220 VPN courses

MPLS training course description A hands-on introduction to MPLS covering the basics of what MPLS is and how to configure it, through to more advanced concepts such as MPLS VPNs and traffic engineering with MPLS. What will you learn Describe MPLS Explain how MPLS works Describe the interaction between OSPF/IS-IS/BGP and MPLS Describe MPLS traffic engineering MPLS training course details Who will benefit: Anyone working with MPLS. Prerequisites: IP Routing BGP Duration 3 days MPLS training course contents What is MPLS? What does MPLS stand for? What is MPLS? Core MPLS, MPLS and the 7 layer model, MPLS is a protocol, MPLS is a standard, MPLS runs on routers, MPLS history, Why MPLS? For service providers, For enterprises. MPLS Architecture Label Switch Routers, two types of LSR, PE and P router roles, FEC, swapping labels, MPLS packet format, Loops, TTL control. Hands on: Building the base network. Enabling MPLS. Simple testing and troubleshooting of MPLS. Label distribution Label review, label switch path, label distribution methods, piggybacking, Label distribution Protocols, LDP, LDP operation, LDP packets, discovery messages, session messages, advertisement messages, notification message, Label Information Base, routing tables, the LFIB, MPLS forwarding, penultimate hop popping, handling labels, LSP control modes, when to distribute labels, how long to keep labels, aggregation, label merging. Hands on: LDP traffic analysis. MPLS TE and QoS What is MPLS TE? Why TE? TE versus shorted path, how MPLS TE works, CR-LDP, OSPF-TE, IS-IS-TE, TE with BGP, RSVP-TE, MPLS Fast reroute, MPLS QoS. Hands on: Enabling MPLS-TE. BFD BFD, hello the BFD protocol. MPLS VPN What is a VPN? MPLS VPN types, MPLS VPN comparison, MPLS L3 VPN, VRFs, MBGP, MPLS VPN architecture, VRF RD, VRF RT, the label stack, L2 VPNs, VPWS, AToM, VPLS. Hands on: MPLS L3 VPN setup, troubleshooting.

CCNP (ENARSI) training course description The Implementing Cisco Enterprise Advanced Routing and Services (ENARSI) v1.0 gives you the knowledge you need to install, configure, operate, and troubleshoot an enterprise network. This course covers advanced routing and infrastructure technologies, expanding on the topics covered in the Implementing and Operating Cisco Enterprise Network Core Technologies (ENCOR) v1.0 course. This course helps prepare for the exam, Implementing Cisco Enterprise Advanced Routing and Services (300- 410 ENARSI), which leads to the new CCNP What will you learn Gain the knowledge you need to install, configure, operate, and troubleshoot an enterprise network. Qualify for professional-level job roles in advance routing and services Prepare for the Implementing Cisco Enterprise Advanced Routing and Services Exam (300-410 ENARSI). CCNP (ENARSI) training course details Who will benefit: Enterprise network engineers, System engineers, System administrators, Network administrators. Prerequisites: CCNP core Duration 5 days CCNP (ENARSI) training course content Course Objectives Configure classic Enhanced Interior Gateway Routing Protocol (EIGRP) and named EIGRP for IPv4 and IPv6 Optimize classic EIGRP and named EIGRP for IPv4 and IPv6 Troubleshoot classic EIGRP and named EIGRP for IPv4 and IPv6 Configure Open Shortest Path First (OSPF)v2 and OSPFv3 in IPv4 and IPv6 environments Optimize OSPFv2 and OSPFv3 behaviour Troubleshoot OSPFv2 for IPv4 and OSPFv3 for IPv4 and IPv6 Implement route redistribution using filtering mechanisms Troubleshoot redistribution Implement path control using Policy-Based Routing (PBR) and IP Service Level Agreement (SLA) Configure Multiprotocol-Border Gateway Protocol (MPBGP) in IPv4 and IPv6 environments Optimize MPBGP in IPv4 and IPv6 environments Troubleshoot MPBGP for IPv4 and IPv6 Describe the features of Multiprotocol Label Switching (MPLS) Describe the major architectural components of an MPLS VPN Identify the routing and packet forwarding functionalities for MPLS VPNs Explain how packets are forwarded in an