138 Transport courses in Swanley

About this Virtual Instructor Led Training (VILT) Hydrogen will play an increasingly critical role in the future of energy system as it moves forward to supplement and potentially replace fossil fuels in the long run. Offshore wind offers a clean and sustainable renewable resource for green hydrogen production. However, it can also be volatile and presents inherent risks that need to be managed. Even though offshore production of hydrogen has yet to achieve a high state of maturity, many current projects are already dealing with the conditions and effects of offshore production of hydrogen and are grappling with the technological requirements and necessary gas transportation with grid integration. This 2 half-day Virtual Instructor Lead Training (VILT) course will examine the technological options for on-site production of hydrogen by electrolysis (onshore or offshore directly at the platform) as well as the transport of hydrogen (pipeline or ship). This VILT course will also explore the economic considerations and the outlook on future market opportunities. There will be exercises for the participants to work on over the two half-days. This course is delivered in partnership with Fraunhofer IEE. Training Objectives By the end of this VILT course, participants will be able to: Understand the technological attributes and options for green hydrogen production based on electricity from offshore wind. Explore the associated economic analysis for offshore wind hydrogen production, including CAPEX, OPEX, LCOE and LCOH Identify the critical infrastructure and technical configuration required for offshore green hydrogen including transportation networks and grid connectivity Learn from recent findings from current Research & Development projects concerning the differences between onshore and offshore hydrogen production. Target Audience This VILT course is intended: Renewable energy developers and operators Offshore oil & gas operators Energy transport and marine operators Energy policy makers and regulators IPPs and power utilities Training Methods The VILT course will be delivered online in 2 half-day sessions comprising 4 hours per day, including time for lectures, discussion, quizzes and short classroom exercises. Course Duration: 2 half-day sessions, 4 hours per session (8 hours in total). Trainer Trainer 1: Your expert course leader is Director of Energy Process Technology Division at the Fraunhofer Institute for Energy Economics and Energy System Technology, IEE. The research activities of the division link the areas of energy conversion processes and control engineering. The application fields covered are renewable energy technologies, energy storage systems and power to gas with a strong focus on green hydrogen. From 2006 - 2007, he worked as a research analyst of the German Advisory Council on Global Change, WBGU, Berlin. He has extensive training experience from Bachelor and Master courses at different universities as well as in the context of international training activities - recently on hydrogen and PtX for partners in the MENA region and South America. He holds a University degree (Diploma) in Physics, University of Karlsruhe (KIT). Trainer 2: Your expert course leader is Deputy Head of Energy Storage Department at Fraunhofer IEE. Prior to this, he was the director of the Grid Integration Department at SMA Solar Technology AG, one of the world's largest manufacturers of PV power converters. Before joining SMA, he was manager of the Front Office System Planning at Amprion GmbH (formerly RWE TSO), one of the four German transmission system operators. He holds a Degree of Electrical Engineering from the University of Kassel, Germany. In 2003, he finished his Ph.D. (Dr.-Ing.) on the topic of wind power forecasting at the Institute of Solar Energy Supply Technology (now known as Fraunhofer IEE) in Kassel. In 2004, he started his career at RWE TSO with a main focus on wind power integration and congestion management. He is Chairman of the IEC SC 8A 'Grid Integration of Large-capacity Renewable Energy (RE) Generation' and has published several papers about grid integration of renewable energy source and forecasting systems on books, magazines, international conferences and workshops. Trainer 3: Your expert course leader is Deputy Director of the Energy Process Technology division and Head of the Renewable Gases and Bio Energy Department at Fraunhofer IEE. His work is mainly focused on the integration of renewable gases and bioenergy systems into the energy supply structures. He has been working in this field since more than 20 years. He is a university lecturer in national and international master courses. He is member of the scientific advisory council of the European Biogas Association, member of the steering committee of the Association for Technology and Structures in Agriculture, member of the International