That's what I was suggesting as a very helpfull way of organizing the tasks and getting more results. I think the categorization you made is right.
Enrique. ----- Original Message ----- From: <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Friday, April 02, 2004 4:07 PM Subject: [lpi-examdev]LVL3SEC: Proposed high-level heirarchy > As has been noted, the tasks that are in the JTA system are a bit chaotic, > and vary in scope from "secure DNS" to "Configure the > 'check_reads_timeout' parameter for slow hosts" in Nessus. > > It seems to me that creating an organizational heirarchy for the security > cert would help in a few ways: > > 1) It provides a standardized means of sorting and organizing objectives > and tasks in the JTA system > > 2) It allows us to break down work into smaller, more meaningful chunks, > where we can hopefully get help from people with good knowledge in > specific areas (for example, I could see soliciting help on a "security > concepts and policy" area from a CISSP list, while Apache security should > come from Apache experts.) > > While recognizing that there will be a lot of overlap between areas and > topics, I propose having four basic content areas for the LPI Level 3 > certification: > > 1. Security Concepts and Policy > > Deals with information security best practices, policies, training and > other non-technical best practices. > > 2. Local security > > Deals with local security issues - user and authentication systems such as > shadow passwords, PAM, filesystem and partition security, configuring > local daemons and services, X-Windows, LIDS, Logging, Mail security, > physical and bootloader security, incident response, etc. > > 3. Network security > > Deals with security issues that mainly use the network - user and > authentication systems such as NIS/Kerberos, Samba, Inetd/Xinetd, Linux > firewalling (iptables and ipchains), NAT, Performing vulnerability > assessments, email security (relay, mimedefang, TLS), SSH, NMAP, Nessus, > Ethereal, etc. > > 4. Packages / addons > > Deals with all the packages or add-ons that are worthy of a section all > their own, to include things such as Apache, Sama, Snort, BIND, NFS, LIDS, > SeLinux, etc. > > Does this seem to make sense? If so, I'll start throwing out chunks of > outline in the four areas and asking for people to help fill in the blanks > and suggesting changes. After that, we can start trying to get subject > matter experts to start filling in the next level. > > Thanks, > > Mark Lachniet > _______________________________________________ > lpi-examdev mailing list > [EMAIL PROTECTED] > http://list.lpi.org/mailman/listinfo/lpi-examdev > --- Outgoing mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.572 / Virus Database: 362 - Release Date: 27/01/2004 _______________________________________________ lpi-examdev mailing list [EMAIL PROTECTED] http://list.lpi.org/mailman/listinfo/lpi-examdev
