LinuxCBT Proxy Edition feat. Squid encompasses: 1. Proxy Security.

LinuxCBT Proxy Edition feat. Squid is unparalleled in content, depth and expertise. It entails 10-hours, or over 1-day of classroom training. LinuxCBT Proxy Edition feat. Squid prepares you or your organization for successfully securing GNU/Linux & Open Source-based solutions. As a by-product, many of the covered concepts, utilities and tricks are applicable to heterogeneous computing environments, ensuring your coverage of the fundamentals of securing corporate infrastructures.

Let LinuxCBT Proxy Edition feat. Squid cost-effectively sharpen your GNU/Linux & Open Source Security skills!

Recommended Prerequisites for:

• Any LinuxCBT Operating System Course (Classic/EL-4/SUSE/Debian Editions)
  • Open mind & determination to master Linux and related open-source applications
  • Basic understanding of networking concepts
  • Access to a PC to follow the exercises

Proxy Security - Module 1

• Squid Proxy Initialization
  • Discuss Squid concepts & applications
  • Discuss DNS application
  • Configure DNS on primary SuSE Linux server for the Squid Proxy environment
  • Confirm DNS environment
  • Start Squid and evaluate default configuration
  • Install Squid Proxy server
• General Proxy Usage
  • Configure web browser to utilize proxy services
  • Grant permissions to permit local hosts to utilize proxy services
  • Discuss ideal file system layout - partitioning
  • Explore key configuration files
  • Use client to test the performance of proxy services
  • Discuss HIT/MISS logic for serving content
  • Configure proxy support for text-based (lftp/wget/lynx) HTTP clients
• Squid Proxy Logs
  • Discuss Squid Proxy logging mechanism
  • Identify key log files
  • Discuss & explore the Access log to identify HITS and/or MISSES
  • Discuss & explore the Store log to identify cached content
  • Convert Squid logs to the Common Log Format (CLF) for easy processing
  • Discuss key CLF fields
  • Configure Webalizer to process Squid-CLF logs
  • Revert to Squid Native logs
  • Discuss key Native log fields
  • Configure Webalizer to process Squid Native logs
• Squid Network Configuration & System Stats
  • Discuss cachemgr.cgi Common Gateway Interface(CGI) script
  • Explore the available metrics provided by cachemgr.cgi
  • Change default Squid Proxy port
  • Modify text/graphical clients and test communications
  • Discuss Safe Ports - usage & applications
• Squid Access Control Lists (ACLs)
  • Intro to Access Control Lists (ACLs) - syntax
  • Define & test multiple HTTP-based ACLs
  • Define & test ACL lists - to support multiple hosts/subnets
  • Define & test time-based ACLs
  • Nest ACLs to tighten security
  • Implement destination domain based ACLs
  • Exempt destination domains from being cached to ensure content freshness
  • Define & test Anded ACLs
  • Discuss the benefits of Regular Expressions (Regexes)
  • Implement Regular Expressions ACLs to match URL patterns
  • Exempt hosts/subnets from being cached or using the Squid cache
  • Force cache usage
  • Configure enterprise-class Cisco PIX firewall to deny outbound traffic
  • Configure DNS round-robin with multiple Squid Proxy caches for load-balancing
  • Discuss delay pool concepts & applications - bandwidth management
  • Configure delay pools - to support rate-limiting
  • Examine results of various delay pool classes
  • Enforce maximum connections to deter Denial of Service (DoS) attacks
  • Verify maximum connections comply with security policy
• Squid Proxy Hierarchies
  • Discuss Squid cache hierarchy concepts & applications
  • Ensure communications through a primary cache server - double-auditing
  • Discuss and configure parent-child bypass based on ACLs
  • Configure Intranet ACLs for peer-cache bypass
  • Discuss & implement Squid cache hierarchy siblings
  • Configure transparent proxy services
• top