291 Network & Security courses in Bradford

SECURING LINUX SYSTEMS TRAINING COURSE DESCRIPTION This course teaches you everything you need to know to build a safe Linux environment. The first section handles cryptography and authentication with certificates, openssl, mod_ssl, DNSSEC and filesystem encryption. Then Host security and hardening is covered with intrusion detection, and also user management and authentication. Filesystem Access control is then covered. Finally network security is covered with network hardening, packet filtering and VPNs. WHAT WILL YOU LEARN * Secure Linux accounts. * Secure Linux file systems. * Secure Linux access through the network. SECURING LINUX SYSTEMS TRAINING COURSE DETAILS * Who will benefit: Linux technical staff needing to secure their systems. * Prerequisites: Linux system administration (LPIC-1) * Duration 5 days SECURING LINUX SYSTEMS TRAINING COURSE CONTENTS * Cryptography * Certificates and Public Key Infrastructures X.509 certificates, lifecycle, fields and certificate extensions. Trust chains and PKI. openssl. Public and private keys. Certification authority. Manage server and client certificates. Revoke certificates and CAs. * Encryption, signing and authentication SSL, TLS, protocol versions. Transport layer security threats, e.g. MITM. Apache HTTPD with mod_ssl for HTTPS service, including SNI and HSTS. HTTPD with mod_ssl to authenticate users using certificates. HTTPD with mod_ssl to provide OCSP stapling. Use OpenSSL for SSL/TLS client and server tests. * Encrypted File Systems Block device and file system encryption. dm-crypt with LUKS to encrypt block devices. eCryptfs to encrypt file systems, including home directories and, PAM integration, plain dm-crypt and EncFS. * DNS and cryptography DNSSEC and DANE. BIND as an authoritative name server serving DNSSEC secured zones. BIND as an recursive name server that performs DNSSEC validation, KSK, ZSK, Key Tag, Key generation, key storage, key management and key rollover, Maintenance and resigning of zones, Use DANE. TSIG. * Host Security * Host Hardening BIOS and boot loader (GRUB 2) security. Disable useless software and services, sysctl for security related kernel configuration, particularly ASLR, Exec-Shield and IP / ICMP configuration, Exec-Shield and IP / ICMP configuration, Limit resource usage. Work with chroot environments, Security advantages of virtualization. * Host Intrusion Detection The Linux Audit system, chkrootkit, rkhunter, including updates, Linux Malware Detect, Automate host scans using cron, AIDE, including rule management, OpenSCAP. * User Management and Authentication NSS and PAM, Enforce password policies. Lock accounts automatically after failed login attempts, SSSD, Configure NSS and PAM for use with SSSD, SSSD authentication against Active Directory, IPA, LDAP, Kerberos and local domains, Kerberos and local domains, Kerberos tickets. * FreeIPA Installation and Samba Integration FreeIPA, architecture and components. Install and manage a FreeIPA server and domain, Active Directory replication and Kerberos cross-realm trusts, sudo, autofs, SSH and SELinux integration in FreeIPA. * Access Control * Discretionary Access Control File ownership and permissions, SUID, SGID. Access control lists, extended attributes and attribute classes. * Mandatory Access Control TE, RBAC, MAC, DAC. SELinux, AppArmor and Smack. * etwork File Systems NFSv4 security issues and improvements, NFSv4 server and clients, NFSv4 authentication mechanisms (LIPKEY, SPKM, Kerberos), NFSv4 pseudo file system, NFSv4 ACLs. CIFS clients, CIFS Unix Extensions, CIFS security modes (NTLM, Kerberos), mapping and handling of CIFS ACLs and SIDs in a Linux system. * Network Security * Network Hardening FreeRADIUS, nmap, scan methods. Wireshark, filters and statistics. Rogue router advertisements and DHCP messages. * Network Intrusion Detection ntop, Cacti, bandwidth usage monitoring, Snort, rule management, OpenVAS, NASL. * Packet Filtering Firewall architectures, DMZ, netfilter, iptables and ip6tables, standard modules, tests and targets. IPv4 and IPv6 packet filtering. Connection tracking, NAT. IP sets and netfilter rules, nftables and nft. ebtables. conntrackd * Virtual Private Networks OpenVPN server and clients for both bridged and routed VPN networks. IPsec server and clients for routed VPN networks using IPsec-Tools / racoon. L2TP.

