54 TLS courses

OPENSSL FOR ENGINEERS TRAINING COURSE DESCRIPTION A hands on course covering OpenSSL. The course focusses on the use of OpenSSL from the command line as opposed to using its extensive libraries. Certificate authorities are configured along with key generation, HTTPS and a SSL VPN. WHAT WILL YOU LEARN * Describe OpenSSL. * Use OpenSSL. * Describe and implement: * Explain how the various technologies involved in an OpenSSL work. OPENSSL FOR ENGINEERS TRAINING COURSE DETAILS * Who will benefit: Network personnel. * Prerequisites: IP security foundation for engineers * Duration 2 days OPENSSL FOR ENGINEERS TRAINING COURSE CONTENTS * What is OpenSSL? What is SSL? SSL versions, TLS, TLS negotiation, TLS authentication, What is OpenSSL, Command line tool, SSL library. OpenSSH, OpenVPN. Hands on TLS packet analysis. * Getting started with OpenSSL Downloading, source code, packages, installing, versions, configuration, openssl command. Cipher suite selection. Hands on Encrypting a file with openssl. * Public and private keys Algorithms, creating keys, public keys, private keys, encrypting the private key. Hands on Encrypting a file with keys. * Digital signatures Creating signatures, checking validity of signatures, Self signing SSL certificates. Viewing certificates. Certificate files. Converting between formats. Hands on Securing a web server with HTTPS. * Simple PKI with OpenSSL Root CA, signing CA, configuration files, Certificate signing requests. Email certificates, TLS server certificates. Hands on Implementing a simple PKI with OpenSSL.

CYBER SECURITY TRAINING COURSE DESCRIPTION This cyber security course focusses on the network side of security. Technologies rather than specific products are studied focussing around the protection of networks using firewalls and VPNs. WHAT WILL YOU LEARN * Describe: - Basic security attacks - RADIUS - SSL - VPNs * Deploy firewalls and secure networks * Explain how the various technologies involved in an IP VPN work. * Describe and implement: - L2TP - IPsec - SSL - MPLS, L3, VPNs. CYBER SECURITY TRAINING COURSE DETAILS * Who will benefit: Anyone working in the security field. * Prerequisites: TCP/IP foundation for engineers * Duration 5 days CYBER SECURITY TRAINING COURSE CONTENTS * Security review Denial of service, DDOS, data manipulation, data theft, data destruction, security checklists, incident response. * Security exploits IP spoofing, SYN attacks, hijacking, reflectors and amplification, keeping up to date with new threats. Hands on port scanning, use a 'hacking' tool. * Client and Server security Windows, Linux, Log files, syslogd, accounts, data security. Hands on Server hardening. * Firewall introduction What is a firewall? Firewall benefits, concepts. HAnds on launching various attacks on a target. * Firewall types Packet filtering, SPI, Proxy, Personal. Software firewalls, hardware firewalls. Firewall products. Hands on Simple personal firewall configuration. * Packet filtering firewalls Things to filter in the IP header, stateless vs. stateful filtering. ACLs. Advantages of packet filtering. Hands on Configuring packet filtering firewalls. * Stateful packet filtering Stateful algorithms, packet-by-packet inspection, application content filtering, tracks, special handling (fragments, IP options), sessions with TCP and UDP. Firewall hacking detection: SYN attacks, SSL, SSH interception. Hands on SPI firewalls. * Proxy firewalls Circuit level, application level, SOCKS. Proxy firewall plusses and minuses. Hands on Proxy firewalls. * Firewall architectures Small office, enterprise, service provider, what is a DMZ? DMZ architectures, bastion hosts, multi DMZ. Virtual firewalls, transparent firewalls. Dual firewall design, high availability, load balancing, VRRP. Hands on Resilient firewall architecture. * Testing firewalls Configuration checklist, testing procedure, monitoring firewalls, logging, syslog. Hands on Testing firewalls. * Encryption Encryption keys, Encryption strengths, Secret key vs Public key, algorithms, systems, SSL, SSH, Public Key Infrastructures. Hands on Password cracking. * Authentication Types of authentication, Securid, Biometrics, PGP, Digital certificates, X.509 v3, Certificate authorities, CRLs, RADIUS. Hands on Using certificates. * VPN overview What is a VPN? What is an IP VPN? VPNs vs. Private Data Networks, Internet VPNs, Intranet VPNs, Remote access VPNs, Site to site VPNs, VPN benefits and disadvantages. * VPN Tunnelling VPN components, VPN tunnels, tunnel sources, tunnel end points, tunnelling topologies, tunnelling protocols, which tunnelling protocol? Requirements of tunnels. * L2TP Overview, components, how it works, security, packet authentication, L2TP/IPsec, L2TP/PPP, L2 vs L3 tunnelling. Hands on Implementing a L2TP tunnel. * IPsec AH, HMAC, ESP, transport and tunnel modes, Security Association, encryption and authentication algorithms, manual vs automated key exchange, NAT and other issues. Hands on Implementing an IPsec VPN. * SSL VPNs Layer 4 VPNs, advantages, disadvantages. SSL. TLS. TLS negotiation, TLS authentication. TLS and certificates. Hands on Implementing a SSL VPN. * MPLS VPNs Introduction to MPLS, why use MPLS, Headers, architecture, label switching, LDP, MPLS VPNs, L2 versus L3 VPNs. Point to point versus multipoint MPLS VPNs. MBGP and VRFs and their use in MPLS VPNs. Hands on Implementing a MPLS L3 VPN. * Penetration testing Hacking webservers, web applications, Wireless networks and mobile platforms. Concepts, threats, methodology. Hands on Hacking tools and countermeasures.

