1218 Security courses in Oxted delivered Live Online

About this Virtual Instructor Led Training (VILT) This Virtual Instructor Led Training (VILT) course presents advanced methodologies that implement demand response and energy conservation programs in light of the integration of new technologies, regulatory changes and the accelerated penetration of renewable energy resources. This VILT course provides examples and case studies from North American and European jurisdictions covering the operational flexibilities on the demand side including requirements for new building codes to achieve zero net energy. The course describes a public agency's goals and objectives for conserving and otherwise reducing energy consumption and managing its demand for energy. This course presents the demand response implemented for economics and system security such as system balancing and relieving transmission congestion, or for system adequacy. The course also presents the principal attributes of conservation programs and the associated success criteria. In a system with increased penetration of renewable resources, demand response provides flexibility to system operators, helping them to maintain the reliability and the security of supply. Demand response is presented as a competitive alternative to additional power sources, enhancing competition and liquidity in electricity markets. The unique characteristics are discussed from a local, consumer centric and also from a system perspective bringing to life the ever changing paradigm for delivery energy to customers. Interoperability aspects and standards are discussed, as well as the consumer centric paradigm of Transactive Energy with IOT enabled flexibilities at system level, distribution networks and microgrids. The VILT course introduces the blockchain as a new line of defense against cyber threats and its increasing application in P2P transactions and renewable certificates. Our trainer's industry experience spans three decades with one of the largest Canadian utilities where she led or contributed to large operational studies and energy policies and decades of work with IEEE, NSERC and CIGRE. Our key expert also approaches to the cross sectional, interdisciplinary state of the art methodologies brings real life experience of recent industry developments. Training Objectives Innovative Digital Technologies How systems Facilitate Operational Flexibility on the Demand Side The Ecosystem of Demand Side Management Programs Advanced Machine Learning techniques with examples from CAISO Regulatory Policy Context and how to reduce regulatory barriers Industry Examples from NERC and ENTSO Relevant Industry standards: IEEE and IEC Manage Congestion with Distributed Operational Flexibilities: Grid to Distribution Controls; examples from NERC (NA) and ENTSO (Europe) Grid solutions with IEC 61850 communication protocols Decentralized grid controls The New Grid with accelerated V2G and Microgrids How DSM is and will be applied in Your System: Examples and discussions Target Audience Regulators and government agencies advising on public energy conservation programs All professionals interested in expanding their expertise, or advancing their career, or take on management and leadership roles in the rapidly evolving energy sector Energy professionals implementing demand side management, particularly in power systems with increased renewable penetration, to allow the much needed operational flexibility paramount to maintaining the reliability and stability of the power system and in the same time offering all classes of customers flexible and economical choices Any utility professional interested in understanding the new developments in the power industry Course Level Basic or Foundation Training Methods The VILT course will be delivered online in 5 half-day sessions comprising 4 hours per day, with 2 x 10 minutes break per day, including time for lectures, discussion, quizzes and short classroom exercises. Course Duration: 5 half-day sessions, 4 hours per session (20 hours in total). Trainer Your first expert course leader is a Utility Executive with extensive global experience in power system operation and planning, energy markets, enterprise risk and regulatory oversight. She consults on energy markets integrating renewable resources from planning to operation. She led complex projects in operations and conducted long term planning studies to support planning and operational reliability standards. Specializing in Smart Grids, Operational flexibilities, Renewable generation, Reliability, Financial Engineering, Energy Markets and Power System Integration, she was recently engaged by the Inter-American Development Bank/MHI in Guyana. She was the Operations Expert in the regulatory assessment in Oman. She is a registered member of the Professional Engineers of Ontario, Canada. She is also a contributing member to the IEEE Standards Association, WG Blockchain P2418.5. With over 25 years with Ontario Power Generation (Revenue $1.2 Billion CAD, I/S 16 GW), she served as Canadian representative in CIGRE, committee member in NSERC (Natural Sciences and Engineering Research Council of Canada), and Senior Member IEEE and Elsevier since the 90ties. Our key expert chaired international conferences, lectured on several continents, published a book on Reliability and Security of Nuclear Power Plants, contributed to IEEE and PMAPS and published in the Ontario Journal for Public Policy, Canada. She delivered seminars organized by the Power