MPLS VPN environment Implement Cisco Internetwork Operating System (IOS) Dynamic Multipoint VPNs (DMVPNs) Implement Dynamic Host Configuration Protocol (DHCP) Describe the tools available to secure the IPV6 first hop Troubleshoot Cisco router security features Troubleshoot infrastructure security and services Course Outline Implementing EIGRP Optimizing EIGRP Troubleshooting EIGRP Implementing OSPF Optimizing OSPF Troubleshooting OSPF Configuring Redistribution Troubleshooting Redistribution Implementing Path Control Implementing Internal Border Gateway Protocol (IBGP) Optimizing BGP Implementing MP-BGP Troubleshooting BGP Exploring MPLS Introducing MPLS L3 VPN Architecture Introducing MPLS L3 VPN Routing Configuring Virtual Routing and Forwarding (VRF)-Lite Implementing DMVPN Implementing DHCP Introducing IPv6 First Hop Security Securing Cisco Routers Troubleshooting Infrastructure Security and Services Troubleshooting with DNA Center Assurance. Lab outline Configure EIGRP Using Classic Mode and Named Mode for IPv4 and IPv6 Verify the EIGRP Topology Table Configure EIGRP Stub Routing, Summarization, and Default Routing Configure EIGRP Load Balancing and Authentication Troubleshoot EIGRP Issues Configure OSPFv3 for IPv4 and IPv6 Verify the LinkState Database Configure OSPF Stub Areas and Summarization Configure OSPF Authentication Troubleshoot OSPF Issues Implement Routing Protocol Redistribution Manipulate Redistribution Manipulate Redistribution Using Route Maps Troubleshoot Redistribution Issues Implement PBR Configure IBGP and External Border Gateway Protocol (EBGP) Implement BGP Path Selection Configure BGP Advanced Features Configure BGP Route Reflectors Configure MP-BGP for IPv4 and IPv6 Troubleshoot BGP Issues Configure Routing with VRF -Lite Implement Cisco IOS DMVPN Obtain IPv6 Addresses Dynamically Troubleshoot DHCPv4 and DHCPv6 Issues Troubleshoot IPv4 and IPv6 Access Control List (ACL) Issues Configure and Verify Unicast Reverse Path Forwarding (uRPF) Troubleshoot Network Management Protocol Issues: Lab 1 and 2

Windows certificates training course description A hands-on training course concentrating solely on PKI using Windows certificates. What will you learn Explain how PKI works. Install windows certificates. Configure windows certificates. Troubleshoot windows certificates. Windows certificates training course details Who will benefit: Technical security staff. Prerequisites: Windows server. Duration 3 days Windows certificates training course contents PKI Symmetric encryption, asymmetric encryption, authentication, digital signing, hashing, certificates, Certification Authorities, Root CA, Intermediate CA, policy CA, Issuing CA, Certificate Revocation Lists. Hands on Inspecting a certificate. Policies and PKI Security policy, certification policy. CA hierarchy Impact of CAs on Active Directory, CA architecture, number of tiers, issuing CA organisation, CA configuration files. CA security. Hands on CA installation PKI health tool, monitoring. Certificate revocation When to revoke, OCSP. Hands on Revoking certificates. Certificate validation Discovery, validation, checks, revocation checking, certificate chains, certification publication. Hands on Event viewer. Certificate templates Version 1, version 1, default, modifying templates. Hands on Template management. Roles Criteria roles, CA administrator, Certificate manager, Backup operator, Auditor. Other PKI management roles. Disaster recovery Backups, recovery. Hands on certutil. Issuing certificates The certificate enrolment process, enrolment methods, manual enrolment, automatic enrolment. Trust between organisations Creating Trust, CTLs, common root CA, cross certification, bridge CA. Web servers and certificates SSL encryption, certificate authentication. Hands on Web servers. VPN Hands on Certificate deployment for VPN. WiFi Hands on 802.1X