SIP SECURITY TRAINING COURSE DESCRIPTION A hands-on course covering SIP security. It is assumed that delegates already know SIP as this course focuses purely on the security issues in SIP IP telephony networks. Hands-on practicals follow each major theory session and include use of various SIP security tools such as vomit, sipp, sipsak and sivus amongst others. WHAT WILL YOU LEARN * Secure SIP networks * Use various SIP security tools SIP SECURITY TRAINING COURSE DETAILS * Who will benefit: Technical staff working with SIP. Technical security staff. * Prerequisites: SIP for engineers * Duration 2 days SIP SECURITY TRAINING COURSE CONTENTS * SIP review SIP infrastructure and entities, example SIP session. Hands on Simple SIP network with and without authentication. * SIP security attacks DOS attacks, infrastructure attacks, eavesdropping, spoofing, replay, message integrity. Hands on Basic SIP packet capture, infrastructure attacks. * SIP tools SIP packet creation: Sivus, SIPsak, PROTOS, SFTF, SIP bomber, SIPp, Seagull, Nastysip. SIP packet generators: SIPNess, NetDude. Monitoring: Wireshark, Cain & Abel, Vomit, Oreka, VoiPong. Scripts and tools: SIP-Fun, Skora.net, kphone-ddos, sip-scan, sip-kill, sip-redirectrtp. Health of different tools. Hands on Generating SIP packets, rebuilding conversations from captured packets, password cracking. * VPNs and SIP IPSec, AH, ESP, transport mode, tunnel mode, Pre Shared Keys, Public keys. Hands on SIP calls over IPSec. * Secure SIP signaling SIP relationship with HTTP, Deprecated HTTP 1.0 basic authentication, HTTP 1.1 Digest authentication, S/MIME, SIPS, SIPS URI, TLS, DTLS, PKI infrastructures. Hands on SIP with TLS. * Secure media streams SRTP, features, packet format, default encryption, default authentication, key distribution. S/MIME, MIKEY, SDP security descriptions. SIP security agreements. Hands on Analysing SRTP packets. * Firewalls NAT traversal. Impact of firewall on infrastructure attacks. TLS and firewalls. SIP specific firewalls. Hands on SIP calls through a firewall.

This course will teach you everything from scratch right from simple setups to complex solutions. If you want to master SSL and HTTPS in-depth, this course is for you! No prior knowledge of computer networks, encryption, or configuring web servers is required.