Advisory Committee (ISAC) of the European Biomass Conference and member of the scientific committees of national bioenergy conferences. He studied mechanical engineering at the University of Darmstadt, Germany. He received his Doctoral degree on the topic of aerothermodynamics of gas turbine combustion chambers. He started his career in renewable energies in 2001, with the topic of biogas fired micro gas turbines. Trainer 4: Your expert course leader has an M. Sc. and she joined Fraunhofer IEE in 2018. In the Division of Energy Process Technology, she is currently working as a Research Associate on various projects related to techno-economic analysis of international PtX projects and advises KfW Development Bank on PtX projects in North Africa. Her focus is on the calculation of electricity, hydrogen and derivative production costs (LCOE, LCOH, LCOA, etc) based on various methods of dynamic investment costing. She also supervises the development of models that simulate different PtX plant configurations to analyze the influence of different parameters on the cost of the final product, and to find the configuration that gives the lowest production cost. She received her Bachelor's degree in Industrial Engineering at the HAWK in Göttingen and her Master's degree in renewable energy and energy efficiency at the University of Kassel. POST TRAINING COACHING SUPPORT (OPTIONAL) To further optimise your learning experience from our courses, we also offer individualized 'One to One' coaching support for 2 hours post training. We can help improve your competence in your chosen area of interest, based on your learning needs and available hours. This is a great opportunity to improve your capability and confidence in a particular area of expertise. It will be delivered over a secure video conference call by one of our senior trainers. They will work with you to create a tailor-made coaching program that will help you achieve your goals faster. Request for further information about post training coaching support and fees applicable for this. Accreditions And Affliations

Essential optical transmission course description Transmission is the process of sending information along a medium of, copper, fibre or wireless. This course looks at transmission techniques for fibre networks. The course aims to demystify the technologies involved by explaining all the buzzwords used in optical transmission. What will you learn Describe various optical transmission technologies. Explain how SDH and OTN work. Explain how WDM, CWDM and DWDM work. Explain PON, GPON and GEPON. Essential optical transmission course details Who will benefit: Anyone working in telecommunications. Prerequisites: None. Duration 2 days Essential optical transmission course contents Transmission basics nsmission basics Systems, media, signals. Signal degradation, noise, distortion, attenuation. Digital, analogue. Modulation, encoding. Fibre transmission Fibre vs copper, optical transmission, fibre characteristics, fibre component parts. Multi Mode Fibre (MMF). Single Mode Fibre (SMF). Fibre connections. Lasers. Attenuations, dispersion, optical signal noise ratios (OSNR) and their effects. Channel Spacing and Signal Direction. Limiting factors to single wavelength. SDH Timing and synchronisation of digital signals, the plesiochronous digital hierarchy (PDH), the synchronous digital hierarchy (SDH), service protection with SDH. TDM. Standards, basic units, frames, STM1 frame, bit rates, STM0, STM1, STM4, STM16, STM64, STM256, SDH architecture, rings, Add drop multiplexors. SDH network topologies, structure of SDH equipment, SDH synchronisation, protection switching in SDH networks, SDH alarm structure, testing of SDH, equipment and systems, Ethernet over SDH. OTN G.709, OTN interface structure, Optical transport modules, ONNI, OCh, OUT, ODU, OPU. G.709 amendments. WDM overview Multiplexing, TDM, WDM benefits. WDM standards. CWDM vs. DWDM. Four Wave Mixing (FWM). Impact and countermeasures to FWM on WDM. DWDM ITU G.694.1, channel and spacing. Optical Terminal Multiplexers (OTM). Optical Add/Drop Multiplexers (OADM). Adding versus dropping. Optical Amplifiers. Erbium Doped Fibre Amplifiers (EDFA). Transponders and Combiners. Optical and Electrical Cross Connects (OXCs/DXCs). Cross Connect types (Transparent/Opaque). Advantages and disadvantages of various Optical cross connects. FTTx Fibre installation and air blown fibre, FTTH, FTTC, FTTN, FTTD, FFTH topologies and wavelengths, active or passive optical network. PON variants Gigabit passive optical network (GPON), Gigabit Ethernet passive optical network (GEPON), Time division PON (TDM-PON), XG-PON, Wave Division Multiplexing PON (WDM-PON), 1Gbps, 10Gbps, 40Ggps, 100Gbps FSAN (Full Service Access Network) NGA (Next Generation Access), Strategies for TDM-PON to WDM-PON migration, Architecture of NG-PON (hybrid WDM/TDM PON), Additional services than triple play.

