We couldn't find any listings for your search.
Know someone teaching this? Help them become an Educator on Cademy.
Total MPLS VPN for engineers training course description A hands on course concentrating solely on MPLS VPNs. The course begins with a review of VPN basics before moving onto L3VPNs and MBGP, followed by L2VPNs. What will you learn Compare, contrast and evaluate MPLS L2VPNs versus L3VPNs. Describe, configure and troubleshoot MPLS L3VPNs. Configure and troubleshoot MBGP. Describe, configure and troubleshoot MPLS L2VPNs. Total MPLS VPN for engineers training course details Who will benefit: Anyone working with MPLS VPNs. Prerequisites: Concise MPLS for engineers Duration 2 days Total MPLS VPN for engineers training course contents MPLS VPN basics LSR, PE and P router roles. What is a VPN? MPLS VPN types, MPLS VPN comparison, MPLS L3VPN, L2VPN. VPN architectures. Hands on: Building the base network. L3VPN Separate routing tables, The Virtual Routing Table, VRFs, Route Distinguisher (RD), VNPv4 addresses. Hands on: Minimal VRF configuration, routing between customer and provider (PE-CE). MBGP MP-BGP, IPv4 routing, IPv6 routing, VPNv4 addresses, VPNv6 addresses. Exchanging labels. Exchanging routes. Route targets, communities. Route reflectors. Hands on: MBGP setup. MPLS L3VPN troubleshooting. L2VPN Why L2 not L3? Services: TDM, ATM, Frame Relay, Ethernet. Pseudowires. Hands on: Simple L2VPN configuration. Pseudowires VPWS, AToM, Attachment Circuit, Traffic encapsulation, Ethernet over MPLS. Ethernet MTU considerations. VC types. Hands on: PW configuration and troubleshooting. VPLS Ethernet multipoint connectivity. Virtual Forwarding Instance (VFI), Virtual Switching Instance. Flooding, MAC address management, split horizons. Hierarchical VPLS. Signalling: LDP based. BGP based. Auto discovery. Hands on: VPLS configuration and troubleshooting. Next generation L2VPN E-VPN, PBB-EVPN.
Definitive VPNs training course description A hands on course covering VPNs from the basics of benefits and Internet vs. Intranet VPNs through to detailed analysis of the technologies involved in VPNs. All the major VPN protocols are covered including PPPoE, L2TP, SSL, IPsec and dynamic VPNs. MPLS L3 VPNs are also covered. What will you learn Describe what a VPN is and explain the difference between different VPN types. Recognise the design and implementation issues involved in implementing a VPN. Explain how the various technologies involved in a VPN work. Describe and implement: L2TP, IPsec, SSL, MPLS L3 VPNs. Evaluate VPN technologies. Definitive VPNs training course details Who will benefit: Network personnel. Prerequisites: IP Security foundation for engineers. Duration 3 days Definitive VPNs training course contents VPN overview What is a VPN? What is an IP VPN? VPNs vs. Private Data Networks, Internet VPNs, Intranet VPNs, Remote access VPNs, Site to site VPNs, VPN benefits and disadvantages. VPN Tunnelling VPN components, VPN tunnels, tunnel sources, tunnel end points, hardware based VPNs, Firewall based VPNs, software based VPNs, tunnelling topologies, tunnelling protocols, which tunnelling protocol should you use? requirements of tunnels. VPN security components Critical VPN security requirements, Encryption and authentication, Diffie Hellman, DES, 3DES, RSA, PKI, Ca server types, pre shared keys versus certificates, Enrolling with a CA, RADIUS in VPNs. PPP Encapsulation, operation, authentication. Hands on Setting up PPPoE and analysing PPP packets. PPTP Overview, Components, How it works, control and data connections, GRE. Hands on Building a PPTP VPN. L2TP Overview, components, how it works, security, packet authentication, L2TP/IPSec, L2TP/PPP, Layer 2 versus layer 3 tunnelling. Hands on Implementing a L2TP tunnel. IPSec AH, HMAC, ESP, transport and tunnel modes, Security Association, use of encryption and authentication algorithms, manual vs automated key exchange, NAT and other issues. Hands on Implementing an IPSec VPN. Intranet VPNs Headers, architecture, label switching, LDP, MPLS VPNs. VPN products and services PE and CPE, management, various VPN products. VPN issues and architectures VPN architectures: terminate VPN before/on/ after/in parallel with firewall, resilience issues, VRRP, performance issues, QoS and VPNs. documentation.