Duration 3 Days 18 CPD hours This course is intended for This course is for Network Engineers looking to specialize in Azure networking solutions. An Azure Network engineer designs and implements core Azure networking infrastructure, hybrid networking connections, load balance traffic, network routing, private access to Azure services, network security and monitoring. The azure network engineer will manage networking solutions for optimal performance, resiliency, scale, and security. This course teaches Network Engineers how to design, implement, and maintain Azure networking solutions. This course covers the process of designing, implementing, and managing core Azure networking infrastructure, Hybrid Networking connections, load balancing traffic, network routing, private access to Azure services, network security and monitoring. Learn how to design and implement a secure, reliable, network infrastructure in Azure and how to establish hybrid connectivity, routing, private access to Azure services, and monitoring in Azure. Prerequisites Prerequisite courses (or equivalent knowledge and hands-on experience): AZ-104T00 - Microsoft Azure Administrator 1 - Introduction to Azure Virtual Networks Explore Azure Virtual Networks Configure public IP services Design name resolution for your virtual network Enable cross-virtual network connectivity with peering Implement virtual network traffic routing Configure internet access with Azure Virtual NAT 2 - Design and implement hybrid networking Design and implement Azure VPN Gateway Connect networks with Site-to-site VPN connections Connect devices to networks with Point-to-site VPN connections Connect remote resources by using Azure Virtual WANs Create a network virtual appliance (NVA) in a virtual hub 3 - Design and implement Azure ExpressRoute Explore Azure ExpressRoute Design an ExpressRoute deployment Configure peering for an ExpressRoute deployment Connect an ExpressRoute circuit to a virtual network Connect geographically dispersed networks with ExpressRoute global reach Improve data path performance between networks with ExpressRoute FastPath Troubleshoot ExpressRoute connection issues 4 - Load balance non-HTTP(S) traffic in Azure Explore load balancing Design and implement Azure load balancer using the Azure portal Explore Azure Traffic Manager 5 - Load balance HTTP(S) traffic in Azure Design Azure Application Gateway Configure Azure Application Gateway Design and configure Azure Front Door 6 - Design and implement network security Get network security recommendations with Microsoft Defender for Cloud Deploy Azure DDoS Protection by using the Azure portal Deploy Network Security Groups by using the Azure portal Design and implement Azure Firewall Secure your networks with Azure Firewall Manager Implement a Web Application Firewall on Azure Front Door 7 - Design and implement private access to Azure Services Explain virtual network service endpoints Define Private Link Service and private endpoint Integrate private endpoint with DNS Integrate your App Service with Azure virtual networks 8 - Design and implement network monitoring Monitor your networks using Azure monitor Monitor your networks using Azure network watcher

Duration 3 Days 18 CPD hours This course is intended for This course benefits individuals responsible for configuring and monitoring devices running the Junos OS. Overview Describe the value of MPLS VPNs. Describe the differences between provider-provisioned VPNs and customer-provisioned VPNs. Describe the differences between Layer 2 VPNs and Layer 3 VPNs. List the provider-provisioned MPLS VPN features supported by the JUNOS software. Describe the roles of a CE device, PE router, and P router in a BGP Layer 3 VPN. Describe the format of the BGP routing information, including VPN-IPv4 addresses and route distinguishers. Describe the propagation of VPN routing information within an AS. List the BGP design constraints to enable Layer 3 VPNs within a provider network. Explain the operation of the Layer 3 VPN data plane within a provider network. Create a routing instance, assign