IP security training course description Connection to the Internet is becoming an essential business tool. This course looks at firewalls, digital certificates, encryption and other essential topics for e-commerce sites. A generic course that looks at firewalls and VPNs. Hands on sessions include using hacking tools and configuring firewalls. What will you learn Describe: Basic security attacks RADIUS SSL IPSec VPNs Implement digital certificates Deploy firewalls to protect Web servers and users. Secure Web servers and clients. IP security training course details Who will benefit: Network administrators. Network operators. Security auditors Prerequisites: TCP/IP foundation for engineers Duration 2 days IP security training course contents TCP/IP review Brief overview of the relevant headers. Hands on Download software for course, use analyser to capture passwords on the wire. Security review Policies, Types of security breach, denial of service, data manipulation, data theft, data destruction, security checklists, incident response. Security exploits The Internet worm, IP spoofing, SYN attack, hijacking, Ping o' Death⦠keeping up to date with new threats. Hands on Use a port scanning tool, use a 'hacking' tool. Firewalls Products, Packet filtering, DMZ, content filtering, stateful packet inspection, Proxies, firewall architectures, Intrusion Detection Systems, Viruses. Hands on Set up a firewall and prevent attacks. NAT NAT and PAT, Why use NAT, NAT-ALG, RSIP. Encryption Encryption keys, Encryption strengths, Secret key vs Public key, algorithms, systems, SSL, SSH, Public Key Infrastructures. Hands on Run a password-cracking program. Authentication Types of authentication, Securid, Biometrics, PGP, Digital certificates, X.509 v3, Certificate authorities, CRLs, PPP authentication, RADIUS. Hands on Using certificates. Web client and server security Cookies, browser certificates, censorship, PICS. Operating system security, Web server user authentication, Restricting access, Logging, Securing CGI scripts. Hands on Browser security. VPNs and IPSec What is a VPN, tunnelling, L2F, PPTP, L2TP, IPSec, AH, ESP, transport mode, tunnel mode.
Carrier Ethernet training course description Ethernet is now the interface of choice for nearly all networking. This comprehensive course looks at the ways carriers can provide this Ethernet interface for their WANs and MANs. The course assumes delegates already have a solid foundation in Ethernet switching and so concentrates on just the Ethernet technologies for Carrier Ethernet. What will you learn Describe the main Carrier Ethernet services. Evaluate transports for Carrier Ethernet. Explain how Ethernet can work over MPLS and SDH. Explain the Ethernet technologies used to enable Carrier Ethernet. Carrier Ethernet training course details Who will benefit: Network engineers. Staff working for carriers. Prerequisites: Definitive Ethernet switching for engineers. Duration 2 days Carrier Ethernet training course contents Introduction What is Ethernet? LANs, MANs, WANs, Ethernet and switches in the LAN. Traditional LAN/WAN integration, routers. The Ethernet interface for the WAN. Standards: IEEE, MEF, OIF, Ethernet Alliance. Carrier Ethernet Services E-line: EPL, EVPL. E-LAN: EP-LAN, EVP-LAN. E-Tree: EP-Tree, EVP-Tree. Ethernet Services attributes. Applications: Carrier Ethernet for businesses, Mobile backhaul. Multicasting. Service attributes Bandwidth profiles, bandwidth parameters, Class of Service, QoS, MTU, Protection mechanisms: STP, RSTP, MSTP, Link aggregation, G.8031, G.8032. Transporting Carrier Ethernet The main options. 'Pure' Ethernet, Ethernet over SDH, Ethernet over WDM, Ethernet over MPLS. Ethernet switching, addresses and MAC address tables. Carrier Ethernet access technologies. EFM. Ethernet over MPLS What is MPLS, MPLS-TE, MPLS-VPN, L2 VPNs, VPLS, VPWS. MPLS Fast Reroute. CET 'Pure' Ethernet, Provider bridging 802.1d, Provider Backbone Bridges 802.1ah. Traffic engineering 802.1Qay. Carrier Ethernet technologies 802.1ad VLAN stacking, 802.1AX Link aggregation. 802.1Q QoS. OAM Standards, layers, interworking