NETWORK DESIGN TRAINING COURSE DESCRIPTION This course provides you with the knowledge needed to perform the design of a network infrastructure that supports desired network solutions to achieve effective performance, scalability, and availability. We recognise that the role of design does not normally require hands on skills but hands on sessions are used to reinforce the theory not to teach configuration or troubleshooting. WHAT WILL YOU LEARN * Create HA enterprise network designs. * Develop optimum Layer 3 designs. * Design effective modern WAN and data center networks. * Develop effective migration approaches to IPv6. * Create effective network security designs. NETWORK DESIGN TRAINING COURSE DETAILS * Who will benefit: Anyone involved with network design. * Prerequisites: TCP/IP Foundation for engineers * Duration 5 days NETWORK DESIGN TRAINING COURSE CONTENTS PART I RELIABLE, RESILIENT ENTERPRISE L2/3 NETWORK DESIGN Optimal Enterprise Campus Design: Enterprise campus design principles, hierarchy, modularity, flexibility, resiliency. EIGRP design: EIGRP Design, Should you use EIGRP? OSPF design: OSPF scalability designs, OSPF area design, OSPF Full-Mesh Design, OSPF Hub-and-Spoke Design, OSPF convergence design and optimization techniques. IS-IS Design: The protocol, IS-IS hierarchical architecture, IS-IS vs OSPF, IS-IS Deep Dive, IS-IS Design Considerations. BGP design: BGP overview, Designing Scalable iBGP Networks, BGP Route Reflector Design, Enhancing the Design of BGP Policies with BGP Communities, Case Study: Designing Enterprise wide BGP Policies Using BGP Communities, BGP Load-Sharing Design. PART II ENTERPRISE IPV6 DESIGN CONSIDERATIONS IPv6 Design Considerations in the Enterprise: IPv6 Deployment and Design Considerations, Considerations for Migration to IPv6 Design, IPv6 Transition Mechanisms, Final Thoughts on IPv6 Transition Mechanisms. Challenges of the Transition to IPv6: IPv6 Services, Link Layer Security Considerations. PART III MODERN ENTERPRISE WIDE-AREA NETWORKS DESIGN Service Provider-Managed VPNs: Choosing Your WAN Connection, Layer 3 MPLS VPNs, Case Study: MPLS VPN Routing Propagation, Layer 2 MPLS VPN Services. Enterprise-Managed WANs: Enterprise-Managed VPNs, GRE, Multipoint GRE, Point-to-Point and Multipoint GRE, IPsec, IPsec and dynamic VTI, DMVPN, Case Study: EIGRP DMVPN, DMVPN and Redundancy, Case Study: MPLS/VPN over GRE/DMVPN, SSL VPN. Enterprise WAN Resiliency Design: WAN Remote-Site Overview, MPLS L3 WAN Design Models, Common L2 WAN Design Models, Common VPN WAN Design Models, 3G/4G VPN Design Models, Remote Site Using Local Internet, Remote-Site LAN, Case Study: Redundancy and Connectivity, NGWAN, SDWAN, and IWAN Solution Overview, IWAN Design Overview, Enterprise WAN and Access Management. PART IV ENTERPRISE DATA CENTER DESIGNS Multitier Data Center Designs: Case Study: Small Data Centers (Connecting Servers to an Enterprise LAN), Case Study: Two-Tier Data Center Network Architecture, Case Study: Three-Tier Data Center Network Architecture. Trends and Techniques to Design Modern Data Centers: The Need for a New Network Architecture, Limitations of Current Networking Technology, Modern Data Center Design Techniques and Architectures, Multitenant Data Center. SDN: SDN characteristics, How SDN addresses current Networking Limitations, SDN Architecture Components, SDN Network Virtualization overlays. Data Center Connections: Data Center Traffic Flows, The Need for DCI, IP Address Mobility, Case Study: Dark Fiber DCI, Pseudowire DCI. PART V DESIGN QOS FOR OPTIMIZED USER EXPERIENCE QoS Overview: QoS Overview, IntServ versus DiffServ, Classification and Marking, Policers and Shapers, Policing Tools: Single-Rate Three-Color Marker, Policing Tools: TwoRate Three-Color Marker, Queuing Tools, Dropping Tools. QoS design principles and best practices: QoS overview, classification and marking design principles, policing and remarking design principles, queuing design principles, dropping