Essential EVPN training course description Ethernet VPN (E-VPN) and Provider Backbone Bridging E-VPN (PBB-EVPN) are emerging technologies providing Ethernet services over MPLS. This course studies the technologies in E-VPN/PBB-EVPN providing multi-homing, multi pathing, auto discovery, multicast, forwarding and fast convergence. What will you learn Differentiate between E-VPN and PBB-EVPN. Explain how E-VPN operates. Explain how PBB-EVPN operates. Explain how E-VPN provides: Multi homing Multi pathing Auto discovery. Essential EVPN training course details Who will benefit: Network engineers. Staff working for carriers. Prerequisites: Definitive Ethernet switching for engineers Concise MPLS for engineers Duration 2 days Essential EVPN training course contents Introduction to EVPN Network virtualization What Is network virtualization? types of virtual networks, network tunnelling, the consequences of tunnelling, packet load balancing, network interface card behaviour. maximum transmission unit, lack of visibility, VXLAN, protocols to implement the control plane, support for network virtualization technologies, merchant silicon Software, standards. The building blocks of Ethernet VPN A brief history of EVPN, architecture and protocols for traditional EVPN deployment, EVPN in the data center BGP constructs for Virtual networks, address family indicator/subsequent address family indicator, route distinguisher, route target, RD, RT, and BGP processing, route types, modifications to support EVPN over eBGP, keeping the NEXT HOP unmodified, retaining route targets, FRR support for EVPN, automatic propagation of NEXT HOP, RT/RD derivation, what Is not supported in FRR. Bridging with Ethernet VPN An overview of traditional bridging, overview of bridging with EVPN, what Ifs, why does NVE L3 get an advertisement for MACA? handling BUM packets, handling MAC moves, support for dual-attached hosts, the host-switch Interconnect, VXLAN model for dual-attached hosts, switch peering solutions, handling Link failures, duplicate multi-destination frames, ARP/ND suppression. Routing with Ethernet VPN The case for routing in EVPN, routing use cases in the data center, routing models, where is the routing performed? centralized routing, distributed routing, how routing works in EVPN, asymmetric routing, symmetric routing, VRFs in EVPN routing, summarized route announcements, BGP support for EVPN routing, comparing asymmetric and symmetric models, vendor support for EVPN routing. Configuring and administering Ethernet VPN The sample topology, configuration cases, configuring the MTU, the end first: complete FRR configurations, the Invariants: configuration for the spines, firewall, and servers, centralized routing, asymmetric distributed routing, symmetric routing, dissecting the configuration, configuring the underlay, configuring the overlay: FRR configuring the overlay: interfaces, examining an EVPN network, show running configuration, show BGP summary, show EVPN VNIs and VTEPs, identify which VTEP advertised a MAC address, comparing FRR and Cisco EVPN configurations, considerations for deploying EVPN in large networks.
