AIX Network security

Course Overview

This is the second course in the AIX 5L security curriculum. The first course in the curriculum (AU411AGB) focuses on methods for securing an isolated AIX 5L system.

The course teaches students how to implement several important mechanisms that can help secure AIX 5L systems that operate in an intranet or Internet environment. The course also aims to enhance student understanding of the additional security considerations that arise from participation in various types of network environments.

Topics include an overview of TCP/IP security considerations, tools for checking network security, methods for disabling unneeded network services and making required services more secure, a survey of cryptographic technologies, user administration in a networked environment (including use of LDAP and PAM), NFS security, Kerberos, the Secure Shell, Internet Protocol Security (IPSec), Virtual Private Networks, Web server authentication, and security resources available via the Internet.

Audience

The course is intended for system administrators, technical support personnel, and other support personnel responsible for implementing security on systems using the AIX 5L operating system.

Skills Gained

Upon completion of this course, students should be able to:

• Describe risks inherent in TCP/IP network communications
• Evaluate and modify configuration of system services to enhance network security
• Monitor network security using a variety of tools
• Enhance security audit configuration to include network events
• Discuss cryptographic technologies applicable to information technology security
• Install and use the Secure Shell
• Implement user administration using the AIX 5L LDAP filesets
• Describe and configure the pluggable authentication module (PAM) framework on an AIX 5L system
• Implement ACLs and other security enhancements in an NFS environment
• Configure and use Kerberos on an AIX 5L system
• Install and configure Internet Protocol Security (IPSec)
• Set up Virtual Private Networks (VPNs)
• Describe Web server authentication mechanisms
• Locate and use security resources available via the Internet
• Inherent TCP/IP weaknesses
• Characteristics of intranets and of the Internet
• Disabling unneeded network services and making required services more secure
• Using tools such as iptrace and syslogd to check network security
• Adding network events to audit configuration
• Cryptographic technologies applicable to information technology security
• The Open Secure Shell
• User administration in a network environment
• Access control in a network environment
• Kerberos
• Internet Protocol Security (IPSec)
• The IBM Key Manager
• Internet Key Exchange tunnels
• Manual tunnels
• Web server authentication
• Security-related resources available via the Internet

Course Outline

See Objectives.

AIX Network security / AU421AGB (AU421AGBGB)