82 SSL courses delivered Live Online

Duration 4 Days 24 CPD hours This course is intended for This course is for Azure Security Engineers who are planning to take the associated certification exam, or who are performing security tasks in their day-to-day job. This course would also be helpful to an engineer that wants to specialize in providing security for Azure-based digital platforms and play an integral role in protecting an organization's data. This course provides IT Security Professionals with the knowledge and skills needed to implement security controls, maintain an organization?s security posture, and identify and remediate security vulnerabilities. This course includes security for identity and access, platform protection, data and applications, and security operations. Prerequisites AZ-104T00 - Microsoft Azure Administrator Security best practices and industry security requirements such as defense in depth, least privileged access, role-based access control, multi-factor authentication, shared responsibility, and zero trust model. Be familiar with security protocols such as Virtual Private Networks (VPN), Internet Security Protocol (IPSec), Secure Socket Layer (SSL), disk and data encryption methods. Have some experience deploying Azure workloads. This course does not cover the basics of Azure administration, instead the course content builds on that knowledge by adding security specific information. Have experience with Windows and Linux operating systems and scripting languages. Course labs may use PowerShell and the CLI. 1 - MANAGE IDENTITIES IN MICROSOFT ENTRA ID * Secure users in Microsoft Entra ID * Secure groups in Microsoft Entra ID * Recommend when to use external identities * Secure external identities * Implement Microsoft Entra Identity protection 2 - MANAGE AUTHENTICATION BY USING MICROSOFT ENTRA ID * Configure Microsoft Entra Verified ID * Implement multifactor authentication (MFA) * Implement passwordless authentication * Implement password protection * Implement single sign-on (SSO) * Integrate single sign-on (SSO) and identity providers * Recommend and enforce modern authentication protocols 3 - MANAGE AUTHORIZATION BY USING MICROSOFT ENTRA ID * Configure Azure role permissions for management groups, subscriptions, resource groups, and resources * Assign built-in roles in Microsoft Entra ID * Assign built-in roles in Azure * Create and assign a custom role in Microsoft Entra ID * Implement and manage Microsoft Entra Permissions Management * Configure Microsoft Entra Privileged Identity Management * Configure role management and access reviews by using Microsoft Entra Identity Governance * Implement Conditional Access policies 4 - MANAGE APPLICATION ACCESS IN MICROSOFT ENTRA ID * Manage access to enterprise applications in Microsoft Entra ID, including OAuth permission grants * Manage app registrations in Microsoft Entra ID * Configure app registration permission scopes * Manage app registration permission consent * Manage and use service principals * Manage managed identities for Azure resources * Recommend when to use and configure a Microsoft Entra Application Proxy, including authentication 5 - PLAN AND IMPLEMENT SECURITY FOR VIRTUAL NETWORKS * Plan and implement Network Security Groups (NSGs) and Application Security Groups (ASGs) * Plan and implement User-Defined Routes (UDRs) * Plan and implement Virtual Network peering or gateway * Plan and implement Virtual Wide Area Network, including secured virtual hub * Secure VPN connectivity, including point-to-site and site-to-site * Implement encryption over ExpressRoute * Configure firewall settings on PaaS resources * Monitor network security by using Network Watcher, including NSG flow logging 6 - PLAN AND IMPLEMENT SECURITY FOR PRIVATE ACCESS TO AZURE RESOURCES * Plan and implement virtual network Service Endpoints * Plan and implement Private Endpoints * Plan and implement Private Link services * Plan and implement network integration for Azure App Service and Azure Functions * Plan and implement network security configurations for an App Service Environment (ASE) * Plan and implement network security configurations for an Azure SQL Managed Instance 7 - PLAN AND IMPLEMENT SECURITY FOR PUBLIC ACCESS TO AZURE RESOURCES * Plan and implement Transport Layer Security (TLS) to applications, including Azure App Service and API Management * Plan, implement, and manage an Azure Firewall, Azure Firewall Manager and firewall policies * Plan and implement an Azure Application Gateway * Plan and implement an Azure Front Door, including Content Delivery Network (CDN) * Plan and implement a Web Application Firewall (WAF) * Recommend when to use Azure DDoS Protection Standard 8 - PLAN AND IMPLEMENT ADVANCED SECURITY FOR COMPUTE * Plan and implement remote access to public endpoints, Azure Bastion and just-in-time (JIT) virtual machine (VM) access * Configure network isolation for Azure Kubernetes Service (AKS) * Secure and monitor AKS * Configure authentication for AKS * Configure security for Azure Container Instances (ACIs) * Configure security for Azure Container Apps (ACAs) * Manage access to Azure Container Registry (ACR) * Configure disk encryption, Azure Disk Encryption (ADE), encryption as host, and confidential disk encryption * Recommend security configurations for Azure API Management 9 - PLAN AND IMPLEMENT SECURITY FOR STORAGE * Configure access control for storage accounts * Manage life cycle for storage account access keys * Select and configure an appropriate method for access to Azure Files * Select and configure an appropriate method for access to Azure Blob Storage * Select and configure an appropriate method for access to Azure Tables * Select and configure an appropriate method for access to Azure Queues * Select and configure appropriate methods for protecting against data security threats, including soft delete, backups, versioning, and immutable storage * Configure Bring your own key (BYOK) * Enable double encryption at the Azure Storage infrastructure level 10 - PLAN AND IMPLEMENT SECURITY FOR AZURE SQL DATABASE AND AZURE SQL MANAGED INSTANCE * Enable database authentication by using Microsoft Entra ID * Enable and monitor database audit * Identify use cases for the Microsoft Purview governance portal * Implement data classification of sensitive information by using the Microsoft Purview governance portal * Plan and implement dynamic mask * Implement transparent data encryption? * Recommend when to use Azure SQL Database Always Encrypted 11 - PLAN, IMPLEMENT, AND MANAGE GOVERNANCE FOR SECURITY * Create, assign, and interpret security policies and initiatives in Azure Policy * Configure security settings by using Azure Blueprint * Deploy secure infrastructures by using a landing zone * Create and configure an Azure Key Vault * Recommend when to use a dedicated Hardware Security Module (HSM) * Configure access to Key Vault, including vault access policies and Azure Role Based Access Control * Manage certificates, secrets, and keys * Configure key rotation * Configure backup and recovery of certificates, secrets, and keys 12 - MANAGE SECURITY POSTURE BY USING MICROSOFT DEFENDER FOR CLOUD * Implement Microsoft Defender for Cloud * Identify and remediate security risks by using the Microsoft Defender for Cloud Secure Score and Inventory * Assess compliance against security frameworks and Microsoft Defender for Cloud * Add industry and regulatory standards to Microsoft Defender for Cloud * Add custom initiatives to Microsoft Defender for Cloud * Connect hybrid cloud and multicloud environments to Microsoft Defender for Cloud * Identify and monitor external assets by using Microsoft Defender External Attack Surface Management 13 - CONFIGURE AND MANAGE THREAT PROTECTION BY USING MICROSOFT DEFENDER FOR CLOUD * Enable workload protection services in Microsoft Defender for Cloud, including Microsoft Defender for Storage, Databases, Containers, App Service, Key Vault, Resource Manager, and DNS * Configure Microsoft Defender for Servers * Configure Microsoft Defender for Azure SQL Database * Manage and respond to security alerts in Microsoft Defender for Cloud * Configure workflow automation by using Microsoft Defender for Cloud * Evaluate vulnerability scans from Microsoft Defender for Server 14 - CONFIGURE AND MANAGE SECURITY MONITORING AND AUTOMATION SOLUTIONS * Monitor security events by using Azure Monitor * Configure data connectors in Microsoft Sentinel * Create and customize analytics rules in Microsoft Sentinel * Configure automation in Microsoft Sentinel ADDITIONAL COURSE DETAILS: Nexus Humans AZ-500T00 Microsoft Azure Security Technologies training program is a workshop that presents an invigorating mix of sessions, lessons, and masterclasses meticulously crafted to propel your learning expedition forward. This immersive bootcamp-style experience boasts interactive lectures, hands-on labs, and collaborative hackathons, all strategically designed to fortify fundamental concepts. Guided by seasoned coaches, each session offers priceless insights and practical skills crucial for honing your expertise. Whether you're stepping into the realm of professional skills or a seasoned professional, this comprehensive course ensures you're equipped with the knowledge and prowess necessary for success. While we feel this is the best course for the AZ-500T00 Microsoft Azure Security Technologies course and one of our Top 10 we encourage you to read the course outline to make sure it is the right content for you. Additionally, private sessions, closed classes or dedicated events are available both live online and at our training centres in Dublin and London, as well as at your offices anywhere in the UK, Ireland or across EMEA.