SMTP training course description A hands on course focusing on the workings of email systems and the standard protocols that they use. The course is not specific to any particular implementation, but some vendor specifics are noted. Linux and Microsoft machines are used in hands on sessions to reinforce the theory of major sessions. The course concentrates on troubleshooting and interworking using network sniffing and protocol inspection rather than "which buttons to push". What will you learn Describe and explain SMTP MIME POP3 IMAP PGP, GPG, S/MIME SPF, DKIM, DMARC Configure mail routing Secure email systems SMTP training course details Who will benefit: Technical staff responsible for email systems. Prerequisites: TCP/IP foundation for engineers. Duration 3 days SMTP training course contents SMTP architecture What is SMTP, email before SMTP, SMTP history, the different protocols, clients, servers. Email composition, transmission, delivering emails, storing and reading emails. MUAs, MTAs, POP3, IMAP, SMTP, DNS, webmail. Hands on Setting up MTAs and MUAs and sending a simple email using telnet. The SMTP protocol SMTP protocol stack, SMTP headers, HELO, SMTP mail, MAIL FROM, RCPT TO, DATA, SMTPUTF8, 8BITMIME, TURN, EHLO, ETRN, 3 digit replies. Hands on Analysing SMTP packets on a network. DNS and SMTP SMTP forwarding, SMTP relays, interoperation, how SMTP uses DNS, MX records. Hands on Setting up mail relays. SMTP headers IMF data, From, to, cc, bcc, sender and recipient headers, message Ids, received trails, in-reply-to, received-SPF, mail list headers. Hands on Using clients to analyse details from mail headers, including true originators and path of emails. MIME Email attachments, MIME versions, content type headers, encoding, base 64, binary data, multi part headers, troubleshooting attachments. Hands on Analysing MIME headers and attachments. POP3 What is POP3, where to use POP3, authorisation, transactions, POP3 commands: USER, PASS, STAT, LIST, RETR, DELE. Hands on Setting up a POP3 server, analysing POP3 packets on a network. IMAP and IMAPS What is IMAP, where to use IMAP, authorisation, mailbox structure, IMAP commands: LOGIN, AUTHENTICATE, LIST, CREATE, Examine (message flags), SELECT, STORE. Hands on Setting up an IMAP server and analysing IMAP packets on a network. Interoperation Mail gateways, addressing, Exchange, sendmail. Email security Basics, Transport level: STARTTLS. Content: PGP/GPG, mail signing and encryption, S/MIME, digital certificates, secure email submission. Hands on Setting up and using a PGP key, configure MTAs to use TLS. Email authentication and spam prevention Mail relays, grey listing, block list & RBL, DNSBL (Real-time Black hole List), White list, SPF, Domain Keys Identified Mail (DKIM), Author Domain Signing Practices (ADSP), Abuse Report Format (ARF), Domain-based Message Authentication, Reporting and Conformance (DMARC). Hands on Relay spamming and the blocking spamming.

Transport Compliance, Audits, Health and Safety, HGV compliance, PSV compliance, Compliance, Templates, Toolbox Talk, Professional Development, Assistance, Operator Licence assistance,

LTE Airside training course description This course provides a concise insight into the LTE airside. Key parts of the course are detailed looks at the air interface protocol stack, cell acquisition, transmission and reception of data and of he layer 1 procedures along with layer 2 procedures. What will you learn Explain the RF optimisation flowchart. Describe the importance of Reference Signal Received Power (RSRP). List many of the 3GPP recommended KPIs. Describe the concept of APN AMBR and UE AMBR within LTE. Describe the use of planning and optimisation computer tools. LTE Airside training course details Who will benefit: Anyone working with LTE. Prerequisites: Essential LTE Duration 2 days LTE Airside training course contents Introduction and review of LTE This section describes the requirements of LTE and key technical features, and reviews the system architecture. LTE Architecture, UE, E-UTRAN and EPC. Specifications. OFDMA, SC-FDMA and MIMO antennas This section describes the techniques used in the LTE air interface, notably orthogonal frequency division multiple access (OFDMA) and multiple input multiple output (MIMO) antennas. Communication techniques for fading multipath channels. OFDMA, FFT processing and cyclic prefix insertion. SC-FDMA in the LTE uplink. Multiple antenna techniques including transmit & receive diversity and spatial multiplexing. Introduction to the air interface This section covers the operation of the air interface, the channels that it uses, and the mapping to the time and frequency domains of OFDMA and SC-FDMA. Air interface protocol stack. Logical, transport and physical channels. Frame and slot structure, the resource grid. Resource element mapping of the physical channels and physical signals. LTE spectrum allocation. Cell acquisition This is the first of three sections covering the air interface physical layer. Here, we cover mobile procedures to start low-level communications with the cell, and base station transmission of the corresponding information. Primary/secondary synchronisation signals. Downlink reference signals. The master information block. Physical control format indicator channel. Organisation and transmission of the system information. Data transmission and reception In this section, we cover