SECURING UNIX SYSTEMS TRAINING COURSE DESCRIPTION This course teaches you everything you need to know to build a safe Linux environment. The first section handles cryptography and authentication with certificates, openssl, mod_ssl, DNSSEC and filesystem encryption. Then Host security and hardening is covered with intrusion detection, and also user management and authentication. Filesystem Access control is then covered. Finally network security is covered with network hardening, packet filtering and VPNs. WHAT WILL YOU LEARN * Secure UNIX accounts. * Secure UNIX file systems. * Secure UNIX access through the network. SECURING UNIX SYSTEMS COURSE DETAILS * Who will benefit: Linux technical staff needing to secure their systems. * Prerequisites: Linux system administration (LPIC-1) * Duration 5 days SECURING UNIX SYSTEMS COURSE CONTENTS * Cryptography * Certificates and Public Key Infrastructures X.509 certificates, lifecycle, fields and certificate extensions. Trust chains and PKI. openssl. Public and private keys. Certification authority. Manage server and client certificates. Revoke certificates and CAs. * Encryption, signing and authentication SSL, TLS, protocol versions. Transport layer security threats, e.g. MITM. Apache HTTPD with mod_ssl for HTTPS service, including SNI and HSTS. HTTPD with mod_ssl to authenticate users using certificates. HTTPD with mod_ssl to provide OCSP stapling. Use OpenSSL for SSL/TLS client and server tests. * Encrypted File Systems Block device and file system encryption. dm-crypt with LUKS to encrypt block devices. eCryptfs to encrypt file systems, including home directories and, PAM integration, plain dm-crypt and EncFS. * DNS and cryptography DNSSEC and DANE. BIND as an authoritative name server serving DNSSEC secured zones. BIND as an recursive name server that performs DNSSEC validation, KSK, ZSK, Key Tag, Key generation, key storage, key management and key rollover, Maintenance and resigning of zones, Use DANE. TSIG. * Host Security * Host Hardening BIOS and boot loader (GRUB 2) security. Disable useless software and services, sysctl for security related kernel configuration, particularly ASLR, Exec-Shield and IP / ICMP configuration, Exec-Shield and IP / ICMP configuration, Limit resource usage. Work with chroot environments, Security advantages of virtualization. * Host Intrusion Detection The Linux Audit system, chkrootkit, rkhunter, including updates, Linux Malware Detect, Automate host scans using cron, AIDE, including rule management, OpenSCAP. * User Management and Authentication NSS and PAM, Enforce password policies. Lock accounts automatically after failed login attempts, SSSD, Configure NSS and PAM for use with SSSD, SSSD authentication against Active Directory, IPA, LDAP, Kerberos and local domains, Kerberos and local domains, Kerberos tickets. * FreeIPA Installation and Samba Integration FreeIPA, architecture and components. Install and manage a FreeIPA server and domain, Active Directory replication and Kerberos cross-realm trusts, sudo, autofs, SSH and SELinux integration in FreeIPA. * Access Control * Discretionary Access Control File ownership and permissions, SUID, SGID. Access control lists, extended attributes and attribute classes. * Mandatory Access Control TE, RBAC, MAC, DAC. SELinux, AppArmor and Smack. * etwork File Systems NFSv4 security issues and improvements, NFSv4 server and clients, NFSv4 authentication mechanisms (LIPKEY, SPKM, Kerberos), NFSv4 pseudo file system, NFSv4 ACLs. CIFS clients, CIFS Unix Extensions, CIFS security modes (NTLM, Kerberos), mapping and handling of CIFS ACLs and SIDs in a Linux system. * Network Security * Network Hardening FreeRADIUS, nmap, scan methods. Wireshark, filters and statistics. Rogue router advertisements and DHCP messages. * Network Intrusion Detection ntop, Cacti, bandwidth usage monitoring, Snort, rule management, OpenVAS, NASL. * Packet Filtering Firewall architectures, DMZ, netfilter, iptables and ip6tables, standard modules, tests and targets. IPv4 and IPv6 packet filtering. Connection tracking, NAT. IP sets and netfilter rules, nftables and nft. ebtables. conntrackd * Virtual Private Networks OpenVPN server and clients for both bridged and routed VPN networks. IPsec server and clients for routed VPN networks using IPsec-Tools / racoon. L2TP.

SECURING LINUX SYSTEMS TRAINING COURSE DESCRIPTION This course teaches you everything you need to know to build a safe Linux environment. The first section handles cryptography and authentication with certificates, openssl, mod_ssl, DNSSEC and filesystem encryption. Then Host security and hardening is covered with intrusion detection, and also user management and authentication. Filesystem Access control is then covered. Finally network security is covered with network hardening, packet filtering and VPNs. WHAT WILL YOU LEARN * Secure Linux accounts. * Secure Linux file systems. * Secure Linux access through the network. SECURING LINUX SYSTEMS TRAINING COURSE DETAILS * Who will benefit: Linux technical staff needing to secure their systems. * Prerequisites: Linux system administration (LPIC-1) * Duration 5 days SECURING LINUX SYSTEMS TRAINING COURSE CONTENTS * Cryptography * Certificates and Public Key Infrastructures X.509 certificates, lifecycle, fields and certificate extensions. Trust chains and PKI. openssl. Public and private keys. Certification authority. Manage server and client certificates. Revoke certificates and CAs. * Encryption, signing and authentication SSL, TLS, protocol versions. Transport layer security threats, e.g. MITM. Apache HTTPD with mod_ssl for HTTPS service, including SNI and HSTS. HTTPD with mod_ssl to authenticate users using certificates. HTTPD with mod_ssl to provide OCSP stapling. Use OpenSSL for SSL/TLS client and server