Securing UNIX systems training course description This course teaches you everything you need to know to build a safe Linux environment. The first section handles cryptography and authentication with certificates, openssl, mod_ssl, DNSSEC and filesystem encryption. Then Host security and hardening is covered with intrusion detection, and also user management and authentication. Filesystem Access control is then covered. Finally network security is covered with network hardening, packet filtering and VPNs. What will you learn Secure UNIX accounts. Secure UNIX file systems. Secure UNIX access through the network. Securing UNIX systems course details Who will benefit: Linux technical staff needing to secure their systems. Prerequisites: Linux system administration (LPIC-1) Duration 5 days Securing UNIX systems course contents Cryptography Certificates and Public Key Infrastructures X.509 certificates, lifecycle, fields and certificate extensions. Trust chains and PKI. openssl. Public and private keys. Certification authority. Manage server and client certificates. Revoke certificates and CAs. Encryption, signing and authentication SSL, TLS, protocol versions. Transport layer security threats, e.g. MITM. Apache HTTPD with mod_ssl for HTTPS service, including SNI and HSTS. HTTPD with mod_ssl to authenticate users using certificates. HTTPD with mod_ssl to provide OCSP stapling. Use OpenSSL for SSL/TLS client and server tests. Encrypted File Systems Block device and file system encryption. dm-crypt with LUKS to encrypt block devices. eCryptfs to encrypt file systems, including home directories and, PAM integration, plain dm-crypt and EncFS. DNS and cryptography DNSSEC and DANE. BIND as an authoritative name server serving DNSSEC secured zones. BIND as an recursive name server that performs DNSSEC validation, KSK, ZSK, Key Tag, Key generation, key storage, key management and key rollover, Maintenance and resigning of zones, Use DANE. TSIG. Host Security Host Hardening BIOS and boot loader (GRUB 2) security. Disable useless software and services, sysctl for security related kernel configuration, particularly ASLR, Exec-Shield and IP / ICMP configuration, Exec-Shield and IP / ICMP configuration, Limit resource usage. Work with chroot environments, Security advantages of virtualization. Host Intrusion Detection The Linux Audit system, chkrootkit, rkhunter, including updates, Linux Malware Detect, Automate host scans using cron, AIDE, including rule management, OpenSCAP. User Management and Authentication NSS and PAM, Enforce password policies. Lock accounts automatically after failed login attempts, SSSD, Configure NSS and PAM for use with SSSD, SSSD authentication against Active Directory, IPA, LDAP, Kerberos and local domains, Kerberos and local domains, Kerberos tickets. FreeIPA Installation and Samba Integration FreeIPA, architecture and components. Install and manage a FreeIPA server and domain, Active Directory replication and Kerberos cross-realm trusts, sudo, autofs, SSH and SELinux integration in FreeIPA. Access Control Discretionary Access Control File ownership and permissions, SUID, SGID. Access control lists, extended attributes and attribute classes. Mandatory Access Control TE, RBAC, MAC, DAC. SELinux, AppArmor and Smack. etwork File Systems NFSv4 security issues and improvements, NFSv4 server and clients, NFSv4 authentication mechanisms (LIPKEY, SPKM, Kerberos), NFSv4 pseudo file system, NFSv4 ACLs. CIFS clients, CIFS Unix Extensions, CIFS security modes (NTLM, Kerberos), mapping and handling of CIFS ACLs and SIDs in a Linux system. Network Security Network Hardening FreeRADIUS, nmap, scan methods. Wireshark, filters and statistics. Rogue router advertisements and DHCP messages. Network Intrusion Detection ntop, Cacti, bandwidth usage monitoring, Snort, rule management, OpenVAS, NASL. Packet Filtering Firewall architectures, DMZ, netfilter, iptables and ip6tables, standard modules, tests and targets. IPv4 and IPv6 packet filtering. Connection tracking, NAT. IP sets and netfilter rules, nftables and nft. ebtables. conntrackd Virtual Private Networks OpenVPN server and clients for both bridged and routed VPN networks. IPsec server and clients for routed VPN networks using IPsec-Tools / racoon. L2TP.