Network DevOps course description This course is not a soft skills course covering the concepts of DevOps but instead concentrates on the technical side of tools and languages for network DevOps. Particular technologies focussed on are ansible, git and Python enabling delegates to leave the course ready to starting automating their network. Hands on sessions follow all major sections. More detailed courses on individual aspects of this course are available. What will you learn Evaluate network automation tools. Automate tasks with ansible. Use git for version control. Use Python to manage network devices. Use Python libraries for network devices. Network DevOps course details Who will benefit: Administrators automating tasks. Prerequisites: TCP/IP Foundation Duration 5 days Network DevOps course contents What is DevOps Programming and automating networks, networks and clouds, AWS, OpenStack, SDN, DevOps for network operations. Initial configuration Configuring SSH, ZTP, POAP. Hands on Initial lab configuration. Getting started with ansible The language, the engine, the framework. Uses of ansible, orchestration. The architecture, Controlling machines, nodes, Agentless, SSH, modules. Configuration management, inventories, playbooks, modules, roles. Hands on Installing ansible, running ad hoc commands. Ansible playbooks ansible-playbook, YAML, plays, tasks, handlers, modules. Playbook variables. Register module, debug module. Hands on Running playbooks. Ansible Inventories /etc/ansible/hosts, hosts, groups, static inventories, dynamic inventories. Inventory variables, external variables. Limiting hosts. Hands on Static inventories, variables in inventory files. Ansible modules for networking Built in modules, custom modules, return values. Core modules for network operations. Cisco and/or Juniper modules. ansible_connection. Ansible 2.6 CLI. Hands on Using modules. Ansible templating and roles aConfiguration management, full configurations, partial configurations. The template module, the assemble module, connection: local, Jinja2 templates, variables, if, for, roles. Hands on Generating multiple configurations from a template. Network programming and modules Why use Python? Why use ansible? alternatives, ansible tower, Linux network devices. Programming with Python Python programming Functions. Classes, objects and instances, modules, libraries, packages. Python strings, Python file handling, pip list, pip instal. Hands on Python programming with pyping. More Python programming Functions. Classes, objects and instances, modules, libraries, packages. Python strings, Python file handling, pip list, pip install. Hands on Python programming with pyping. Git Distributed version control, repositories, Git and GitHub, Alternatives to GitHub, Installing git, git workflows, creating repositories, adding and editing files, branching and merging, merge conflicts. Hands on working with Git. Python and networking APIs, Sockets, Telnetlib, pysnmp, ncclient, ciscoconfparse. Paramiko SSH and Netmiko Integrating Python and network devices using SSH. Netmiko, Netmiko methods. Hands on Netmiko. NAPALM What is NAPALM, NAPALM operations, getters, Replace, merge, compare, commit, discard. Hands on Configuration with NAPALM. Integrating ansible and NAPALM. Python and REST REST APIs, enabling the REST API. Accessing the REST API with a browser, cURL, Python and REST, the request library. Hands on Using a REST API with network devices.
OpenSSL for engineers training course description A hands on course covering OpenSSL. The course focusses on the use of OpenSSL from the command line as opposed to using its extensive libraries. Certificate authorities are configured along with key generation, HTTPS and a SSL VPN. What will you learn Describe OpenSSL. Use OpenSSL. Describe and implement: Explain how the various technologies involved in an OpenSSL work. OpenSSL for engineers training course details Who will benefit: Network personnel. Prerequisites: IP security foundation for engineers Duration 2 days OpenSSL for engineers training course contents What is OpenSSL? What is SSL? SSL versions, TLS, TLS negotiation, TLS authentication, What is OpenSSL, Command line tool, SSL library. OpenSSH, OpenVPN. Hands on TLS packet analysis. Getting started with OpenSSL Downloading, source code, packages, installing, versions, configuration, openssl command. Cipher suite selection. Hands on Encrypting a file with openssl. Public and private keys Algorithms, creating keys, public keys, private keys, encrypting the private key. Hands on Encrypting a file with keys. Digital signatures Creating signatures, checking validity of signatures, Self signing SSL certificates. Viewing certificates. Certificate files. Converting between formats. Hands on Securing a web server with HTTPS. Simple PKI with OpenSSL Root CA, signing CA, configuration files, Certificate signing requests. Email certificates, TLS server certificates. Hands on Implementing a simple PKI with OpenSSL.