tests. * Encrypted File Systems Block device and file system encryption. dm-crypt with LUKS to encrypt block devices. eCryptfs to encrypt file systems, including home directories and, PAM integration, plain dm-crypt and EncFS. * DNS and cryptography DNSSEC and DANE. BIND as an authoritative name server serving DNSSEC secured zones. BIND as an recursive name server that performs DNSSEC validation, KSK, ZSK, Key Tag, Key generation, key storage, key management and key rollover, Maintenance and resigning of zones, Use DANE. TSIG. * Host Security * Host Hardening BIOS and boot loader (GRUB 2) security. Disable useless software and services, sysctl for security related kernel configuration, particularly ASLR, Exec-Shield and IP / ICMP configuration, Exec-Shield and IP / ICMP configuration, Limit resource usage. Work with chroot environments, Security advantages of virtualization. * Host Intrusion Detection The Linux Audit system, chkrootkit, rkhunter, including updates, Linux Malware Detect, Automate host scans using cron, AIDE, including rule management, OpenSCAP. * User Management and Authentication NSS and PAM, Enforce password policies. Lock accounts automatically after failed login attempts, SSSD, Configure NSS and PAM for use with SSSD, SSSD authentication against Active Directory, IPA, LDAP, Kerberos and local domains, Kerberos and local domains, Kerberos tickets. * FreeIPA Installation and Samba Integration FreeIPA, architecture and components. Install and manage a FreeIPA server and domain, Active Directory replication and Kerberos cross-realm trusts, sudo, autofs, SSH and SELinux integration in FreeIPA. * Access Control * Discretionary Access Control File ownership and permissions, SUID, SGID. Access control lists, extended attributes and attribute classes. * Mandatory Access Control TE, RBAC, MAC, DAC. SELinux, AppArmor and Smack. * etwork File Systems NFSv4 security issues and improvements, NFSv4 server and clients, NFSv4 authentication mechanisms (LIPKEY, SPKM, Kerberos), NFSv4 pseudo file system, NFSv4 ACLs. CIFS clients, CIFS Unix Extensions, CIFS security modes (NTLM, Kerberos), mapping and handling of CIFS ACLs and SIDs in a Linux system. * Network Security * Network Hardening FreeRADIUS, nmap, scan methods. Wireshark, filters and statistics. Rogue router advertisements and DHCP messages. * Network Intrusion Detection ntop, Cacti, bandwidth usage monitoring, Snort, rule management, OpenVAS, NASL. * Packet Filtering Firewall architectures, DMZ, netfilter, iptables and ip6tables, standard modules, tests and targets. IPv4 and IPv6 packet filtering. Connection tracking, NAT. IP sets and netfilter rules, nftables and nft. ebtables. conntrackd * Virtual Private Networks OpenVPN server and clients for both bridged and routed VPN networks. IPsec server and clients for routed VPN networks using IPsec-Tools / racoon. L2TP.

Duration 5 Days 30 CPD hours This course is intended for Tier 1 Operators, administrators, and architects for VMware Horizon Overview By the end of the course, you should be able to meet the following objectives: Recognize the features and benefits of VMware Horizon Define a use case for your virtual desktop and application infrastructure Use vSphere to create VMs to be used as desktops for VMware Horizon Create and optimize Windows VMs to create VMware Horizon desktops Install and Configure Horizon Agent on a VMware Horizon desktop Configure, manage, and entitle desktop pools of full VMs Configure and manage the VMware Horizon Client systems and connect the client to a VMware Horizon desktop Configure, manage, and entitle pools of instant-clone desktops Create and use Remote Desktop Services (RDS) desktops and application pools Monitor the VMware Horizon environment using the VMware Horizon Console Dashboard and Horizon Help Desk Tool Identify VMware Horizon Connection Server installation, architecture, and requirements Describe the authentication and certificate options for the VMware Horizon environment Recognize the integration process and benefits of Workspace ONE Access™ and Horizon 8 Compare the remote display protocols that are available in VMware Horizon Describe the 3D rendering options available in Horizon 8 Discuss scalability options available in Horizon 8 Describe different security options for the Horizon environment This five-day course gives you the hands-on skills to deliver virtual desktops and applications through a single virtual desktop infrastructure platform. You build on your skills in configuring and managing VMware Horizon© 8 through a combination of lecture and hands-on labs. You learn how to configure and deploy pools of virtual machines and how to provide a customized desktop environment to end-users. Additionally, you learn how to install and configure a virtual desktop infrastructure platform. You learn how to install and configure VMware Horizon© Connection Server?, VMware Unified Access Gateway?, how to configure a load balancer for use with Horizon, and how to establish Cloud Pod Architecture. COURSE INTRODUCTION * Introductions and course logistics * Course objectives INTRODUCTION TO VMWARE HORIZON * Recognize the features and benefits of Horizon * Describe the conceptual and logical architecture of Horizon INTRODUCTION TO USE CASE * Convert customer requirements to use-case attributes * Define a use case for your virtual desktop and application infrastructure VSPHERE FOR VMWARE HORIZON * Explain basic virtualization concepts * Use VMware vSphere© Client? to access your VMware vCenter System and VMware ESXi? hosts * Create a Windows virtual machine using vSphere CREATE WINDOWS DESKTOPS * Outline the steps to install Horizon Agent on Windows virtual machines * Install Horizon Agent on a Windows virtual Machine * Optimize and prepare Windows virtual machines