5 Mime courses in Cardiff

SMTP TRAINING COURSE DESCRIPTION A hands on course focusing on the workings of email systems and the standard protocols that they use. The course is not specific to any particular implementation, but some vendor specifics are noted. Linux and Microsoft machines are used in hands on sessions to reinforce the theory of major sessions. The course concentrates on troubleshooting and interworking using network sniffing and protocol inspection rather than "which buttons to push". WHAT WILL YOU LEARN * Describe and explain SMTP MIME POP3 IMAP PGP, GPG, S/MIME SPF, DKIM, DMARC * Configure mail routing * Secure email systems SMTP TRAINING COURSE DETAILS * Who will benefit: Technical staff responsible for email systems. * Prerequisites: TCP/IP foundation for engineers. * Duration 3 days SMTP TRAINING COURSE CONTENTS * SMTP architecture What is SMTP, email before SMTP, SMTP history, the different protocols, clients, servers. Email composition, transmission, delivering emails, storing and reading emails. MUAs, MTAs, POP3, IMAP, SMTP, DNS, webmail. Hands on Setting up MTAs and MUAs and sending a simple email using telnet. * The SMTP protocol SMTP protocol stack, SMTP headers, HELO, SMTP mail, MAIL FROM, RCPT TO, DATA, SMTPUTF8, 8BITMIME, TURN, EHLO, ETRN, 3 digit replies. Hands on Analysing SMTP packets on a network. * DNS and SMTP SMTP forwarding, SMTP relays, interoperation, how SMTP uses DNS, MX records. Hands on Setting up mail relays. * SMTP headers IMF data, From, to, cc, bcc, sender and recipient headers, message Ids, received trails, in-reply-to, received-SPF, mail list headers. Hands on Using clients to analyse details from mail headers, including true originators and path of emails. * MIME Email attachments, MIME versions, content type headers, encoding, base 64, binary data, multi part headers, troubleshooting attachments. Hands on Analysing MIME headers and attachments. * POP3 What is POP3, where to use POP3, authorisation, transactions, POP3 commands: USER, PASS, STAT, LIST, RETR, DELE. Hands on Setting up a POP3 server, analysing POP3 packets on a network. * IMAP and IMAPS What is IMAP, where to use IMAP, authorisation, mailbox structure, IMAP commands: LOGIN, AUTHENTICATE, LIST, CREATE, Examine (message flags), SELECT, STORE. Hands on Setting up an IMAP server and analysing IMAP packets on a network. * Interoperation Mail gateways, addressing, Exchange, sendmail. * Email security Basics, Transport level: STARTTLS. Content: PGP/GPG, mail signing and encryption, S/MIME, digital certificates, secure email submission. Hands on Setting up and using a PGP key, configure MTAs to use TLS. * Email authentication and spam prevention Mail relays, grey listing, block list & RBL, DNSBL (Real-time Black hole List), White list, SPF, Domain Keys Identified Mail (DKIM), Author Domain Signing Practices (ADSP), Abuse Report Format (ARF), Domain-based Message Authentication, Reporting and Conformance (DMARC). Hands on Relay spamming and the blocking spamming.

SIP SECURITY TRAINING COURSE DESCRIPTION A hands-on course covering SIP security. It is assumed that delegates already know SIP as this course focuses purely on the security issues in SIP IP telephony networks. Hands-on practicals follow each major theory session and include use of various SIP security tools such as vomit, sipp, sipsak and sivus amongst others. WHAT WILL YOU LEARN * Secure SIP networks * Use various SIP security tools SIP SECURITY TRAINING COURSE DETAILS * Who will benefit: Technical staff working with SIP. Technical security staff. * Prerequisites: SIP for engineers * Duration 2 days SIP SECURITY TRAINING COURSE CONTENTS * SIP review SIP infrastructure and entities, example SIP session. Hands on Simple SIP network with and without authentication. * SIP security attacks DOS attacks, infrastructure attacks, eavesdropping, spoofing, replay, message integrity. Hands on Basic SIP packet capture, infrastructure attacks. * SIP tools SIP packet creation: Sivus, SIPsak, PROTOS, SFTF, SIP bomber, SIPp, Seagull, Nastysip. SIP packet generators: SIPNess, NetDude. Monitoring: Wireshark, Cain & Abel, Vomit, Oreka, VoiPong. Scripts and tools: SIP-Fun, Skora.net, kphone-ddos, sip-scan, sip-kill, sip-redirectrtp. Health of different tools. Hands on Generating SIP packets, rebuilding conversations from captured packets, password cracking. * VPNs and SIP IPSec, AH, ESP, transport mode, tunnel mode, Pre Shared Keys, Public keys. Hands on SIP calls over IPSec. * Secure SIP signaling SIP relationship with HTTP, Deprecated HTTP 1.0 basic authentication, HTTP 1.1 Digest authentication, S/MIME, SIPS, SIPS URI, TLS, DTLS, PKI infrastructures. Hands on SIP with TLS. * Secure media streams SRTP, features, packet format, default encryption, default authentication, key distribution. S/MIME, MIKEY, SDP security descriptions. SIP security agreements. Hands on Analysing SRTP packets. * Firewalls NAT traversal. Impact of firewall on infrastructure attacks. TLS and firewalls. SIP specific firewalls. Hands on SIP calls through a firewall.