Engineering Society, IEEE plus seminars to power companies worldwide, including Oman, Thailand, Saudi Arabia, Malaysia, Indonesia, Portugal, South Africa, Japan, Romania, and Guyana. Your second expert course leader is the co-founder and Director of Research at Xesto Inc. Xesto is a spatial computing AI startup based in Toronto, Canada and it has been voted as Toronto's Best Tech Startup 2019 and was named one of the top 10 'Canadian AI Startups to Watch' as well as one of 6th International finalists for the VW Siemens Startup Challenge, resulting in a partnership. His latest app Xesto-Fit demonstrates how advanced AI and machine learning is applied to the e-commerce industry, as a result of which Xesto has been recently featured in TechCrunch. He specializes in both applied and theoretical machine learning and has extensive experience in both industrial and academic research. He is specialized in Artificial Intelligence with multiple industrial applications. At Xesto, he leads projects that focus on applying cutting edge research at the intersection of spatial analysis, differential geometry, optimization of deep neural networks, and statistics to build scalable rigorous and real time performing systems that will change the way humans interact with technology. In addition, he is a Ph.D candidate in the Mathematics department at UofT, focusing on applied mathematics. His academic research interests are in applying advanced mathematical methods to the computational and statistical sciences. He earned a Bachelor's and MSc in Mathematics, both at the University of Toronto. Having presented at research seminars as well as instructing engineers on various levels, he has the ability to distill advanced theoretical concept to diverse audiences on all levels. In addition to research, our key expert is also an avid traveler and plays the violin. POST TRAINING COACHING SUPPORT (OPTIONAL) To further optimise your learning experience from our courses, we also offer individualized 'One to One' coaching support for 2 hours post training. We can help improve your competence in your chosen area of interest, based on your learning needs and available hours. This is a great opportunity to improve your capability and confidence in a particular area of expertise. It will be delivered over a secure video conference call by one of our senior trainers. They will work with you to create a tailor-made coaching program that will help you achieve your goals faster. Request for further information about post training coaching support and fees applicable for this. Accreditions And Affliations

Advanced TCP/IP training course description An intensive advanced TCP/IP course focusing on the details of the protocols according to the RFCs. This course is designed to go into the technical details of the protocols and is not for those that are new to TCP/IP. A particular focus is on TCP and performance. Those more interested in routing protocols should see our Definitive IP routing for engineers course. It is expected that delegates are totally familiar with configuration addressing. Hands on sessions consist of protocol analysis using Wireshark. What will you learn Analyse packets and protocols in detail. Troubleshoot networks using Wireshark. Find performance problems using Wireshark. Perform network forensics. Advanced TCP/IP training course details Who will benefit: Advanced technical staff. Prerequisites: TCP/IP Foundation for engineers Duration 5 days Advanced TCP/IP training course contents IP Fragmentation and MTU issues, Path MTU discovery, Geolocation, unusual IP addresses, forwarding broadcasts, DiffServ, DSCP, ECN, assured and expedited forwarding. TTL usage in traceroute, Protocol field. Sanitising IP addresses in trace files. Wireshark and checksum errors. IPv6 The header. Extension headers. Traffic class and flow labels. Tunnelling. IPv6 and fragmentation. ARP Requests, responses, gratuitous ARP, Proxy ARP, ARP poisoning. ICMP ping, Round Trip Times, ICMP redirect, ICMP router advertisement and solicitation, Time Exceeded, Destination unreachable. ICMPv6: Similarity to ICMPv4, Neighbor discovery and the replacement of ARP. MLD. First hop redundancy ICMP discovery, HSRP, VRRP, GLBP. IGMP Multicast overview, multicast architecture, multicast addresses, IGMP v1, IGMPv2, IGMPv3. UDP Use in broadcasts and multicasts. Port numbers. TCP Connections, RST, FIN, sequence numbering, packet loss recovery, Fast recovery, RTO timeout, SACK, TCP flow control, receive window, congestion window, van Jacobsen, nagle, delayed ACKs, PSH, URG, TCP options, MSS, Window scaling, TCP timestamps. Congestion notification. Hands on Troubleshooting with sequence numbers, Wireshark IO and TCP graphs to analyse performance. Window size issues. DHCP DHCP header. Relationship to BOOTP. Discover, offer, request, decline, ACK, release. Lease, renewal and rebind times. Relay agents. DHCPv6 DNS Names and addresses, Resource Records, queries, responses, problems. MDNS. HTTP Requests, methods, request modifiers, response codes. HTTPS. SSL, TLS. Proxies. Hands on Redirects, recreating pages from packets. FTP Commands, responses, passive/active mode. Email SMTP, POP3, IMAP, commands responses. Voice and Video RTP, RTCP, SIP. IP PBXs. Traffic flows. Hands on Voice playback. SNMP MIBs, GET, TRAP, polling. Performance Baselining, high latency, Wireshark and timings, packet loss, redirections, small packets, congestion, name resolution. Security Network forensics, scanning and discovery, suspect traffic. IPsec, SSH.

