115 Basic Security Training (BST) courses

Duration 3 Days 18 CPD hours This course is intended for Blockchain Architects Blockchain DevelopersApplication Developers Blockchain System AdministratorsNetwork Security Architects Cyber Security ExpertsIT Professionals w/cyber security experience Overview Those who attend the Security for Blockchain Professionals course and pass the exam certification will have a demonstrated knowledge of:Identifying and differentiating between security threats and attacks on a Blockchain network.Blockchain security methods, best practices, risk mitigation, and more.All known (to date) cyber-attack vectors on the Blockchain.Performing Blockchain network security risk analysis.A complete understanding of Blockchain?s inherent security features and risks.An excellent knowledge of best security practices for Blockchain System/Network Administrators.Demonstrating appropriate Blockchain data safeguarding techniques. This course covers all known aspects of Blockchain security that exist in the Blockchain environment today and provides a detailed overview of all Blockchain security issues, including threats, risk mitigation, node security integrity, confidentiality, best security practices, advanced Blockchain security and more. Fundamental Blockchain Security Cryptography for the Blockchain Hash Functions Public Key Cryptography Elliptic Curve Cryptography A Brief Introduction to Blockchain The Blocks The Chains The Network Promises of the Blockchain Blockchain Security Assumptions Digital Signature Security Hash Function Security Limitations of Basic Blockchain Security Public Key Cryptography Review Real-Life Public Key Protection Cryptography and Quantum Computers Lab 1 (Tentative) Finding Hash Function Collisions Reversible hash function Hash function with poor non-locality Hash function with small search space Breaking Public Key Cryptography Brute Forcing a Short Private Key Brute Forcing a Poorly-Chosen Private Key Consensus in the Blockchain Blockchain Consensus and Byzantine Generals Blockchain Networking Review Byzantine Generals Problem Relation to Blockchain Byzantine Fault Tolerance Introduction to Blockchain Consensus Security Blockchain Consensus Breakthrough Proof of Work What is Proof of Work? How does Proof of Work Solve BGP? Proof of Work Security Assumptions Attacking Proof of Work Proof of Stake What is Proof of Stake? How does Proof of Stake Solve BGP? Proof of Stake Security Assumptions Attacking Proof of Stake General Attacks on Blockchain Consensus Other Blockchain Consensus Algorithms Lab 2 (Tentative) Attacking Proof of Work Performing a 51% Attack Performing a Selfish Mining Attack Attacking Proof of Stake Performing a XX% Attack Performing a Long-Range Attack Malleable Transaction Attacks Advanced Blockchain Security Mechanisms Architectural Security Measures Permissioned Blockchains Checkpointing Advanced Cryptographic Solutions Multiparty Signatures Zero-Knowledge Proofs Stealth Addresses Ring Signatures Confidential Transactions Lab 3 (Tentative) Permissioned Blockchains 51% on a Checkpointed Blockchain Data mining on a blockchain with/without stealth addresses Zero-Knowledge Proof Simulation Trying to fake knowledge of a ZKP Module 4: Blockchain for Business Introduction to Ethereum Security What is Ethereum Consensus in Ethereum Smart Contracts in Ethereum Ethereum Security Pros and Cons of Ethereum Blockchains Introduction to Hyperledger Security What is Hyperledger Consensus in Hyperledger Smart Contracts in Hyperledger Hyperledger Security Pros and Cons of Hyperledger Blockchains Introduction to Corda Security What is Corda Consensus in Corda Smart Contracts in Corda Corda Security Pros and Cons of Corda Blockchains Lab 4 Blockchain Risk Assessment What are the Risks of the Blockchain? Information Security Information Sensitivity Data being placed on blockchain Risks of disclosure Regulatory Requirements Data encryption Data control PII protection Blockchain Architectural Design Public and Private Blockchains Open and Permissioned Blockchains Choosing a Blockchain Architecture Lab 5 Exploring public/private open/permissioned blockchains? Basic Blockchain Security Blockchain Architecture User Security Protecting Private Keys Malware Update Node Security Configuring MSPs Network Security Lab 6 (TBD) Smart Contract Security Introduction to Smart Contracts Smart Contract Security Considerations Turing-Complete Lifetime External Software Smart Contract Code Auditing Difficulties Techniques Tools Lab 7 (Tentative) Try a couple of smart contract code auditing tool against different contracts with built-in vulnerabilities Module 8: Security Implementing Business Blockchains Ethereum Best Practices Hyperledger Best Practices Corda Best Practices Lab 8 Network-Level Vulnerabilities and Attacks Introduction to Blockchain Network Attacks 51% Attacks Denial of Service Attacks Eclipse Attacks Routing Attacks Sybil Attacks Lab 9 Perform different network-level attacks System-Level Vulnerabilities and Attacks Introduction to Blockchain System Vulnerabilities The Bitcoin Hack The Verge Hack The EOS Vulnerability Lab 10 Smart Contract Vulnerabilities and Attacks Introduction to Common Smart Contract Vulnerabilities Reentrancy Access Control Arithmetic Unchecked Return Values Denial of Service Bad Randomness Race Conditions Timestamp Dependence Short Addresses Lab 11 Exploiting vulnerable smart contracts Security of Alternative DLT Architectures What Are Alternative DLT Architectures? Introduction to Directed Acyclic Graphs (DAGs) DAGs vs. Blockchains Advantages of DAGs DAG Vulnerabilities and Security Lab 12 Exploring a DAG network

