149 Courses delivered Live Online

Duration 3 Days 18 CPD hours This course is intended for This course is intended for network administrators, operators, and engineers responsible for managing the normal day-to-day operation and administration of BIG-IP Access Policy Manager. This three-day course gives network administrators, network operators, and network engineers a functional understanding of BIG-IP Access Policy Manager as it is commonly deployed in both application delivery network and remote access settings. The course introduces students to BIG-IP Access Policy Manager, its configuration objects, how it commonly deployed, and how typical administrative and operational activities are performed. The course includes lecture, hands-on labs, interactive demonstrations, and discussions. Module 1: Setting Up the BIG-IP System Introducing the BIG-IP System Initially Setting Up the BIG-IP System Archiving the BIG-IP Configuration Leveraging F5 Support Resources and Tools Module 2: Configuring Web Application Access Review of BIG-IP LTM Introduction to the Access Policy Web Access Application Configuration Overview Web Application Access Configuration in Detail Module 3: Exploring the Access Policy Navigating the Access Policy Module 4: Managing BIG-IP APM BIG-IP APM Sessions and Access Licenses Session Variables and sessiondump Session Cookies Access Policy General Purpose Agents List Module 5: Using Authentication Introduction to Access Policy Authentication Active Directory AAA Server RADIUS One-Time Password Local User Database Module 6: Understanding Assignment Agents List of Assignment Agents Module 7: Configuring Portal Access Introduction to Portal Access Portal Access Configuration Overview Portal Access Configuration Portal Access in Action Module 8: Configuring Network Access Concurrent User Licensing VPN Concepts Network Access Configuration Overview Network Access Configuration Network Access in Action Module 9: Deploying Macros Access Policy Macros Configuring Macros An Access Policy is a Flowchart Access Policy Logon Agents Configuring Logon Agents Module 10: Exploring Client-Side Checks Client-Side Endpoint Security Module 11: Exploring Server-Side Checks Server-Side Endpoint Security Agents List Server-Side and Client-Side Checks Differences Module 12: Using Authorization Active Directory Query Active Directory Nested Groups Configuration in Detail Module 13: Configuring App Tunnels Application Access Remote Desktop Network Access Optimized Tunnels Landing Page Bookmarks Module 14: Deploying Access Control Lists Introduction to Access Control Lists Configuration Overview Dynamic ACLs Portal Access ACLs Module 15: Signing On with SSO Remote Desktop Single Sign-On Portal Access Single Sign-On Module 16: Using iRules iRules Introduction Basic TCL Syntax iRules and Advanced Access Policy Rules Module 17: Customizing BIG-IP APM Customization Overview BIG-IP Edge Client Advanced Edit Mode Customization Landing Page Sections Module 18: Deploying SAML SAML Conceptual Overview SAML Configuration Overview Module 19: Exploring Webtops and Wizards Webtops Wizards Module 20: Using BIG-IP Edge Client BIG-IP Edge Client for Windows Installation BIG-IP Edge Client in Action Module 21: Configuration Project Configuration Project Additional course details: Nexus Humans F5 Networks Configuring BIG-IP APM : Access Policy Manager training program is a workshop that presents an invigorating mix of sessions, lessons, and masterclasses meticulously crafted to propel your learning expedition forward. This immersive bootcamp-style experience boasts interactive lectures, hands-on labs, and collaborative hackathons, all strategically designed to fortify fundamental concepts. Guided by seasoned coaches, each session offers priceless insights and practical skills crucial for honing your expertise. Whether you're stepping into the realm of professional skills or a seasoned professional, this comprehensive course ensures you're equipped with the knowledge and prowess necessary for success. While we feel this is the best course for the F5 Networks Configuring BIG-IP APM : Access Policy Manager course and one of our Top 10 we encourage you to read the course outline to make sure it is the right content for you. Additionally, private sessions, closed classes or dedicated events are available both live online and at our training centres in Dublin and London, as well as at your offices anywhere in the UK, Ireland or across EMEA.

Duration 5 Days 30 CPD hours This course is intended for Network security engineers ISE administrators Wireless network security engineers Cisco integrators and partners Overview After taking this course, you should be able to: Describe Cisco ISE deployments, including core deployment components and how they interact to create a cohesive security architecture. Describe the advantages of such a deployment and how each Cisco ISE capability contributes to these advantages. Describe concepts and configure components related to 802.1X and MAC Authentication Bypass (MAB) authentication, identity management, and certificate services. Describe how Cisco ISE policy sets are used to implement authentication and authorization, and how to leverage this capability to meet the needs of your organization. Describe third-party Network Access Devices (NADs), Cisco TrustSec, and Easy Connect. Describe and configure web authentication, processes, operation, and guest services, including guest access components and various guest access scenarios. Describe and configure Cisco ISE profiling services, and understand how to monitor these services to enhance your situational awareness about network-connected endpoints. Describe best practices for deploying this profiler service in your specific environment. Describe BYOD challenges, solutions, processes, and portals. Configure a BYOD solution, and describe the relationship between BYOD processes and their related configuration components. Describe and configure various certificates related to a BYOD solution. Describe the value of the My Devices portal and how to configure this portal. Describe endpoint compliance, compliance components, posture agents, posture deployment and licensing, and the posture service in Cisco ISE. Describe and configure TACACS+ device administration using Cisco ISE, including command sets, profiles, and policy sets. Understand the role of TACACS+ within the Authentication, Authentication, and Accounting (AAA) framework and the differences between the RADIUS and TACACS+ protocols. Migrate TACACS+ functionality from Cisco Secure Access Control System (ACS) to Cisco ISE, using a migration tool. Implementing and Configuring Cisco Identity Services Engine (SISE) v3.0 is a Cisco ISE training program that discusses the Cisco Identity Services Engine, an identity and access control policy platform that provides a single policy plane across the entire organization, combining multiple services, including authentication, authorization, and accounting (AAA), posture, profiling, device onboarding, and guest management, into a single context-aware identity-based platform. This CCNA course provides students with the knowledge and skills to enforce security posture compliance for wired and wireless endpoints as well as enhance infrastructure security using the Cisco ISE. Introducing Cisco ISE Architecture and Deployment Using Cisco ISE as a Network Access Policy Engine Cisco ISE Use Cases Describing Cisco ISE Functions Cisco ISE Deployment Models Context Visibility Cisco ISE Policy Enforcement Using 802.1X for Wired and Wireless Access Using MAC Authentication Bypass for Wired and Wireless Access Introducing Identity Management Configuring Certificate Services Introducing Cisco ISE Policy Implementing Third-Party Network Access Device Support Introducing Cisco TrustSec Cisco TrustSec Configuration Easy Connect Web Authentication and Guest Services Introducing Web Access with Cisco ISE Introducing Guest Access Components Configuring Guest Access Settings Configuring Sponsor