design principles, Per-Hop behavior queue design principles, RFC 4594 QoS Recommendation, QoS Strategy Models. Campus QoS, WAN QoS, Data Center QoS. MPLS VPN QoS Design: The Need for QoS in MPLS VPN, Layer 2 Private WAN QoS Administration, Fully Meshed MPLS VPN QoS Administration, MPLS DiffServ Tunneling Modes, Sample MPLS VPN QoS Roles. IPsec VPN QoS Design: The Need for QoS in IPsec VPN, VPN Use Cases and Their QoS Models, IPsec Refresher, Encryption and Classification: Order of Operations, MTU Considerations, DMVPN QoS Considerations. PART VI IP MULTICAST DESIGN Enterprise IP Multicast Design: How Does IP Multicast Work? Multicast Protocols, Multicast Forwarding and RPF Check, Multicast Protocol Basics, PIM-SM Overview, Multicast Routing Table, Basic SSM Concepts, Bidirectional PIM. RP discovery, Anycast RP Features, MSDP. PART VII DESIGNING OPTIMUM ENTERPRISE NETWORK SECURITY Designing Security Services and Infrastructure Protection Network Security Zoning, Designing Infrastructure Protection. Designing firewall & IPS solutions: Firewall architectures, virtualized firewalls. Case Study: Application Tier separation, Case Study: Firewalls in a Data Center, Case Study: Firewall High Availability, IPS Architectures, Case Study: Secure Campus Edge Design (Internet and Extranet Connectivity). IP Multicast Security: Multicast Security Challenges, Multicast Network Security Considerations. Designing Network Access Control Solutions: IEEE 802.1X, EAP, 802.1X supplicants, 802.1X phased deployment, Case Study: Authorization Options. PART VIII DESIGN SCENARIOS Design Case Studies: 1: Enterprise Connectivity, 2: Enterprise BGP with Internet Connectivity, 3: IPv6, 4: Data Center Connectivity, 5: Resilient Enterprise WAN, 6: Secure Enterprise Network, 7: QoS in the Enterprise Network.

LINUX NETWORK ADMINISTRATION 2 COURSE DESCRIPTION LPIC-2 is the second certification in LPI's multi level professional certification program. This course teaches the skills necessary to pass the LPI 202 exam; the second of two LPIC-2 exams. Specifically, the course covers the administration of Linux systems in small to medium sized mixed networks. WHAT WILL YOU LEARN * Install and configure fundamental network services. LINUX NETWORK ADMINISTRATION 2 COURSE DETAILS * Who will benefit: Linux administrators. * Prerequisites: Linux engineer certification 1 (LPIC-2) * Duration 5 days LINUX NETWORK ADMINISTRATION 2 COURSE CONTENTS * Part II The LPI 202 Exam * Organizing Email Services The Linux Mail System, Mail Transfer Agent, Mail Delivery Agent, Mail User Agent, Email Protocols, SMTP, POP, IMAP, Using Email Servers, Sendmail, Postfix, Local Email Delivery, Procmail Basics, Sieve, Remote Email Delivery, Courier, Dovecot. * DNS DNS and BIND, Configuring a DNS Server, Starting, Stopping, and Reloading BIND, Configuring BIND Logging, Creating and Maintaining DNS Zones, BIND Zone Files, Managing BIND Zones, Securing a DNS Server, ailing BIND, DNSSEC, TSIG, Employing DANE. * Offering Web Services Web Servers, HTTP, The Apache Web Server, Installing and configuring Apache, Hosting Dynamic Web Applications, Secure Web Servers, Proxy Servers, Installing and configuring Squid, Configuring Clients, Nginx Server, Installing Nginx, Configuring Nginx. * Sharing Files Samba, Configuring Samba, Troubleshooting Samba, NFS, Configuring NFS, Securing NFS, Troubleshooting NFS, FTP Servers, Configuring vsftpd, Configuring Pure-FTPd. * Managing Network Clients Assigning Network Addresses, DHCP, Linux DHCP Software, Installing and configuring a DHCP Server and clients, Authentication Service, PAM Basics, Configuring PAM, PAM Application Files, Network Directories, LDAP Basics, OpenLDAP Server, LDAP Clients. * Setting Up System Security Server Network Security, Port Scanning, Intrusion Detection Systems, External Network Security, iptables, Routing in Linux, Connecting Securely to a Server, OpenSSH, OpenVPN, Security Resources, US-CERT, SANS Institute, Bugtraq.

