Enterprise Security Using Kerberos and LDAP (SC-360)

Overview:

The Enterprise Security Using Kerberos course provides students with the knowledge and skills necessary to deploy Kerberos in the enterprise and to secure enterprise deployments of Lightweight Directory Access Protocol (LDAP).

Description:

Who Can Benefit
Students who can benefit from this course are individuals who want to deploy the Kerberos security, who want to deploy a secure single-sign-on solutions, and those who need secure authentication and encryption for NFS. 
 

Prerequisites
To succeed in this course, students must fully understand the material in the following courses: SA-299: Advanced System Administration for the Solaris 9 Operating System and SA-399: Network Administration for the Solaris 9 Operating System.

Skills Gained
Upon completion of this course, students should be able to:
Understand Cryptography
Use NTP
Understand and implement Kerberos
Administer Kerberos
Implement Cross-Realm Authentication
Integrate Kerberos Implementations
Understand and Integrate LDAP
Configure LDAP security 
 

Related Courses
Before:

ISP Server Network Tools Administration (IN-351)

Course Content
Module 1 - Introducing Cryptography
Describe common terms and techniques used in cryptography
Understand the role and usage of cryptography in securing computer networks
Discuss the architecture of the Secured Sockets Layer (SSH) protocol 

Module 2 - Reviewing NTP
Discuss the need for time synchronization in a networked environment
Configure client system to synchronize time with a network server
Deploy a Network Time Protocol (NTP) server which client systems can query
Configure access restrictions on NTP clients and servers 

Module 3 - Introducing Kerberos
Discuss typical security and convenience limitations
Describe the benefits afforded by the use of Kerberos in the enterprise
Explain the conceptual operation of Kerberos 

Module 4 - Examining Kerberos
Describe the configuration files and applications that comprise Kerberos
Discuss the Kerberos daemons needed on Kerberos server systems
Describe the Kerberos applications used on Kerberos client systems
Discuss the differences between master and slave Key Distribution Center (KDC) 

Module 5 - Implementing Kerberos
Deploy Kerberos master KDCs
Configure slave Kerberos KDCs to provide redundancy and load-balancing
Configure client systems to authenticate using Kerberos 

Module 6 - Using Kerberos
Describe the process which users authenticate as Kerberos principals
Discuss the tools available to change passwords for Kerberos principals
Explain how Kerberos principals can grant password-less accounts 

Module 7 - Administering Kerberos
Configure Kerberos keytabs
Establish Kerberos principal password policies
Configure PAM to provide Solaris users with single sign-on access
 

Module 8 - Implementing Cross-Realm Authentication
Discuss reasons for using one Kerberos realm, or multiple Kerberos realms
Describe the cross-realm authentication trust arrangements
Configure direct and hierarchical cross-realm authentication relationships 

Module 9 - Integrating Kerberos Implementations
Discuss interoperability concerns between standards-compliant and nonstandard Kerberos implementations
Describe Kerberos topologies used when integrating Microsoft Kerberos
Configure Microsoft Kerberos as a hierarchical sub-realm 

Module 10 - Reviewing LDAP
Describe the structure of a Lightweight Directory Access Protocol
Discuss common uses of LDAP
Understand common LDAP terminology 

Module 11 - Configuring LDAP Security
Discuss methods of authenticating access to LDAP directories
Describe tools used to secure LDAP transactions
Describe tools used to secure access to specific entries within the LDAP directory 

Module 12 - Integrating Kerberos and LDAP
Contrast the benefits afforded by use of Kerberos with those of LDAP
Describe methods in which Kerberos and LDAP can be used simultaneously
Detail the security advantages and disadvantages of using LDAP with Kerberos
Detail the security advantages and disadvantages using Kerberos on top of LDAP