to set up Horizon desktop VMs CREATE LINUX DESKTOPS * Create a Linux VM for Horizon * Install Horizon Agent on a Linux virtual machine * Optimize and prepare Linux virtual machines to set up Horizon desktop VMs CREATING AND MANAGING DESKTOP POOLS * Identify the steps to set up a template for desktop pool deployment * List the steps to add desktops to the VMware Horizon© Connection Server? inventory * Compare dedicated-assignment and floating-assignment pools * Outline the steps to create an automated pool * Define user entitlement * Explain the hierarchy of global, pool-level, and user-level policies VMWARE HORIZON CLIENT OPTIONS * Describe the different clients and their benefits * Access the Horizon desktop using various Horizon clients and HTML * Configure integrated printing, USB redirection, and the shared folders option * Configure session collaboration and media optimization for Microsoft Teams CREATING AND MANAGING INSTANT-CLONE DESKTOP POOLS * List the advantages of instant clones * Explain the provisioning technology used for instant clone desktop pools * Set up an automated pool of instant clones * Push updated images to instant clone desktop pools CREATING RDS DESKTOP AND APPLICATION POOLS * Explain the difference between an RDS desktop pool and an automated pool * Compare and contrast an RDS session host pool, a farm, and an application pool * Create an RDS desktop pool and an application pool * Access RDS desktops and application from Horizon Client * Use the instant clone technology to automate the build-out of Remote Desktop Session Host farms * Configure load-balancing for RDSHs on a farm MONITORING VMWARE HORIZON * Monitor the status of the Horizon components using the Horizon Administrator console dashboard * Monitor desktop sessions using the HelpDesk tool * Monitor the performance of the remote desktop using the Horizon Performance Tracker HORIZON CONNECTION SERVER * Recognize the VMware Horizon reference architecture * Identify the Horizon Connection Server supported features * Identify the recommended system requirements for Horizon Connection Server * Configure the Horizon event database * Outline the steps for the initial configuration of Horizon Connection Server * Discuss the AD LDS database as a critical {an important component?} component of the Horizon Connection Server installation HORIZON PROTOCOLS * Compare the remote display protocols that are available in VMware Horizon * Describe the BLAST Display Protocol Codecs * Summarize the BLAST Codec options * List the ideal applications for each BLAST codec * Describe the BLAST and PCoIP ADMX GPO common configurations GRAPHICS IN HORIZON * Describe the 3D rendering options available in Horizon 8 * Compare vSGA and vDGA * List the steps to configure graphics cards for use in a Horizon environment SECURING CONNECTIONS: NETWORK * Compare tunnels and direct connections for client access to desktops * Discuss the benefits of using Unified Access Gateway * List the Unified Access Gateway firewall rules * Configure TLS certificates in Horizon SECURING CONNECTIONS: AUTHENTICATION * Compare the authentication options that Horizon Connection Server supports * Restrict access to the Horizon remote desktops using restricted entitlements * Describe the smart card authentication methods that Horizon Connection Server supports * Explain the purpose of permissions, roles, and privileges in VMware Horizon * Create custom roles HORIZON SCALABILITY * Describe the purpose of a replica connection server * Explain how multiple Horizon Connection Server instances in a pod maintain synchronization * List the steps to configure graphics cards for use in a Horizon environment * Configure a load balancer for use in a Horizon environment * Explain Horizon Cloud Pod Architecture LDAP replication. * Explain Horizon Cloud Pod Architecture scalability options HORIZON CLOUD AND UNIVERSAL BROKER * Recognize the features and benefits of Horizon Cloud Service * Use Universal broker to connect to a Horizon Cloud instance * Configure and pair the Horizon Cloud Connector appliance with Horizon Connection Server WORKSPACE ONE ACCESS AND VIRTUAL APPLICATION MANAGEMENT * Recognize the features and benefits of Workspace ONE Access * Explain identity management in Workspace ONE Access * Explain access management in Workspace ONE Access * Describe the requirements to install and configure True SSO in a Horizon environment * Describe the Workspace ONE Access directory integration * Deploy virtual applications with Workspace services ADDITIONAL COURSE DETAILS: Notes Delivery by TDSynex, Exit Certified and New Horizons an VMware Authorised Training Centre (VATC) Nexus Humans VMware Horizon: Deploy and Manage [V8.8] training program is a workshop that presents an invigorating mix of sessions, lessons, and masterclasses meticulously crafted to propel your learning expedition forward. This immersive bootcamp-style experience boasts interactive lectures, hands-on labs, and collaborative hackathons, all strategically designed to fortify fundamental concepts. Guided by seasoned coaches, each session offers priceless insights and practical skills crucial for honing your expertise. Whether you're stepping into the realm of professional skills or a seasoned professional, this comprehensive course ensures you're equipped with the knowledge and prowess necessary for success. While we feel this is the best course for the VMware Horizon: Deploy and Manage [V8.8] course and one of our Top 10 we encourage you to read the course outline to make sure it is the right content for you. Additionally, private sessions, closed classes or dedicated events are available both live online and at our training centres in Dublin and London, as well as at your offices anywhere in the UK, Ireland or across EMEA.