Supporting Microsoft IIS training course description This course provides students with the fundamental knowledge and skills to configure and manage Internet Information Services. This course is intended to help provide pre-requisite skills supporting a broad range of Internet web applications, security, and knowledge to help support other products that use IIS such as Exchange and SharePoint. What will you learn Install IIS. Configure IIS. Secure websites. Maintain IIS. Supporting Microsoft IIS training course details Who will benefit: Technical staff working with Microsoft IIS. Prerequisites: TCP/IP foundation for engineerss Supporting Windows ( XP or 2000 or 2003) Duration 5 days Supporting Microsoft IIS course contents Overview and Installing IIS Web Server infrastructure, installing IIS. Hands on Default install of IIS, verify and test.. Configuring the default website Default website, IIS Manager, default IIS file structure, configuring DNS records for a website, creating virtual directories and Applications. Hands on Configuring the Default website for public access. Creating Virtual Directories and Applications. Application Pools Application Pool Architecture, Application Pool recycling. Hands on Creating and managing Application Pools. Creating additional websites Multiple websites on a single server, website bindings. Hands on Creating new websites. Website and Web application support Configuring Common features, adding support for web applications. Hands on Adding support for web applications. Securing Websites and applications Access control, sites, applications, authentication and permissions. URL authorization rules. Hands on Configuring Authentication and permissions. Securing Data Transmissions with SSL Certificates and SSL, creating certificates for a web server, adding a certificate to a website. Hands on Certificates and HTTPS. Using the Central Certificate Store The Central Certificate Store. Hands on Install and configure the Central Certificate Store. Configuring Remote Administration Installing and Configuring the Management Service. Connecting to remote web servers and websites. Delegating Management Access. Hands on Remote administration. Implementing FTP Implementing FTP, configuring an FTP site. Hands on Install and configure a secured FTP site. Monitoring IIS IMonitoring IIS logs with Log Parser. Hands on Analyze a set of IIS log files for possible issues using Log Parser. Analyze performance data for performance related problems using PerfMon. Backing up and Restoring IIS The IIS environment. Hands on Performing a backup and restore of a website. Building Load-Balanced Web Farms Load-balancing mechanisms, building a Load-Balanced Web Farm using ARR, sharing content to a Web Farm using a network share, Sharing content to a Web Farm using DFS-R, Sharing IIS Configurations in a Web Farm. Hands on Installing and configuring ARR, sharing content to a Web Farm using network share and DFS-R, sharing IIS Configurations in a Web Farm.