CYBER SECURITY TRAINING COURSE DESCRIPTION This cyber security course focusses on the network side of security. Technologies rather than specific products are studied focussing around the protection of networks using firewalls and VPNs. WHAT WILL YOU LEARN * Describe: - Basic security attacks - RADIUS - SSL - VPNs * Deploy firewalls and secure networks * Explain how the various technologies involved in an IP VPN work. * Describe and implement: - L2TP - IPsec - SSL - MPLS, L3, VPNs. CYBER SECURITY TRAINING COURSE DETAILS * Who will benefit: Anyone working in the security field. * Prerequisites: TCP/IP foundation for engineers * Duration 5 days CYBER SECURITY TRAINING COURSE CONTENTS * Security review Denial of service, DDOS, data manipulation, data theft, data destruction, security checklists, incident response. * Security exploits IP spoofing, SYN attacks, hijacking, reflectors and amplification, keeping up to date with new threats. Hands on port scanning, use a 'hacking' tool. * Client and Server security Windows, Linux, Log files, syslogd, accounts, data security. Hands on Server hardening. * Firewall introduction What is a firewall? Firewall benefits, concepts. HAnds on launching various attacks on a target. * Firewall types Packet filtering, SPI, Proxy, Personal. Software firewalls, hardware firewalls. Firewall products. Hands on Simple personal firewall configuration. * Packet filtering firewalls Things to filter in the IP header, stateless vs. stateful filtering. ACLs. Advantages of packet filtering. Hands on Configuring packet filtering firewalls. * Stateful packet filtering Stateful algorithms, packet-by-packet inspection, application content filtering, tracks, special handling (fragments, IP options), sessions with TCP and UDP. Firewall hacking detection: SYN attacks, SSL, SSH interception. Hands on SPI firewalls. * Proxy firewalls Circuit level, application level, SOCKS. Proxy firewall plusses and minuses. Hands on Proxy firewalls. * Firewall architectures Small office, enterprise, service provider, what is a DMZ? DMZ architectures, bastion hosts, multi DMZ. Virtual firewalls, transparent firewalls. Dual firewall design, high availability, load balancing, VRRP. Hands on Resilient firewall architecture. * Testing firewalls Configuration checklist, testing procedure, monitoring firewalls, logging, syslog. Hands on Testing firewalls. * Encryption Encryption keys, Encryption strengths, Secret key vs Public key, algorithms, systems, SSL, SSH, Public Key Infrastructures. Hands on Password cracking. * Authentication Types of authentication, Securid, Biometrics, PGP, Digital certificates, X.509 v3, Certificate authorities, CRLs, RADIUS. Hands on Using certificates. * VPN overview What is a VPN? What is an IP VPN? VPNs vs. Private Data Networks, Internet VPNs, Intranet VPNs, Remote access VPNs, Site to site VPNs, VPN benefits and disadvantages. * VPN Tunnelling VPN components, VPN tunnels, tunnel sources, tunnel end points, tunnelling topologies, tunnelling protocols, which tunnelling protocol? Requirements of tunnels. * L2TP Overview, components, how it works, security, packet authentication, L2TP/IPsec, L2TP/PPP, L2 vs L3 tunnelling. Hands on Implementing a L2TP tunnel. * IPsec AH, HMAC, ESP, transport and tunnel modes, Security Association, encryption and authentication algorithms, manual vs automated key exchange, NAT and other issues. Hands on Implementing an IPsec VPN. * SSL VPNs Layer 4 VPNs, advantages, disadvantages. SSL. TLS. TLS negotiation, TLS authentication. TLS and certificates. Hands on Implementing a SSL VPN. * MPLS VPNs Introduction to MPLS, why use MPLS, Headers, architecture, label switching, LDP, MPLS VPNs, L2 versus L3 VPNs. Point to point versus multipoint MPLS VPNs. MBGP and VRFs and their use in MPLS VPNs. Hands on Implementing a MPLS L3 VPN. * Penetration testing Hacking webservers, web applications, Wireless networks and mobile platforms. Concepts, threats, methodology. Hands on Hacking tools and countermeasures.

