Linux Professional Institute (LPI) Training

LPIC Linux Enterprise Security (LPIC-303)

The LPIC-3 Enterprise security certification empowers graduates to harden security for Linux systems, monitor for intrusion and secure data at rest and in transit. As the cyber security threat grows across the globe so does the demand for Linux administrators with specialist cyber security skills.

LPIC-303 Course Objectives
 

• Topic 331: Cryptography
   
  • 331.1 X.509 Certificates and Public Key Infrastructures
    
    Candidates will understand X.509 certificates and public key infrastructure. They learn how to configure and use OpenSSL to implement certification authorities and issue SSL certificates for various purposes
     
  • 331.2 X.509 Certificates for Encryption, Signing and Authentication
    
    Candidates will learn to use X.509 certificates for both server and client authentication. This includes implementing user and server authentication for Apache HTTPD. The version of Apache HTTPD covered is 2.4 or higher.
     
  • 331.3 Encrypted File Systems
    
    Candidates should be able to set up and configure encrypted file systems.
     
  • 331.4 DNS and Cryptography
    
    Candidates will gain the knowledge & understanding of cryptography in the context of DNS and its implementation using BIND. The version of BIND covered is 9.7 or higher.
     
• Topic 332: Host Security
  •  332.1 Host Hardening
    
    Candidates will learn to secure computers running Linux against common threats.
     
  • 332.2 Host Intrusion Detection
    
    Candidates become familiar with the use and configuration of common host intrusion detection software. This includes managing the Linux Audit system and verifying a system's integrity.
     
  • 332.3 Resource Control
    
    Candidates will learn how to restrict the resources services and programs can consume.
     
• Topic 333: Access Control
   
  • 333.1 Discretionary Access Control
    
    Candidates will gain an understanding of discretionary access control (DAC) and know how to implement it using access control lists (ACL). Additionally, candidates are will understand and know how to use extended attributes.
     
  • 333.2 Mandatory Access Control
    
    Candidates will become familiar with mandatory access control (MAC) systems for Linux. Specifically, candidates will gain a thorough knowledge of SELinux. Also, candidates will be made  aware of other mandatory access control systems for Linux. This includes major features of these systems but not configuration and use.
     
• Topic 334: Network Security
  • 334.1 Network Hardening

    
    Candidates should be able to secure networks against common threats. This includes analyzing network traffic of specific nodes and protocols.

  • 334.2 Network Intrusion Detection
    
    Candidates will  become familiar with the use and configuration of network security scanning, network monitoring and network intrusion detection software. This includes updating and maintaining the security scanners.
     
  • 334.3 Packet Filtering
    
    Candidates should be familiar with the use and configuration of the netfilter Linux packet filter.
     
  • 334.4 Virtual Private Networks
    
    Candidates should be familiar with the use of OpenVPN, IPsec and WireGuard to set up remote access and site to site VPNs.334.4 Virtual Private Networks
     
• Topic 335: hreats and Vulnerability Assessment
   
  • 335.1 Common Security Vulnerabilities and Threats

    
    Candidates will gain an  understanding of the principle of major types of security vulnerabilities and threats.

  • 335.2 Penetration Testing
    
    Candidates will gain an understanding of the concepts of penetration testing, including an understand of commonly used penetration testing tools. Furthermore, candidates should be able to use nmap to verify the effectiveness of network security measures.