and Guest Portals Cisco ISE Profiler Introducing Cisco ISE Profiler Profiling Deployment and Best Practices Cisco ISE BYOD Introducing the Cisco ISE BYOD Process Describing BYOD Flow Configuring the My Devices Portal Configuring Certificates in BYOD Scenarios Cisco ISE Endpoint Compliance Services Introducing Endpoint Compliance Services Configuring Client Posture Services and Provisioning in Cisco ISE Working with Network Access Devices Review TACACS+ Cisco ISE TACACS+ Device Administration Configure TACACS+ Device Administration TACACS+ Device Administration Guidelines and Best Practices Migrating from Cisco ACS to Cisco ISE Lab outline Access the SISE Lab and Install ISE 2.4 Configure Initial Cisco ISE Setup, GUI Familiarization, and System Certificate Usage Integrate Cisco ISE with Active Directory Configure Basic Policy on Cisco ISE Configure Policy Sets Configure Access Policy for Easy Connect Configure Guest Access Configure Guest Access Operations Create Guest Reports Configure Profiling Customize the Cisco ISE Profiling Configuration Create Cisco ISE Profiling Reports Configure BYOD Blacklisting a Device Configure Cisco ISE Compliance Services Configure Client Provisioning Configure Posture Policies Test and Monitor Compliance-Based Access Test Compliance Policy Configure Cisco ISE for Basic Device Administration Configure TACACS+ Command Authorization

Duration 3 Days 18 CPD hours This course is intended for Experienced system administrators and network administrators Customers, cloud architects, systems engineers, data center administrators Network administrators with experience in managed services or managing a Telco Cloud environment Overview By the end of the course, you should be able to meet the following objectives: Deploy VMware Telco Cloud Service Assurance Manage VMware Telco Cloud Service Assurance to satisfy Telco cloud provider needs Discuss configurable options for VMware Telco Cloud Service Assurance Identify and configure different data sources which are used with VMware Telco Cloud Service Assurance Configure different collectors in VMware Telco Cloud Service Assurance Identify the Root Cause Analysis options with VMware Telco Cloud Service Assurance Discuss data collection in VMware Telco Cloud Service Assurance Explain root cause analysis in VMware Telco Cloud Service Assurance Navigate through the logs for troubleshooting This three-day, hands-on training course provides the knowledge, skills, and tools to achieve competency in installing, configuring, and managing the VMware Telco Cloud Service Assurance environment. In this course, you are introduced to the installation methods of VMware Telco Cloud Service Assurance? across various supported platforms and troubleshooting tools that help you install, manage, and troubleshoot your VMware Telco Cloud Service Assurance environment. In addition, you are presented with various types of configuration options, which you will identify, analyze, and navigate through as you explore the UI and configurable options of the product. Course Introduction Introduction and course logistics Course objectives Introduction to VMware Telco Cloud Service Assurance Describe the features of VMware Telco Cloud Service Assurance List the capabilities of VMware Telco Cloud Service Assurance Discuss the use cases of VMware Telco Cloud Service Assurance Describe the role played by VMware Telco Cloud Service Assurance components in delivering service assurance Deploying VMware Telco Cloud Service Assurance Explain different deployment options of VMware Telco Cloud Service Assurance Identify different deployment methods of VMware Telco Cloud Service Assurance Discuss different phases in deploying VMware Telco Cloud Service Assurance Identify different footprints available for HA based and non-HA based installation of VMware Telco Cloud Service Assurance Describe the SMARTs components of VMware Telco Cloud Service Assurance Deploy VMware Telco Cloud Service Assurance User Access Control Describe the features Role-based Access Control (RBAC) Outline the role of Keycloak in implementing RBAC in VMware Telco Cloud Service Assurance Configure user federation in Keycloak Use the VMware Telco Cloud Service Assurance UI to manage RBAC Create policies in VMware Telco Cloud Service Assurance that align with job roles Services and User Interface Configurations Describe the architecture of logical switching Describe the core services on a TCSA cluster Discuss the Global Manager or Service Assurance Manager (SAM), IP Domain Manager, Server Manager (ESM) Discuss VMware Telco Cloud Service Assurance UI Overview Explain Working with Notifications Elaborate Configuring Summary's Describe Accessing Notification Details Explain Viewing and configuring Topologies List Customizing Topologies Describe Topology Explorer Explain Collecting Troubleshooting Information Discuss Custom models Describe how compute resources are provided to VMware Telco Cloud Service Assurance Describe how storage is provided to VMware Telco Cloud Service Assurance Configure and manage VMware Telco Cloud Service Assurance Discuss configurable options for VMware Telco Cloud Service Assurance Day 1 and Day 2 Operations Review the architecture of logical routing and NSX Edge nodes Identify different data sources to be used with VMware Telco Cloud Service Assurance Configure different collectors with VMware Telco Cloud Service Assurance Describe Alarms and Thresholds Demonstrate how to configure alarms with VMware Telco Cloud Service Assurance Explain how to setup thresholds and timelines in VMware Telco Cloud Service Assurance Define Catalog management and sharing catalogs inside and between organizations. Identify the steps to import or upload data into catalogs. Explain the purpose of catalogs and How to Create a catalog organization. Describe the Purpose and Usage of Open Virtualization Format (OVA) and Custom vApp or VM Properties. Discuss vApp Templates Logs and Troubleshooting Review the architecture of the Distributed Firewall Discuss VMware Telco Cloud Service Assurance installations logs List Smarts installation logs Explain backup and restore options of VMware Telco Cloud Service Assurance Identify the approach for troubleshooting containerized services Discuss monitoring services

Duration 3 Days 18 CPD hours This course is intended for The primary audience for this course is as follows: Customers configuring and maintaining CUCM 8.x, 9.x, 10.x, 11.0, or 12.x. PBX System Administrators transitioning to CUCM administration IP networking professionals taking on responsibility for CUCM administration Workers being cross-trained for CUCM administration coverage The secondary audience for this course is as follows: Cisco Unified Communications system channel partners and resellers Overview Upon completing this course, the learner will be able to meet these overall objectives: Demonstrate an overall understanding of the Cisco Unified Communications Manager (CUCM) 12.x (or earlier version) system and its environment Configure CUCM to support IP Phones in multiple locations Configure CUCM to route calls to internal and PSTN destinations Configure User accounts and multi-level administration Understand User Web Page functionality Configure user features, including Hunt Groups, Call Pickup, and Call Park. Understand the capabilities of and demonstrate the Bulk Administration Tool Understand the SMART Licensing model for Cisco Unified Communications Understand and demonstrate the use of the Unified Reporting tool Understand and demonstrate the use of the Dialed Number Analyzer Communications Manager Administration for Version 12.5 (CMA v12.5) is an instructor-led course presented to system administrators and customers involved with the day-to-day operation of the Cisco Unified Communications Manager product. This course introduces you to the CUCM system, the necessary procedures for administering IP Phones and Users, understanding the Dial Plan and implementing Features. In addition to instructor-led lectures and