MICROSOFT SECURITY TRAINING COURSE DESCRIPTION A hands on training course focusing on security in the Microsoft environment. The course progresses from patch management onto the use of Microsoft security tools. Then server, desktop and network security are studied in the Microsoft environment. WHAT WILL YOU LEARN * Use Microsoft security tools. * Secure Microsoft servers. * Secure Microsoft desktops. * Secure Microsoft networks. MICROSOFT SECURITY TRAINING COURSE DETAILS * Who will benefit: Technical server support staff. Technical desktop support staff. Technical network staff. Technical security staff. * Prerequisites: Supporting Windows server 2016 Networking Microsoft systems. * Duration 3 days MICROSOFT SECURITY TRAINING COURSE CONTENTS * Introduction Security threats, Microsoft defaults, admin accounts, security patches, patch management, patch tools. Hands on: Studying Microsoft defaults, applying security patches. * Microsoft security tools Microsoft updates, WSUS, Inventory tool, baseline security analyser, URLscan, EventCombMT, Cipher security tool, Port reporter, PortQry. Tools hackers use. Hands on: Using Microsoft security tools. * Server security Checklists, core server security, AD, Member server security, Domain controller security, Specific roles. Hands on Hardening Microsoft servers, security templates. * Active Directory Admin authority in AD, group policy, trust and authentication. * Desktop security Checklists, core client security, anti virus software, anti spyware software, firewalls, securing clients with AD, securing clients with group policy, software restriction policies. Hands on Securing Microsoft desktops. * Network security Checklist, IP security, VPNs, PKI, certificate authorities, RAS, RRAS, IAS. Hands on: VPN configuration, IAS configuration. * Monitoring Auditing, authorisation and logons, tracking, system monitoring, detecting attacks. Hands on: Monitoring Microsoft systems. * Summary Microsoft security response centre, security advisories.