procedures used for data transmission and reception on the shared channels, and describe in detail the individual steps. Data transmission and reception on the uplink and downlink. Scheduling commands and grants on the PDCCH. DL-SCH and UL-SCH. Physical channel processing of the PDSCH and PUSCH. Hybrid ARQ indicators on the PHICH. Uplink control information on the PUCCH. Uplink demodulation and sounding reference signals. Additional physical layer procedure This section concludes our discussion of the air interface physical layer, by discussing a number of procedures that support its operation. Transmission of the physical random access channel. Contention and non-contention based random access procedures. Discontinuous transmission in idle and connected modes. Uplink power control and timing advance. Air interface layer 2 This section describes the architecture and operation of layer 2 of the air interface protocol stack. MAC protocol, interactions with the physical layer, use for scheduling. RLC protocol, transparent, unacknowledged and acknowledged modes. PDCP, including header compression, security functions and recovery from handover.

Securing UNIX systems training course description This course teaches you everything you need to know to build a safe Linux environment. The first section handles cryptography and authentication with certificates, openssl, mod_ssl, DNSSEC and filesystem encryption. Then Host security and hardening is covered with intrusion detection, and also user management and authentication. Filesystem Access control is then covered. Finally network security is covered with network hardening, packet filtering and VPNs. What will you learn Secure UNIX accounts. Secure UNIX file systems. Secure UNIX access through the network. Securing UNIX systems course details Who will benefit: Linux technical staff needing to secure their systems. Prerequisites: Linux system administration (LPIC-1) Duration 5 days Securing UNIX systems course contents Cryptography Certificates and Public Key Infrastructures X.509 certificates, lifecycle, fields and certificate extensions. Trust chains and PKI. openssl. Public and private keys. Certification authority. Manage server and client certificates. Revoke certificates and CAs. Encryption, signing and authentication SSL, TLS, protocol versions. Transport layer security threats, e.g. MITM. Apache HTTPD with mod_ssl for HTTPS service, including SNI and HSTS. HTTPD with mod_ssl to authenticate users using certificates. HTTPD with mod_ssl to provide OCSP stapling. Use OpenSSL for SSL/TLS client and server tests. Encrypted File Systems Block device and file system encryption. dm-crypt with LUKS to encrypt block devices. eCryptfs to encrypt file systems, including home directories and, PAM integration, plain dm-crypt and EncFS. DNS and cryptography DNSSEC and DANE. BIND as an authoritative name server serving DNSSEC secured zones. BIND as an recursive name server that performs DNSSEC validation, KSK, ZSK, Key Tag, Key generation, key storage, key management and key rollover, Maintenance and resigning of zones, Use DANE. TSIG. Host Security Host Hardening BIOS and boot loader (GRUB 2) security. Disable useless software and services, sysctl for security related kernel configuration, particularly ASLR, Exec-Shield and IP / ICMP configuration, Exec-Shield and IP / ICMP configuration, Limit resource usage. Work with chroot environments, Security advantages of virtualization. Host Intrusion Detection The Linux Audit system, chkrootkit, rkhunter, including updates, Linux Malware Detect, Automate host scans using cron, AIDE, including rule management, OpenSCAP. User Management and Authentication NSS and PAM, Enforce password policies. Lock accounts automatically after failed login attempts, SSSD, Configure NSS and PAM for use with SSSD, SSSD authentication against Active Directory, IPA, LDAP, Kerberos and local domains, Kerberos and local domains, Kerberos tickets. FreeIPA Installation and Samba Integration FreeIPA, architecture and components. Install and manage a FreeIPA server and domain, Active Directory replication and Kerberos cross-realm trusts, sudo, autofs, SSH and SELinux integration in FreeIPA. Access Control Discretionary Access Control File ownership and permissions, SUID, SGID. Access control lists, extended attributes and attribute classes. Mandatory Access Control TE, RBAC, MAC, DAC. SELinux, AppArmor and Smack. etwork File Systems NFSv4 security issues and improvements, NFSv4 server and clients, NFSv4 authentication mechanisms (LIPKEY, SPKM, Kerberos), NFSv4 pseudo file system, NFSv4 ACLs. CIFS clients, CIFS Unix Extensions, CIFS security modes (NTLM, Kerberos), mapping and handling of CIFS ACLs and SIDs in a Linux system. Network Security Network Hardening FreeRADIUS, nmap, scan methods. Wireshark, filters and statistics. Rogue router advertisements and DHCP messages. Network Intrusion Detection ntop, Cacti, bandwidth usage monitoring, Snort, rule management, OpenVAS, NASL. Packet Filtering Firewall architectures, DMZ, netfilter, iptables and ip6tables, standard modules, tests and targets. IPv4 and IPv6 packet filtering. Connection tracking, NAT. IP sets and netfilter rules, nftables and nft. ebtables. conntrackd Virtual Private Networks OpenVPN server and clients for both bridged and routed VPN networks. IPsec server and clients for routed VPN networks using IPsec-Tools / racoon. L2TP.

