WORKSHOP Dates: July 23 to July 27, 2004 (Friday to Tuesday) Location: Kathmandu, Nepal (Radisson Hotel) Organizers: South Asian Network Operators Group (SANOG) and The Network Startup Resource Center (NSRC) Primary Instructors: Hervey Allen, NSRC, Track Leader Joe Abley, ISC, NSRC, Volunteer Philip Hazel, University of Cambridge, NSRC, Volunteer COURSE OUTLINE FRIDAY: DAY 1, JULY 23 MORNING (HA) ------------ * Course Introduction and setup (30-45 minutes) * Introduction to Linux: (until 16:00) * Determination of class experience-level. * Based on experience-level topics may include: - Create accounts, remove accounts - Discussion /etc/passwd, /etc/group, /etc/shadow - Filesystem commands (cp, ls, cd, rm) - Use of basic editor, such as vi. - Use of 'su' command for root, and /etc/sudoers - Retrieve RPM packages using FTP and install - Be able to shutdown and restart server. Discussion of init levels. - Discussion of /etc/ and /etc/rc.d/init.d/ - If time is available, free time for practice with instructor help. - Linux discussion of partitioning and options - /etc/mtab, /dev - Discussion of Linux services and how to tell what is running. - Hands-on configuration of services (chkconfig). - Starting and stopping of services. - Discuss /etc/rc.d, /etc/sysconfig, /proc - Hands-on configuration changes to /etc/sysconfig/network-scripts - Discuss /etc/crontab and practice command use. - First mention of firewalls - Gnome vs. KDE and XWindows. What they are. Not needed on a server. - Logs and where they reside. Hands on viewing of logs. Note: /etc/syslog.conf AFTERNOON (HA/JA) * Continuation of Linux Introductory materials. * Basic IP and Networking Concepts (JA) TBA * Packets and Protocols Introduce the core concepts of how data is packaged using IP packets. In general terms we will discuss: - Physical layer - Ethernet - IP Packet design - IP (Layers) - TCP/UDP/ICMP - Sequencing In Addition Topics include: the protocol stack, hop by hop forwarding, IP addresses, netmasks, CIDR prefix notation, ethernet ARP, binary arithmetic. * Students will be able to: - recognise the ISO OSI seven-layer model - understand the relationship between the TCP/IP model and the ISO model - describe the unifying effect of the network later - describe how IP addresses are constructed: network part, host part - understand old classful networking terminology: class A, B, C understand modern classless networking terminology: CIDR, prefix length, VLSM - convert between prefix length and netmask notation - identify network and broadcast addresses - find lowest/highest possible IP address in a prefix - subdivide prefixes - understand the concepts of subnetting and supernetting - distinguish between different network types: broadcast, point-to-point, NBMA - explain the purpose of ARP - describe the forwarding process and `longest match' rules EVENING SESSION (If Needed) (JA) * Additional Basic IP Networking Concepts Practice SATURDAY: DAY 2 MORNING (HA) ------------ * Server-side security * Physical security. * Firewalls don't protect from internal attacks. * Account restrictions. Secure passwords. * Run only the services you need. Some services not to run. * Service-level security - tcpwrappers - /etc/hosts.deny and /etc/hosts.allow (old) - /etc/xinet.d/* (new) * Internal only services (NFS as an example) - Students will check services. - Students will reconfigure a service not to run. * Polices of encrypted only username/password transactions for: - Email (POP and IMAP) - Web (HTTPS) - Shell (SSH) - File transfers (SCP) * Patching and security updates. Available mailing lists. - Apply a patch. * Intrusion detection/System integrity checking - Should be applied _before_ connecting to network. - Show Tripwire, AIDE, Snort projects. * Buffer overflow attacks - Install or discuss libsafe. Note 'cal' issue. * Logging and syslogd. - Edit and review syslog.conf - Review logs and have students practice 'tail -f', messages sent to root, and discuss possible logging programs. * Backups: presentation of approaches to backing up based on server. - discuss and use tar command - Use tar to create tar.gz file from a directory with multiple files. Use tar to decompress and expand the file. Note zip as well. AFTERNOON (HA) * Server security and services continued: * Encryption basics. Public and Private key encryption. Digital Certificates. * Install Apache+mod_ssl - Generate local certificate - Configure /etc/httpd/conf.d/httpd.conf as needed. - Restart apache and connect to port 443 (firewall issue) * SSH presentation and excercise - known_hosts files and authorization - Password challenge authentication - RSA/DSA Private/Public Key generation - Public/Private Key use with SSH - Using tunnels with SSH SUNDAY: DAY 3 ------ * DNS JA - Purpose of Naming - Names and Addreses, History of Naming - DNS Structure: namespace, nameservers, resolvers - Properties of the DNS - The DNS Namespace: domains, zones - Zones, Delegation - Name Servers: authority servers, recursive resolvers - Introduction to Resource Records, Zone Files - Installing BIND 9 and setting up RNDC (with exercise) - Building a BIND 9 Recursive Resolver (with exercise) - Configuring Zone Files - Practice with Zone Files (exercise) - Using DIG (exercise) - Restricting Zone Transfers - TSIG - Practice with Zone Transfers (exercise) - Brief Overview of DNSSEC SUNDAY EVENING SESSION ---------------------- DNS excercises if needed JA MONDAY: DAY 4 MORNING (PH) ------------ * Mail/Exim * Topics covered in this section - Introduction to Internet Mail + Mail agents - MUA and MTA + Message format + Authentication + SMTP - Message in transit + Use of DNS for email + Delivering a message + Relay control + Policy control on email - Installation of Exim and basic tests AFTERNOON (PH) * Mail/Exim cont. - Exim Routers and Transports configuration + Configuration file + Changing runtime configuraiton + Configuration file sections + Default configuration file layout + Common global options + Exim 4 routing + Simple routing configuration + Default routers + Default transports + Routing to smarthosts + Virtual domains + Access control lists + Good and bad relaying + Message filtering + Large installations + Separating mail functions - Modify routing practical exercises TUSEDAY: DAY 5 MORNING (PH) ------------ * Mail/Exim cont. * Access Control Lists * Setting up a relaying host practical exercises AFTERNOON (HA/PH) * POP, IMAP and Web email servers * POP3/Mail Materials - Mailserver scalability + Linear password files + Linear mbox files + Too many files in one directory + CPU limits + Disk performance + Keep your SMTP (smarthost) and POP3 services separate - Maildir and qmail-pop3d practical exercises + Reconfigure exim for Maildir delivery - Courier practical exercises + Install courier-imap + Configure the daemons + Start the daemons + pop3 and imap over SSL * POP, IMAP and Web email servers * Sqwebmail practical exercises completion * Final exam * Course conclusion and certificate handout (JA/HA/PH)
Last update July 27, 11:30 am NPT