OPENSSL FOR ENGINEERS TRAINING COURSE DESCRIPTION A hands on course covering OpenSSL. The course focusses on the use of OpenSSL from the command line as opposed to using its extensive libraries. Certificate authorities are configured along with key generation, HTTPS and a SSL VPN. WHAT WILL YOU LEARN * Describe OpenSSL. * Use OpenSSL. * Describe and implement: * Explain how the various technologies involved in an OpenSSL work. OPENSSL FOR ENGINEERS TRAINING COURSE DETAILS * Who will benefit: Network personnel. * Prerequisites: IP security foundation for engineers * Duration 2 days OPENSSL FOR ENGINEERS TRAINING COURSE CONTENTS * What is OpenSSL? What is SSL? SSL versions, TLS, TLS negotiation, TLS authentication, What is OpenSSL, Command line tool, SSL library. OpenSSH, OpenVPN. Hands on TLS packet analysis. * Getting started with OpenSSL Downloading, source code, packages, installing, versions, configuration, openssl command. Cipher suite selection. Hands on Encrypting a file with openssl. * Public and private keys Algorithms, creating keys, public keys, private keys, encrypting the private key. Hands on Encrypting a file with keys. * Digital signatures Creating signatures, checking validity of signatures, Self signing SSL certificates. Viewing certificates. Certificate files. Converting between formats. Hands on Securing a web server with HTTPS. * Simple PKI with OpenSSL Root CA, signing CA, configuration files, Certificate signing requests. Email certificates, TLS server certificates. Hands on Implementing a simple PKI with OpenSSL.

SERVER LOAD BALANCING COURSE DESCRIPTION This two-day Server Load Balancing course introduces the concepts of SLB from the reasons to implement, through the basics and then onto details studies of load distribution, health checks, layer 7 switching and Global SLB. WHAT WILL YOU LEARN * Explain packet paths when implementing SLB. * Recognise the impact of different topologies. * Evaluate SLB load distribution methods. * Describe how load balancers can improve security. * Explain how GSLB works. SERVER LOAD BALANCING COURSE DETAILS * Who will benefit: Anyone working with SLB. * Prerequisites: None. * Duration 2 days SERVER LOAD BALANCING COURSE CONTENTS * Introduction Concept, reasons, benefits, alternatives. Other features: Security, Caching. * SLB concepts Architectures, Virtual servers, real servers, Virtual IP address, health checks. DNS load balancing. Packet walk using SLB. * Load balancing 6 modes of bonding and load balancing without SLB. ISP load balancing. Health. Distribution policies: Round Robin, least connections, weighted distributions, response time, other variations. Persistent versus concurrent. * Layer 4 switching L2 SLB, L3 SLB, single arm SLB, DSR, more packet walking, TCP versus UDP, Port numbers. * Layer 7 switching Persistence. Cookie switching, Cookie hashing, Cookie insertion, URL switching, URL Hashing, SSL. * Health checks Layer 3: ARP, ping. Layer 4: SYN, UDP. Layer 7: HTTP GET, Status codes, HTTP keepalives, content verification, SSL. Other application keepalives. What to do after failure and recovery. * Security DOS attack protection, SYN attack protection, Rate limiting: connections, transactions. SSL offload. * Redundancy Hot standby, Active standby, Active active. Stateful, stateless. VRRP, STP. * GSLB Anycasting. DNS, TTL, DNS load balancing, problems with DNS load balancing,. HTTP redirect, health, thresholds, round trip times, location.