LTE Airside training course description This course provides a concise insight into the LTE airside. Key parts of the course are detailed looks at the air interface protocol stack, cell acquisition, transmission and reception of data and of he layer 1 procedures along with layer 2 procedures. What will you learn Explain the RF optimisation flowchart. Describe the importance of Reference Signal Received Power (RSRP). List many of the 3GPP recommended KPIs. Describe the concept of APN AMBR and UE AMBR within LTE. Describe the use of planning and optimisation computer tools. LTE Airside training course details Who will benefit: Anyone working with LTE. Prerequisites: Essential LTE Duration 2 days LTE Airside training course contents Introduction and review of LTE This section describes the requirements of LTE and key technical features, and reviews the system architecture. LTE Architecture, UE, E-UTRAN and EPC. Specifications. OFDMA, SC-FDMA and MIMO antennas This section describes the techniques used in the LTE air interface, notably orthogonal frequency division multiple access (OFDMA) and multiple input multiple output (MIMO) antennas. Communication techniques for fading multipath channels. OFDMA, FFT processing and cyclic prefix insertion. SC-FDMA in the LTE uplink. Multiple antenna techniques including transmit & receive diversity and spatial multiplexing. Introduction to the air interface This section covers the operation of the air interface, the channels that it uses, and the mapping to the time and frequency domains of OFDMA and SC-FDMA. Air interface protocol stack. Logical, transport and physical channels. Frame and slot structure, the resource grid. Resource element mapping of the physical channels and physical signals. LTE spectrum allocation. Cell acquisition This is the first of three sections covering the air interface physical layer. Here, we cover mobile procedures to start low-level communications with the cell, and base station transmission of the corresponding information. Primary/secondary synchronisation signals. Downlink reference signals. The master information block. Physical control format indicator channel. Organisation and transmission of the system information. Data transmission and reception In this section, we cover procedures used for data transmission and reception on the shared channels, and describe in detail the individual steps. Data transmission and reception on the uplink and downlink. Scheduling commands and grants on the PDCCH. DL-SCH and UL-SCH. Physical channel processing of the PDSCH and PUSCH. Hybrid ARQ indicators on the PHICH. Uplink control information on the PUCCH. Uplink demodulation and sounding reference signals. Additional physical layer procedure This section concludes our discussion of the air interface physical layer, by discussing a number of procedures that support its operation. Transmission of the physical random access channel. Contention and non-contention based random access procedures. Discontinuous transmission in idle and connected modes. Uplink power control and timing advance. Air interface layer 2 This section describes the architecture and operation of layer 2 of the air interface protocol stack. MAC protocol, interactions with the physical layer, use for scheduling. RLC protocol, transparent, unacknowledged and acknowledged modes. PDCP, including header compression, security functions and recovery from handover.
Securing Linux systems training course description This course teaches you everything you need to know to build a safe Linux environment. The first section handles cryptography and authentication with certificates, openssl, mod_ssl, DNSSEC and filesystem encryption. Then Host security and hardening is covered with intrusion detection, and also user management and authentication. Filesystem Access control is then covered. Finally network security is covered with network hardening, packet filtering and VPNs. What will you learn Secure Linux accounts. Secure Linux file systems. Secure Linux access through the network. Securing Linux systems training course details Who will benefit: Linux technical staff needing to secure their systems. Prerequisites: Linux system administration (LPIC-1) Duration 5 days Securing Linux systems training course contents Cryptography Certificates and Public Key Infrastructures X.509 certificates, lifecycle, fields and certificate extensions. Trust chains and PKI. openssl. Public and private keys. Certification authority. Manage server and client certificates. Revoke certificates and CAs. Encryption, signing and authentication SSL, TLS, protocol versions. Transport layer security threats, e.g. MITM. Apache HTTPD with mod_ssl for HTTPS service, including SNI and HSTS. HTTPD with mod_ssl to authenticate users using certificates. HTTPD with mod_ssl to provide OCSP stapling. Use OpenSSL for SSL/TLS client and server tests. Encrypted File Systems Block device and file system encryption. dm-crypt with LUKS to encrypt block devices. eCryptfs to encrypt file systems, including home directories and, PAM integration, plain dm-crypt and EncFS. DNS and cryptography DNSSEC and DANE. BIND as an authoritative name server serving DNSSEC secured zones. BIND as an recursive name server that performs DNSSEC validation, KSK, ZSK, Key Tag, Key generation, key storage, key management and key rollover, Maintenance and resigning of zones, Use DANE. TSIG. Host Security Host Hardening BIOS and boot loader (GRUB 2) security. Disable useless software and services, sysctl for security related kernel configuration, particularly ASLR, Exec-Shield and IP / ICMP configuration, Exec-Shield and IP / ICMP configuration, Limit resource usage. Work with chroot environments, Security advantages of virtualization. Host Intrusion Detection The Linux Audit system, chkrootkit, rkhunter, including updates, Linux Malware Detect, Automate host scans using cron, AIDE, including rule management, OpenSCAP. User Management and Authentication NSS and PAM, Enforce password policies. Lock accounts automatically after failed login attempts, SSSD, Configure NSS and PAM for use with SSSD, SSSD authentication against Active Directory, IPA, LDAP, Kerberos and local domains, Kerberos and local domains, Kerberos tickets. FreeIPA Installation and Samba Integration FreeIPA, architecture and components. Install and manage a FreeIPA server and domain, Active Directory replication and Kerberos cross-realm trusts, sudo, autofs, SSH and SELinux integration in FreeIPA. Access Control Discretionary Access Control File ownership and permissions, SUID, SGID. Access control lists, extended attributes and attribute classes. Mandatory Access Control TE, RBAC, MAC, DAC. SELinux, AppArmor and Smack. etwork File Systems NFSv4 security issues and improvements, NFSv4 server and clients, NFSv4 authentication mechanisms (LIPKEY, SPKM, Kerberos), NFSv4 pseudo file system, NFSv4 ACLs. CIFS clients, CIFS Unix Extensions, CIFS security modes (NTLM, Kerberos), mapping and handling of CIFS ACLs and SIDs in a Linux system. Network Security Network Hardening FreeRADIUS, nmap, scan methods. Wireshark, filters and statistics. Rogue router advertisements and DHCP messages. Network Intrusion Detection ntop, Cacti, bandwidth usage monitoring, Snort, rule management, OpenVAS, NASL. Packet Filtering Firewall architectures, DMZ, netfilter, iptables and ip6tables, standard modules, tests and targets. IPv4 and IPv6 packet filtering. Connection tracking, NAT. IP sets and netfilter rules, nftables and nft. ebtables. conntrackd Virtual Private Networks OpenVPN server and clients for both bridged and routed VPN networks. IPsec server and clients for routed VPN networks using IPsec-Tools / racoon. L2TP.