UNIX NETWORKING TRAINING COURSE DESCRIPTION A course covering the complete range of standard UNIX networking products from the basic TCP/IP configuration through DNS, NIS, NFS and Samba. Hands-on exercises follow most theory sessions. WHAT WILL YOU LEARN * Install and configure fundamental network services. * Describe TCP/IP, Apache, DNS, NIS, NIS+, NFS, Samba and sendmail. * Configure and administrate TCP/IP. * Install and administrate a DNS server. * Configure and administrate a NIS+ network. * Administrate NFS. * Setup a sendmail server. UNIX NETWORKING TRAINING COURSE DETAILS * Who will benefit: System Administrators. Network Administrators. * Prerequisites: Linux engineer certification 1 (LPIC-2) * Duration 5 days UNIX NETWORKING TRAINING COURSE CONTENTS * Organizing Email Services The UNIX Mail System, Mail Transfer Agent, Mail Delivery Agent, Mail User Agent, Email Protocols, SMTP, POP, IMAP, Using Email Servers, Sendmail, Postfix, Local Email Delivery, Procmail Basics, Sieve, Remote Email Delivery, Courier, Dovecot. * DNS DNS and BIND, Configuring a DNS Server, Starting, Stopping, and Reloading BIND, Configuring BIND Logging, Creating and Maintaining DNS Zones, BIND Zone Files, Managing BIND Zones, Securing a DNS Server, ailing BIND, DNSSEC, TSIG, Employing DANE. * Offering Web Services Web Servers, HTTP, The Apache Web Server, Installing and configuring Apache, Hosting Dynamic Web Applications, Secure Web Servers, Proxy Servers, Installing and configuring Squid, Configuring Clients, Nginx Server, Installing Nginx, Configuring Nginx. * Sharing Files Samba, Configuring Samba, Troubleshooting Samba, NFS, Configuring NFS, Securing NFS, Troubleshooting NFS, FTP Servers, Configuring vsftpd, Configuring Pure-FTPd. * Managing Network Clients Assigning Network Addresses, DHCP, UNIX DHCP Software, Installing and configuring a DHCP Server and clients, Authentication Service, PAM Basics, Configuring PAM, PAM Application Files, Network Directories, LDAP Basics, OpenLDAP Server, LDAP Clients. * Setting Up System Security Server Network Security, Port Scanning, Intrusion Detection Systems, External Network Security, iptables, Routing in UNIX, Connecting Securely to a Server, OpenSSH, OpenVPN, Security Resources, US-CERT, SANS Institute, Bugtraq.

ADVANCED JUNOS SECURITY TRAINING COURSE DESCRIPTION This course provides students with intermediate routing knowledge and configuration examples. The course includes an overview of protocol-independent routing features, load balancing and filter-based forwarding, OSPF, BGP, IP tunneling, and high availability (HA) features. Junos Intermediate Routing (JIR) is an intermediate-level course. WHAT WILL YOU LEARN * Demonstrate the understanding of integrated user firewall. * Implement next generation Layer 2 security features. * Implement virtual routing instances in a security setting. * Utilize Junos tools for troubleshooting Junos security implementations. * Implement IPS policy. ADVANCED JUNOS SECURITY TRAINING COURSE DETAILS * Who will benefit: Individuals responsible for implementing, monitoring, and troubleshooting Junos security components. * Prerequisites: Intro to the Junos Operating System * Duration 5 days ADVANCED JUNOS SECURITY TRAINING COURSE CONTENTS * Junos Layer 2 Packet Handling and Security Features Transparent Mode Security Secure Wire Layer 2 Next Generation Ethernet Switching MACsec Lab 2 Implementing Layer 2 Security * Virtualization Virtualization Overview Routing Instances Logical Systems Lab 3 Implementing Junos Virtual Routing * AppSecure Theory AppSecure Overview AppID Overview AppID Techniques Application System Cache Custom Application Signatures * AppSecure Implementation AppTrack AppFW AppQoS APBR SSL Proxy Lab 4 Implementing