interfaces to a routing instance, create routes in a routing instance, and import/export routes from a routing instance using route distinguishers/route targets. Describe the purpose of BGP extended communities, configure extended BGP extended communities, and use BGP extended communities. List the steps necessary for proper operation of a PE-CE dynamic routing protocol. List the troubleshooting and monitoring techniques for routing instances. Explain the difference between the bgp.l3vpn table and the inet.0 table of a routing instance. Monitor the operation of a CE-PE dynamic routing protocol. Explain the operation of a PE mulit-access interface in a Layer 3 VPN and list commands to modify that behavior. Describe ways to support communication between sites attached to a common PE router. Provision and troubleshoot hub-and-spoke Layer 3 VPNs, Describe the flow of control traffic and data traffic in a hub-and-spoke Layer 3 VPN. Describe QoS mechanisms available in L3VPNs. Configure L3VPN over GRE tunnels. Describe the RFC 4364 VPN options. Describe the carrier-of-carriers model. Configure the carrier-of-carriers and ''Option C'' configuration. Describe the flow of control and data traffic in a draft-rosen multicast VPN. Describe the configuration steps for establishing a draft-rosen multicast VPN. Monitor and verify the operation of draft-rosen multicast VPNs. Describe the flow of control traffic and data traffic in a next-generation multicast VPN. Describe the configuration steps for establishing a next-generation multicast VPN. Describe the configuration steps for establishing a next-generation multicast VPN. Monitor and verify the operation of next-generation multicast VPNs. This three-day course is designed to provide students with MPLS-based Layer 3 virtual private network (VPN) knowledge and configuration examples. Chapter 1: Course Introduction Course Introduction Chapter 2: MPLS VPNs MPLS VPNs Provider-Provisioned VPNs Chapter 3: Layer 3 VPNs Layer 3 VPN Terminology VPN-IPv4 Address Structure Operational Characteristics Chapter 4: Basic Layer 3 VPN Configuration Preliminary Steps PE Router Configuration Lab: Layer 3 VPN with Static and BGP Routing Chapter 5: Layer 3 VPN Scaling and Internet Access Scaling Layer 3 VPNs Public Internet Access Options Lab: LDP over RSVP Tunnels and Public Internet Access Chapter 6: Layer 3 VPNs ? Advanced Topics Exchanging Routes between Routing Instances Hub-and-Spoke Topologies Layer 3 VPN CoS Options Layer 3 VPN and GRE Tunneling Integration Layer 3 VPN and IPSec Integration Layer 3 VPN Egress Protection BGP prefix-independent convergence (PIC) edge for MPLS VPNs VRF Localization Provider Edge Link Protection Support for configuring more than 3 million L3VPN Labels Lab: GRE Tunneling Chapter 7: Interprovider Backbones for Layer 3 VPNs Hierarchical VPN Models Carrier-of-Carriers Model Option C Configuration Lab: Carrier of Carrier Layer 3 VPNs Chapter 8: Troubleshooting Layer 3 VPNs Working with Multiple Layers Troubleshooting Commands on a PE Device Multiaccess Interfaces in Layer 3 VPNs PE and CE-based Traceroutes Layer 3 VPN Monitoring Commands Lab: Troubleshooting Layer 3 VPNs Chapter 9: Draft Rosen Multicast VPNs Multicast Overview Draft Rosen MVPN Overvie Draft Rosen MVPN Operation Configuration Monitoring Chapter 10: Next Generation Multicast VPNs Multicast VPN Overview Next-Generation MVPN Operation Configuration Monitoring Internet Multicast Ingress Replication Internet Multicast Signaling and Data Plane Configuring MVPN Internet Multicast Monitoring MVPN Internet Multicast Lab: MVPN Internet Multicast