APACHE TRAINING COURSE DESCRIPTION A hands on training course covering installation, configuration and management of the Apache web server. WHAT WILL YOU LEARN * Install Apache. * Configure Apache. * Manage Apache. * Build static and dynamic web sites with Apache. * Secure Apache. APACHE TRAINING COURSE DETAILS * Who will benefit: Technical staff working with Apache. * Prerequisites: TCP/IP foundation for engineers. UNIX fundamentals * Duration 3 days APACHE TRAINING COURSE CONTENTS * Installing Apache What is Apache? Apache versions, history, downloading Apache, source distribution, compilation, binary distribution, installation, platform considerations. Hands on Downloading and installing Apache. * Controlling the Apache server Running Apache, automatic Apache start, starting, stopping, restarting Apache. Checking Apache status. Hands on Server control. * Configuration Serving webpages, setting the document root, applying configuration changes, Configuration files, httpd.conf, syntax, directives, modules, utilities, turning features on/off. Hands on basic Apache configuration. * More configuration MIME, URL mapping, content negotiation, indexing, performance tuning. * Logging log file content, configuration, log file locations, error logging, browser errors, error page configuration, forbidden index pages. Hands on Log files. * Security File permissions, .htaccess, protecting files with passwords, password files, authentication, restricting access by IP address. * Secure HTTP HTTPS, installing mod_ssl, certificates, configuring mod_ssl, http and https coexistence * Virtual hosts Multiple sites on one server, separate configuration files, IP based, name based, port based, virtual host names, enabling, defining, configuring, aliases, testing, https virtual hosts. Hands on Virtual hosts. * Dynamic sites Dynamic sites, CGI, PHP, PERL, CGI programs, example CGI scripts, Apache and CGI, CGI parameters, CGI issues, PHP, mod_php, Perl and Apache, mod_perl, installing mod_perl. Hands on CGI, PHP and Perl with Apache. * Modules What are modules, standard modules, loading modules, mod_speling, mod_rewrite, other special purpose modules, URL rewriting, redirection, URL transformation, browser dependent pages. Hands on Working with modules.