SUPPORTING MICROSOFT IIS TRAINING COURSE DESCRIPTION This course provides students with the fundamental knowledge and skills to configure and manage Internet Information Services. This course is intended to help provide pre-requisite skills supporting a broad range of Internet web applications, security, and knowledge to help support other products that use IIS such as Exchange and SharePoint. WHAT WILL YOU LEARN * Install IIS. * Configure IIS. * Secure websites. * Maintain IIS. SUPPORTING MICROSOFT IIS TRAINING COURSE DETAILS * Who will benefit: Technical staff working with Microsoft IIS. * Prerequisites: TCP/IP foundation for engineerss Supporting Windows ( XP or 2000 or 2003) * Duration 5 days SUPPORTING MICROSOFT IIS COURSE CONTENTS * Overview and Installing IIS Web Server infrastructure, installing IIS. Hands on Default install of IIS, verify and test.. * Configuring the default website Default website, IIS Manager, default IIS file structure, configuring DNS records for a website, creating virtual directories and Applications. Hands on Configuring the Default website for public access. Creating Virtual Directories and Applications. * Application Pools Application Pool Architecture, Application Pool recycling. Hands on Creating and managing Application Pools. * Creating additional websites Multiple websites on a single server, website bindings. Hands on Creating new websites. * Website and Web application support Configuring Common features, adding support for web applications. Hands on Adding support for web applications. * Securing Websites and applications Access control, sites, applications, authentication and permissions. URL authorization rules. Hands on Configuring Authentication and permissions. * Securing Data Transmissions with SSL Certificates and SSL, creating certificates for a web server, adding a certificate to a website. Hands on Certificates and HTTPS. * Using the Central Certificate Store The Central Certificate Store. Hands on Install and configure the Central Certificate Store. * Configuring Remote Administration Installing and Configuring the Management Service. Connecting to remote web servers and websites. Delegating Management Access. Hands on Remote administration. * Implementing FTP Implementing FTP, configuring an FTP site. Hands on Install and configure a secured FTP site. * Monitoring IIS IMonitoring IIS logs with Log Parser. Hands on Analyze a set of IIS log files for possible issues using Log Parser. Analyze performance data for performance related problems using PerfMon. * Backing up and Restoring IIS The IIS environment. Hands on Performing a backup and restore of a website. * Building Load-Balanced Web Farms Load-balancing mechanisms, building a Load-Balanced Web Farm using ARR, sharing content to a Web Farm using a network share, Sharing content to a Web Farm using DFS-R, Sharing IIS Configurations in a Web Farm. Hands on Installing and configuring ARR, sharing content to a Web Farm using network share and DFS-R, sharing IIS Configurations in a Web Farm.

DEFINITIVE VPNS TRAINING COURSE DESCRIPTION A hands on course covering VPNs from the basics of benefits and Internet vs. Intranet VPNs through to detailed analysis of the technologies involved in VPNs. All the major VPN protocols are covered including PPPoE, L2TP, SSL, IPsec and dynamic VPNs. MPLS L3 VPNs are also covered. WHAT WILL YOU LEARN * Describe what a VPN is and explain the difference between different VPN types. * Recognise the design and implementation issues involved in implementing a VPN. * Explain how the various technologies involved in a VPN work. * Describe and implement: L2TP, IPsec, SSL, MPLS L3 VPNs. * Evaluate VPN technologies. DEFINITIVE VPNS TRAINING COURSE DETAILS * Who will benefit: Network personnel. * Prerequisites: IP Security foundation for engineers. * Duration 3 days DEFINITIVE VPNS TRAINING COURSE CONTENTS * VPN overview What is a VPN? What is an IP VPN? VPNs vs. Private Data Networks, Internet VPNs, Intranet VPNs, Remote access VPNs, Site to site VPNs, VPN benefits and disadvantages. * VPN Tunnelling VPN components, VPN tunnels, tunnel sources, tunnel end points, hardware based VPNs, Firewall based VPNs, software based VPNs, tunnelling topologies, tunnelling protocols, which tunnelling protocol should you use? requirements of tunnels. * VPN security components Critical VPN security requirements, Encryption and authentication, Diffie Hellman, DES, 3DES, RSA, PKI, Ca server types, pre shared keys versus certificates, Enrolling with a CA, RADIUS in VPNs. * PPP Encapsulation, operation, authentication. Hands on Setting up PPPoE and analysing PPP packets. * PPTP Overview, Components, How it works, control and data connections, GRE. Hands on Building a PPTP VPN. * L2TP Overview, components, how it works, security, packet authentication, L2TP/IPSec, L2TP/PPP, Layer 2 versus layer 3 tunnelling. Hands on Implementing a L2TP tunnel. * IPSec AH, HMAC, ESP, transport and tunnel modes, Security Association, use of encryption and authentication algorithms, manual vs automated key exchange, NAT and other issues. Hands on Implementing an IPSec VPN. * Intranet VPNs Headers, architecture, label switching, LDP, MPLS VPNs. * VPN products and services PE and CPE, management, various VPN products. * VPN issues and architectures VPN architectures: terminate VPN before/on/ after/in parallel with firewall, resilience issues, VRRP, performance issues, QoS and VPNs. documentation.