Duration 2 Days 12 CPD hours This course is intended for This course benefits individuals responsible for configuring and monitoring devices running the Junos OS. Course Level : Junos Layer 2 VPNs (JL2V) is an advanced-level course. Overview Define the term virtual private network. Describe the business drivers for MPLS VPNs. Describe the differences between Layer 2 VPNs and Layer 3 VPNs. List advantages for the use of MPLS Layer 3 VPNs and Layer 2 VPNs. Describe the roles of a CE device, PE router, and P router in a BGP Layer 2 VPN. Explain the flow of control traffic and data traffic for a BGP Layer 2 VPN. Configure a BGP Layer 2 VPN and describe the benefits and requirements of over-provisioning. Monitor and troubleshoot a BGP Layer 2 VPN. Explain the BGP Layer 2 VPN scaling mechanisms and route reflection. Describe the Junos OS BGP Layer 2 VPN CoS support. Describe the flow of control and data traffic for an LDP Layer 2 circuit. Configure an LDP Layer 2 circuit. Monitor and troubleshoot an LDP Layer 2 circuit. Describe the operation of FEC 129 BGP autodiscovery for Layer 2 VPNs. Configure a FEC 129 BGP autodiscovery Layer 2 VPN. Monitor and troubleshoot a FEC 129 BGP autodiscovery for Layer 2 VPNs. Describe the difference between Layer 2 MPLS VPNs and VPLS. Explain the purpose of the PE device, the CE device, and the P device. Explain the provisioning of CE and PE routers. Describe the signaling process of VPLS. Describe the learning and forwarding process of VPLS. Describe the potential loops in a VPLS environment. Configure BGP, LDP, and FEC 129 BGP autodiscovery VPLS. Troubleshoot VPLS. Describe the purpose and features of Ethernet VPN. Configure Ethernet VPN. Monitor and troubleshoot Ethernet VPN. Describe the Junos OS support for hierarchical VPN models. Describe the Junos OS support for Carrier-of-Carriers VPN Option C. Configure the interprovider VPN Option C. Describe the Junos OS support for multisegment pseudowire for FEC 129. Describe and configure circuit cross-connect (CCC). This two-day course is designed to provide students with MPLS-based Layer 2 virtual private network (VPN) knowledge and configuration examples. Course IntroductionMPLS VPNs MPLS VPNs Provider-Provisioned VPNs BGP Layer 2 VPNs Overview of Layer 2 Provider-Provisioned VPNs BGP Layer 2 VPN Operational Model: Control Plane BGP Layer 2 VPN Operational Model: Data Plane Preliminary BGP Layer 2 VPN Configuration BGP Layer 2 Configuration Monitoring and Troubleshooting BGP Layer 2 VPNs Lab: BGP Layer 2 VPNs Layer 2 VPN Scaling and CoS Review of VPN Scaling Mechanisms Layer 2 VPNs and CoS LDP Layer 2 Circuits LDP Layer 2 Circuit Operation LDP Layer 2 Circuit Configuration LDP Layer 2 Circuit Monitoring and Troubleshooting FEC 129 BGP Autodiscovery Layer 2 Circuit Operation FEC 129 BGP Autodiscovery Layer 2 Circuit Configuration FEC 129 BGP Autodiscovery Monitoring and Troubleshooting Virtual Private LAN Services Layer 2 MPLS VPNs Versus VPLS BGP VPLS Control Plane BGP VPLS Data Plane Learning and Forwarding Process Loops VPLS Configuration VPLS Configuration VPLS Troubleshooting Ethernet VPN (EVPN) EVPN Overview EVPN Control Plane EVPN Operation EVPN Configuration EVPN Troubleshooting

Firewalls training course description A technical hands on training course covering firewall technologies. This focuses on the whys and hows of firewall technology rather than looking at manufacturer specific issues. What will you learn Design secure firewall protected networks. Test firewalls. Evaluate firewalls Configure firewalls Firewalls training course details Who will benefit: Technical staff wanting to learn about Filrewalls including: Technical network staff. Technical security staff. Prerequisites: IP security foundation for engineers Duration 2 days Firewalls training course contents Firewall introduction Security review, what is a firewall? What do firewalls do? Firewall benefits, concepts. Hands on Configuring the network to be used in later labs, launching various attacks on a target. Firewall types Packet filtering, SPI, Proxy, Personal. Software firewalls, hardware firewalls, blade based firewalls, personal firewalls, which firewall should you use? Firewall products. Hands on Configuring a simple firewall. Packet filtering firewalls Things to filter in the IP header, stateless vs. stateful filtering. ACLs. Advantages