discussions, you will configure CUCM and Cisco IP Phones in the lab, either in a live classroom or WebEx remote classroom environment. While the Cisco Unified Communications Manager software used in the class is version 12.5.1, the course material applies to versions 8.x, 9.x, 10.x, 11.x, or 12.x. The concepts and the lab tasks are the same for most of the Cisco Unified Communications Manager software versions CUCM System Basics Introduction to IP Telephony Traditional Voice vs. IP Telephony Clustering Overview Intra-Cluster Communications CUCM Redundancy Options Deployment Models Campus (Single Site) Deployment Centralized Call Processing Deployment Distributed Call Processing Deployment Clustering over the IP WAN Call Processing Deployment Hybrid Call Processing Deployment Basics of CUCM Configuration Administrative Interfaces Administration and Serviceability Unified Reporting and the Enterprise License Manager Disaster Recovery System and Unified OS Administration Navigation Bar Command Line Interface Server Redundancy: CM Groups CM Group Configuration Date/Time Group Regions and Codecs Locations Device Pool Configuration Service Parameters Configuration Enterprise Parameters Configuration Supporting Phones and Users Configuring CUCM to Support Phones Cisco Unified IP Phone Model Ranges Specialized Cisco IP 89xx and 99xx phones Cisco Jabber Client Phone Button Templates Softkey Template Cisco IP Phone Registration Device Defaults Phone Configuration Manual Phone Configuration Auto-Registration Self-Provisioning Using the Bulk Administration Tool (BAT) Deploying new phones and users Overview of the Auto-Register Phone Tool Configuring CUCM to Support Users Understanding CUCM Users Manual User Creation User Import with BAT Importing Users with LDAP Sync LDAP Authentication Understanding User Administration Configuring User Administration Working with Access Control Groups Assigning End Users to Access Control Groups User Web Pages Understanding the Dial Plan Dial Plan Overview Introduction to the Dial Plan Understanding Dial Plan Components Route Lists, Route Groups and Devices Call Routing Understanding Digit Analysis Basics of Dial Plan Configuration Basics of the Dial Plan Dial Plan Configuration Translation Patterns Route Plan Report Advanced Dial Plan Configuration Understanding Digit Manipulation External Phone Number Masks Transformation Masks Discard Digits Instructions: PreDot Class of Control Overview of Class of Control Partitions and Calling Search Space Traditional vs. Line/Device Approach Configuring Partitions and CSSs Time of Day Routing PLAR Application Forced Authorization Codes CUCM Features Media Resources Overview of Media Resources Conference Bridge Music on Hold Transcoder Annunciator Overview of Media Resource Management Configuring Media Resources User Features Configuring Call Coverage in Cisco Unified Communications Manager Call Coverage in Cisco Unified Communications Manager Hunt Group Overview Hunt Group Configuration Final Forwarding Shared Lines Call Pickup Directed and Group Call Pickup Call Park Lab Outline Configuring the System to Support Cisco IP Phones Creating and Associating Users Configuring Basic Dial Plan Elements Configuring Complex Dial Plan Elements Implementing Class of Control Configuring Media Resources Configuring Hunt Groups and Call Coverage Configuring Call Pickup and Call Park

Duration 3 Days 18 CPD hours This course is intended for This course is intended for network administrators, operators, and engineers responsible for managing the normal day-to-day operation and administration of BIG-IP Access Policy Manager Overview This course provides the skills to create and manage BIG-IP APM system. This course covers three typical deployment scenarios for BIG-IP Access Policy Manager (APM) and is broken into three individual lessons. In lesson one, you learn how to configure BIG-IP APM to provide Active Directory-based authentication for a load-balanced pool of web servers. In lesson two, you learn how to create a policy that provides an SSL VPN (Network Access) resource to users, but only when they log into BIG-IP APM using a corporate-issued PC. Finally, lesson three builds on the first two lessons to create a policy that provides a dynamic landing page with both SSL VPN as well as an OWA (Portal Access) resource, but only to users with special authorization. Setting Up the BIG-IP System Introducing the BIG-IP System Initially Setting Up the BIG-IP System Archiving the BIG-IP Configuration Leveraging F5 Support Resources and Tools Configuring Web Application Access Review of BIG-IP LTM Introduction to the Access Policy Web Access Application Configuration Overview Web Application Access Configuration in Detail Exploring the Access Policy Navigating the Access Policy Managing BIG-IP APM BIG-IP APM Sessions and Access Licenses Session Variables and sessiondump Session Cookies Access Policy General Purpose Agents List Using Authentication Introduction to Access Policy Authentication Active Directory AAA Server RADIUS One-Time Password Local User Database Understanding Assignment Agents List of Assignment Agents Configuring Portal Access Introduction to Portal Access Portal Access Configuration Overview Portal Access Configuration Portal Access in Action Configuring Network Access Concurrent User Licensing VPN Concepts Network Access Configuration Overview Network Access Configuration Network Access in Action Deploying Macros Access Policy Macros Configuring Macros An Access Policy is a Flowchart Access Policy Logon Agents Configuring Logon Agents Exploring Client-Side Checks Client-Side Endpoint Security Exploring Server-Side Checks Server-Side Endpoint Security Agents List Server-Side and Client-Side Checks Differences Using Authorization Active Directory Query Active Directory Nested Groups Configuration in Detail Configuring AppTunnels Application Access Remote Desktop Network Access Optimized Tunnels Landing Page Bookmarks Deploying Access Control Lists Introduction to Access Control Lists Configuration Overview Dynamic ACLs Portal Access ACLs Signing On with SSO Remote Desktop Single Sign-On Portal Access Single Sign-On Using iRules iRules Introduction Basic TCL Syntax iRules and Advanced Access Policy Rules Customizing BIG-IP APM Customization Overview BIG-IP Edge Client Advanced Edit Mode Customization Landing Page Sections Deploying SAML SAML Conceptual Overview SAML Configuration Overview Exploring Webtops and Wizards Webtops Wizards Using BIG-IP Edge Client BIG-IP Edge Client for Windows Installation BIG-IP Edge Client in Action Lesson Configuration Project Additional Training and Certification Getting Started Series Web-Based Training F5 Instructor Led Training Curriculum F5 Professional Certification Program F5 Instructor Led Training Curriculum F5 Professional Certification Program Additional course details: Nexus Humans F5 Configuring BIG-IP APM - Access Policy Manager v13.x training program is a workshop that presents an invigorating mix of sessions, lessons, and masterclasses meticulously crafted to propel your learning expedition forward. This immersive bootcamp-style experience boasts interactive lectures, hands-on labs, and collaborative hackathons, all strategically designed to fortify fundamental concepts. Guided by seasoned coaches, each session offers priceless insights and practical skills crucial for honing your expertise. Whether you're stepping into the realm of professional skills or a seasoned professional, this comprehensive course ensures you're equipped with the knowledge and prowess necessary for success. While we feel this is the best course for the F5 Configuring BIG-IP APM - Access Policy Manager v13.x course and one of our Top 10 we encourage you to read the course outline to make sure it is the right content for you. Additionally, private sessions, closed classes or dedicated events are available both live online and at our training centres in Dublin and London, as well as at your offices anywhere in the UK, Ireland or across EMEA.