SECURING UNIX SYSTEMS TRAINING COURSE DESCRIPTION This course teaches you everything you need to know to build a safe Linux environment. The first section handles cryptography and authentication with certificates, openssl, mod_ssl, DNSSEC and filesystem encryption. Then Host security and hardening is covered with intrusion detection, and also user management and authentication. Filesystem Access control is then covered. Finally network security is covered with network hardening, packet filtering and VPNs. WHAT WILL YOU LEARN * Secure UNIX accounts. * Secure UNIX file systems. * Secure UNIX access through the network. SECURING UNIX SYSTEMS COURSE DETAILS * Who will benefit: Linux technical staff needing to secure their systems. * Prerequisites: Linux system administration (LPIC-1) * Duration 5 days SECURING UNIX SYSTEMS COURSE CONTENTS * Cryptography * Certificates and Public Key Infrastructures X.509 certificates, lifecycle, fields and certificate extensions. Trust chains and PKI. openssl. Public and private keys. Certification authority. Manage server and client certificates. Revoke certificates and CAs. * Encryption, signing and authentication SSL, TLS, protocol versions. Transport layer security threats, e.g. MITM. Apache HTTPD with mod_ssl for HTTPS service, including SNI and HSTS. HTTPD with mod_ssl to authenticate users using certificates. HTTPD with mod_ssl to provide OCSP stapling. Use OpenSSL for SSL/TLS client and server tests. * Encrypted File Systems Block device and file system encryption. dm-crypt with LUKS to encrypt block devices. eCryptfs to encrypt file systems, including home directories and, PAM integration, plain dm-crypt and EncFS. * DNS and cryptography DNSSEC and DANE. BIND as an authoritative name server serving DNSSEC secured zones. BIND as an recursive name server that performs DNSSEC validation, KSK, ZSK, Key Tag, Key generation, key storage, key management and key rollover, Maintenance and resigning of zones, Use DANE. TSIG. * Host Security * Host Hardening BIOS and boot loader (GRUB 2) security. Disable useless software and services, sysctl for security related kernel configuration, particularly ASLR, Exec-Shield and IP / ICMP configuration, Exec-Shield and IP / ICMP configuration, Limit resource usage. Work with chroot environments, Security advantages of virtualization. * Host Intrusion Detection The Linux Audit system, chkrootkit, rkhunter, including updates, Linux Malware Detect, Automate host scans using cron, AIDE, including rule management, OpenSCAP. * User Management and Authentication NSS and PAM, Enforce password policies. Lock accounts automatically after failed login attempts, SSSD, Configure NSS and PAM for use with SSSD, SSSD authentication against Active Directory, IPA, LDAP, Kerberos and local domains, Kerberos and local domains, Kerberos tickets. * FreeIPA Installation and Samba Integration FreeIPA, architecture and components. Install and manage a FreeIPA server and domain, Active Directory replication and Kerberos cross-realm trusts, sudo, autofs, SSH and SELinux integration in FreeIPA. * Access Control * Discretionary Access Control File ownership and permissions, SUID, SGID. Access control lists, extended attributes and attribute classes. * Mandatory Access Control TE, RBAC, MAC, DAC. SELinux, AppArmor and Smack. * etwork File Systems NFSv4 security issues and improvements, NFSv4 server and clients, NFSv4 authentication mechanisms (LIPKEY, SPKM, Kerberos), NFSv4 pseudo file system, NFSv4 ACLs. CIFS clients, CIFS Unix Extensions, CIFS security modes (NTLM, Kerberos), mapping and handling of CIFS ACLs and SIDs in a Linux system. * Network Security * Network Hardening FreeRADIUS, nmap, scan methods. Wireshark, filters and statistics. Rogue router advertisements and DHCP messages. * Network Intrusion Detection ntop, Cacti, bandwidth usage monitoring, Snort, rule management, OpenVAS, NASL. * Packet Filtering Firewall architectures, DMZ, netfilter, iptables and ip6tables, standard modules, tests and targets. IPv4 and IPv6 packet filtering. Connection tracking, NAT. IP sets and netfilter rules, nftables and nft. ebtables. conntrackd * Virtual Private Networks OpenVPN server and clients for both bridged and routed VPN networks. IPsec server and clients for routed VPN networks using IPsec-Tools / racoon. L2TP.