LAN training course description A concise overview course covering Local Area Networks with particular emphasis on the use of Ethernet and Wireless LANS. As well as explaining buzzwords we cover how the technology works at a simple level. After defining LANs the course moves onto Ethernet and switching also covering VLANs. WiFi is then covered, with coverage of 802.11 standards and frequencies along with integrating WiFi with Ethernet. The course then covers routers and their role in connecting networks and the course finishes with a comparison of Ethernet vs WiFi and when to use them. What will you learn Describe how Ethernet works (in simple terms) and when to use Ethernet. Explain the difference between a switch and a router. Describe how WiFi works (in simple terms). Describe the role of Access points. Evaluate wireless technologies and when to use them. List the speeds of various LAN technologies. LAN training course details Who will benefit: Sales staff, managers and other non technical staff. Prerequisites: None. Duration 1 day LAN training course contents LANS What is a LAN? LAN standards, LAN choices, choosing the media, copper, UTP, cat5e, fibre, RF, bandwidth speeds, link aggregation, Full/half duplex. Ethernet What is Ethernet? 802.3, parts of Ethernet, Ethernet evolution, MAC addresses, frames, broadcasts. Ethernet switches What are switches, switches versus hubs, how switches work, ways to configure switches, Loops, STP. VLANs What are VLANs? Why have VLANs, impact of VLANs, Tagging (aka trunking), 802.1Q Wireless LANS Type of wireless LAN, RF frequencies, 2.4GHz, 5GHz, others, interference, standards, 802.11 and variants, CSMA/CA. Wireless LANS NICs, Access points, integration with Ethernet, multiple access points, mesh networks, WiFi security. Interconnecting LANs Routers, connecting networks, interconnecting VLANs, IP addressing, Layer 3 switches. Summary WiFi vs Ethernet.
Networks demystified training course description A concise overview course covering all aspects of networking with particular emphasis of use of the 7 layer model as a framework for discussing and learning new network terms enabling delegates to recognise the main buzzwords used in the industry. What will you learn Use the 7 layer model to classify networking terms. Differentiate between LANS and WANS. Recognise bandwidth measurements. List LAN and WAN technologies. Recognise cabling issues in a network. Networks demystified training course details Who will benefit: Sales staff, managers and other non-technical personnel. Technical personnel may benefit more from our Intro to data communications and networking course. Prerequisites: None. Duration 1 day Networks demystified training course contents What are networks? What is a network? Types of network, Local Area Networks (LANs), Wide Area Networks (WANs), connecting networks together with routers. The 7 layer model What is the 7 layer model? The importance of standards, using the 7 layer model to classify networking terms. Cables Copper, Fibre, Air, standards, connectors, LAN cables, WAN cables, distance limitations, hubs and repeaters, other issues. The radio spectrum. Bandwidth Bits and bytes. Bandwidth measurements, common technologies and their bandwidth, the impact of applications on bandwidth. Full and half duplex. Joining cables together to increase bandwidth (Link aggregation). LANs and WANs What is Ethernet? What is WiFi? What are Leased lines? What is MPLS? Ethernet switches Ethernet 'packets', MAC addresses, what is a switch, what is the difference between a hub and a switch. TCP/IP What is TCP/IP? What is a protocol? What is IP? What is TCP? The role of routers in joining LANS and WANS, What is the Internet? Applications Ways to use the network, clients, servers, web browsing and HTTP, Email, instant messaging, multimedia applications.
ProQual NVQ Level 3 Diploma - Testing, Inspecting and Thorough Examination of Plant, Machinery, Equipment or Accessories - on-site assessment - we come to you