Cyber security training course description This cyber security course focusses on the network side of security. Technologies rather than specific products are studied focussing around the protection of networks using firewalls and VPNs. What will you learn Describe: - Basic security attacks - RADIUS - SSL - VPNs Deploy firewalls and secure networks Explain how the various technologies involved in an IP VPN work. Describe and implement: - L2TP - IPsec - SSL - MPLS, L3, VPNs. Cyber security training course details Who will benefit: Anyone working in the security field. Prerequisites: TCP/IP foundation for engineers Duration 5 days Cyber security training course contents Security review Denial of service, DDOS, data manipulation, data theft, data destruction, security checklists, incident response. Security exploits IP spoofing, SYN attacks, hijacking, reflectors and amplification, keeping up to date with new threats. Hands on port scanning, use a 'hacking' tool. Client and Server security Windows, Linux, Log files, syslogd, accounts, data security. Hands on Server hardening. Firewall introduction What is a firewall? Firewall benefits, concepts. HAnds on launching various attacks on a target. Firewall types Packet filtering, SPI, Proxy, Personal. Software firewalls, hardware firewalls. Firewall products. Hands on Simple personal firewall configuration. Packet filtering firewalls Things to filter in the IP header, stateless vs. stateful filtering. ACLs. Advantages of packet filtering. Hands on Configuring packet filtering firewalls. Stateful packet filtering Stateful algorithms, packet-by-packet inspection, application content filtering, tracks, special handling (fragments, IP options), sessions with TCP and UDP. Firewall hacking detection: SYN attacks, SSL, SSH interception. Hands on SPI firewalls. Proxy firewalls Circuit level, application level, SOCKS. Proxy firewall plusses and minuses. Hands on Proxy firewalls. Firewall architectures Small office, enterprise, service provider, what is a DMZ? DMZ architectures, bastion hosts, multi DMZ. Virtual firewalls, transparent firewalls. Dual firewall design, high availability, load balancing, VRRP. Hands on Resilient firewall architecture. Testing firewalls Configuration checklist, testing procedure, monitoring firewalls, logging, syslog. Hands on Testing firewalls. Encryption Encryption keys, Encryption strengths, Secret key vs Public key, algorithms, systems, SSL, SSH, Public Key Infrastructures. Hands on Password cracking. Authentication Types of authentication, Securid, Biometrics, PGP, Digital certificates, X.509 v3, Certificate authorities, CRLs, RADIUS. Hands on Using certificates. VPN overview What is a VPN? What is an IP VPN? VPNs vs. Private Data Networks, Internet VPNs, Intranet VPNs, Remote access VPNs, Site to site VPNs, VPN benefits and disadvantages. VPN Tunnelling VPN components, VPN tunnels, tunnel sources, tunnel end points, tunnelling topologies, tunnelling protocols, which tunnelling protocol? Requirements of tunnels. L2TP Overview, components, how it works, security, packet authentication, L2TP/IPsec, L2TP/PPP, L2 vs L3 tunnelling. Hands on Implementing a L2TP tunnel. IPsec AH, HMAC, ESP, transport and tunnel modes, Security Association, encryption and authentication algorithms, manual vs automated key exchange, NAT and other issues. Hands on Implementing an IPsec VPN. SSL VPNs Layer 4 VPNs, advantages, disadvantages. SSL. TLS. TLS negotiation, TLS authentication. TLS and certificates. Hands on Implementing a SSL VPN. MPLS VPNs Introduction to MPLS, why use MPLS, Headers, architecture, label switching, LDP, MPLS VPNs, L2 versus L3 VPNs. Point to point versus multipoint MPLS VPNs. MBGP and VRFs and their use in MPLS VPNs. Hands on Implementing a MPLS L3 VPN. Penetration testing Hacking webservers, web applications, Wireless networks and mobile platforms. Concepts, threats, methodology. Hands on Hacking tools and countermeasures.