Duration 5 Days 30 CPD hours Overview By the end of the course, you should be able to meet the following objectives: Describe the architecture and main components of NSX Explain the features and benefits of NSX Deploy the NSX Management cluster and VMware NSX Edge™ nodes Prepare VMware ESXi™ hosts to participate in NSX networking Create and configure segments for layer 2 forwarding Create and configure Tier-0 and Tier-1 gateways for logical routing Use distributed and gateway firewall policies to filter east-west and north-south traffic in NSX Configure Advanced Threat Prevention features Configure network services on NSX Edge nodes Use VMware Identity Manager™ and LDAP to manage users and access Explain the use cases, importance, and architecture of Federation This five-day, fast-paced course provides comprehensive training to install, configure, and manage a VMware NSX© environment. This course covers key features and functionality offered in the NSX 4.0.0.1 and NSX 4.0.1 releases, including the overall infrastructure, logical switching, logical routing, networking and security services, firewalls and advanced threat prevention, and more. Course Introduction Introductions and course logistics Course objectives VMware Virtual Cloud Network and VMware NSX Introduce the VMware Virtual Cloud Network vision Describe the NSX product portfolio Discuss NSX features, use cases, and benefits Explain NSX architecture and components Explain the management, control, data, and consumption planes and their functions. Preparing the NSX Infrastructure Deploy VMware NSX© ManagerTM nodes on ESXi hypervisors Navigate through the NSX UI Explain data plane components such as N-VDS/VDS, transport nodes, transport zones, profiles, and more Perform transport node preparation and configure the data plane infrastructure Verify transport node status and connectivity Explain DPU-based acceleration in NSX Install NSX using DPUs NSX Logical Switching Introduce key components and terminology in logical switching Describe the function and types of L2 segments Explain tunneling and the Geneve encapsulation Configure logical segments and attach hosts using NSX UI Describe the function and types of segment profiles Create segment profiles and apply them to segments and ports Explain the function of MAC, ARP, and TEP tables used in packet forwarding Demonstrate L2 unicast packet flow Explain ARP suppression and BUM traffic handling NSX Logical Routing Describe the logical routing function and use cases Introduce the two-tier routing architecture, topologies, and components Explain the Tier-0 and Tier-1 gateway functions Describe the logical router components: Service Router and Distributed Router Discuss the architecture and function of NSX Edge nodes Discuss deployment options of NSX Edge nodes Configure NSX Edge nodes and create NSX Edge clusters Configure Tier-0 and Tier-1 gateways Examine single-tier and multitier packet flows Configure static routing and dynamic routing, including BGP and OSPF Enable ECMP on a Tier-0 gateway Describe NSX Edge HA, failure detection, and failback modes Configure VRF Lite NSX Bridging Describe the function of logical bridging Discuss the logical bridging use cases Compare routing and bridging solutions Explain the components of logical bridging Create bridge clusters and bridge profiles NSX Firewalls Describe NSX segmentation Identify the steps to enforce Zero-Trust with NSX segmentation Describe the Distributed Firewall architecture, components, and function Configure Distributed Firewall sections and rules Configure the Distributed Firewall on VDS Describe the Gateway Firewall architecture, components, and function Configure Gateway Firewall sections and rules NSX Advanced Threat Prevention Explain NSX IDS/IPS and its use cases Configure NSX IDS/IPS Deploy NSX Application Platform Identify the components and architecture of NSX Malware Prevention Configure NSX Malware Prevention for east-west and north-south traffic Describe the use cases and architecture of VMware NSX© Intelligence? Identify the components and architecture of VMware NSX© Network Detection and Response? Use NSX Network Detection and Response to analyze network traffic events. NSX Services Explain and configure Network Address Translation (NAT) Explain and configure DNS and DHCP services Describe VMware NSX© Advanced Load Balancer? architecture, components, topologies, and use cases. Configure NSX Advanced Load Balancer Discuss the IPSec VPN and L2 VPN function and use cases Configure IPSec VPN and L2 VPN using the NSX UI NSX User and Role Management Describe the function and benefits of VMware Identity Manager? in NSX Integrate VMware Identity Manager with NSX Integrate LDAP with NSX Identify the various types of users, authentication policies, and permissions Use role-based access control to restrict user access Explain object-based access control in NSX NSX Federation Introduce the NSX Federation key concepts, terminology, and use cases. Explain the onboarding process of NSX Federation Describe the NSX Federation switching and routing functions. Describe the NSX Federation security concepts.