Duration 2 Days 12 CPD hours This course is intended for Data Protection OfficersData Protection ManagersAuditorsLegal Compliance OfficersSecurity ManagerInformation ManagersAnyone involved with data protection processes and programs Overview It will show the world that students know privacy laws and regulations and how to apply them, and that students know how to secure your place in the information economy. When students earn a CIPP credential, it means they?ve gained a foundational understanding of broad global concepts of privacy and data protection law and practice, including: jurisdictional laws, regulations and enforcement models; essential privacy concepts and principals; legal requirements for handling and transferring data and more. It will show the world that students know privacy laws and regulations and how to apply them, and that students know how to secure their place in the information economy. When students earn a CIPP credential, it means they've gained a foundational understanding of broad global concepts of privacy and data protection law and practice, including: jurisdictional laws, regulations and enforcement models; essential privacy concepts and principals; legal requirements for handling and transferring data and more. Common Principles and Approaches to Privacy This unit includes a brief discussion about the modern history of privacy, an introduction to types of information, an overview of information risk management and a summary of modern privacy principles. Jurisdiction and Industries This unit introduces the major privacy models employed around the globe and provides an overview of privacy and data protection regulation by jurisdictions and industry sectors. Information Security: Safeguarding Personal Information This unit presents introductions to information security, including definitions, elements, standards, and threats/ vulnerabilities, as well as introductions to information security management and governance, including frameworks, controls, cryptography and identity and access management (IAM). Online Privacy: Using Personal Information on Websites and with Other Internet-related Technologies This unit focuses on the web as a platform, as well as privacy considerations for sensitive online information, including policies and notices, access, security, authentication and data collection. Additional topics include children?s online privacy, email, searches, online marketing and advertising, social media, online assurance, cloud computing and mobile devices. Canadian Legal Framework This unit provides an introduction to the Canadian legal system. It includes enforcement agencies and their powers, privacy basics from a Canadian perspective and the underlying framework for Canadian privacy law and practice. Canadian Private-sector Privacy Laws This unit focuses on the Canadian legal system. It includes enforcement agencies and their powers, privacy basics from a Canadian perspective and the underlying framework for Canadian privacy law and practice. Canadian Public-sector Privacy Laws This unit highlights key concepts and practices related to the collection, retention, use, disclosure and disposal of personal information by federal, provincial and territorial governments. Health Information Privacy Laws This unit touches on the applicability and purpose of health information privacy laws. Private-sector Compliance Practices This unit delves into the components that make up compliance regulations, including Generally Accepted Privacy Principals and security breach notification, and also examines compliance track records and Federal Commissioner Findings. Public-sector Compliance Practices This unit presents the various methods that can be implemented for compliance in the public sector, such as privacy impact assessments and data sharing agreements. In addition, it discusses the challenges presented by digital information exchanges, as well as non-legislative considerations. Health-sector Compliance Practices This unit covers the issues presented with digital compliance in the health sector. Additional course details: Nexus Humans Certified Information Privacy Professional (CIPP/CAN) training program is a workshop that presents an invigorating mix of sessions, lessons, and masterclasses meticulously crafted to propel your learning expedition forward. This immersive bootcamp-style experience boasts interactive lectures, hands-on labs, and collaborative hackathons, all strategically designed to fortify fundamental concepts. Guided by seasoned coaches, each session offers priceless insights and practical skills crucial for honing your expertise. Whether you're stepping into the realm of professional skills or a seasoned professional, this comprehensive course ensures you're equipped with the knowledge and prowess necessary for success. While we feel this is the best course for the Certified Information Privacy Professional (CIPP/CAN) course and one of our Top 10 we encourage you to read the course outline to make sure it is the right content for you. Additionally, private sessions, closed classes or dedicated events are available both live online and at our training centres in Dublin and London, as well as at your offices anywhere in the UK, Ireland or across EMEA.