Network design training course description This course provides you with the knowledge needed to perform the design of a network infrastructure that supports desired network solutions to achieve effective performance, scalability, and availability. We recognise that the role of design does not normally require hands on skills but hands on sessions are used to reinforce the theory not to teach configuration or troubleshooting. What will you learn Create HA enterprise network designs. Develop optimum Layer 3 designs. Design effective modern WAN and data center networks. Develop effective migration approaches to IPv6. Create effective network security designs. Network design training course details Who will benefit: Anyone involved with network design. Prerequisites: TCP/IP Foundation for engineers Duration 5 days Network design training course contents Part I Reliable, resilient enterprise L2/3 network designOptimal Enterprise Campus Design:Enterprise campus design principles, hierarchy, modularity, flexibility, resiliency.EIGRP design:EIGRP Design, Should you use EIGRP?OSPF design: OSPF scalability designs, OSPF area design, OSPF Full-Mesh Design, OSPF Hub-and-Spoke Design, OSPF convergence design and optimization techniques. IS-IS Design:The protocol, IS-IS hierarchical architecture, IS-IS vs OSPF, IS-IS Deep Dive, IS-IS Design Considerations. BGP design:BGP overview, Designing Scalable iBGP Networks, BGP Route Reflector Design, Enhancing the Design of BGP Policies with BGP Communities, Case Study: Designing Enterprise wide BGP Policies Using BGP Communities, BGP Load-Sharing Design.Part II Enterprise IPv6 Design ConsiderationsIPv6 Design Considerations in the Enterprise: IPv6 Deployment and Design Considerations, Considerations for Migration to IPv6 Design, IPv6 Transition Mechanisms, Final Thoughts on IPv6 Transition Mechanisms. Challenges of the Transition to IPv6: IPv6 Services, Link Layer Security Considerations. Part III Modern Enterprise Wide-Area Networks DesignService Provider-Managed VPNs:Choosing Your WAN Connection, Layer 3 MPLS VPNs, Case Study: MPLS VPN Routing Propagation, Layer 2 MPLS VPN Services. Enterprise-Managed WANs: Enterprise-Managed VPNs, GRE, Multipoint GRE, Point-to-Point and Multipoint GRE, IPsec, IPsec and dynamic VTI, DMVPN, Case Study: EIGRP DMVPN, DMVPN and Redundancy, Case Study: MPLS/VPN over GRE/DMVPN, SSL VPN. Enterprise WAN Resiliency Design: WAN Remote-Site Overview, MPLS L3 WAN Design Models, Common L2 WAN Design Models, Common VPN WAN Design Models, 3G/4G VPN Design Models, Remote Site Using Local Internet, Remote-Site LAN, Case Study: Redundancy and Connectivity, NGWAN, SDWAN, and IWAN Solution Overview, IWAN Design Overview, Enterprise WAN and Access Management. Part IV Enterprise Data Center DesignsMultitier Data Center Designs: Case Study: Small Data Centers (Connecting Servers to an Enterprise LAN), Case Study: Two-Tier Data Center Network Architecture, Case Study: Three-Tier Data Center Network Architecture.Trends and Techniques to Design Modern Data Centers: The Need for a New Network Architecture, Limitations of Current Networking Technology, Modern Data Center Design Techniques and Architectures, Multitenant Data Center. SDN:SDN characteristics, How SDN addresses current Networking Limitations, SDN Architecture Components, SDN Network Virtualization overlays. Data Center Connections:Data Center Traffic Flows, The Need for DCI, IP Address Mobility, Case Study: Dark Fiber DCI, Pseudowire DCI. Part V Design QoS for Optimized User ExperienceQoS Overview:QoS Overview, IntServ versus DiffServ, Classification and Marking, Policers and Shapers, Policing Tools: Single-Rate Three-Color Marker, Policing Tools: TwoRate Three-Color Marker, Queuing Tools, Dropping Tools. QoS design principles and best practices: QoS