Duration 2 Days 12 CPD hours This course is intended for Security architects System designers Network administrators Operations engineers Network managers, network or security technicians, and security engineers and managers responsible for web security Cisco integrators and partners Overview After taking this course, you should be able to: Describe Cisco WSA Deploy proxy services Utilize authentication Describe decryption policies to control HTTPS traffic Understand differentiated traffic access policies and identification profiles Enforce acceptable use control settings Defend against malware Describe data security and data loss prevention Perform administration and troubleshooting The Securing the Web with Cisco Web Security Appliance (SWSA) v3.0 course shows you how to implement, use, and maintain Cisco© Web Security Appliance (WSA), powered by Cisco Talos, to provide advanced protection for business email and control against web security threats. Through a combination of expert instruction and hands-on practice, you?ll learn how to deploy proxy services, use authentication, implement policies to control HTTPS traffic and access, implement use control settings and policies, use the solution?s anti-malware features, implement data security and data loss prevention, perform administration of Cisco WSA solution, and more. Describing Cisco WSA Technology Use Case Cisco WSA Solution Cisco WSA Features Cisco WSA Architecture Proxy Service Integrated Layer 4 Traffic Monitor Data Loss Prevention Cisco Cognitive Intelligence Management Tools Cisco Advanced Web Security Reporting (AWSR) and Third-Party Integration Cisco Content Security Management Appliance (SMA) Deploying Proxy Services Explicit Forward Mode vs. Transparent Mode Transparent Mode Traffic Redirection Web Cache Control Protocol Web Cache Communication Protocol (WCCP) Upstream and Downstream Flow Proxy Bypass Proxy Caching Proxy Auto-Config (PAC) Files FTP Proxy Socket Secure (SOCKS) Proxy Proxy Access Log and HTTP Headers Customizing Error Notifications with End User Notification (EUN) Pages Utilizing Authentication Authentication Protocols Authentication Realms Tracking User Credentials Explicit (Forward) and Transparent Proxy Mode Bypassing Authentication with Problematic Agents Reporting and Authentication Re-Authentication FTP Proxy Authentication Troubleshooting Joining Domains and Test Authentication Integration with Cisco Identity Services Engine (ISE) Creating Decryption Policies to Control HTTPS Traffic Transport Layer Security (TLS)/Secure Sockets Layer (SSL) Inspection Overview Certificate Overview Overview of HTTPS Decryption Policies Activating HTTPS Proxy Function Access Control List (ACL) Tags for HTTPS Inspection Access Log Examples Understanding Differentiated Traffic Access Policies and Identification Profiles Overview of Access Policies Access Policy Groups Overview of Identification Profiles Identification Profiles and Authentication Access Policy and Identification Profiles Processing Order Other Policy Types Access Log Examples ACL Decision Tags and Policy Groups Enforcing Time-Based and Traffic Volume Acceptable Use Policies, and End User Notifications Defending Against Malware Web Reputation Filters Anti-Malware Scanning Scanning Outbound Traffic Anti-Malware and Reputation in Policies File Reputation Filtering and File Analysis Cisco Advanced Malware Protection File Reputation and Analysis Features Integration with Cisco Cognitive Intelligence Enforcing Acceptable Use Control Settings Controlling Web Usage URL Filtering URL Category Solutions Dynamic Content Analysis Engine Web Application Visibility and Control Enforcing Media Bandwidth Limits Software as a Service (SaaS) Access Control Filtering Adult Content Data Security and Data Loss Prevention Data Security Cisco Data Security Solution Data Security Policy Definitions Data Security Logs Performing Administration and Troubleshooting Monitor the Cisco Web Security Appliance Cisco WSA Reports Monitoring System Activity Through Logs System Administration Tasks Troubleshooting Command Line Interface References Comparing Cisco WSA Models Comparing Cisco SMA Models Overview of Connect, Install, and Configure Deploying the Cisco Web Security Appliance Open Virtualization Format (OVF) Template Mapping Cisco Web Security Appliance Virtual Machine (VM) Ports to Correct Networks Connecting to the Cisco Web Security Virtual Appliance Enabling Layer 4 Traffic Monitor (L4TM) Accessing and Running the System Setup Wizard Reconnecting to the Cisco Web Security Appliance High Availability Overview Hardware Redundancy Introducing Common Address Redundancy Protocol (CARP) Configuring Failover Groups for High Availability Feature Comparison Across Traffic Redirection Options Architecture Scenarios When Deploying Cisco AnyConnect© Secure Mobility Additional course details: Nexus Humans SWSA v3.0-Securing the Web with Cisco Web Security Appliance training program is a workshop that presents an invigorating mix of sessions, lessons, and masterclasses meticulously crafted to propel your learning expedition forward. This immersive bootcamp-style experience boasts interactive lectures, hands-on labs, and collaborative hackathons, all strategically designed to fortify fundamental concepts. Guided by seasoned coaches, each session offers priceless insights and practical skills crucial for honing your expertise. Whether you're stepping into the realm of professional skills or a seasoned professional, this comprehensive course ensures you're equipped with the knowledge and prowess necessary for success. While we feel this is the best course for the SWSA v3.0-Securing the Web with Cisco Web Security Appliance course and one of our Top 10 we encourage you to read the course outline to make sure it is the right content for you. Additionally, private sessions, closed classes or dedicated events are available both live online and at our training centres in Dublin and London, as well as at your offices anywhere in the UK, Ireland or across EMEA.

Duration 5 Days 30 CPD hours This course is intended for Experienced system administrators and network administrators Overview By the end of the course, you should be able to meet the following objectives: Describe the NSX Advanced Load Balancer architecture Describe the NSX Advanced Load Balancer components and main functions Explain the NSX Advanced Load Balancer key features and benefits Deploy and configure the NSX Advanced Load Balancer infrastructure within private or public clouds using Write and No-Access Cloud Connectors Explain, deploy, and configure Service Engines Explain and configure local load balancing constructs such as virtual services, pools, health monitors, and related components Explain and configure advanced virtual services and related concepts such as Subject Name Indication, Enhanced Virtual Hosting, and authentication of virtual services Explain and modify application behavior through profiles, policies, and DataScripts Describe Central licensing management using VMware NSX Advanced Load Balancer Enterprise with Cloud services (formerly Avi Pulse) Explain how to configure Role-Based Access Control (RBAC) in NSX Advanced Load Balancer Configure advanced services such as global server load balancing Describe how to use NSX Advanced Load Balancer REST API interfaces and related automation capabilities Describe and configure NSX Advanced Load Balancer application and infrastructure monitoring Gather relevant information and perform basic troubleshooting of applications that use built-in NSX Advanced Load Balancer tooling Identify the key features of VMware NSX Network Detection and Response This five-day, fast-paced course provides comprehensive training to install, configure, and manage a VMware NSX Advanced Load Balancer (Avi Networks) solution. This course covers key NSX Advanced Load Balancer (Avi Networks) features and functionality offered in the NSX Advanced Load Balancer 21.x release. Features include the overall infrastructure, virtual services, application components, global server load balancing, various cloud connectors, application troubleshooting, and