Duration 2 Days 12 CPD hours This course is intended for Networking and security professionals involved in the design, implementation, and administration of a network infrastructure using FortiGate devices should attend this course. This course assumes knowledge of basic FortiGate fundamentals. You should have a thorough understanding of all the topics covered in the FortiGate Security course before attending the FortiGate Infrastructure course. Overview After completing this course, the successful student should be able to: Analyze a FortiGate route table Route packets using policy-based and static routes for multipath and load-balanced deployments Divide FortiGate into two or more virtual devices, each operating as an independent FortiGate, by configuring virtual domains (VDOMs) Understand the fundamentals and benefits of using ZTNA Offer an SSL VPN for secure access to your private network Establish an IPsec VPN tunnel between two FortiGate devices Implement a meshed or partially redundant VPN Diagnose failed IKE exchanges Offer Fortinet Single Sign-On (FSSO) access to network services, integrated with Microsoft Active Directory (AD) Deploy FortiGate devices as an HA cluster for fault tolerance and high performance Diagnose and correct common problems In this two-day course, you will learn how to use the most common FortiGate networking and infrastructure features. Topics include features commonly applied in complex or larger enterprise or MSSP networks, such as advanced routing, redundant infrastructure, virtual domains (VDOMs), zero trust network access (ZTNA), SSL VPN, site-to-site IPsec VPN, single sign-on (SSO), and diagnostics. Course Outline 1. Routing 2. Virtual Domains 3. Fortinet Single Sign-On 4. ZTNA 5. SSL VPN 6. IPsec VPN 7. High Availability 8. Diagnostics

Duration 4 Days 24 CPD hours This course is intended for This course is intended for security and network administrators who will be responsible for the installation, deployment, tuning, and day-to-day maintenance of the F5 Advanced Web Application Firewall. In this 4 day course, students are provided with a functional understanding of how to deploy, tune, and operate F5 Advanced Web Application Firewall to protect their web applications from HTTP-based attacks. The course includes lecture, hands-on labs, and discussion about different F5 Advanced Web Application Firewall tools for detecting and mitigating threats from multiple attack vectors such web scraping, Layer 7 Denial of Service, brute force, bots, code injection, and zero day exploits. Module 1: Setting Up the BIG-IP System Introducing the BIG-IP System Initially Setting Up the BIG-IP System Archiving the BIG-IP System Configuration Leveraging F5 Support Resources and Tools Module 2: Traffic Processing with BIG-IP Identifying BIG-IP Traffic Processing Objects Overview of Network Packet Flow Understanding Profiles Overview of Local Traffic Policies Visualizing the HTTP Request Flow Module 3: Web Application Concepts Overview of Web Application Request Processing Web Application Firewall: Layer 7 Protection F5 Advanced WAF Layer 7 Security Checks Overview of Web Communication Elements Overview of the HTTP Request Structure Examining HTTP Responses How F5 Advanced WAF Parses File Types, URLs, and Parameters Using the Fiddler HTTP Proxy Module 4: Common Web Application Vulnerabilities A Taxonomy of Attacks: The Threat Landscape What Elements of Application Delivery are Targeted? Common Exploits Against Web Applications Module 5: Security Policy Deployment Defining Learning Comparing Positive and Negative Security Models The Deployment Workflow Policy Type: How Will the Policy Be Applied Policy Template: Determines the Level of Protection Policy Templates: Automatic or Manual Policy Building Assigning Policy to Virtual Server Deployment Workflow: Using Advanced Settings Selecting the Enforcement Mode The Importance of Application Language Configure Server Technologies Verify Attack Signature Staging Viewing Requests Security Checks Offered by Rapid Deployment Defining Attack Signatures Using Data Guard to Check Responses Module 6: Policy Tuning and Violations Post-Deployment Traffic Processing Defining Violations Defining False Positives How Violations are Categorized Violation Rating: A Threat Scale Defining Staging and Enforcement Defining Enforcement Mode Defining the Enforcement Readiness Period Reviewing the Definition