IP SECURITY TRAINING COURSE DESCRIPTION Connection to the Internet is becoming an essential business tool. This course looks at firewalls, digital certificates, encryption and other essential topics for e-commerce sites. A generic course that looks at firewalls and VPNs. Hands on sessions include using hacking tools and configuring firewalls. WHAT WILL YOU LEARN * Describe: Basic security attacks RADIUS SSL IPSec VPNs * Implement digital certificates * Deploy firewalls to protect Web servers and users. * Secure Web servers and clients. IP SECURITY TRAINING COURSE DETAILS * Who will benefit: Network administrators. Network operators. Security auditors * Prerequisites: TCP/IP foundation for engineers * Duration 2 days IP SECURITY TRAINING COURSE CONTENTS * TCP/IP review Brief overview of the relevant headers. Hands on Download software for course, use analyser to capture passwords on the wire. * Security review Policies, Types of security breach, denial of service, data manipulation, data theft, data destruction, security checklists, incident response. * Security exploits The Internet worm, IP spoofing, SYN attack, hijacking, Ping o' Death… keeping up to date with new threats. Hands on Use a port scanning tool, use a 'hacking' tool. * Firewalls Products, Packet filtering, DMZ, content filtering, stateful packet inspection, Proxies, firewall architectures, Intrusion Detection Systems, Viruses. Hands on Set up a firewall and prevent attacks. * NAT NAT and PAT, Why use NAT, NAT-ALG, RSIP. * Encryption Encryption keys, Encryption strengths, Secret key vs Public key, algorithms, systems, SSL, SSH, Public Key Infrastructures. Hands on Run a password-cracking program. * Authentication Types of authentication, Securid, Biometrics, PGP, Digital certificates, X.509 v3, Certificate authorities, CRLs, PPP authentication, RADIUS. Hands on Using certificates. * Web client and server security Cookies, browser certificates, censorship, PICS. Operating system security, Web server user authentication, Restricting access, Logging, Securing CGI scripts. Hands on Browser security. * VPNs and IPSec What is a VPN, tunnelling, L2F, PPTP, L2TP, IPSec, AH, ESP, transport mode, tunnel mode.

SECURING LINUX SYSTEMS TRAINING COURSE DESCRIPTION This course teaches you everything you need to know to build a safe Linux environment. The first section handles cryptography and authentication with certificates, openssl, mod_ssl, DNSSEC and filesystem encryption. Then Host security and hardening is covered with intrusion detection, and also user management and authentication. Filesystem Access control is then covered. Finally network security is covered with network hardening, packet filtering and VPNs. WHAT WILL YOU LEARN * Secure Linux accounts. * Secure Linux file systems. * Secure Linux access through the network. SECURING LINUX SYSTEMS TRAINING COURSE DETAILS * Who will benefit: Linux technical staff needing to secure their systems. * Prerequisites: Linux system administration (LPIC-1) * Duration 5 days SECURING LINUX SYSTEMS TRAINING COURSE CONTENTS * Cryptography * Certificates and Public Key Infrastructures X.509 certificates, lifecycle, fields and certificate extensions. Trust chains and PKI. openssl. Public and private keys. Certification authority. Manage server and client certificates. Revoke certificates and CAs. * Encryption, signing and authentication SSL, TLS, protocol versions. Transport layer security threats, e.g. MITM. Apache HTTPD with mod_ssl for HTTPS service, including SNI and HSTS. HTTPD with mod_ssl to authenticate users using certificates. HTTPD with mod_ssl to provide OCSP stapling. Use OpenSSL for SSL/TLS client and server tests. * Encrypted File Systems Block device and file system encryption. dm-crypt with LUKS to encrypt block devices. eCryptfs to encrypt file systems, including home directories and, PAM integration, plain dm-crypt and EncFS. * DNS and cryptography DNSSEC and DANE. BIND as an authoritative name server serving DNSSEC secured zones. BIND as an recursive name server that performs DNSSEC validation, KSK, ZSK, Key Tag, Key generation, key storage, key management and key rollover, Maintenance and resigning of zones, Use