Finally, some possible missing Content Areas and Tasks: Business Continuity Planning / Disaster Recovery Planning: We have nothing on this, other than one reference to backup under "Monitoring important files". I'd expect a senior admin to be able to plan for moving operations to a hot- or warm-site, have off-site backups, detailed records of hardware configurations and the ability to restore to bare metal, etc.
Physical Security. We have nothing on physical access control, location of servers, etc. Also nothing on securing machines, e.g. BIOS passwrods and only one reference to boot loader security. How about encrypted filesystems? Software Installation: Nothing on MD5's of downloaded tarballs, or checking signatures on RPM's. Nothing on signing RPM's (is that too advanced?) Incident Response and Forensics: Nothing on incident response policy, steps to take when an intrusion is detected, steps to take when it is believed that employees are breaching policy, etc. I'd like to see something added on arpwatch as a way of detecting ARP spoofing, and perhaps tools for detecting machines with promiscuous interfaces. Viruses, worms and malware - while these are not a major concern for Linux systems in isolation, most of us have to work in mixed environments (e.g. managing Samba servers with Windows clients). Do we need to test for some understanding in this area, and perhaps look at specific anti-virus software, eg. Clamav, amavisd or commercial AV products? If we're going to cover SpamAssassin or other spam-filtering software on the mail gateway, shouldn't configuration of anti-virus controls here be at least as important? External connections: We have nothing on controlling access to modems or fax gateways. We have nothing on use of PAP/CHAP for PPP dial-in & dial-out connections. I'm presuming we don't want to get into RADIUS, etc. as it's mostly restricted to ISP's and some wireless setups. Speaking of which: Wireless security: Do we want to touch on the basics here? I'm presuming we don't want to get into 802.1x, EAP/LEAP, but at least, configuration of ESSID's and WEP keys on wireless interfaces.. VPN's. We have nothing on virtual private network connections using any of IPSec, SSL tunnels, PPTP, CIPE, etc. The closest we come is SSH port forwarding. Since an IPSec engine is part of the 2.6 kernel . . . Crypto as a general topic: Do we want candidates to demonstrate a general understanding of crypto techniques, e.g. symmetric vs public-key, block vs stream ciphers, factors affecting crypto strength, etc? OpenSSL provides a great playpen for some of this stuff, and I've seen considerable misunderstanding among students about how SSH uses public/private keys for authentication vs symmetric key algorithms for traffic encryption. This is also the theoretical basis for Kerberos, SSL and TLS (as applied to HTML, LDAP, SMTP, POP, IMAP, etc.), MD5's for integrity checking (e.g. package signatures, Tripwire, etc.) We have almost no mention of tcpwrappers and libwrap - is no one using this any more? We have nothing on the security implications of some common protocols/daemons, e.g. FTP (wu-ftpd, ProFTPD, vsftpd), LDAP (might need to be considered along with Kerberos), HTML (Installation of SSL certs into Apache has to be a good candidate here, surely?) Auditing. Change Control Procedures Best, --- Les Bell, RHCE, CISSP [http://www.lesbell.com.au] _______________________________________________ lpi-examdev mailing list [EMAIL PROTECTED] http://list.lpi.org/mailman/listinfo/lpi-examdev