DEFINITIVE 802.1X TRAINING COURSE DESCRIPTION A hands-on training course concentrating solely on 802.1X. Hands on sessions follow major chapters to reinforce the theory. WHAT WILL YOU LEARN * Describe 802.1X. * Explain how 802.1X works * Configure 802.1X * Troubleshoot 802.1X. DEFINITIVE 802.1X TRAINING COURSE DETAILS * Who will benefit: Technical network staff. Technical security staff. * Prerequisites: SIP for engineers * Duration 2 days DEFINITIVE 802.1X TRAINING COURSE CONTENTS * Introduction What is 802.1X? Authentication access, 802.3, 802.11. IEEE, 802, 802.1X-2001, 802.1X-2010. * Architecture Supplicant, Authenticator, Authentication server, EAP, EAPOL, RADIUS, Diameter. * Port configuration 802.1X in a switch environment. Hands on Configuring 802.1X. * How it works Controlled ports, uncontrolled ports. Authentication flow chart, Initialisation, initiation, negotiation, authentication. Hands on 802.1X packet analysis. * 802.1X and 802.11 WiFi, WiFi security. Hands on 802.1X WiFi port access. * EAP Extensible Authentication Protocol, RFC 3748, RFC 5247. EAP methods: Weak, MD5, LEAP, Strong: TTLS, TLS, FAST. Encapsulation: 802.1X, PEAP, RADIUS, Diameter, PPP. * 802.1X accounting RADIUS, accounting messages, 802.1X accounting AV pairs. * 8021.X and VLANS VLANs, Guest VLAN, restricted VLAN, voice VLAN. Hands on VLAN assignments with 802.1X.

Duration 4 Days 24 CPD hours This course is intended for This course is for Azure Security Engineers who are planning to take the associated certification exam, or who are performing security tasks in their day-to-day job. This course would also be helpful to an engineer that wants to specialize in providing security for Azure-based digital platforms and play an integral role in protecting an organization's data. This course provides IT Security Professionals with the knowledge and skills needed to implement security controls, maintain an organization?s security posture, and identify and remediate security vulnerabilities. This course includes security for identity and access, platform protection, data and applications, and security operations. Prerequisites AZ-104T00 - Microsoft Azure Administrator Security best practices and industry security requirements such as defense in depth, least privileged access, role-based access control, multi-factor authentication, shared responsibility, and zero trust model. Be familiar with security protocols such as Virtual Private Networks (VPN), Internet Security Protocol (IPSec), Secure Socket Layer (SSL), disk and data encryption methods. Have some experience deploying Azure workloads. This course does not cover the basics of Azure administration, instead the course content builds on that knowledge by adding security specific information. Have experience with Windows and Linux operating systems and scripting languages. Course labs may use PowerShell and the CLI. 1 - MANAGE IDENTITIES IN MICROSOFT ENTRA ID * Secure users in Microsoft Entra ID * Secure groups in Microsoft Entra ID * Recommend when to use external identities * Secure external identities * Implement Microsoft Entra Identity protection 2 - MANAGE AUTHENTICATION BY USING MICROSOFT ENTRA ID * Configure Microsoft Entra Verified ID * Implement multifactor authentication (MFA) * Implement passwordless authentication * Implement password protection * Implement single sign-on (SSO) * Integrate single sign-on (SSO) and identity providers * Recommend and enforce modern authentication protocols 3 - MANAGE AUTHORIZATION BY USING MICROSOFT ENTRA ID * Configure Azure role permissions for management groups, subscriptions, resource groups, and resources * Assign built-in roles in Microsoft Entra ID * Assign built-in roles in Azure * Create and assign a custom role in Microsoft Entra ID * Implement and manage Microsoft Entra Permissions Management * Configure Microsoft Entra Privileged Identity Management * Configure role management and access reviews by using Microsoft Entra Identity Governance * Implement Conditional Access policies 4 - MANAGE APPLICATION ACCESS IN MICROSOFT ENTRA ID * Manage access to enterprise applications in Microsoft Entra ID, including OAuth permission grants * Manage app registrations in Microsoft Entra ID * Configure app registration permission scopes * Manage app registration permission consent * Manage and use service principals * Manage managed identities for Azure resources * Recommend when to use and configure a