DANE. TSIG. * Host Security * Host Hardening BIOS and boot loader (GRUB 2) security. Disable useless software and services, sysctl for security related kernel configuration, particularly ASLR, Exec-Shield and IP / ICMP configuration, Exec-Shield and IP / ICMP configuration, Limit resource usage. Work with chroot environments, Security advantages of virtualization. * Host Intrusion Detection The Linux Audit system, chkrootkit, rkhunter, including updates, Linux Malware Detect, Automate host scans using cron, AIDE, including rule management, OpenSCAP. * User Management and Authentication NSS and PAM, Enforce password policies. Lock accounts automatically after failed login attempts, SSSD, Configure NSS and PAM for use with SSSD, SSSD authentication against Active Directory, IPA, LDAP, Kerberos and local domains, Kerberos and local domains, Kerberos tickets. * FreeIPA Installation and Samba Integration FreeIPA, architecture and components. Install and manage a FreeIPA server and domain, Active Directory replication and Kerberos cross-realm trusts, sudo, autofs, SSH and SELinux integration in FreeIPA. * Access Control * Discretionary Access Control File ownership and permissions, SUID, SGID. Access control lists, extended attributes and attribute classes. * Mandatory Access Control TE, RBAC, MAC, DAC. SELinux, AppArmor and Smack. * etwork File Systems NFSv4 security issues and improvements, NFSv4 server and clients, NFSv4 authentication mechanisms (LIPKEY, SPKM, Kerberos), NFSv4 pseudo file system, NFSv4 ACLs. CIFS clients, CIFS Unix Extensions, CIFS security modes (NTLM, Kerberos), mapping and handling of CIFS ACLs and SIDs in a Linux system. * Network Security * Network Hardening FreeRADIUS, nmap, scan methods. Wireshark, filters and statistics. Rogue router advertisements and DHCP messages. * Network Intrusion Detection ntop, Cacti, bandwidth usage monitoring, Snort, rule management, OpenVAS, NASL. * Packet Filtering Firewall architectures, DMZ, netfilter, iptables and ip6tables, standard modules, tests and targets. IPv4 and IPv6 packet filtering. Connection tracking, NAT. IP sets and netfilter rules, nftables and nft. ebtables. conntrackd * Virtual Private Networks OpenVPN server and clients for both bridged and routed VPN networks. IPsec server and clients for routed VPN networks using IPsec-Tools / racoon. L2TP.

WINDOWS CERTIFICATES TRAINING COURSE DESCRIPTION A hands-on training course concentrating solely on PKI using Windows certificates. WHAT WILL YOU LEARN * Explain how PKI works. * Install windows certificates. * Configure windows certificates. * Troubleshoot windows certificates. WINDOWS CERTIFICATES TRAINING COURSE DETAILS * Who will benefit: Technical security staff. * Prerequisites: Windows server. * Duration 3 days WINDOWS CERTIFICATES TRAINING COURSE CONTENTS * PKI Symmetric encryption, asymmetric encryption, authentication, digital signing, hashing, certificates, Certification Authorities, Root CA, Intermediate CA, policy CA, Issuing CA, Certificate Revocation Lists. Hands on Inspecting a certificate. * Policies and PKI Security policy, certification policy. * CA hierarchy Impact of CAs on Active Directory, CA architecture, number of tiers, issuing CA organisation, CA configuration files. CA security. Hands on CA installation PKI health tool, monitoring. * Certificate revocation When to revoke, OCSP. Hands on Revoking certificates. * Certificate validation Discovery, validation, checks, revocation checking, certificate chains, certification publication. Hands on Event viewer. * Certificate templates Version 1, version 1, default, modifying templates. Hands on Template management. * Roles Criteria roles, CA administrator, Certificate manager, Backup operator, Auditor. Other PKI management roles. * Disaster recovery Backups, recovery. Hands on certutil. * Issuing certificates The certificate enrolment process, enrolment methods, manual enrolment, automatic enrolment. * Trust between organisations Creating Trust, CTLs, common root CA, cross certification, bridge CA. * Web servers and certificates SSL encryption, certificate authentication. Hands on Web servers. * VPN Hands on Certificate deployment for VPN. * WiFi Hands on 802.1X