This course is designed to help you implement a security policy in an AIX environment. AIX 6.1 features are covered.

• Describe security threats to a computer system
• List the AIX commands and components that can meet both the base system and network security threats, including how to configure IPSEC and LDAP
• Configure, distribute, and monitor a security policy and check sox-cobit compliance using AIX Security Expert and LDAP with Active Directory
• Configure the role-based access control (RBAC) feature (AIX 6.1)
• Implement encrypted file systems (AIX 6.1)
• Implement the Trusted Execution feature (AIX 6.1)
• Implement trusted services using the PowerSC IBM product (AIX 6.1 TL6)
• Implement the AIX install time options of Secure by Default and Trusted AIX (AIX 6.1)

This advanced course is intended for persons who:

• Want to learn what the security mechanisms are in an AIX system
• Will plan, implement, or distribute a security policy in AIX
• The audience for this training includes:
• AIX technical support individuals
• System administrators
• System architects

You should have basic AIX administration experience. The AIX prerequisite may be met by attending one of the two following classes or having equivalent AIX skills:

• AIX Basics (AN10G)
• Jumpstart for UNIX Professionals (AN14G)

To use PowerSC, a knowledge of VIO LPARs is required. This prerequisite could be met by attending the following class or having equivalent skills.

• Power Systems for AIX - Virtualization I: Implementing Virtualization (AN30G)

Day 1

• Welcome
• Unit 1 - Introduction to AIX security features Unit 2 - AIX base system security
• Unit 3 - AIX network security, Topic 1: Securing remote commands Exercise 1 - Security in an IT environment
• Exercise 2 - AIX base system security
• Exercise 3 - AIX network security, Part 1: TCP/IP security environment

Day 2

• Unit 3 - AIX network security, Topic 2: IP Security
• Unit 4 - Implementing and distributing a security policy with AIXPert Exercise 3 - AIX network security, Part 2: NFS
• Exercise 4 - Implementing and distributing a security policy with AIXPert

Day 3

• Unit 5 - Implementing role-based access control
• Unit 6 - Implementing encrypted file systems Unit 7 - Implementing Trusted Execution
• Exercise 5 - Implementing role-based access control Exercise 6 - Implementing encrypted file systems Exercise 7 - Implementing Trusted Execution

Day 4

• Unit 8 - Introduction to PowerSC
• Unit 9 - Centralizing security with LDAP and Kerberos, Topic 1: Implementing an AIX LDAP server
• Exercise 8 - Introducing PowerSC
• Exercise 9 - Centralizing security with LDAP and Kerberos, Part 1: LDAP on AIX

Day 5

• Unit 9 - Centralizing security with LDAP and Kerberos, Topic 2: Kerberos and
• Active Directory
• Unit 10 - AIX install time security options
• Exercise 9 - Centralizing security with LDAP and Kerberos, Part 2: LDAP with Active Directory
• Exercise 10 - AIX install time security options
• Lab time

Prior to enrolling, IBM Employees must follow their Division/Department processes to obtain approval to attend this public training class. Failure to follow Division/Department approval processes may result in the IBM Employee being personally responsible for the class charges.

GBS practitioners that use the EViTA system for requesting external training should use that same process for this course. Go to the EViTA site to start this process: http://w3.ibm.com/services/gbs/evita/BCSVTEnrl.nsf

Once you enroll in a GTP class, you will receive a confirmation letter that should show:

• The current GTP list price
• The 20% discounted price available to IBMers. This is the price you will be invoiced for the class.