Microsoft Entra Application Proxy, including authentication 5 - PLAN AND IMPLEMENT SECURITY FOR VIRTUAL NETWORKS * Plan and implement Network Security Groups (NSGs) and Application Security Groups (ASGs) * Plan and implement User-Defined Routes (UDRs) * Plan and implement Virtual Network peering or gateway * Plan and implement Virtual Wide Area Network, including secured virtual hub * Secure VPN connectivity, including point-to-site and site-to-site * Implement encryption over ExpressRoute * Configure firewall settings on PaaS resources * Monitor network security by using Network Watcher, including NSG flow logging 6 - PLAN AND IMPLEMENT SECURITY FOR PRIVATE ACCESS TO AZURE RESOURCES * Plan and implement virtual network Service Endpoints * Plan and implement Private Endpoints * Plan and implement Private Link services * Plan and implement network integration for Azure App Service and Azure Functions * Plan and implement network security configurations for an App Service Environment (ASE) * Plan and implement network security configurations for an Azure SQL Managed Instance 7 - PLAN AND IMPLEMENT SECURITY FOR PUBLIC ACCESS TO AZURE RESOURCES * Plan and implement Transport Layer Security (TLS) to applications, including Azure App Service and API Management * Plan, implement, and manage an Azure Firewall, Azure Firewall Manager and firewall policies * Plan and implement an Azure Application Gateway * Plan and implement an Azure Front Door, including Content Delivery Network (CDN) * Plan and implement a Web Application Firewall (WAF) * Recommend when to use Azure DDoS Protection Standard 8 - PLAN AND IMPLEMENT ADVANCED SECURITY FOR COMPUTE * Plan and implement remote access to public endpoints, Azure Bastion and just-in-time (JIT) virtual machine (VM) access * Configure network isolation for Azure Kubernetes Service (AKS) * Secure and monitor AKS * Configure authentication for AKS * Configure security for Azure Container Instances (ACIs) * Configure security for Azure Container Apps (ACAs) * Manage access to Azure Container Registry (ACR) * Configure disk encryption, Azure Disk Encryption (ADE), encryption as host, and confidential disk encryption * Recommend security configurations for Azure API Management 9 - PLAN AND IMPLEMENT SECURITY FOR STORAGE * Configure access control for storage accounts * Manage life cycle for storage account access keys * Select and configure an appropriate method for access to Azure Files * Select and configure an appropriate method for access to Azure Blob Storage * Select and configure an appropriate method for access to Azure Tables * Select and configure an appropriate method for access to Azure Queues * Select and configure appropriate methods for protecting against data security threats, including soft delete, backups, versioning, and immutable storage * Configure Bring your own key (BYOK) * Enable double encryption at the Azure Storage infrastructure level 10 - PLAN AND IMPLEMENT SECURITY FOR AZURE SQL DATABASE AND AZURE SQL MANAGED INSTANCE * Enable database authentication by using Microsoft Entra ID * Enable and monitor database audit * Identify use cases for the Microsoft Purview governance portal * Implement data classification of sensitive information by using the Microsoft Purview governance portal * Plan and implement dynamic mask * Implement transparent data encryption? * Recommend when to use Azure SQL Database Always Encrypted 11 - PLAN, IMPLEMENT, AND MANAGE GOVERNANCE FOR SECURITY * Create, assign, and interpret security policies and initiatives in Azure Policy * Configure security settings by using Azure Blueprint * Deploy secure infrastructures by using a landing zone * Create and configure an Azure Key Vault * Recommend when to use a dedicated Hardware Security Module (HSM) * Configure access to Key Vault, including vault access policies and Azure Role Based Access Control * Manage certificates, secrets, and keys * Configure key rotation * Configure backup and recovery of certificates, secrets, and keys 12 - MANAGE SECURITY POSTURE BY USING MICROSOFT DEFENDER FOR CLOUD * Implement Microsoft Defender for Cloud * Identify and remediate security risks by using the Microsoft Defender for Cloud Secure Score and Inventory * Assess compliance against security frameworks and Microsoft Defender for Cloud * Add industry and regulatory standards to Microsoft Defender for Cloud * Add custom initiatives to Microsoft Defender for Cloud * Connect hybrid cloud and multicloud environments to Microsoft Defender for Cloud * Identify and monitor external assets by using Microsoft Defender External Attack Surface Management 13 - CONFIGURE AND MANAGE THREAT PROTECTION BY USING MICROSOFT DEFENDER FOR CLOUD * Enable workload protection services in Microsoft Defender for Cloud, including Microsoft Defender for Storage, Databases, Containers, App Service, Key Vault, Resource Manager, and DNS * Configure Microsoft Defender for Servers * Configure Microsoft Defender for Azure SQL Database * Manage and respond to security alerts in Microsoft Defender for Cloud * Configure workflow automation by using Microsoft Defender for Cloud * Evaluate vulnerability scans from Microsoft Defender for Server 14 - CONFIGURE AND MANAGE SECURITY MONITORING AND AUTOMATION SOLUTIONS * Monitor security events by using Azure Monitor * Configure data connectors in Microsoft Sentinel * Create and customize analytics rules in Microsoft Sentinel * Configure automation in Microsoft Sentinel ADDITIONAL COURSE DETAILS: Nexus Humans AZ-500T00 Microsoft Azure Security Technologies training program is a workshop that presents an invigorating mix of sessions, lessons, and masterclasses meticulously crafted to propel your learning expedition forward. This immersive bootcamp-style experience boasts interactive lectures, hands-on labs, and collaborative hackathons, all strategically designed to fortify fundamental concepts. Guided by seasoned coaches, each session offers priceless insights and practical skills crucial for honing your expertise. Whether you're stepping into the realm of professional skills or a seasoned professional, this comprehensive course ensures you're equipped with the knowledge and prowess necessary for success. While we feel this is the best course for the AZ-500T00 Microsoft Azure Security Technologies course and one of our Top 10 we encourage you to read the course outline to make sure it is the right content for you. Additionally, private sessions, closed classes or dedicated events are available both live online and at our training centres in Dublin and London, as well as at your offices anywhere in the UK, Ireland or across EMEA.

NETWORK FORENSICS TRAINING COURSE DESCRIPTION This course studies network forensics-monitoring and analysis of network traffic for information gathering, intrusion detection and legal evidence. We focus on the technical aspects of network forensics rather than other skills such as incident response procedures etc.. Hands on sessions follow all the major sections. WHAT WILL YOU LEARN * Recognise network forensic data sources. * Perform network forensics using: Wireshark NetFlow Log analysis * Describe issues such as encryption. NETWORK FORENSICS TRAINING COURSE DETAILS * Who will benefit: Technical network and/or security staff. * Prerequisites: TCP/IP foundation for engineers. * Duration 3 days NETWORK FORENSICS TRAINING COURSE CONTENTS * What is network forensics? What it is, host vs network forensics, purposes, legal implications, network devices, network data sources, investigation tools. Hands on whois, DNS queries. * Host side network forensics Services, connections tools. Hands on Windows services, Linux daemons, netstat, ifoconfig/ipconfig, ps and Process explorer, ntop, arp, resource monitor. * Packet capture and analysis Network forensics with Wireshark, Taps, NetworkMiner. Hands on Performing Network Traffic Analysis using NetworkMiner and Wireshark. * Attacks DOS attacks, SYN floods, vulnerability exploits, ARP and DNS poisoning, application attacks, DNS ANY requests, buffer overflow attacks, SQL injection attack, attack evasion with fragmentation. Hands on Detecting scans, using nmap, identifying attack tools. * Calculating location Timezones, whois, traceroute, geolocation. Wifi positioning. Hands on Wireshark with GeoIP lookup. * Data collection NetFlow, sflow, logging, splunk, splunk patterns, GRR. HTTP proxies. Hands on NetFlow configuration, NetFlow analysis. * The role of IDS, firewalls and logs Host based vs network based, IDS detection styles, IDS architectures, alerting. Snort. syslog-ng. Microsoft log parser. Hands on syslog, Windows Event viewer. * Correlation Time synchronisation, capture times, log aggregation and management, timelines. Hands on Wireshark conversations. * Other considerations Tunnelling, encryption, cloud computing, TOR. Hands on TLS handshake in Wireshark.