Skip Ribbon Commands
Skip to main content

L-510 - Linux Network Security


Duration: 5 Days




Delivery Method:

Software Assurance Value:

Microsoft CPE:

Course Information

Course Description

​This five-day class focuses on network security, and makes an excellent companion class to the L-550, Enterprise Linux Security Administration course. After a detailed discussion of the TCP/IP suite component protocols and Ethernet operation, the student practices using various tools to capture, analyze, and generate IP traffic. Students then explore the tools and techniques used to exploit protocol weaknesses and perform more advanced network attacks. After building a thorough understanding of network based attacks, course focus shifts to the defensive solutions available. Students install, configure, and test two of the most popular and powerful Network Intrusion Detection Systems (NIDS) solutions available. Finally, students create a Linux based router / firewall solution, including advanced functionality such as NAT, policy routing, and traffic shaping.

Course Objectives

​At the end of this course, the student will be able to:

  • Capture and analyze Internet Protocol (IP) traffic.
  • Protect against IP spoofing and ICMP attacks.
  • Protect against vulnerability in a number of TCP/IP services, including Telnet, FTP, HTTP, HTTPS, and DNS.
  • Protect against denial of service (DoS) attacks of different types.
  • Use honeypots, snort, and ACID for intrusion detection.
  • Use Linux as a router and firewall.
  • Use Network Address Translation.

Course Audience

​This class is designed for Linux systems administrators and network administrators.

Course Outline


  • Ethernet and IP Operation
  • TCP/IP Protocol vulnerability analysis (Layer 2/3)
  • Tools for frame capture, analysis, and creation
  • Tools for packet capture, analysis, and creation
  • IP and ARP Vulnerability Analysis
  • ARP spoofing, IP address spoofing, ICMP abuse
  • Protecting against IP abuse
  • ARP cache poisoning defense


  • UDP/TCP Vulnerability Analysis
  • TCP format, state, and operations
  • SYN attack, sequence guessing, hijacking
  • TELNET Protocol Vulnerability Analysis
  • FTP Vulnerability Analysis
  • Bounce attack, port stealing, brute-force
  • HTTP Vulnerability Analysis
  • Attacks on file and pathnames
  • Header spoofing
  • Auth credentials and cookies
  • DNS Protocol Vulnerability Analysis


  • SSH Protocol Vulnerability Analysis
  • Insertion attack, brute force, CRC attack
  • Host authentication bypass
  • HTTPS Vulnerability Analysis
  • SSL protocol structure
  • Intercepted key exchange
  • Version rollback attack
  • Remote O/S detection
  • TCP/IP stack fingerprinting
  • Attacks and Basic Attack Detection
  • Sources of attack
  • Denial of service attacks
  • Remote intrustion expoits
  • Attack detection tools


  • Intrusion Detection Technologies
  • Host, network, hybrid IDS
  • Honeypots
  • Focused Monitors
  • Using snort
  • Advanced snort Configuration
  • snort addons
  • Writing snort Rules
  • ACID and SnortCenter


  • Linux as a router
  • Types of firewalls
  • Proxies: squid
  • Packet filters: stateless and stateful
  • Firewall limitations
  • Configuring iptables
  • NAT and PAT on Linux
  • Advanced policy routing

Course Prerequisites

​Since the tools used in class are compiled and run on a Linux system, Linux or UNIX system experience is helpful, but not necessary. A solid background in networking concepts will greatly aid in comprehension. This is an intense class that covers many topics. If you are unsure if you meet the prerequisites, please speak with a SQLSoft+ Account Representative.

Before attending this course, students must have:
  • Completed L-100, Introduction to the Linux Operating System, or have equivalent knowledge.
  • Completed L-250, Enterprise Linux Systems Administration, or have equivalent knowledge.
Course Schedule
This course is not scheduled yet.