NPORS Loading Shovel (N209)

Python training course description This Python course focusses on teaching Python for use in network automation and network DevOps. We focus on getting delegates up and running with Python and network automation as quickly as possible rather than making them great programmers. In other words we concentrate on enabling delegates to use network automation libraries such as netmiko, NAPALM and Nornir, and APIs such as NETCONF and RESTCONF rather than enabling delegates to produce object oriented programs. Hands on sessions use Cisco and Juniper devices. What will you learn Run Python programs. Read Python programs. Write Python programs. Debug Python programs. Automate network tasks with Python programs. Configure network devices with Python. Collect data from network devices with Python. Python training course details Who will benefit: Network engineers. Prerequisites: TCP/IP Foundation Duration 5 days Python training course contents What is Python? Programming languages, Why Python? Python in interactive mode, Python scripts, ipython, Python version 2 versus version 3. A simple Python script. Comments. Hands on Installing Python, Hello world. A network example On box vs off box Python. telnet, ssh, NETCONF, HTTP, APIs, manufacturers and API support, analysis of a simple telnetlib program. Hands on Using Python to retrieve the configuration from a network device. Using wireshark to analyse the actions. Python basics I/O, operators, variables and assignment, types, indentation, loops and conditionals. Hands on Modifying the telnet program, changing configurations on a network devices. Functions, classes and methods What are functions, calling functions, builtin functions, useful builtin functions, file handling, classes, objects, creating instances. Hands on Storing configurations in files, configuring devices from files, using an inventory file to work on multiple devices. Libraries and modules Modules, files and packages, import, from-import, Python standard library, other packages, pip install, executing other programs. Managing python libraries. Hands on Using pip, installing and using ipaddress, subprocess to access netsnmp. For the more advanced, using the sockets library. Paramiko and netmiko SSH, enabling SSH on devices, keys. Paramiko versus netmiko, example scripts. pexpect. Hands on Configuring VLANs from Python. pySNMP Gathering facts using previous methods, SNMP review, pySNMP GET, pySNMP and SNMPv3. easySNMP library. Hands on Walking a MIB from Python. NETCONF What is NETCONF? Enabling NETCONF on devices, A first ncclient script, device handlers, get_config, edit_config, copy_config, delete_config, commit, validate, pyEZ, utils_config, utils.sw. Hands on Configuration using ncclient and PyEZ. This session is expanded for those interesting in JunOS automation. Manipulating configuration files Builtin functions, string handling. Unicode. Sequences, strings, lists, tuples. Dictionaries. TextFSM. Regular expressions. JSON, YAML, XML, YANG, Jinja2, templates. Hands on Jinja2 templating with Python to configure network devices. NAPALM Getters, configuration operations, supported devices, NAPALM transport, Config-replace, Config-merge, Compare config, Atomic changes, rollback. Example NAPLAM scripts. Hands on Using NAPALM to gather facts, Using NAPALM for configuration management REST and RESTCONF What is REST, HTTP methods, GET, POST, cURL, Postman, Python requests library. RESTCONF, a RESTCONF example. Hands on Modifying a configuration using RESTCONF. Scapy What is scapy, Scapy in interactive mode, Scapy as a module. Hands on Packet crafting from Python. Warning Errors and exceptions, Exception handling, try, except. Memory management. Garbage collection. Context management, With. Hands on Improving Python code. Nornir What is Nornir? A network automation framework, inventories, connection management and parallelization. Nornir architecture and other libraires. Hands on Setting up nornir, nornir fact gathering, nornir tasks. Optional Writing your own functions, Writing your own classes. pyntc. Hands on Writing reusable code.