of Learning Defining Learning Suggestions Choosing Automatic or Manual Learning Defining the Learn, Alarm and Block Settings Interpreting the Enforcement Readiness Summary Configuring the Blocking Response Page Module 7: Attack Signatures & Threat Campaigns Defining Attack Signatures Attack Signature Basics Creating User-Defined Attack Signatures Defining Simple and Advanced Edit Modes Defining Attack Signature Sets Defining Attack Signature Pools Understanding Attack Signatures and Staging Updating Attack Signatures Defining Threat Campaigns Deploying Threat Campaigns Module 8: Positive Security Policy Building Defining and Learning Security Policy Components Defining the Wildcard Defining the Entity Lifecycle Choosing the Learning Scheme How to Learn: Never (Wildcard Only) How to Learn: Always How to Learn: Selective Reviewing the Enforcement Readiness Period: Entities Viewing Learning Suggestions and Staging Status Violations Without Learning Suggestions Defining the Learning Score Defining Trusted and Untrusted IP Addresses How to Learn: Compact Module 9: Cookies and Other Headers F5 Advanced WAF Cookies: What to Enforce Defining Allowed and Enforced Cookies Configuring Security Processing on HTTP headers Module 10: Reporting and Logging Overview: Big Picture Data Reporting: Build Your Own View Reporting: Chart based on filters Brute Force and Web Scraping Statistics Viewing F5 Advanced WAF Resource Reports PCI Compliance: PCI-DSS 3.0 The Attack Expert System Viewing Traffic Learning Graphs Local Logging Facilities and Destinations How to Enable Local Logging of Security Events Viewing Logs in the Configuration Utility Exporting Requests Logging Profiles: Build What You Need Configuring Response Logging Module 11: Lab Project 1 Lab Project 1 Module 12: Advanced Parameter Handling Defining Parameter Types Defining Static Parameters Defining Dynamic Parameters Defining Dynamic Parameter Extraction Properties Defining Parameter Levels Other Parameter Considerations Module 13: Automatic Policy Building Overview of Automatic Policy Building Defining Templates Which Automate Learning Defining Policy Loosening Defining Policy Tightening Defining Learning Speed: Traffic Sampling Defining Track Site Changes Lesson 14: Web Application Vulnerability Scanner Integration Integrating Scanner Output Importing Vulnerabilities Resolving Vulnerabilities Using the Generic XML Scanner XSD file Lesson 15: Deploying Layered Policies Defining a Parent Policy Defining Inheritance Parent Policy Deployment Use Cases Lesson 16: Login Enforcement and Brute Force Mitigation Defining Login Pages for Flow Control Configuring Automatic Detection of Login Pages Defining Session Tracking Brute Force Protection Configuration Source-Based Brute Force Mitigations Defining Credentials Stuffing Mitigating Credentials Stuffing Lesson 17: Reconnaissance with Session Tracking Defining Session Tracking Configuring Actions Upon Violation Detection Lesson 18: Layer 7 DoS Mitigation Defining Denial of Service Attacks Defining the DoS Protection Profile Overview of TPS-based DoS Protection Creating a DoS Logging Profile Applying TPS Mitigations Defining Behavioral and Stress-Based Detection Lesson 19: Advanced Bot Protection Classifying Clients with the Bot Defense Profile Defining Bot Signatures Defining Proactive Bot Defense Defining Behavioral and Stress-Based Detection Defining Behavioral DoS Mitigation Lesson 20: Form Encryption using DataSafe Targeting Elements of Application Delivery Exploiting the Document Object Model Protecting Applications Using DataSafe The Order of Operations for URL Classification Lesson 21: Review and Final Labs Review and Final Labs

Duration 3 Days 18 CPD hours This course is intended for Security administrators Security consultants Network administrators Systems engineers Technical support personnel Cisco integrators, resellers, and partners Overview Identify the key components and methodologies of Cisco Advanced Malware Protection (AMP) Recognize the key features and concepts of the AMP for Endpoints product Navigate the AMP for Endpoints console interface and perform first-use setup tasks Identify and use the primary analysis features of AMP for Endpoints Use the AMP for Endpoints tools to analyze a compromised host Analyze files and events by using the AMP for Endpoints console and be able to produce threat reports Configure and customize AMP for