overview, classification and marking design principles, policing and remarking design principles, queuing design principles, dropping design principles, Per-Hop behavior queue design principles, RFC 4594 QoS Recommendation, QoS Strategy Models. Campus QoS, WAN QoS, Data Center QoS.MPLS VPN QoS Design: The Need for QoS in MPLS VPN, Layer 2 Private WAN QoS Administration, Fully Meshed MPLS VPN QoS Administration, MPLS DiffServ Tunneling Modes, Sample MPLS VPN QoS Roles. IPsec VPN QoS Design: The Need for QoS in IPsec VPN, VPN Use Cases and Their QoS Models, IPsec Refresher, Encryption and Classification: Order of Operations, MTU Considerations, DMVPN QoS Considerations. Part VI IP Multicast DesignEnterprise IP Multicast Design: How Does IP Multicast Work? Multicast Protocols, Multicast Forwarding and RPF Check, Multicast Protocol Basics, PIM-SM Overview, Multicast Routing Table, Basic SSM Concepts, Bidirectional PIM. RP discovery, Anycast RP Features, MSDP. Part VII Designing Optimum Enterprise Network SecurityDesigning Security Services and Infrastructure Protection Network Security Zoning, Designing Infrastructure Protection.Designing firewall & IPS solutions: Firewall architectures, virtualized firewalls. Case Study: Application Tier separation, Case Study: Firewalls in a Data Center, Case Study: Firewall High Availability, IPS Architectures, Case Study: Secure Campus Edge Design (Internet and Extranet Connectivity). IP Multicast Security: Multicast Security Challenges, Multicast Network Security Considerations. Designing Network Access Control Solutions:IEEE 802.1X, EAP, 802.1X supplicants, 802.1X phased deployment, Case Study: Authorization Options. Part VIII Design scenariosDesign Case Studies: 1: Enterprise Connectivity, 2: Enterprise BGP with Internet Connectivity, 3: IPv6, 4: Data Center Connectivity, 5: Resilient Enterprise WAN, 6: Secure Enterprise Network, 7: QoS in the Enterprise Network.
MPLS training course description A hands-on introduction to MPLS covering the basics of what MPLS is and how to configure it, through to more advanced concepts such as MPLS VPNs and traffic engineering with MPLS. What will you learn Describe MPLS Explain how MPLS works Describe the interaction between OSPF/IS-IS/BGP and MPLS Describe MPLS traffic engineering MPLS training course details Who will benefit: Anyone working with MPLS. Prerequisites: IP Routing BGP Duration 3 days MPLS training course contents What is MPLS? What does MPLS stand for? What is MPLS? Core MPLS, MPLS and the 7 layer model, MPLS is a protocol, MPLS is a standard, MPLS runs on routers, MPLS history, Why MPLS? For service providers, For enterprises. MPLS Architecture Label Switch Routers, two types of LSR, PE and P router roles, FEC, swapping labels, MPLS packet format, Loops, TTL control. Hands on: Building the base network. Enabling MPLS. Simple testing and troubleshooting of MPLS. Label distribution Label review, label switch path, label distribution methods, piggybacking, Label distribution Protocols, LDP, LDP operation, LDP packets, discovery messages, session messages, advertisement messages, notification message, Label Information Base, routing tables, the LFIB, MPLS forwarding, penultimate hop popping, handling labels, LSP control modes, when to distribute labels, how long to keep labels, aggregation, label merging. Hands on: LDP traffic analysis. MPLS TE and QoS What is MPLS TE? Why TE? TE versus shorted path, how MPLS TE works, CR-LDP, OSPF-TE, IS-IS-TE, TE with BGP, RSVP-TE, MPLS Fast reroute, MPLS QoS. Hands on: Enabling MPLS-TE. BFD BFD, hello the BFD protocol. MPLS VPN What is a VPN? MPLS VPN types, MPLS VPN comparison, MPLS L3 VPN, VRFs, MBGP, MPLS VPN architecture, VRF RD, VRF RT, the label stack, L2 VPNs, VPWS, AToM, VPLS. Hands on: MPLS L3 VPN setup, troubleshooting.