Securing Linux systems training course description This course teaches you everything you need to know to build a safe Linux environment. The first section handles cryptography and authentication with certificates, openssl, mod_ssl, DNSSEC and filesystem encryption. Then Host security and hardening is covered with intrusion detection, and also user management and authentication. Filesystem Access control is then covered. Finally network security is covered with network hardening, packet filtering and VPNs. What will you learn Secure Linux accounts. Secure Linux file systems. Secure Linux access through the network. Securing Linux systems training course details Who will benefit: Linux technical staff needing to secure their systems. Prerequisites: Linux system administration (LPIC-1) Duration 5 days Securing Linux systems training course contents Cryptography Certificates and Public Key Infrastructures X.509 certificates, lifecycle, fields and certificate extensions. Trust chains and PKI. openssl. Public and private keys. Certification authority. Manage server and client certificates. Revoke certificates and CAs. Encryption, signing and authentication SSL, TLS, protocol versions. Transport layer security threats, e.g. MITM. Apache HTTPD with mod_ssl for HTTPS service, including SNI and HSTS. HTTPD with mod_ssl to authenticate users using certificates. HTTPD with mod_ssl to provide OCSP stapling. Use OpenSSL for SSL/TLS client and server tests. Encrypted File Systems Block device and file system encryption. dm-crypt with LUKS to encrypt block devices. eCryptfs to encrypt file systems, including home directories and, PAM integration, plain dm-crypt and EncFS. DNS and cryptography DNSSEC and DANE. BIND as an authoritative name server serving DNSSEC secured zones. BIND as an recursive name server that performs DNSSEC validation, KSK, ZSK, Key Tag, Key generation, key storage, key management and key rollover, Maintenance and resigning of zones, Use DANE. TSIG. Host Security Host Hardening BIOS and boot loader (GRUB 2) security. Disable useless software and services, sysctl for security related kernel configuration, particularly ASLR, Exec-Shield and IP / ICMP configuration, Exec-Shield and IP / ICMP configuration, Limit resource usage. Work with chroot environments, Security advantages of virtualization. Host Intrusion Detection The Linux Audit system, chkrootkit, rkhunter, including updates, Linux Malware Detect, Automate host scans using cron, AIDE, including rule management, OpenSCAP. User Management and Authentication NSS and PAM, Enforce password policies. Lock accounts automatically after failed login attempts, SSSD, Configure NSS and PAM for use with SSSD, SSSD authentication against Active Directory, IPA, LDAP, Kerberos and local domains, Kerberos and local domains, Kerberos tickets. FreeIPA Installation and Samba Integration FreeIPA, architecture and components. Install and manage a FreeIPA server and domain, Active Directory replication and Kerberos cross-realm trusts, sudo, autofs, SSH and SELinux integration in FreeIPA. Access Control Discretionary Access Control File ownership and permissions, SUID, SGID. Access control lists, extended attributes and attribute classes. Mandatory Access Control TE, RBAC, MAC, DAC. SELinux, AppArmor and Smack. etwork File Systems NFSv4 security issues and improvements, NFSv4 server and clients, NFSv4 authentication mechanisms (LIPKEY, SPKM, Kerberos), NFSv4 pseudo file system, NFSv4 ACLs. CIFS clients, CIFS Unix Extensions, CIFS security modes (NTLM, Kerberos), mapping and handling of CIFS ACLs and SIDs in a Linux system. Network Security Network Hardening FreeRADIUS, nmap, scan methods. Wireshark, filters and statistics. Rogue router advertisements and DHCP messages. Network Intrusion Detection ntop, Cacti, bandwidth usage monitoring, Snort, rule management, OpenVAS, NASL. Packet Filtering Firewall architectures, DMZ, netfilter, iptables and ip6tables, standard modules, tests and targets. IPv4 and IPv6 packet filtering. Connection tracking, NAT. IP sets and netfilter rules, nftables and nft. ebtables. conntrackd Virtual Private Networks OpenVPN server and clients for both bridged and routed VPN networks. IPsec server and clients for routed VPN networks using IPsec-Tools / racoon. L2TP.