Advanced Junos Security training course description This course provides students with intermediate routing knowledge and configuration examples. The course includes an overview of protocol-independent routing features, load balancing and filter-based forwarding, OSPF, BGP, IP tunneling, and high availability (HA) features. Junos Intermediate Routing (JIR) is an intermediate-level course. What will you learn Demonstrate the understanding of integrated user firewall. Implement next generation Layer 2 security features. Implement virtual routing instances in a security setting. Utilize Junos tools for troubleshooting Junos security implementations. Implement IPS policy. Advanced Junos Security training course details Who will benefit: Individuals responsible for implementing, monitoring, and troubleshooting Junos security components. Prerequisites: Intro to the Junos Operating System Duration 5 days Advanced Junos Security training course contents Junos Layer 2 Packet Handling and Security Features Transparent Mode Security Secure Wire Layer 2 Next Generation Ethernet Switching MACsec Lab 2 Implementing Layer 2 Security Virtualization Virtualization Overview Routing Instances Logical Systems Lab 3 Implementing Junos Virtual Routing AppSecure Theory AppSecure Overview AppID Overview AppID Techniques Application System Cache Custom Application Signatures AppSecure Implementation AppTrack AppFW AppQoS APBR SSL Proxy Lab 4 Implementing AppSecure Working with Log Director Log Director Overview Log Director Components Installing and setting up Log Director Clustering with the Log Concentrator VM Administrating Log Director Lab 5 Deploying Log Director Sky ATP Theory Sky ATP Overview Monitoring Sky ATP Analysis and Detection of Malware Sky ATP Implementation Configuring Sky ATP Installing Sky ATP Analysis and detection of Malware Infected Host Case Study Lab 6 Instructor Led Sky ATP Demo Implementing UTM UTM Overview AntiSpam AntiVirus Content and Web Filtering Lab 7 Implementing UTM Introduction to IPS IPS Overview Network Asset Protection Intrusion Attack Methods Intrusion Prevention Systems IPS Inspection Walkthrough IPS Policy and Configuration SRX IPS Requirements IPS Operation Modes Basic IPS Policy Review IPS Rulebase Operations Lab 8 Implementing Basic IPS Policy SDSN SDSN Overview, Components & Configuration Policy Enforcer Troubleshooting SDSN Use Cases Lab 9 Implementing SDSN Enforcement, Monitoring, and Reporting User Role Firewall and Integrated User Firewall Overview User Role Firewall Implementation Monitoring User Role Firewall Integrated User Firewall Implementation Monitoring Integrated User Firewall Lab 10 Configure User Role Firewall and Integrated User Firewall Troubleshooting Junos Security Troubleshooting Methodology Troubleshooting Tools Identifying IPsec Issues Lab 11 Performing Security Troubleshooting Techniques Appendix A: SRX Series Hardware and Interfaces Branch SRX Platform Overview High End SRX Platform Overview SRX Traffic Flow and Distribution SRX Interfaces
UNIX networking training course description A course covering the complete range of standard UNIX networking products from the basic TCP/IP configuration through DNS, NIS, NFS and Samba. Hands-on exercises follow most theory sessions. What will you learn Install and configure fundamental network services. Describe TCP/IP, Apache, DNS, NIS, NIS+, NFS, Samba and sendmail. Configure and administrate TCP/IP. Install and administrate a DNS server. Configure and administrate a NIS+ network. Administrate NFS. Setup a sendmail server. UNIX networking training course details Who will benefit: System Administrators. Network Administrators. Prerequisites: Linux engineer certification 1 (LPIC-2) Duration 5 days UNIX networking training course contents Organizing Email Services The UNIX Mail System, Mail Transfer Agent, Mail Delivery Agent, Mail User Agent, Email Protocols, SMTP, POP, IMAP, Using Email Servers, Sendmail, Postfix, Local Email Delivery, Procmail Basics, Sieve, Remote Email Delivery, Courier, Dovecot. DNS DNS and BIND, Configuring a DNS Server, Starting, Stopping, and Reloading BIND, Configuring BIND Logging, Creating and Maintaining DNS Zones, BIND Zone Files, Managing BIND Zones, Securing a DNS Server, ailing BIND, DNSSEC, TSIG, Employing DANE. Offering Web Services Web Servers, HTTP, The Apache Web Server, Installing and configuring Apache, Hosting Dynamic Web Applications, Secure Web Servers, Proxy Servers, Installing and configuring Squid, Configuring Clients, Nginx Server, Installing Nginx, Configuring Nginx. Sharing Files Samba, Configuring Samba, Troubleshooting Samba, NFS, Configuring NFS, Securing NFS, Troubleshooting NFS, FTP Servers, Configuring vsftpd, Configuring Pure-FTPd. Managing Network Clients Assigning Network Addresses, DHCP, UNIX DHCP Software, Installing and configuring a DHCP Server and clients, Authentication Service, PAM Basics, Configuring PAM, PAM Application Files, Network Directories, LDAP Basics, OpenLDAP Server, LDAP Clients. Setting Up System Security Server Network Security, Port Scanning, Intrusion Detection Systems, External Network Security, iptables, Routing in UNIX, Connecting Securely to a Server, OpenSSH, OpenVPN, Security Resources, US-CERT, SANS Institute, Bugtraq.