CCNP (ENARSI) training course description The Implementing Cisco Enterprise Advanced Routing and Services (ENARSI) v1.0 gives you the knowledge you need to install, configure, operate, and troubleshoot an enterprise network. This course covers advanced routing and infrastructure technologies, expanding on the topics covered in the Implementing and Operating Cisco Enterprise Network Core Technologies (ENCOR) v1.0 course. This course helps prepare for the exam, Implementing Cisco Enterprise Advanced Routing and Services (300- 410 ENARSI), which leads to the new CCNP What will you learn Gain the knowledge you need to install, configure, operate, and troubleshoot an enterprise network. Qualify for professional-level job roles in advance routing and services Prepare for the Implementing Cisco Enterprise Advanced Routing and Services Exam (300-410 ENARSI). CCNP (ENARSI) training course details Who will benefit: Enterprise network engineers, System engineers, System administrators, Network administrators. Prerequisites: CCNP core Duration 5 days CCNP (ENARSI) training course content Course Objectives Configure classic Enhanced Interior Gateway Routing Protocol (EIGRP) and named EIGRP for IPv4 and IPv6 Optimize classic EIGRP and named EIGRP for IPv4 and IPv6 Troubleshoot classic EIGRP and named EIGRP for IPv4 and IPv6 Configure Open Shortest Path First (OSPF)v2 and OSPFv3 in IPv4 and IPv6 environments Optimize OSPFv2 and OSPFv3 behaviour Troubleshoot OSPFv2 for IPv4 and OSPFv3 for IPv4 and IPv6 Implement route redistribution using filtering mechanisms Troubleshoot redistribution Implement path control using Policy-Based Routing (PBR) and IP Service Level Agreement (SLA) Configure Multiprotocol-Border Gateway Protocol (MPBGP) in IPv4 and IPv6 environments Optimize MPBGP in IPv4 and IPv6 environments Troubleshoot MPBGP for IPv4 and IPv6 Describe the features of Multiprotocol Label Switching (MPLS) Describe the major architectural components of an MPLS VPN Identify the routing and packet forwarding functionalities for MPLS VPNs Explain how packets are forwarded in an MPLS VPN environment Implement Cisco Internetwork Operating System (IOS) Dynamic Multipoint VPNs (DMVPNs) Implement Dynamic Host Configuration Protocol (DHCP) Describe the tools available to secure the IPV6 first hop Troubleshoot Cisco router security features Troubleshoot infrastructure security and services Course Outline Implementing EIGRP Optimizing EIGRP Troubleshooting EIGRP Implementing OSPF Optimizing OSPF Troubleshooting OSPF Configuring Redistribution Troubleshooting Redistribution Implementing Path Control Implementing Internal Border Gateway Protocol (IBGP) Optimizing BGP Implementing MP-BGP Troubleshooting BGP Exploring MPLS Introducing MPLS L3 VPN Architecture Introducing MPLS L3 VPN Routing Configuring Virtual Routing and Forwarding (VRF)-Lite Implementing DMVPN Implementing DHCP Introducing IPv6 First Hop Security Securing Cisco Routers Troubleshooting Infrastructure Security and Services Troubleshooting with DNA Center Assurance. Lab outline Configure EIGRP Using Classic Mode and Named Mode for IPv4 and IPv6 Verify the EIGRP Topology Table Configure EIGRP Stub Routing, Summarization, and Default Routing Configure EIGRP Load Balancing and Authentication Troubleshoot EIGRP Issues Configure OSPFv3 for IPv4 and IPv6 Verify the LinkState Database Configure OSPF Stub Areas and Summarization Configure OSPF Authentication Troubleshoot OSPF Issues Implement Routing Protocol Redistribution Manipulate Redistribution Manipulate Redistribution Using Route Maps Troubleshoot Redistribution Issues Implement PBR Configure IBGP and External Border Gateway Protocol (EBGP) Implement BGP Path Selection Configure BGP Advanced Features Configure BGP Route Reflectors Configure MP-BGP for IPv4 and IPv6 Troubleshoot BGP Issues Configure Routing with VRF -Lite Implement Cisco IOS DMVPN Obtain IPv6 Addresses Dynamically Troubleshoot DHCPv4 and DHCPv6 Issues Troubleshoot IPv4 and IPv6 Access Control List (ACL) Issues Configure and Verify Unicast Reverse Path Forwarding (uRPF) Troubleshoot Network Management Protocol Issues: Lab 1 and 2