Endpoints to perform malware detection· Create and configure a policy for AMP-protected endpoints Plan, deploy, and troubleshoot an AMP for Endpoints installation Use Cisco Orbital to pull query data from installed AMP for Endpoints connectors Describe the AMP Representational State Transfer (REST) API and the fundamentals of its use Describe all the features of the Accounts menu for both public and private cloud installations This course shows you how to deploy and use Cisco AMP for Endpoints, a next-generation endpoint security solution that prevents, detects, and responds to advanced threats. Through expert instruction and hands-on lab exercises, you will learn how to implement and use this powerful solution through a number of step-by-step attack scenarios. You?ll learn how to build and manage a Cisco AMP for Endpoints deployment, create policies for endpoint groups, and deploy connectors. You will also analyze malware detections using the tools available in the AMP for Endpoints console, Cisco Threat Grid, and the Cisco Orbital Advanced Search Tool. Course Outline Introducing Cisco AMP Technologies Introducing AMP for Endpoints Overview and Architecture Navigating the Console Interface Using Cisco AMP for Endpoints Identifying Attacks Analyzing Malware Managing Outbreak Control Creating Endpoint Policies Working with AMP for Endpoint Groups Using Orbital for Endpoint Visibility Introducing AMP REST API Navigating Accounts

Audience This is an intermediate course for system and database administrators, application developers, and other individuals who need a technical introduction to selected new features of Db2 13 for z/OS. Prerequisites You should have practical experience with Db2 for z/OS Duration 2 days.  Course Objectives Learn about the new features and enhancements of Db2 for z/OS (v13), including the technical detail of the functional enhancements of this significant new version of Db2 for z/OS. Course Content Unit 1: Db2 v12 Function Levels: Selected Highlights Unit 2: Migrating to Db2 13 Unit 3: Availability & Scalability Unit 4: Performance Unit 5: Application Management and SQL Changes Unit 6: SQL Data Insights Unit 7: Security Unit 8: IBM Db2 Utilities Unit 9: Instrumentation and Serviceability

Duration 2 Days 12 CPD hours This course is intended for This course is intended for network operators, network administrators, network engineers, network architects, security administrators, and security architects responsible for installation, setup, configuration, and administration of the BIG-IP AFM system. This course uses lectures and hands-on exercises to give participants real-time experience in setting up and configuring the BIG-IP Advanced Firewall Manager (AFM) system. Students are introduced to the AFM user interface, stepping through various options that demonstrate how AFM is configured to build a network firewall and to detect and protect against DoS (Denial of Service) attacks. Reporting and log facilities are also explained and used in the course labs. Further Firewall functionality and additional DoS facilities for DNS and SIP traffic are discussed. Module 1: Setting Up the BIG-IP System Introducing the BIG-IP System Initially Setting Up the BIG-IP System Archiving the BIG-IP System Configuration Leveraging F5 Support Resources and Tools Module 2: AFM Overview AFM Overview AFM Availability AFM and the BIG-IP Security Menu Packet Processing Rules and Direction Rules Contexts and Processing Inline Rule Editor Module 3: Network Firewall AFM Firewalls Contexts Modes Packet Processing Rules and Direction Rules Contexts and Processing Inline Rule Editor Configuring Network Firewall Network Firewall Rules and Policies Network Firewall Rule Creation Identifying Traffic by Region with Geolocation Identifying Redundant and Conflicting Rules Identifying Stale Rules Prebuilding Firewall Rules with Lists and Schedules Rule Lists Address Lists Port Lists Schedules Network Firewall Policies Policy Status and Management Other Rule Actions Redirecting Traffic with Send to Virtual Checking Rule Processing with Packet Tester Examining Connections with Flow Inspector Module 4: Logs Event Logs Logging Profiles Limiting Log Messages with Log Throttling Enabling Logging in Firewall Rules BIG-IP Logging Mechanisms Log Publisher Log Destination Filtering Logs with the Custom Search Facility Logging Global Rule Events Log Configuration Changes QKView