Home    |    Instructor-led Training    |    Online Training     
         
 
Courses
ADA
Adobe
Agile
AJAX
Android
Apache
AutoCAD
Big Data
BlockChain
Business Analysis
Business Intelligence
Business Objects
Business Skills
C/C++/Go programming
Cisco
Citrix
Cloud Computing
COBOL
Cognos
ColdFusion
COM/COM+
CompTIA
CORBA
CRM
Crystal Reports
Data Science
Datawarehousing
DB2
Desktop Application Software
DevOps
DNS
Embedded Systems
Google Web Toolkit (GWT)
IPhone
ITIL
Java
JBoss
LDAP
Leadership Development
Lotus
Machine learning/AI
Macintosh
Mainframe programming
Mobile
MultiMedia and design
.NET
NetApp
Networking
New Manager Development
Object oriented analysis and design
OpenVMS
Oracle
Oracle VM
Perl
PHP
PostgreSQL
PowerBuilder
Professional Soft Skills Workshops
Project Management
Rational
Ruby
Sales Performance
SAP
SAS
Security
SharePoint
SOA
Software quality and tools
SQL Server
Sybase
Symantec
Telecommunications
Teradata
Tivoli
Tomcat
Unix/Linux/Solaris/AIX/
HP-UX
Unisys Mainframe
Visual Basic
Visual Foxpro
VMware
Web Development
WebLogic
WebSphere
Websphere MQ (MQSeries)
Windows programming
XML
XML Web Services
Other
DNS Security
DNS Training Description:

Reliable, robust and secure operation of the DNS hierarchy - from the root servers to an individual domain name server - is critical to all Internet operations. The course concentrates on the use of DNSSEC for the control of Zone Transfers, DDNS and zone Integrity and especially the automation of key-rollover using established tools. While the primary focus of the course is BIND other DNS software will be discussed.

Students will review the theory behind the DNS hierarchy, the DNS protocol, forward and reverse mapping zone files. DNS (DNSSEC) security is based on modern cryptographic techniques and processes. The student will learn the underlying principles without requiring mathematical knowledge. Specific implementation of shared-secret (symmetric) and public-key (asymmetric) implementations will be detailed covering Zone Transfer, Dynamic DNS (DDNS) and Zone Integrity. Secure DDNS integration with DHCP is covered and procedures and requirements for key management and key-rollover are illustrated. The course includes a number of hands on configuration exercises.

The primary focus of the course is BIND which is available on Linux, UNIX and Windows platforms. The course is offered with Linux (Fedora Core), FreeBSD or Windows 2003 as the platform for all exercises.

DNS Training Audience:

The course is designed for DNS administrators, Network and System Administrators, Security specialists and those who need a thorough understanding of DNS security. Students should have taken the Basic DNS Course or have over 2 years exposure to DNS operations.

DNS Training Course duration:

2 days

DNS Training Course outline:

Module 1: DNS Refresher
  • The DNS hierarchy (name servers and resolvers)
  • Authoritative and cached responses
  • Delegation - Parent and child domains
  • Forward and Reverse mapping
  • DNS types
  • DIG
  • DNS software - options and overview
Module 2: DNS Security Basics
  • Security overview
  • Security threat analysis
  • DNS security scope (Zone transfer, DDNS, zone integrity)
  • Stealth configuration
  • BIND's view clause
  • Administrative security (jails, permissions, server configurations)
  • BIND Logs
  • BIND's server clause
Module 3: Cryptographic Introduction
  • DNS usage of modern cryptography
  • Symmetric cryptography
  • Asymmetric cryptography
  • Message digests
  • Message authentication codes (MAC)
  • Digital signatures
  • Key Management
  • The KEY RR
  • BIND's key generation tools
Module 4: Securing Zone Transfers
  • Methods - allow-transfer, TSIG, SIG(0) and TKEY
  • The TSIG (symmetric cryptography) process
  • Exercise
  • The OPT meta (or pseudo) RR
Module 5: Securing DDNS
  • Methods - allow-update, update-policy, TSIG and SIG(0)
  • The SIG(0) (asymmetric cryptography) process
  • Exercise
  • The SIG RR
Module 6: Zone Integrity
  • The DNS security environment
  • Security-aware and security oblivious
  • Securing zones - zone signing
  • Chains of trust and islands
  • Key rollover and maintenance
  • Current implementation status
  • Alternate chains of trust - DLV
Module 7: Zone signing
  • Zone and key signing keys
  • The DNSKEY, NSEC, NSEC3, RRSIG and DS RRs
  • The dnssec-signzone utility
  • Exercise
Module 8: Keyrollover and Maintenance
  • Double signing
  • Pre-publish
  • Exercise
  • Tools and utilities
Module 9: Summary
  • DNS and AD (Windows)
  • Security best practices
  • DNS resources
  • DNS software

Please contact your training representative for more details on having this course delivered onsite or online

Training Outlines - the one stop shopping center for IT training.
Training Outlines All rights reserved