Duration 2 Days 12 CPD hours This course is intended for Security administrators who are responsible for using SaltStack SecOps to manage the security operations in their enterprise Overview By the end of the course, you should be able to meet the following objectives: Describe the architecture of SaltStack Config and SaltStack SecOps Integrate SaltStack Config with directory services. Configure roles and permissions for users and groups to manage and use SaltStack SecOps Use targeting to ensure that the jobs run on the correct minion systems Use remote execution modules to install the packages, transfer files, manage services, and manage users on minion systems Manage configuration control on the minion systems with states, pillars, requisites, and declarations Use Jinja and YAML code to manage the minion systems with the state files Enforce the desired state across minion systems automatically Use SaltStack SecOps to update the compliance and vulnerability content libraries Use SaltStack SecOps to enforce compliance and remediation on the infrastructure with industry standards Use SaltStack SecOps to provide automated vulnerability scanning and remediation on your infrastructure This two-day, hands-on training course provides you with the advanced knowledge, skills, and tools to achieve competency in using VMware vRealize© Automation SaltStack© SecOps. SaltStack SecOps allows you to scan your system for compliance against security benchmarks, detect system vulnerabilities, and remediate your results. This course enables you to create the SaltStack SecOps custom compliance libraries and use SaltStack SecOps. In addition, this course provides you with the fundamentals of how to use VMware vRealize© Automation SaltStack© Config to install software and manage system configurations. Course Introduction Introductions and course logistics Course objectives SaltStack Config Architecture Identify the SaltStack Config deployment types Identify the components of SaltStack Config Describe the role of each SaltStack Config component SaltStack Config Security Describe local user authentication Describe LDAP and Active Directory authentication Describe the roles and permissions in vRealize Automation for SaltStack Config Describe the roles and permissions in SaltStack Config Describe the SecOps permissions in SaltStack Config Describe the advanced permissions available in SaltStack Config Targeting Minions Describe targeting and its importance Target minions by minion ID Target minions by glob Target minions by regular expressions Target minions by lists Target minions by compound matching Target minions by complex logical matching Remote Execution and Job Management Describe remote execution and its importance Describe functions and arguments Create and manage jobs Use the Activities dashboard Configuration Control Through States, Pillars, Requisites, and Declarations Define the SaltStack states Describe file management in SaltStack Config Create the SaltStack state files Identify the components of a SaltStack state Describe pillar data and the uses of pillar data Configure pillar data on the SaltStack Config master server Use pillar data in variables in the state files Describe the difference between IDs and names in the state files Use the correct execution order Use requisites in the state files Using Jinja and YAML Describe the SaltStack Config renderer system Use YAML in the state files Use Jinja in the state files Use Jinja conditionals, lists, and loops Using SaltStack SecOps Comply Describe the SaltStack SecOps Comply architecture Describe CIS and DISA STIG benchmarks Describe the SaltStack SecOps Comply security library Describe the remediation differences between SaltStack SecOps and VMware Carbon Black© Create and manage the policies Create and manage the custom checks Run assessments on the minion systems Use SaltStack SecOps to remediate the noncompliant systems Manage the SaltStack SecOps Comply configuration options Manage the benchmark content ingestion Using SaltStack SecOps Protect Describe Common Vulnerabilities and Exposures (CVEs) Use the Protect dashboard Create and manage the policies Update the vulnerability library Run the vulnerability scans Remediate the vulnerabilities Manage the vulnerability exemptions