and Log Files SNMP MIB SNMP Traps Module 5: IP Intelligence Overview Feature 1 Dynamic White and Black Lists Black List Categories Feed Lists IP Intelligence Policies IP Intelligence Log Profile IP Intelligence Reporting Troubleshooting IP Intelligence Lists Feature 2 IP Intelligence Database Licensing Installation Configuration Troubleshooting IP Intelligence iRule Module 6: DoS Protection Denial of Service and DoS Protection Overview Device DoS Protection Configuring Device DoS Protection Variant 1 DoS Vectors Variant 2 DoS Vectors Automatic Threshold Configuration Variant 3 DoS Vectors Device DoS Profiles DoS Protection Profile Dynamic Signatures Dynamic Signatures Configuration DoS iRules Module 7: Reports AFM Reporting Facilities Overview Examining the Status of Particular AFM Features Exporting the Data Managing the Reporting Settings Scheduling Reports Examining AFM Status at High Level Mini Reporting Windows (Widgets) Building Custom Widgets Deleting and Restoring Widgets Dashboards Module 8: DoS White Lists Bypassing DoS Checks with White Lists Configuring DoS White Lists tmsh options Per Profile Whitelist Address List Module 9: DoS Sweep Flood Protection Isolating Bad Clients with Sweep Flood Configuring Sweep Flood Module 10: IP Intelligence Shun Overview Manual Configuration Dynamic Configuration IP Intelligence Policy tmsh options Extending the Shun Feature Route this Traffic to Nowhere - Remotely Triggered Black Hole Route this Traffic for Further Processing - Scrubber Module 11: DNS Firewall Filtering DNS Traffic with DNS Firewall Configuring DNS Firewall DNS Query Types DNS Opcode Types Logging DNS Firewall Events Troubleshooting Module 12: DNS DoS Overview DNS DoS Configuring DNS DoS DoS Protection Profile Device DoS and DNS Module 13: SIP DoS Session Initiation Protocol (SIP) Transactions and Dialogs SIP DoS Configuration DoS Protection Profile Device DoS and SIP Module 14: Port Misuse Overview Port Misuse and Service Policies Building a Port Misuse Policy Attaching a Service Policy Creating a Log Profile Module 15: Network Firewall iRules Overview iRule Events Configuration When to use iRules More Information Module 16: Recap BIG-IP Architecture and Traffic Flow AFM Packet Processing Overview

HTTP streaming training course description This course looks at the delivery of video streams using HTTP adaptive streaming. Both MPEG DASH and HLS are investigated. Hands on sessions primarily involve using Wireshark to analyse streams. What will you learn Use Wireshark to analyse and troubleshoot HTTP video streams. Explain HTTP adaptive streaming works. Evaluate and compare MPEG DASH and HLS. Use tools to create HTTP adaptive streams. HTTP streaming training course details Who will benefit: Anyone working in the broadcast industry. Prerequisites: TCP/IP foundation for engineers Duration 2 days HTTP streaming training course contents What is HTTP streaming? The old way. Progressive downloads versus streaming. Why not UDP and RTP for delivery? Adaptive bit rate streaming. Standards. Hands on Base network setup. Using WireShark for HTTP streams. HTTP protocol stack IP, TCP, IPv6. HTTP. HTTP 1.0, HTTP 1.1, HTTP 2.0, HTTP header fields. HTML 5. Hands on Analysing HTTP. Adaptive bitrate streaming principles Chunks, fragments, segments. Manifest files. Encoding, resolution, bitrates. Addressing, relative and absolute URLs, redirection. When does the client switch streams? Switch points. Hands on Walk through of client behaviours on a stream. HTTP streaming architecture Server components, distribution components, client software. CDN, caching, multiple servers. Hands on Analysing CDN and Internet delivery. TCP and HTTP streaming interactions TCP ACK, TCP connections, unicast only. TCP flow control, TCP and performance. Hands on TCP window sizes. MPEG DASH Stakeholders, DASH architecture and model, codec agnostic, XML, Media Presentation Description, Media Presentation, segment formats. Hands on MPEG DASH analysis. HTTP Live Streaming and others Stakeholders. Media segments, media playlists, master playlists. Adobe HTTP dynamic streaming, Microsoft smooth streaming. Hands on Analysing HLS. Tools mp4dash, mp4fragment, libdash. Apple developer tools for HLS. Hands on Creating segmented content. Security HTTPS, encryption, content protection. Hands on Encryption analysis. Summary Choosing a streaming method. Impact of live versus VoD. Web sockets.