Windows certificates training course description A hands-on training course concentrating solely on PKI using Windows certificates. What will you learn Explain how PKI works. Install windows certificates. Configure windows certificates. Troubleshoot windows certificates. Windows certificates training course details Who will benefit: Technical security staff. Prerequisites: Windows server. Duration 3 days Windows certificates training course contents PKI Symmetric encryption, asymmetric encryption, authentication, digital signing, hashing, certificates, Certification Authorities, Root CA, Intermediate CA, policy CA, Issuing CA, Certificate Revocation Lists. Hands on Inspecting a certificate. Policies and PKI Security policy, certification policy. CA hierarchy Impact of CAs on Active Directory, CA architecture, number of tiers, issuing CA organisation, CA configuration files. CA security. Hands on CA installation PKI health tool, monitoring. Certificate revocation When to revoke, OCSP. Hands on Revoking certificates. Certificate validation Discovery, validation, checks, revocation checking, certificate chains, certification publication. Hands on Event viewer. Certificate templates Version 1, version 1, default, modifying templates. Hands on Template management. Roles Criteria roles, CA administrator, Certificate manager, Backup operator, Auditor. Other PKI management roles. Disaster recovery Backups, recovery. Hands on certutil. Issuing certificates The certificate enrolment process, enrolment methods, manual enrolment, automatic enrolment. Trust between organisations Creating Trust, CTLs, common root CA, cross certification, bridge CA. Web servers and certificates SSL encryption, certificate authentication. Hands on Web servers. VPN Hands on Certificate deployment for VPN. WiFi Hands on 802.1X
Firewalls training course description A technical hands on training course covering firewall technologies. This focuses on the whys and hows of firewall technology rather than looking at manufacturer specific issues. What will you learn Design secure firewall protected networks. Test firewalls. Evaluate firewalls Configure firewalls Firewalls training course details Who will benefit: Technical staff wanting to learn about Filrewalls including: Technical network staff. Technical security staff. Prerequisites: IP security foundation for engineers Duration 2 days Firewalls training course contents Firewall introduction Security review, what is a firewall? What do firewalls do? Firewall benefits, concepts. Hands on Configuring the network to be used in later labs, launching various attacks on a target. Firewall types Packet filtering, SPI, Proxy, Personal. Software firewalls, hardware firewalls, blade based firewalls, personal firewalls, which firewall should you use? Firewall products. Hands on Configuring a simple firewall. Packet filtering firewalls Things to filter in the IP header, stateless vs. stateful filtering. ACLs. Advantages of packet filtering. Hands on Configuring packet filtering firewalls. Stateful packet filtering Stateful algorithms, packet-by-packet inspection, application content filtering, tracks, special handling (fragments, IP options), sessions with TCP and UDP. Firewall hacking detection: SYN attacks, SSL, SSH interception. Hands on Stateful packet inspection firewalls. Proxy firewalls Circuit level, application level, SOCKS. Proxy firewall advantages and disadvantages. Hands on Proxy firewalls. Personal firewalls The role of personal firewalls, Windows XP, Zonealarm. Hands on Configuring a personal firewall. Firewall architectures Home based, small office, enterprise, service provider, what is a DMZ? DMZ architectures, bastion hosts, multi DMZ. Virtual firewalls, transparent firewalls. Dual firewall design, high availability, load balancing, VRRP. Hands on Resilient firewall architecture. Securing communications VPNs, IPsec. Firewall configuration of VPNs, integration of dedicated VPN devices and firewalls. Hands on IPSec VPN configuration. Testing firewalls Configuration checklist, testing procedure, monitoring firewalls, logging, syslog. Hands on Testing firewalls.