Duration 5 Days 30 CPD hours This course is intended for Security Professionals working with Kubernetes Clusters Container Orchestration Engineers DevOps Professionals Overview In this course, students will learn and practice essential Kubernetes concepts and tasks in the following sections: Cloud Security Fundamentals Cluster Hardening System Hardening Minimize Microservice Vulnerabilities Supply Chain Security Disaster Recovery Secure Back-up and Restore This class prepares students for the Certified Kubernetes Security Specialist (CKS) exam. Kubernetes is a Cloud Orchestration Platform providing reliability, replication, and stabilitywhile maximizing resource utilization for applications and services. By the conclusion of this hands-on, vendor agnostic training you will be equipped with a thorough understanding ofcloud security fundamentals, along with the knowledge, skills and abilities to secure a Kubernetes cluster, detect threats, and properly resolve a security catastrophe. This courseincludes hands-on instruction which develops skills and knowledge for securing container-based applications and Kubernetes platforms, during build, deployment, and runtime. We prioritizecovering all objectives and concepts necessary for passing the Certified Kubernetes Security Specialist (CKS) exam. You will be provided the components necessary to assemble your ownhigh availability Kubernetes environment and harden it for your security needs. Learning Your Environment Underlying Infrastructure Using Vim Tmux Cloud Security Primer Basic Principles Threat Analysis Approach CIS Benchmarks Securing your Kubernetes Cluster Kubernetes Architecture Pods and the Control Plane Kubernetes Security Concepts Install Kubernetes using kubeadm Configure Network Plugin Requirements Kubeadm Basic Cluster Installing Kubeadm Join Node to Cluster Kubeadm Token Manage Kubeadm Tokens Kubeadm Cluster Upgrade Securing the kube-apiserver Configuring the kube-apiserver Enable Audit Logging Falco Deploy Falco to Monitor System Calls Enable Pod Security Policies Encrypt Data at Rest Encryption Configuration Benchmark Cluster with Kube-Bench Kube-Bench Securing ETCD ETCD Isolation ETCD Disaster Recovery ETCD Snapshot and Restore Purge Kubernetes Purge Kubeadm 3Purge Kubeadm Image Scanning Container Essentials Secure Containers Creating a Docker Image Scanning with Trivy Trivy Snyk Security Manually Installing Kubernetes Kubernetes the Alta3 Way Deploy Kubernetes the Alta3 Way Validate your Kubernetes Installation Sonobuoy K8s Validation Test Kubectl (Optional) Kubectl get and sorting kubectl get kubectl describe Labels (Optional) Labels Labels and Selectors Annotations Insert an Annotation Securing your Application Scan a Running Container Tracee Security Contexts for Pods Understanding Security Contexts AppArmor Profiles AppArmor Isolate Container Kernels gVisor Pod Security Pod Security Policies Deploy a PSP Pod Security Standards Enable PSS Open Policy Agent (OPA) Admission Controller Create a LimitRange Open Policy Agent Policy as Code Deploy Gatekeeper User Administration Contexts Contexts Authentication and Authorization Role Based Access Control Role Based Access Control RBAC Distributing Access Service Accounts Limit Pod Service Accounts Securing Secrets Secrets Create and Consume Secrets Hashicorp Vault Deploy Vault Securing the Network Networking Plugins NetworkPolicy Deploy a NetworkPolicy mTLS Linkerd mTLS with istio istio Threat Detection Active Threat Analysis Host Intrusion Detection Deploy OSSEC Network Intrusion Detection Deploy Suricata Physical Intrusion Detection Disaster Recovery Harsh Reality of Security Deploy a Response Plan Kasten K10 Backups Deploy K10

Duration 1 Days 6 CPD hours This course is intended for This course is intended for: Solutions architects, cloud engineers, including security engineers, delivery and implementation engineers, professional services, and Cloud Center of Excellence (CCOE) Overview In this course, you will learn to: Design and implement a secure network infrastructure Design and implement compute security Design and implement a logging solution Currently, the average cost of a security breach can be upwards of $4 million. AWS Security Best Practices provides an overview of some of the industry best practices for using AWS security and control types. This course helps you understand your responsibilities while providing valuable guidelines for how to keep your workload safe and secure. You will learn how to secure your network infrastructure using sound design options. You will also learn how you can harden your compute resources and manage them securely. Finally, by understanding AWS monitoring and alerting, you can detect and alert on suspicious events to help you quickly begin the response process in the event of a potential compromise. Module 1: AWS Security Overview Shared responsibility model Customer challenges Frameworks and standards Establishing best practices Compliance in AWS Module 2: Securing the Network