Cyber security training course description This cyber security course focusses on the network side of security. Technologies rather than specific products are studied focussing around the protection of networks using firewalls and VPNs. What will you learn Describe: - Basic security attacks - RADIUS - SSL - VPNs Deploy firewalls and secure networks Explain how the various technologies involved in an IP VPN work. Describe and implement: - L2TP - IPsec - SSL - MPLS, L3, VPNs. Cyber security training course details Who will benefit: Anyone working in the security field. Prerequisites: TCP/IP foundation for engineers Duration 5 days Cyber security training course contents Security review Denial of service, DDOS, data manipulation, data theft, data destruction, security checklists, incident response. Security exploits IP spoofing, SYN attacks, hijacking, reflectors and amplification, keeping up to date with new threats. Hands on port scanning, use a 'hacking' tool. Client and Server security Windows, Linux, Log files, syslogd, accounts, data security. Hands on Server hardening. Firewall introduction What is a firewall? Firewall benefits, concepts. HAnds on launching various attacks on a target. Firewall types Packet filtering, SPI, Proxy, Personal. Software firewalls, hardware firewalls. Firewall products. Hands on Simple personal firewall configuration. Packet filtering firewalls Things to filter in the IP header, stateless vs. stateful filtering. ACLs. Advantages of packet filtering. Hands on Configuring packet filtering firewalls. Stateful packet filtering Stateful algorithms, packet-by-packet inspection, application content filtering, tracks, special handling (fragments, IP options), sessions with TCP and UDP. Firewall hacking detection: SYN attacks, SSL, SSH interception. Hands on SPI firewalls. Proxy firewalls Circuit level, application level, SOCKS. Proxy firewall plusses and minuses. Hands on Proxy firewalls. Firewall architectures Small office, enterprise, service provider, what is a DMZ? DMZ architectures, bastion hosts, multi DMZ. Virtual firewalls, transparent firewalls. Dual firewall design, high availability, load balancing, VRRP. Hands on Resilient firewall architecture. Testing firewalls Configuration checklist, testing procedure, monitoring firewalls, logging, syslog. Hands on Testing firewalls. Encryption Encryption keys, Encryption strengths, Secret key vs Public key, algorithms, systems, SSL, SSH, Public Key Infrastructures. Hands on Password cracking. Authentication Types of authentication, Securid, Biometrics, PGP, Digital certificates, X.509 v3, Certificate authorities, CRLs, RADIUS. Hands on Using certificates. VPN overview What is a VPN? What is an IP VPN? VPNs vs. Private Data Networks, Internet VPNs, Intranet VPNs, Remote access VPNs, Site to site VPNs, VPN benefits and disadvantages. VPN Tunnelling VPN components, VPN tunnels, tunnel sources, tunnel end points, tunnelling topologies, tunnelling protocols, which tunnelling protocol? Requirements of tunnels. L2TP Overview, components, how it works, security, packet authentication, L2TP/IPsec, L2TP/PPP, L2 vs L3 tunnelling. Hands on Implementing a L2TP tunnel. IPsec AH, HMAC, ESP, transport and tunnel modes, Security Association, encryption and authentication algorithms, manual vs automated key exchange, NAT and other issues. Hands on Implementing an IPsec VPN. SSL VPNs Layer 4 VPNs, advantages, disadvantages. SSL. TLS. TLS negotiation, TLS authentication. TLS and certificates. Hands on Implementing a SSL VPN. MPLS VPNs Introduction to MPLS, why use MPLS, Headers, architecture, label switching, LDP, MPLS VPNs, L2 versus L3 VPNs. Point to point versus multipoint MPLS VPNs. MBGP and VRFs and their use in MPLS VPNs. Hands on Implementing a MPLS L3 VPN. Penetration testing Hacking webservers, web applications, Wireless networks and mobile platforms. Concepts, threats, methodology. Hands on Hacking tools and countermeasures.