AppSecure * Working with Log Director Log Director Overview Log Director Components Installing and setting up Log Director Clustering with the Log Concentrator VM Administrating Log Director Lab 5 Deploying Log Director * Sky ATP Theory Sky ATP Overview Monitoring Sky ATP Analysis and Detection of Malware * Sky ATP Implementation Configuring Sky ATP Installing Sky ATP Analysis and detection of Malware Infected Host Case Study Lab 6 Instructor Led Sky ATP Demo * Implementing UTM UTM Overview AntiSpam AntiVirus Content and Web Filtering Lab 7 Implementing UTM * Introduction to IPS IPS Overview Network Asset Protection Intrusion Attack Methods Intrusion Prevention Systems IPS Inspection Walkthrough IPS Policy and Configuration SRX IPS Requirements IPS Operation Modes Basic IPS Policy Review IPS Rulebase Operations Lab 8 Implementing Basic IPS Policy * SDSN SDSN Overview, Components & Configuration Policy Enforcer Troubleshooting SDSN Use Cases Lab 9 Implementing SDSN * Enforcement, Monitoring, and Reporting User Role Firewall and Integrated User Firewall Overview User Role Firewall Implementation Monitoring User Role Firewall Integrated User Firewall Implementation Monitoring Integrated User Firewall Lab 10 Configure User Role Firewall and Integrated User Firewall * Troubleshooting Junos Security Troubleshooting Methodology Troubleshooting Tools Identifying IPsec Issues Lab 11 Performing Security Troubleshooting Techniques * Appendix A: SRX Series Hardware and Interfaces Branch SRX Platform Overview High End SRX Platform Overview SRX Traffic Flow and Distribution SRX Interfaces

ETHERNET LANS TRAINING COURSE DESCRIPTION THIS COURSE HAS BEEN REPLACED AS PART OF OUR CONTINUOUS CURRICULUM DEVELOPMENT. PLEASE SEE OUR * Definitive Ethernet switching course WHAT WILL YOU LEARN * Describe what Ethernet is and how it works. * Install Ethernet networks * Troubleshoot Ethernet networks * Analyse Ethernet packets * Design Ethernet networks * Recognise the uses of Hubs, Bridges, switches and routers. ETHERNET LANS TRAINING COURSE DETAILS * Who will benefit: Those wishing to find out more about how their LAN works. * Prerequisites: Intro to Data comms & networking. * Duration 3 days ETHERNET LANS TRAINING COURSE CONTENTS * What is Ethernet? LANS, What is Ethernet?, history, standards, the OSI reference model, how Ethernet works, CSMA/CD. Ethernet Cabling UTP, cat 3,4,5, Cat 5e, Cat 6, Cat 7, fibre optic cable, MMF, SMF. Hands on Making a cable. * 802.3 physical specifications Distance limitations, hubs and repeaters, 5-4-3-2-1 rule, 10BaseT, 10BaseF, 100BaseTX, 100BaseFX, 1000BaseSX, 1000BaseT, 10gbe. Hands on Working with hubs. * Ethernet layer 2 Overview, NICS, device drivers, MAC addresses, broadcasts, multicasts, frame formats, Ether II, 802.3, 802.2, SNAP, compatibility, Ethernet type numbers, Ethernet multicast addresses, Ethernet vendor codes. Hands on Installing Ethernet components, analysing MAC headers. * IP and Ethernet ARP Hands on Analysing ARP packets. * Ethernet extensions Full/half duplex, auto negotiation, flow control methods, 802.3ad, 802.3af, 802.3ah. Hands on Configuration of full/half duplex. * Ethernet speed enhancements Encoding, Carrier extension, packet bursting, jumbo frames. * Prioritisation 802.1P, 802.1Q, TOS, WRR, QOS, VLANs. Hands on 802.1p testing * Interconnecting LANS Broadcast domains, Collision domains, What are bridges, transparent bridging, What are switches? STP, VLANS, What are routers? Layer 3 switches, Connecting Ethernet to the WAN. Hands on STP, Analysing Ethernet frames in a routed architecture. * Troubleshooting and maintaining Ethernet Utilisation, performance, TDR and other testers, bottlenecks, statistics, RMON. Hands on Monitoring performance, troubleshooting tools.