Flexible and secure Security inside the Amazon Virtual Private Cloud (Amazon VPC) Security services Third-party security solutions Module 3: Amazon EC2 Security Compute hardening Amazon Elastic Block Store (EBS) encryption Secure management and maintenance Detecting vulnerabilities Using AWS Marketplace Module 4: Monitoring and Alerting Logging network traffic Logging user and Application Programming Interface (API) traffic Visibility with Amazon CloudWatch Enhancing monitoring and alerting Verifying your AWS environment Additional course details: Nexus Humans AWS Security Best Practices training program is a workshop that presents an invigorating mix of sessions, lessons, and masterclasses meticulously crafted to propel your learning expedition forward. This immersive bootcamp-style experience boasts interactive lectures, hands-on labs, and collaborative hackathons, all strategically designed to fortify fundamental concepts. Guided by seasoned coaches, each session offers priceless insights and practical skills crucial for honing your expertise. Whether you're stepping into the realm of professional skills or a seasoned professional, this comprehensive course ensures you're equipped with the knowledge and prowess necessary for success. While we feel this is the best course for the AWS Security Best Practices course and one of our Top 10 we encourage you to read the course outline to make sure it is the right content for you. Additionally, private sessions, closed classes or dedicated events are available both live online and at our training centres in Dublin and London, as well as at your offices anywhere in the UK, Ireland or across EMEA.

Duration 2 Days 12 CPD hours This course is intended for This course is for IT network or security professionals who have practical experience with the ProxySG in the field and wish to master the advanced network security of the ProxySG. Overview Solve common authentication and SSL issuesUnderstand the underlying architecture of SGOSMonitor and analyze ProxySG performanceUse policy tracing as a troubleshooting tool The ProxySG 6.6 Advanced Administration course is intended for IT professionals who wish to learn to master the advanced features of the ProxySG. Using Authentication Realms Describe the benefits of enabling authentication on the ProxySG Describe, at a high level, the ProxySG authentication architecture Understand the use of IWA realms, with both IWA Direct and IWA BCAAA connection methods Understanding Authentication Credentials Describe how NTLM and Kerberos authentication work in both IWA direct and IWA BCAAA deployments Configure the ProxySG to use Kerberos authentication Understanding Authentication Modes Describe authentication surrogates and authentication modes Describe ProxySG authentication in both explicit and transparent deployment mode Understanding HTTPS Describe key components of SSL encryption Describe how the SSL handshake works Describe some of the legal and security considerations related to use of the SSL proxy Managing SSL Traffic on the ProxySG Describe how the SSL proxy service handles SSL traffic Describe the standard keyrings that are installed by default on the ProxySG Identify the types of security certificates that the ProxySG uses Optimizing SSL Interception Performance Configure the ProxySG to process SSL traffic according to best practices for performance SGOS Architecture Identify key components of SGOS Explain the interaction among client workers and software workers in processing client requests Explain the significance of policy checkpoints Describe key characteristics of the SGOS storage subsystem Explain the caching behavior of the ProxySG Caching Architecture Describe the benefits of object caching on the ProxySG Explain the caching-related steps in a ProxySG transaction Identify and describe the HTTP request and response headers related to caching Describe, in general terms, how the ProxySG validates cached objects to ensure freshness Explain how the ProxySG uses cost-based deletion, popularity contests, and pipelining to improve object caching System Diagnostics Describe the use of the health monitor and health checks Explain the use of the event and access logs Describe the information available in advanced URLs and sysinfo files Describe the function of policy tracing and packet captures Introduction to Content Policy Language (CPL) Describe the fundamental concepts and purposes of ProxySG policy transactions Understand the relationship of layers, rules, conditions, properties, and triggers Describe the two types of actions in CPL Describe how to write, edit, and upload CPL code Using Policy Tracing for Troubleshooting Identify the two main types of ProxySG policy traces Describe the various sections of a policy trace result Configure a global and policy-driven trace Access and interpret policy trace results ProxySG Integration Identify other Symantec products that can be used as part of a complete security solution