EX333 Requirements

Centralized Authentication Security

• configure an NIS server to provide directory services
• configure Kerberos to provide user authentication
• configure NFSv4 server
• configure a network client to use NIS for directory information
• configure a network client to use Kerberos for authentication
• configure a network client to mount an NFSv4 export
• configure r-clients (rlogin, rcp, etc.) and telnet to use Kerberos

Network Services Security

• Use xinetd and TCP wrappers to restrict access to network services
• Configure Postfix and Sendmail to:
  • filter mail based on message characteristics
  • use TLS for secure communication
  • use the Real-time Blackhole List (RBL) via DNS
• Configure POP/IMAP to use SSL/TLS for secure communication
• Configure the following aspects of DNS:
  • master domain
  • slave domain
  • views
  • forwarders
  • blackhole lists (RBL)
  • TSIG
• Use GPG tools to:
  • generate key pairs
  • sign documents
  • encrypt documents
  • decrypt documents
  • verify document signatures
• configure a certificate authority (CA) and sign certificate requests
• configure httpd to use a SSL certificate signed by a certifying authority
• configure httpd to use passwords and/or network location to restrict access to content
• configure FTP security to
  • support FTP only users
  • implement host based access restrictions