SECURING UNIX SYSTEMS TRAINING COURSE DESCRIPTION This course teaches you everything you need to know to build a safe Linux environment. The first section handles cryptography and authentication with certificates, openssl, mod_ssl, DNSSEC and filesystem encryption. Then Host security and hardening is covered with intrusion detection, and also user management and authentication. Filesystem Access control is then covered. Finally network security is covered with network hardening, packet filtering and VPNs. WHAT WILL YOU LEARN * Secure UNIX accounts. * Secure UNIX file systems. * Secure UNIX access through the network. SECURING UNIX SYSTEMS COURSE DETAILS * Who will benefit: Linux technical staff needing to secure their systems. * Prerequisites: Linux system administration (LPIC-1) * Duration 5 days SECURING UNIX SYSTEMS COURSE CONTENTS * Cryptography * Certificates and Public Key Infrastructures X.509 certificates, lifecycle, fields and certificate extensions. Trust chains and PKI. openssl. Public and private keys. Certification authority. Manage server and client certificates. Revoke certificates and CAs. * Encryption, signing and authentication SSL, TLS, protocol versions. Transport layer security threats, e.g. MITM. Apache HTTPD with mod_ssl for HTTPS service, including SNI and HSTS. HTTPD with mod_ssl to authenticate users using certificates. HTTPD with mod_ssl to provide OCSP stapling. Use OpenSSL for SSL/TLS client and server tests. * Encrypted File Systems Block device and file system encryption. dm-crypt with LUKS to encrypt block devices. eCryptfs to encrypt file systems, including home directories and, PAM integration, plain dm-crypt and EncFS. * DNS and cryptography DNSSEC and DANE. BIND as an authoritative name server serving DNSSEC secured zones. BIND as an recursive name server that performs DNSSEC validation, KSK, ZSK, Key Tag, Key generation, key storage, key management and key rollover, Maintenance and resigning of zones, Use DANE. TSIG. * Host Security * Host Hardening BIOS and boot loader (GRUB 2) security. Disable useless software and services, sysctl for security related kernel configuration, particularly ASLR, Exec-Shield and IP / ICMP configuration, Exec-Shield and IP / ICMP configuration, Limit resource usage. Work with chroot environments, Security advantages of virtualization. * Host Intrusion Detection The Linux Audit system, chkrootkit, rkhunter, including updates, Linux Malware Detect, Automate host scans using cron, AIDE, including rule management, OpenSCAP. * User Management and Authentication NSS and PAM, Enforce password policies. Lock accounts automatically after failed login attempts, SSSD, Configure NSS and PAM for use with SSSD, SSSD authentication against Active Directory, IPA, LDAP, Kerberos and local domains, Kerberos and local domains, Kerberos tickets. * FreeIPA Installation and Samba Integration FreeIPA, architecture and components. Install and manage a FreeIPA server and domain, Active Directory replication and Kerberos cross-realm trusts, sudo, autofs, SSH and SELinux integration in FreeIPA. * Access Control * Discretionary Access Control File ownership and permissions, SUID, SGID. Access control lists, extended attributes and attribute classes. * Mandatory Access Control TE, RBAC, MAC, DAC. SELinux, AppArmor and Smack. * etwork File Systems NFSv4 security issues and improvements, NFSv4 server and clients, NFSv4 authentication mechanisms (LIPKEY, SPKM, Kerberos), NFSv4 pseudo file system, NFSv4 ACLs. CIFS clients, CIFS Unix Extensions, CIFS security modes (NTLM, Kerberos), mapping and handling of CIFS ACLs and SIDs in a Linux system. * Network Security * Network Hardening FreeRADIUS, nmap, scan methods. Wireshark, filters and statistics. Rogue router advertisements and DHCP messages. * Network Intrusion Detection ntop, Cacti, bandwidth usage monitoring, Snort, rule management, OpenVAS, NASL. * Packet Filtering Firewall architectures, DMZ, netfilter, iptables and ip6tables, standard modules, tests and targets. IPv4 and IPv6 packet filtering. Connection tracking, NAT. IP sets and netfilter rules, nftables and nft. ebtables. conntrackd * Virtual Private Networks OpenVPN server and clients for both bridged and routed VPN networks. IPsec server and clients for routed VPN networks using IPsec-Tools / racoon. L2TP.