GPON and FTTx networks training course description Designed to benefit those requiring an in depth knowledge of the principles and applications of Ten Gigabit and Gigabit Passive Optical Networking and Fibre to the X in NG Networks applications and their associated equipment, its flexibility and function within a modern transmission network. Using an effective mix of 'hands on' equipment instruction and correlation to theory based learning the delegate will gain a complete understanding of the equipment and the tasks to be undertaken in a real life situation. What will you learn Compare PON/FTTx systems. Explain network elements and designs. Support applications and network interfaces. List circuit provisioning and bandwidth requirements. Understand upstream & downstream issues. Describe headend & network elements/OLT-ONT. Perform network testing with OTDR test sets. GPON and FTTx networks training course details Who will benefit: Anyone working with GPON and FTTx. Prerequisites: Introduction to data communications and networking. Duration 5 days GPON and FTTx training course contents FTTN, FTTC, FTTH SMF, MMF, Fibre safety and properties (dispersion/attenuation), Fibre reel cables and types, Fibre installation and air blown fibre, Transmitters and receivers - power budget/laser classes. Fibre to the home (FTTH), FTTC (Fibre to the Cabinet), FTTN (Fibre to the node) , FTTD (Fibre to the desk), FFTH topologies and wavelengths, Active or passive optical network. WDM equipment and GPON OSP design Wavelength considerations, WDM/DWDM/CWDM, EDFA optical amplification, AWG (Arrayed Waveguide Grating) splitters , Couplers (splitters) and losses, Optical splitters 1x2, 1x4, 1x8, 1x16, 1x32, 1x64, 2x64. PON variants Gigabit passive optical network (GPON), Gigabit Ethernet passive optical network (GEPON), Time division PON (TDM-PON), Wave Division Multiplexing PON (WDM-PON), 1Gbps, 10Gbps, 40Ggps, 100Gbps FSAN (Full Service Access Network) NGA (Next Generation Access), Strategies for TDM-PON to WDM-PON migration, Architecture of NG-PON (hybrid WDM/TDM PON), Additional services than triple play. GEPON design GPON OSP centralized and distributed design, GPON PON splitters x4 x8 x32, Fibre splice trays /cassette trays & enclosures, GPON field testing and installation verification, GPON physical layer testing, Optical time domain reflectometer (OTDR), Optical power source & meter, Optical return loss (ORL), APON/BPON/GPON/EPON comparisons. GPON ITU-T G.984.1 Reference model, terminology & architecture, Access network system management functions. ONT & OLT functional block examples. FTTx scenarios, 4 switching arrangements for external access network backup. GPON ITU-T G.984.2 Physical layer, Enhancement band, Bit rate and wavelengths, FEC and RAMAN. GPON ITU-T G.984.3 Frame structure, GPON encapsulation method (GEM), GTC adaptation and framing sublayer protocol stack, Status reporting & traffic monitoring DBA (SR-DBA & TM-DBA), Transmission container (T-CONT) types, Downstream & upstream multiplexing, GEM port identifier, Media access control and ONU registration, Extended bandwidth assignment model scheduling architecture, PLOAM & alarm messages, Downstream & Upstream FEC, Process order in a GTC transmit flow. GPON ITU-T G.984.4 and G.988 ONT management and control interface (OMCI) Management interface, Reference model, Typical ONT with SCTE 55-1 or SCTE 55-2 compliancy. GPON ITU-T G.984.5 enhancement band Band options, GPON NGA, Wavelength allocation. GPON ITU-T G.984.6 optical reach extension (G.984.re) Reach extension (RE), OA-based and OEO-based reach extenders, Protection, Reach extender with OTDR blocking filters (BF) and bypass (BYP) filters. GPON ITU-T G.984.7 long reach Quiet Window. 