SANOV VI IP Services Workshop Outline Location: Thimphu, Bhutan (Royal Banquet Hall) Organizers: South Asian Network Operators Group (SANOG) and The Network Startup Resource Center (NSRC) Primary Instructors: Sufi Faruq Ibne Abubakar, TM International (BD) Ltd, AKTEL Hervey Allen, Network Startup Resource Center (NSRC) Philip Hazel, University of Cambridge Champika Wijayatunga, Asia Pacific NIC (APNIC) Daily Time Schedule Saturday Morning (HA/CW) ------- * Welcome to workshop (HA/CW) * FreeBSD Materials * Why we are using FreeBSD (HA) * A FreeBSD Overview - Note some differences from Linux - FreeBSD Command Reference: - Additional/Advanced topics based on class level * Install FreeBSD (HA) * Post-Install Exercises - Include install of Gnome/KDE - Additional exercises for those who want practice * Cryptography overview (HA) - [OpenOffice | pdf 1-up | pdf 4-up] - symmetric ciphers, public/private keys, hashing, integrity checks, key lengths, digital signatures Afternoon (HA/CW) --------- * Security overview/review (HA) - [OpenOffice | pdf 1-up | pdf 4-up | PowerPoint] - Best practices - FreeBSD specific steps * Install and Scan with Nessus: [html | pdf] (HA) - Sample Nessus report: 1 machine - Sample Nessus report: subnet scan - See if we can find security issues in our lab * Review Securing What we Find (HA) - Based on security scans take first steps to secure - lockdown/reconfigure services - Turn off services - Update services - Do we need a firewall? Discuss this. * SSH Overview (HA) - Review public/private key - Importance of private key - "man-in-the-middle" attacks - Tunneling services * SSH lab (HA) - scp/sftp, including scp between two remote servers. - Login/scp without passwords - Exectute commands - Tunneling Sunday Morning (CW/HA) ------- * DNS Materials * DNS Concepts * BIND Installation - Install Bind * Recursive Server - Configure a recursive (caching) name server - Configure domains on primary and secondary servers * Troubleshooting Afternoon (CW/HA) --------- * Reverse DNS - Reverse DNS lab * RNDC & TSIG - RNDC lab - TSIG lab - Modifying logging Monday Morning (CW/HA) ------- * DNS Materials * ACL and Views - ACL and Views lab * Secured Dynamic Updates - Dynamic updates Afernoon (SA/HA) -------- * Squid overview (Proxy and cache services) * Squid installation and initial configuration - [pdf-1up | PowerPoint] * Advanced Squid topics - ACLs - Delay pools - Transparent proxies * Overview of Digital Certificates/Apache with SSL (HA) - [pdf-1up | pdf-4up | OpenOffice | PowerPoint] * Install/configure Apache with SSL (HA) - [html | pdf] - Configure local ssl certificate - Connect to web server using https Tuesday Morning (PH/HA) ------- * Mail Materials * Introduction to Email * Installation of Exim MTA - Initial Exim exercises Afternoon (PH/HA) --------- * Exim routing configuration * Exim routing exercises Wednesday Morning (PH/HA) ------- * Mail Materials * Exim input/relay control and ACL's * Exim input/relay control exercise for incoming email * Dealing with unwanted email - filtering, blacklists, filter by content whitelists, viruses, unwanted bounces (Joe Job problems) * Scalability and performance tips for Exim Afternoon (HA/PH) --------- * Overview of Spamassassin (HA) * Install Spamassassin (HA) - How to use Spamassassin with Exim * Overview of ClamAV (HA) * Install ClamAV (HA) - Send infected message to test functionality * Configure Exim for maildirs * Install Courier POP/IMAP server * Install Sqwebmail * Connect to POP/IMAP and Sqwebmail with ssl * Workshop exam - [html | pdf] * Q&A * Books and workshop certificates * Close of workshop
Last modified: Tue Jul 19 14:35:34 BTT 2005