solution monitoring. Hands-on labs provide access to a software-defined data center environment to reinforce the skills and concepts presented in the course. Course Introduction Introduction and course logistics Course objectives Introduction to NSX Advanced Load Balancer Introduce NSX Advanced Load Balancer Discuss NSX Advanced Load Balancer use cases and benefits Explain NSX Advanced Load Balancer architecture and components Explain the management, control, data, and consumption planes and their respective functions Virtual Services Configuration Concepts Explain virtual service components Explain virtual service types Explain and configure basic virtual service components such as application profiles and network profiles Virtual Services Configuration Advanced Concepts Explain the virtual service advanced components such as Wildcard VIP, Server Name Identification (SNI), and Enhanced Virtual Hosting (EVH) Explain the concept of virtual service VIP Sharing Explain different authentication mechanisms used for a virtual service such as LDAP, SAML, JSON Web Token, and OAUTH Profiles and Policies Explain application profiles and types such as L4, DNS, Syslog, HTTP, and VMware Horizon VDI Explain and configure advanced application HTTP profile options Describe network profiles and types Explain and configure SSL profiles and certificates Explain and configure HTTP, network, and DNS policies Pools Configuration Concepts Explain pools configuration options Describe the available load balancing algorithms Explain multiple health monitor types Explain multiple Persistence profiles Explain and configure pool groups Modifying Application Behavior Design and apply application solutions by using application profiles Design and apply application solutions by using network, HTTP policies, and DataScripts Explain DataScript fundamentals Explain and use NSX Advanced Load Balancer analytics to understand application behavior Describe and configure client SSL certificate validation Describe and configure virtual service DDoS, Rate limiting, and Throttling capabilities Modify network profile properties such as TCP connection properties Design and apply application solutions by using Persistence profiles NSX Advanced Load Balancer Infrastructure Architecture Explain management, control, data, and consumption planes and functions Describe control plane clustering and high availability Describe controller sizing and process sharing Describe Service Engine CPU and NIC architecture Explain tenants Configure properties of Service Engine groups Explain Service Engine group high availability modes Describe and configure active-standby high availability mode Explain Service Engine placement in multiple availability zones for public clouds Describe and configure elastic HA high availability mode (Active-Active, N+M) Explain Service Engine failure detection and self-healing Describe Service Engine as a router Explain virtual service scale-out options such as Layer 2 (Native), Layer 3 (BGP), and DNS-based Describe how to upgrade NSX Advanced Load Balancer Introduction to Cloud Connector Explain cloud connectors Review cloud connector integration modes List cloud connector types Review the different Service Engine image types in different ecosystems Installing, Configuring, and Managing NSX Advanced Load Balancer in No-Orchestrator Cloud Explain No-Access cloud concepts Configure No-Access cloud integration on bare metal Explain and configure Linux Server Cloud Explain and configure VMware No Orchestrator Describe the advanced configuration options available in bare metal (Linux Server Cloud) Installing, Configuring, and Managing NSX Advanced Load Balancer in VMware Environment: Cloud Configuration Introduce VMware integration options Explain and configure VMware Write Access Cloud Connector Explain NSX Advanced Load Balancer integration options in a VMware NSX environment Explain and configure NSX Cloud Connector for Overlay and VLAN-backed segments AWS Cloud Configuration Describe NSX Advanced Load Balancer public cloud integrations Explain different AWS components Explain and demonstrate AWS public cloud integration Deploy VMware NSX Advanced Load Balancer Controller, SEs, and virtual services in AWS Cloud Review Multi-AZ Support for virtual services in AWS cloud GCP Cloud Configuration Explain different GCP components Explain and demonstrate GCP public cloud integration Deploy NSX Advanced Load Balancer Controller, SEs, and virtual services in GCP cloud Azure Cloud Configuration Describe NSX Advanced Load Balancer public cloud integrations Explain different Microsoft Azure components Explain and demonstrate Azure public cloud integration Deploy NSX Advanced Load Balancer Controller, SEs, and virtual services in Azure Cloud NSX Advanced Load Balancer Enterprise with Cloud Services (Avi Pulse) Describe NSX Advanced Load Balancer public cloud services Explain different features of NSX Advanced Load Balancer Cloud Services Register the controller with Cloud Services DNS Foundations Review, discuss, and explain DNS fundamentals Describe NSX Advanced Load Balancer DNS and IPAM providers Global Server Load Balancing (GSLB) Introduce Global Server load balancing concepts and benefits Explain and configure the NSX Advanced Load Balancer infrastructure Explain and configure the DNS Virtual Service components Explain and configure GSLB Service Engine Group Describe and configure GSLB sites Explain and configure basic GSLB services to include pools and health monitors Describe GSLB Server Load Balancing algorithms Explain and configure health monitors based on data plane and control plane Describe GSLB Health Monitor Proxy Explain GSLB Site-Cookie Persistence Explain the different GSLB replication methods Role-Based Access Control (RBAC) Introduce local authentication in NSX Advanced Load Balancer Introduce remote authentication in NSX Advanced Load Balancer Review the different types of remote authentication Explain granular RBAC using labels NSX Advanced Load Balancer: Troubleshooting Introduce infrastructure and application troubleshooting concepts Describe troubleshooting based on control plane and data plane Explain application analytics and logs Describe client logs analysis Explain headers troubleshooting and packet capture mechanism Describe how to use CLI for detailed data plane troubleshooting Explain Service Engine logs Explain health monitors troubleshooting Explain BGP session troubleshooting Describe control plane troubleshooting, clustering, and cloud connector issues Events and Alerts Describe NSX Advanced Load Balancer events Describe and configure NSX Advanced Load Balancer alerts Describe NSX Advanced Load Balancer monitoring capabilities with SNMP, Syslog, and Email Introduction to NSX Advanced Load Balancer Rest API Introduce the NSX Advanced Load Balancer REST API interface Describe REST API Object Schema Explain and interact with REST API interface with