SECURITY+ TRAINING COURSE DESCRIPTION A hands on course aimed at getting delegates successfully through the CompTia Security+ examination. WHAT WILL YOU LEARN * Explain general security concepts. * Describe the security concepts in communications. * Describe how to secure an infrastructure. * Recognise the role of cryptography. * Describe operational/organisational security. SECURITY+ TRAINING COURSE DETAILS * Who will benefit: Those wishing to pass the Security+ exam. * Prerequisites: TCP/IP foundation for engineers * Duration 5 days SECURITY+ TRAINING COURSE CONTENTS * General security concepts Non-essential services and protocols. Access control: MAC, DAC, RBAC. Security attacks: DOS, DDOS, back doors, spoofing, man in the middle, replay, hijacking, weak keys, social engineering, mathematical, password guessing, brute force, dictionary, software exploitation. Authentication: Kerberos, CHAP, certificates, usernames/ passwords, tokens, biometrics. Malicious code: Viruses, trojan horses, logic bombs, worms. Auditing, logging, scanning. * Communication security Remote access: 802.1x, VPNs, L2TP, PPTP, IPsec, RADIUS, TACACS, SSH. Email: S/MIME, PGP, spam, hoaxes. Internet: SSL, TLS, HTTPS, IM, packet sniffing, privacy, Javascript, ActiveX, buffer overflows, cookies, signed applets, CGI, SMTP relay. LDAP. sftp, anon ftp, file sharing, sniffing, 8.3 names. Wireless: WTLS, 802.11, 802.11x, WEP/WAP. * Infrastructure security Firewalls, routers, switches, wireless, modems, RAS, PBX, VPN, IDS, networking monitoring, workstations, servers, mobile devices. Media security: Coax, UTP, STP, fibre. Removable media. Topologies: Security zones, DMZ, Intranet, Extranet, VLANs, NAT, Tunnelling. IDS: Active/ passive, network/host based, honey pots, incident response. Security baselines: Hardening OS/NOS, networks and applications. * Cryptography basics Integrity, confidentiality, access control, authentication, non-repudiation. Standards and protocols. Hashing, symmetric, asymmetric. PKI: Certificates, policies, practice statements, revocation, trust models. Key management and certificate lifecycles. Storage: h/w, s/w, private key protection. Escrow, expiration, revocation, suspension, recovery, destruction, key usage. * Operational/Organisation security Physical security: Access control, social engineering, environment. Disaster recovery: Backups, secure disaster recovery plans. Business continuity: Utilities, high availability, backups. Security policies: AU, due care, privacy, separation of duties, need to know, password management, SLAs, disposal, destruction, HR policies. Incident response policy. Privilege management: Users, groups, roles, single sign on, centralised/decentralised. Auditing. Forensics: Chain of custody, preserving and collecting evidence. Identifying risks: Assets, risks, threats, vulnerabilities. Role of education/training. Security documentation.

SIP IN IMS TRAINING COURSE DESCRIPTION The IP Multimedia Core Network Subsystem (IMS) is defined by 3GPP as a new mobile infrastructure. This advanced course looks at the use of SIP in the IMS. WHAT WILL YOU LEARN * Describe the role of SIP in the IMS. * Explain how SIP works in the IMS * Describe the SIP architecture in the IMS. * Explain how SIP and SDP are used in basic IMS procedures. SIP IN IMS TRAINING COURSE DETAILS * Who will benefit: Technical telecommunications staff. * Prerequisites: SIP for engineers. * Duration 2 days SIP IN IMS TRAINING COURSE CONTENTS * Introduction SIP review, SIP elements, Simple SIP call flow, What is IMS? Why IMS? Why SIP in the IMS? SIP and IMS relationship. * Standards 3GPP, IETF, 3GPPr5, 3GPPr6, 3GPP SIP extensions. * SIP and IMS IMS architecture, SIP interfaces. * Server functions Registration, home and away, location and directory services, stateful and stateless servers. * SIP servers P-CSCF, I-CSCF, S-CSCF, PSTN gateways * SIP registration in the IMS SIP REGISTER, IMS identities, registration process, P-CSCF discovery, S-CSCF assignment, IMS subscriber and IMS registrar signalling flow. IMS routing in the registration process. Re and De-registration. * SIP sessions in the IMS SIP INVITE, Establishing IMS SIP sessions, User at home network, user roaming, IMS offer answer architecture, SIP preconditions, QoS, reserving resources, IMS bearer network interactions, IMS subscriber and IMS service signalling flow. Typical call flows. * SIP services in the IMS IMS specifications, IMS service procedures, call scenarios, call services. IMS multimedia related procedures. IMS presence, IMS messaging, IMS conferencing, IMS PoC. * SIP-T SIP and the PSTN, URIs and ENUM, NAPTR, SRV, ISUP numbers and URI mapping, IAM and INVITE, SIP to PSTN/ISUP mapping, PSTN/ISUP to SIP mapping, PSTN to PSTN over SIP. MIME media types for ISUP, DTMF transmission, CLIP and CLIR in SIP, ring tone, split gateways * SIP-I ISO standards, translation versus tunnelling. * IMS SIP extensions Security (RFC 3310, 3329), Resource reservation (RFC 3312), Media authorisation (RFC 3313), SigComp (RFC 3320), P Headers (RFC 3325, 3455), Mobile registration (RFC 3327, 3608), Reg event (RFC 3680), Preconditions (RFC 4032) * Security IMS security architecture, identities, HTTP digest, TLS. Affect of security on SIP media sessions.