CARRIER ETHERNET TRAINING COURSE DESCRIPTION Ethernet is now the interface of choice for nearly all networking. This comprehensive course looks at the ways carriers can provide this Ethernet interface for their WANs and MANs. The course assumes delegates already have a solid foundation in Ethernet switching and so concentrates on just the Ethernet technologies for Carrier Ethernet. WHAT WILL YOU LEARN * Describe the main Carrier Ethernet services. * Evaluate transports for Carrier Ethernet. * Explain how Ethernet can work over MPLS and SDH. * Explain the Ethernet technologies used to enable Carrier Ethernet. CARRIER ETHERNET TRAINING COURSE DETAILS * Who will benefit: Network engineers. Staff working for carriers. * Prerequisites: Definitive Ethernet switching for engineers. * Duration 2 days CARRIER ETHERNET TRAINING COURSE CONTENTS * Introduction What is Ethernet? LANs, MANs, WANs, Ethernet and switches in the LAN. Traditional LAN/WAN integration, routers. The Ethernet interface for the WAN. Standards: IEEE, MEF, OIF, Ethernet Alliance. * Carrier Ethernet Services E-line: EPL, EVPL. E-LAN: EP-LAN, EVP-LAN. E-Tree: EP-Tree, EVP-Tree. Ethernet Services attributes. Applications: Carrier Ethernet for businesses, Mobile backhaul. Multicasting. * Service attributes Bandwidth profiles, bandwidth parameters, Class of Service, QoS, MTU, Protection mechanisms: STP, RSTP, MSTP, Link aggregation, G.8031, G.8032. * Transporting Carrier Ethernet The main options. 'Pure' Ethernet, Ethernet over SDH, Ethernet over WDM, Ethernet over MPLS. Ethernet switching, addresses and MAC address tables. Carrier Ethernet access technologies. EFM. * Ethernet over MPLS What is MPLS, MPLS-TE, MPLS-VPN, L2 VPNs, VPLS, VPWS. MPLS Fast Reroute. * CET 'Pure' Ethernet, Provider bridging 802.1d, Provider Backbone Bridges 802.1ah. Traffic engineering 802.1Qay. * Carrier Ethernet technologies 802.1ad VLAN stacking, 802.1AX Link aggregation. 802.1Q QoS. * OAM Standards, layers, interworking

3COM SWITCHES TRAINING COURSE DESCRIPTION A hands on course covering the product specifics of 3Com switches. Installation, configuration, maintenance and troubleshooting are all covered in a practical oriented way. WHAT WILL YOU LEARN * Install 3Com switches. * Use the command line interface and the web based interface to manage 3Com switches. * Configure and troubleshoot 3Com switches. * Configure and troubleshoot 3Com switches. * Perform software upgrades. 3COM SWITCHES TRAINING COURSE DETAILS * Who will benefit: Anyone working with 3Com switches. Particularly aimed at engineers and technicians supporting 3Com switches. * Prerequisites: None. * Duration 2 days 3COM SWITCHES TRAINING COURSE CONTENT * Introduction How Ethernet works with hubs, How Ethernet works with switches. Installing 3Com switches. Hands on Building a network with a hub, building a network with a 3Com switch. * Basic troubleshooting The 3Com switch range, LEDs, cabling issues, system resets, default settings. Hands on Building a network with multiple 3Com switches. * Configuration methods Managed vs. unmanaged switches, Console port access, telnet, web based access, SNMP, saving configurations, NVRAM, switch stacks. Hands on Accessing the switch using the console, IP address configuration, telnet. * Console interface Default users, passwords, the menus, menu options, online help, CLI commands. Hands on Setting passwords, displaying the switch configuration. * Web based interface Getting started, basic format. Hands on Configuring the switch using the web interface. * Port configuration Common port configuration tasks, port aggregation, resilient links. Hands on Configuring ports. * STP configuration What is STP? Configuring STP. Hands on Enabling and disabling STP, configuring STP. * VLAN configuration What are VLANS? 802.1Q, tagged/untagged, creating VLANS, applying VLANS. Hands on Setting up VLANS, setting up 802.1Q, Inter VLAN traffic. * Housekeeping TFTP, software upgrades Hands on Software upgrade. * SNMP SNMP configuration, Transcend, other NMS's. Hands on Using SNMP to manage a 3Com switch, putting it all together: troubleshooting.