Securing UNIX systems training course description This course teaches you everything you need to know to build a safe Linux environment. The first section handles cryptography and authentication with certificates, openssl, mod_ssl, DNSSEC and filesystem encryption. Then Host security and hardening is covered with intrusion detection, and also user management and authentication. Filesystem Access control is then covered. Finally network security is covered with network hardening, packet filtering and VPNs. What will you learn Secure UNIX accounts. Secure UNIX file systems. Secure UNIX access through the network. Securing UNIX systems course details Who will benefit: Linux technical staff needing to secure their systems. Prerequisites: Linux system administration (LPIC-1) Duration 5 days Securing UNIX systems course contents Cryptography Certificates and Public Key Infrastructures X.509 certificates, lifecycle, fields and certificate extensions. Trust chains and PKI. openssl. Public and private keys. Certification authority. Manage server and client certificates. Revoke certificates and CAs. Encryption, signing and authentication SSL, TLS, protocol versions. Transport layer security threats, e.g. MITM. Apache HTTPD with mod_ssl for HTTPS service, including SNI and HSTS. HTTPD with mod_ssl to authenticate users using certificates. HTTPD with mod_ssl to provide OCSP stapling. Use OpenSSL for SSL/TLS client and server tests. Encrypted File Systems Block device and file system encryption. dm-crypt with LUKS to encrypt block devices. eCryptfs to encrypt file systems, including home directories and, PAM integration, plain dm-crypt and EncFS. DNS and cryptography DNSSEC and DANE. BIND as an authoritative name server serving DNSSEC secured zones. BIND as an recursive name server that performs DNSSEC validation, KSK, ZSK, Key Tag, Key generation, key storage, key management and key rollover, Maintenance and resigning of zones, Use DANE. TSIG. Host Security Host Hardening BIOS and boot loader (GRUB 2) security. Disable useless software and services, sysctl for security related kernel configuration, particularly ASLR, Exec-Shield and IP / ICMP configuration, Exec-Shield and IP / ICMP configuration, Limit resource usage. Work with chroot environments, Security advantages of virtualization. Host Intrusion Detection The Linux Audit system, chkrootkit, rkhunter, including updates, Linux Malware Detect, Automate host scans using cron, AIDE, including rule management, OpenSCAP. User Management and Authentication NSS and PAM, Enforce password policies. Lock accounts automatically after failed login attempts, SSSD, Configure NSS and PAM for use with SSSD, SSSD authentication against Active Directory, IPA, LDAP, Kerberos and local domains, Kerberos and local domains, Kerberos tickets. FreeIPA Installation and Samba Integration FreeIPA, architecture and components. Install and manage a FreeIPA server and domain, Active Directory replication and Kerberos cross-realm trusts, sudo, autofs, SSH and SELinux integration in FreeIPA. Access Control Discretionary Access Control File ownership and permissions, SUID, SGID. Access control lists, extended attributes and attribute classes. Mandatory Access Control TE, RBAC, MAC, DAC. SELinux, AppArmor and Smack. etwork File Systems NFSv4 security issues and improvements, NFSv4 server and clients, NFSv4 authentication mechanisms (LIPKEY, SPKM, Kerberos), NFSv4 pseudo file system, NFSv4 ACLs. CIFS clients, CIFS Unix Extensions, CIFS security modes (NTLM, Kerberos), mapping and handling of CIFS ACLs and SIDs in a Linux system. Network Security Network Hardening FreeRADIUS, nmap, scan methods. Wireshark, filters and statistics. Rogue router advertisements and DHCP messages. Network Intrusion Detection ntop, Cacti, bandwidth usage monitoring, Snort, rule management, OpenVAS, NASL. Packet Filtering Firewall architectures, DMZ, netfilter, iptables and ip6tables, standard modules, tests and targets. IPv4 and IPv6 packet filtering. Connection tracking, NAT. IP sets and netfilter rules, nftables and nft. ebtables. conntrackd Virtual Private Networks OpenVPN server and clients for both bridged and routed VPN networks. IPsec server and clients for routed VPN networks using IPsec-Tools / racoon. L2TP.