10-GPON ITU-T G.987.1 (XG-PON) Scenarios, reference access network architecture, XG-PON with G-PON through WDM1r, G-PON and XG-PON wavelength allocation, G-PON and XG-PON co-existence with video overlay option, RE migration scenarios. G.989 40Gbps XG-PON2 Functional reference architecture, NG-PON2 system coexistence with legacy systems, Definitions of legacy compatibility terminology. GPON issues and standards GPON components GPON OLT / GPON ONT, GPON management, Operational support systems (OSS), Network management systems (NMS), OMCI (ONT Management control interface), RG (Residential gateway), Data and prioritised voice channel product, GPON broadband-forum standards, Broadband-forum , TR-069 and TR-156, HPNA (home phone network alliance), Powerline carrier (PLC), GPON DLNI G.hn or G.9960, MOCA, FTTH council certification standard for network certification. Fibre-connected home badge, Ethernet in the first mile (EFM), GPON frame synchronization to network timing, Direct clock synchronization interface (BITS), Multiservice access platform (MSAP), Software planning tool, Superconnected cities / voucher scheme. Hands on practical assignments Single and multimode fibre recognition, Fibre Cleaning methods, Checking cleaning with an optical microscope, Optical light source and optical power meter referencing, PON splitter and fibre drum testing with an optical power meter, 6km classroom passive optical network testing with an OTDR at 1310/1550nm, Using decibels (dB's) and decibel milliwats (dBm's), Designing networks up to 20km long using vendor specifications (power budget), Fault finding with a visible fault locator.
Security+ training course description A hands on course aimed at getting delegates successfully through the CompTia Security+ examination. What will you learn Explain general security concepts. Describe the security concepts in communications. Describe how to secure an infrastructure. Recognise the role of cryptography. Describe operational/organisational security. Security+ training course details Who will benefit: Those wishing to pass the Security+ exam. Prerequisites: TCP/IP foundation for engineers Duration 5 days Security+ training course contents General security concepts Non-essential services and protocols. Access control: MAC, DAC, RBAC. Security attacks: DOS, DDOS, back doors, spoofing, man in the middle, replay, hijacking, weak keys, social engineering, mathematical, password guessing, brute force, dictionary, software exploitation. Authentication: Kerberos, CHAP, certificates, usernames/ passwords, tokens, biometrics. Malicious code: Viruses, trojan horses, logic bombs, worms. Auditing, logging, scanning. Communication security Remote access: 802.1x, VPNs, L2TP, PPTP, IPsec, RADIUS, TACACS, SSH. Email: S/MIME, PGP, spam, hoaxes. Internet: SSL, TLS, HTTPS, IM, packet sniffing, privacy, Javascript, ActiveX, buffer overflows, cookies, signed applets, CGI, SMTP relay. LDAP. sftp, anon ftp, file sharing, sniffing, 8.3 names. Wireless: WTLS, 802.11, 802.11x, WEP/WAP. Infrastructure security Firewalls, routers, switches, wireless, modems, RAS, PBX, VPN, IDS, networking monitoring, workstations, servers, mobile devices. Media security: Coax, UTP, STP, fibre. Removable media. Topologies: Security zones, DMZ, Intranet, Extranet, VLANs, NAT, Tunnelling. IDS: Active/ passive, network/host based, honey pots, incident response. Security baselines: Hardening OS/NOS, networks and applications. Cryptography basics Integrity, confidentiality, access control, authentication, non-repudiation. Standards and protocols. Hashing, symmetric, asymmetric. PKI: Certificates, policies, practice statements, revocation, trust models. Key management and certificate lifecycles. Storage: h/w, s/w, private key protection. Escrow, expiration, revocation, suspension, recovery, destruction, key usage. Operational/Organisation security Physical security: Access control, social engineering, environment. Disaster recovery: Backups, secure disaster recovery plans. Business continuity: Utilities, high availability, backups. Security policies: AU, due care, privacy, separation of duties, need to know, password management, SLAs, disposal, destruction, HR policies. Incident response policy. Privilege management: Users, groups, roles, single sign on, centralised/decentralised. Auditing. Forensics: Chain of custody, preserving and collecting evidence. Identifying risks: Assets, risks, threats, vulnerabilities. Role of education/training. Security documentation.