Duration 5 Days 30 CPD hours This course is intended for IT professionals with five to eight years of experience in these roles: Data center engineers Network designers Network administrators Network engineers Systems engineers System administrator Consulting systems engineers Technical solutions architects Server administrators Network managers Cisco integrators or partners Overview After taking this course, you should be able to: Describe the Layer 2 and Layer 3 forwarding options and protocols used in a data center Describe the rack design options, traffic patterns, and data center switching layer access, aggregation, and core Describe the Cisco Overlay Transport Virtualization (OTV) technology that is used to interconnect data centers Describe Locator/ID separation protocol Design a solution that uses Virtual Extensible LAN (VXLAN) for traffic forwarding Describe hardware redundancy options; how to virtualize the network, compute, and storage functions; and virtual networking in the data center Describe solutions that use fabric extenders and compare Cisco Adapter Fabric Extender (FEX) with single root input/output virtualization (SR-IOV) Describe security threats and solutions in the data center Describe advanced data center security technologies and best practices Describe device management and orchestration in the data center Describe the storage options for compute function and different Redundant Array of Independent Disks (RAID) levels from a high-availability and performance perspective Describe Fibre Channel concepts, topologies, architecture, and industry terms Describe Fibre Channel over Ethernet (FCoE) Describe security options in the storage network Describe management and automation options for storage networking infrastructure Describe Cisco UCS servers and use cases for various Cisco UCS platforms Explain the connectivity options for fabric interconnects for southbound and northbound connections Describe the hyperconverged solution and integrated systems Describe the systemwide parameters for setting up a Cisco UCS domain Describe role-based access control (RBAC) and integration with directory servers to control access rights on Cisco UCS Manager Describe the pools that may be used in service profiles or service profile templates on Cisco UCS Manager Describe the different policies in the service profile Describe the Ethernet and Fibre Channel interface policies and additional network technologies Describe the advantages of templates and the difference between initial and updated templates Describe data center automation tools The Designing Cisco Data Center Infrastructure (DCID) v7.0 course helps you master design and deployment options focused on Cisco© data center solutions and technologies across network, compute, virtualization, storage area networks, automation, and security. You will learn design practices for the Cisco Unified Computing System? (Cisco UCS©) solution based on Cisco UCS B-Series and C-Series servers, Cisco UCS Manager, and Cisco Unified Fabric. You will also gain design experience with network management technologies including Cisco UCS Manager, Cisco Data Center Network Manager (DCNM), and Cisco UCS Director. This course helps you prepare to take the exam, Designing Cisco Data Center Infrastructure (300-610 DCID) Describing High Availability on Layer 2 Overview of Layer 2 High-Availability Mechanisms Virtual Port Channels Cisco Fabric Path Virtual Port Channel+ Designing Layer 3 Connectivity First Hop Redundancy Protocols Improve Routing Protocol Performance and Security Enhance Layer 3 Scalability and Robustness Designing Data Center Topologies Data Center Traffic Flows Cabling Challenges Access Layer Aggregation Layer Core Layer Spine-and-Leaf Topology Redundancy Options Designing Data Center Interconnects with Cisco OTV Cisco OTV Overview Cisco OTV Control and Data Planes Failure Isolation Cisco OTV Features Optimize Cisco OTV Evaluate Cisco OTV Describing Locator/ID Separation Protocol Locator/ID Separation Protocol Location Identifier Separation Protocol (LISP) Virtual Machine (VM) Mobility LISP Extended Subnet Mode (ESM) Multihop Mobility LISP VPN Virtualization Describing VXLAN Overlay Networks Describe VXLAN Benefits over VLAN Layer 2 and Layer 3 VXLAN Overlay Multiprotocol Border Gateway Protocol (MP-BGP) Ethernet VPN (EVPN) Control Plane Overview VXLAN Data Plane Describing Hardware and Device Virtualization Hardware-Based High Availability Device Virtualization Cisco UCS Hardware Virtualization Server Virtualization SAN Virtualization N-Port ID Virtualization Describing Cisco FEX Options Cisco Adapter FEX Access Layer with Cisco FEX Cisco FEX Topologies Virtualization-Aware Networking Single Root I/O Virtualization Cisco FEX Evaluation Describing Basic Data Center Security Threat Mitigation Attack and Countermeasure Examples Secure the Management Plane Protect the Control Plane RBAC and Authentication, Authorization, and Accounting (AAA) Describing Advanced Data Center Security Cisco TrustSec in Cisco Secure Enclaves Architecture Cisco TrustSec Operation Firewalling Positioning the Firewall Within Data Center Networks Cisco Firepower© Portfolio Firewall Virtualization Design for Threat Mitigation Describing Management and Orchestration Network and License Management Cisco UCS Manager Cisco UCS Director Cisco Intersight Cisco DCNM Overview Describing Storage and RAID Options Position DAS in Storage Technologies Network-Attached Storage Fibre Channel, FCoE, and Internet Small Computer System Interface (iSCSI) Evaluate Storage Technologies Describing Fibre Channel Concepts Fibre Channel Connections, Layers, and Addresses Fibre Channel Communication Virtualization in Fibre Channel SAN Describing Fibre Channel Topologies SAN Parameterization SAN Design Options Choosing a Fibre Channel Design Solution Describing FCoE FCoE Protocol Characteristics FCoE Communication Data Center Bridging FCoE Initialization Protocol FCoE Design Options Describing Storage Security Common SAN Security Features Zones SAN Security Enhancements Cryptography in SAN Describing SAN Management and Orchestration Cisco DCNM for SAN Cisco DCNM Analytics and Streaming Telemetry Cisco UCS Director in the SAN Cisco UCS Director Workflows Describing Cisco UCS Servers and Use Cases Cisco UCS C-Series Servers Fabric Interconnects and Blade Chassis Cisco UCS B-Series Server Adapter Cards Stateless Computing Cisco UCS Mini Describing Fabric Interconnect Connectivity Use of Fabric Interconnect Interfaces VLANs and VSANs in a Cisco UCS Domain Southbound Connections Northbound Connections Disjoint Layer 2 Networks Fabric Interconnect High Availability and Redundancy Describing Hyperconverged and Integrated Systems Hyperconverged and Integrated Systems Overview Cisco HyperFlex? Solution Cisco HyperFlex Scalability and Robustness Cisco HyperFlex Clusters Cluster Capacity and Multiple Clusters on One Cisco UCS Domain External Storage and Graphical Processing Units on Cisco HyperFlex Cisco HyperFlex Positioning Describing Cisco UCS Manager Systemwide Parameters Cisco UCS Setup and Management Cisco UCS Traffic Management Describing Cisco UCS RBAC Roles and Privileges Organizations in Cisco UCS Manager Locales and Effective Rights Authentication, Authorization, and Accounting Two-Factor Authentication Describing Pools for Service Profiles Global and Local Pools Universally Unique Identifier (UUID) Suffix and Media Access Control (MAC) Address Pools World Wide Name (WWN) Pools Server and iSCSI Initiator IP Pools Describing Policies for Service Profiles Global vs. Local Policies Storage and Basic Input/Output System (BIOS) Policies Boot and Scrub Policies Intelligent Platform Management Interface (IPMI) and Maintenance Policies Describing Network-Specific Adapters and Policies LAN Connectivity Controls SAN Connectivity Controls Virtual Access Layer Connectivity Enhancements Describing Templates in Cisco UCS Manager Cisco UCS Templates Service Profile Templates Network Templates Designing Data Center Automation Model-Driven Programmability Cisco NX-API Overview Programmability Using Python Cisco Ansible Module Use the Puppet Agent Additional course details: Nexus Humans Cisco Designing Cisco Data Center Infrastructure v7.0 (DCID) training program is a workshop that presents an invigorating mix of sessions, lessons, and masterclasses meticulously crafted to propel your learning expedition forward. This immersive bootcamp-style experience boasts interactive lectures, hands-on labs, and collaborative hackathons, all strategically designed to fortify fundamental concepts. Guided by seasoned coaches, each session offers priceless insights and practical skills crucial for honing your expertise. Whether you're stepping into the realm of professional skills or a seasoned professional, this comprehensive course ensures you're equipped with the knowledge and prowess necessary for success. While we feel this is the best course for the Cisco Designing Cisco Data Center Infrastructure v7.0 (DCID) course and one of our Top 10 we encourage you to read the course outline to make sure it is the right content for you. Additionally, private sessions, closed classes or dedicated events are available both live online and at our training centres in Dublin and London, as well as at your offices anywhere in the UK, Ireland or across EMEA.

Duration 5 Days 30 CPD hours This course is intended for This course is targeted towards the information technology (IT) professional that has a minimum 1 year IT Security and Networking experience. This course would be ideal for Information System Owners, Security Officers, Ethical Hackers, Information Owners, Penetration Testers, System Owner and Managers as well as Cyber Security Engineers. Overview Upon completion, the Certified Professional Ethical Hacker candidate will be able to competently take the CPEH exam. The CPEH certification training enables students to understand the importance of vulnerability assessments and how to implement counter response along with preventative measures when it comes to a network hack. Security Fundamentals Overview The Growth of Environments and Security Our Motivation? The Goal: Protecting Information! CIA Triad in Detail Approach Security Holistically Security Definitions Definitions Relationships Method: Ping The TCP/IP Stack Which Services Use Which Ports? TCP 3-Way Handshake TCP Flags Malware Types of Malware Types of Malware Cont... Types of Viruses More Malware: Spyware Trojan Horses Back Doors DoS DDoS Packet Sniffers Passive Sniffing Active Sniffing Firewalls, IDS and IPS Firewall ? First Line of Defense IDS ? Second Line of Defense IPS ? Last Line of Defense? Firewalls Firewall Types: (1) Packet Filtering Firewall Types: (2) Proxy Firewalls Firewall Types ? Circuit-Level Proxy Firewall Type of Circuit- Level Proxy ? SOCKS Firewall Types ? Application-Layer Proxy Firewall Types: (3) Stateful Firewall Types: (4) Dynamic Packet-Filtering Firewall Types: (5) Kernel Proxies Firewall Placement Firewall Architecture Types ? Screened Host Multi- or Dual-Homed Screened Subnet Wi-Fi Network Types Wi-Fi Network Types Widely Deployed Standards Standards Comparison 802.11n - MIMO Overview of Database Server Review Access Controls Overview Role of Access Control Definitions More Definitions Categories of Access Controls Physical Controls Logical Controls ?Soft? Controls Security Roles Steps to Granting Access Access Criteria Physical Access Control Mechanisms Biometric System Types Synchronous Token Asynchronous Token Device Memory Cards Smart Card Cryptographic Keys Logical Access Controls OS Access Controls Linux Access Controls Accounts and Groups Password & Shadow File Formats Accounts and Groups Linux and UNIX Permissions Set UID Programs Trust Relationships Review Protocols Protocols Overview OSI ? Application Layer OSI ? Presentation Layer OSI ? Session Layer Transport Layer OSI ? Network Layer OSI ? Data Link OSI ? Physical Layer Protocols at Each OSI Model Layer TCP/IP Suite Port and Protocol Relationship Conceptual Use of Ports UDP versus TCP Protocols ? ARP Protocols ? ICMP Network Service ? DNS SSH Security Protocol SSH Protocols ? SNMP Protocols ? SMTP Packet Sniffers Example Packet Sniffers Review Cryptography Overview Introduction Encryption Cryptographic Definitions Encryption Algorithm Implementation Symmetric Encryption Symmetric Downfalls Symmetric Algorithms Crack Times Asymmetric Encryption Public Key Cryptography Advantages Asymmetric Algorithm Disadvantages Asymmetric Algorithm Examples Key Exchange Symmetric versus Asymmetric Using the Algorithm Types Together Instructor Demonstration Hashing Common Hash Algorithms Birthday Attack Example of a Birthday Attack Generic Hash Demo Instructor Demonstration Security Issues in Hashing Hash Collisions MD5 Collision Creates Rogue Certificate Authority Hybrid Encryption Digital Signatures SSL/TLS SSL Connection Setup SSL Hybrid Encryption SSH IPSec - Network Layer Protection IPSec IPSec Public Key Infrastructure Quantum Cryptography Attack Vectors Network Attacks More Attacks (Cryptanalysis) Review Why Vulnerability Assessments? Overview What is a Vulnerability Assessment? Vulnerability Assessment Benefits of a Vulnerability Assessment What are Vulnerabilities? Security Vulnerability Life Cycle Compliance and Project Scoping The Project Overview Statement Project Overview Statement Assessing Current Network Concerns Vulnerabilities in Networks More Concerns Network Vulnerability Assessment Methodology Network Vulnerability Assessment Methodology Phase I: Data Collection Phase II: Interviews, Information Reviews, and Hands-On Investigation Phase III: Analysis Analysis cont. Risk Management Why Is Risk Management Difficult? Risk Analysis Objectives Putting Together the Team and Components What Is the Value of an Asset? Examples of Some Vulnerabilities that Are Not Always Obvious Categorizing Risks Some Examples of Types of Losses Different Approaches to Analysis Who Uses What? Qualitative Analysis Steps Quantitative Analysis ALE Values Uses ALE Example ARO Values and Their Meaning ALE Calculation Can a Purely Quantitative Analysis Be Accomplished? Comparing Cost and Benefit Countermeasure Criteria Calculating Cost/Benefit Cost of a Countermeasure Can You Get Rid of All Risk? Management?s Response to Identified Risks Liability of Actions Policy Review (Top-Down) Methodology Definitions Policy Types Policies with Different Goals Industry Best Practice Standards Components that Support the Security Policy Policy Contents When Critiquing a Policy Technical (Bottom-Up) Methodology Review Vulnerability Tools of the Trade Vulnerability Scanners Nessus SAINT ? Sample Report Tool: Retina Qualys Guard http://www.qualys.com/products/overview/ Tool: LANguard Microsoft Baseline Analyzer MBSA Scan Report Dealing with Assessment Results Patch Management Options Review Output Analysis and Reports Overview Staying Abreast: Security Alerts Vulnerability Research Sites Nessus SAINT SAINT Reports GFI Languard GFI Reports MBSA MBSA Reports Review Reconnaissance, Enumeration & Scanning Reconnaissance Overview Step One in the Hacking ?Life-Cycle? What Information is Gathered by the Hacker? Passive vs. Active Reconnaissance Footprinting Defined Social Access Social Engineering Techniques Social Networking Sites People Search Engines Internet Archive: The WayBack Machine Footprinting Tools Overview Maltego GUI Johnny.Ihackstuff.com Google (cont.) Domain Name Registration WHOIS Output DNS Databases Using Nslookup Traceroute Operation Web Server Info Tool: Netcraft Introduction to Port Scanning Which Services use Which Ports? Port Scan Tips Port Scans Shou