SIP security training course description A hands-on course covering SIP security. It is assumed that delegates already know SIP as this course focuses purely on the security issues in SIP IP telephony networks. Hands-on practicals follow each major theory session and include use of various SIP security tools such as vomit, sipp, sipsak and sivus amongst others. What will you learn Secure SIP networks Use various SIP security tools SIP security training course details Who will benefit: Technical staff working with SIP. Technical security staff. Prerequisites: SIP for engineers Duration 2 days SIP security training course contents SIP review SIP infrastructure and entities, example SIP session. Hands on Simple SIP network with and without authentication. SIP security attacks DOS attacks, infrastructure attacks, eavesdropping, spoofing, replay, message integrity. Hands on Basic SIP packet capture, infrastructure attacks. SIP tools SIP packet creation: Sivus, SIPsak, PROTOS, SFTF, SIP bomber, SIPp, Seagull, Nastysip. SIP packet generators: SIPNess, NetDude. Monitoring: Wireshark, Cain & Abel, Vomit, Oreka, VoiPong. Scripts and tools: SIP-Fun, Skora.net, kphone-ddos, sip-scan, sip-kill, sip-redirectrtp. Health of different tools. Hands on Generating SIP packets, rebuilding conversations from captured packets, password cracking. VPNs and SIP IPSec, AH, ESP, transport mode, tunnel mode, Pre Shared Keys, Public keys. Hands on SIP calls over IPSec. Secure SIP signaling SIP relationship with HTTP, Deprecated HTTP 1.0 basic authentication, HTTP 1.1 Digest authentication, S/MIME, SIPS, SIPS URI, TLS, DTLS, PKI infrastructures. Hands on SIP with TLS. Secure media streams SRTP, features, packet format, default encryption, default authentication, key distribution. S/MIME, MIKEY, SDP security descriptions. SIP security agreements. Hands on Analysing SRTP packets. Firewalls NAT traversal. Impact of firewall on infrastructure attacks. TLS and firewalls. SIP specific firewalls. Hands on SIP calls through a firewall.
Lawful Intercept training course description Packet based networks require a different approach to Lawful Intercept (LI) than that used in circuit switched networks. This course focuses on what Lawful Interception and Data Retention (DR) means to communications service providers in the IP and NGN areas. The course assumes a basic knowledge of IP networking (i.e. DNS, TCP/UDP, IP, RTP) and the building of services on an IP platform (e.g. SIP, SDP, FTP, HTTP). The course first looks at the regulatory context for LI and DR and how this is translated to a practical architecture. What will you learn Recognise the legal and regulatory obligations to provide LI and DR. Identify the components of the handover architecture for each of LI and DR. Identify the preferred location of points of interception and points of retention in the IP network. Map intercepted material to handover protocols. Understand the data mapping defined in the available standards for both LI and DR. Lawful Intercept training course details Who will benefit: Technical and managerial staff needing to implement public networks. Prerequisites: TCP/IP Foundation Duration 1 day Lawful Intercept training course contents What is meant by LI and DR? Review of regulation: Data protection Directive; Data Retention Directive; RIPA. LI architectures Handover and Interception: ETSI standards ES 201 671 and TS 102 232. LI handover protocol IRI and CC handover; correlation; manual interfaces. DR architectures Handover of query results; points of retention. DR query command set Retrieval of retained records. Security concerns Operation privacy; target privacy; storage and transmission integrity. Implementation Identifying PoI and PoR for provided services. LI and DR wrap up Interaction with other services, storage obligations (volume, time, availability).