of packet filtering. Hands on Configuring packet filtering firewalls. Stateful packet filtering Stateful algorithms, packet-by-packet inspection, application content filtering, tracks, special handling (fragments, IP options), sessions with TCP and UDP. Firewall hacking detection: SYN attacks, SSL, SSH interception. Hands on Stateful packet inspection firewalls. Proxy firewalls Circuit level, application level, SOCKS. Proxy firewall advantages and disadvantages. Hands on Proxy firewalls. Personal firewalls The role of personal firewalls, Windows XP, Zonealarm. Hands on Configuring a personal firewall. Firewall architectures Home based, small office, enterprise, service provider, what is a DMZ? DMZ architectures, bastion hosts, multi DMZ. Virtual firewalls, transparent firewalls. Dual firewall design, high availability, load balancing, VRRP. Hands on Resilient firewall architecture. Securing communications VPNs, IPsec. Firewall configuration of VPNs, integration of dedicated VPN devices and firewalls. Hands on IPSec VPN configuration. Testing firewalls Configuration checklist, testing procedure, monitoring firewalls, logging, syslog. Hands on Testing firewalls.

Azure Virtual Network gives you an isolated and highly-secure environment to run your virtual machines and applications. Use your private IP addresses and define subnets, access control policies, and more. Use Virtual Network to treat Azure the same as you would your own datacenter. The Azure - Networking is designed to introduce to virtual network configuration through the Microsoft Azure Portal and network configuration files. You'll also see how to use network services to configure and load balance network traffic using tools such as Azure DNS. Load Balancer, Azure Traffic Manager, and Application Gateway. And because this is about the cloud, you'll see how to connect your on-premises computers to Azure virtual networks as well as establishing connectivity between sites. The course guides you to configure a Point to Site VPN and a Site to Site VPN. On completion this course, you will look at Azure Vnet peering, and how peering between Vnets can reduce the need to build Vnet-to-Vnet VPN gateways. What Will I Learn? Create a Vnet Configure a Point to Site VPN Understand Vnet Peering Understand DNS in Azure Vnets Who is the target audience? People interested in learning Networking Basics in Azure Requirements Some prior knowledge in Azure is required, or the completion of Introduction to Azure course Introduction Introduction FREE 00:02:00 Virtual Networks Virtual Network Overview 00:02:00 IP Address Space 00:03:00 DNS in Azure Vnets 00:03:00 Creating a VNet 00:03:00 VPNs with VNets 00:04:00 Configuring a Point to Site VPN 00:12:00 Configure Site to Site VPN 00:05:00 Azure Vnet Peering 00:02:00 Conclusion Course Recap 00:04:00 Course Certification

Duration 5 Days 30 CPD hours This course is intended for This course is designed for professionals in the following job roles: Network security engineer CCNP Security candidate Channel Partner Overview After taking this course, you should be able to: Introduce site-to-site VPN options available on Cisco router and firewalls Introduce remote access VPN options available on Cisco router and firewalls Review site-to-site and remote access VPN design options Review troubleshooting processes for various VPN options available on Cisco router and firewalls The Implementing Secure Solutions with Virtual Private Networks (SVPN) v1.0 course teaches you how to implement, configure, monitor, and support enterprise Virtual Private Network (VPN) solutions. Through a combination of lessons and hands-on experiences you will acquire the knowledge and skills to deploy and troubleshoot traditional Internet Protocol Security (IPsec), Dynamic Multipoint Virtual Private Network (DMVPN), FlexVPN, and remote access VPN to create secure and encrypted data, remote accessibility, and increased privacy. Course Outline Introducing VPN Technology Fundamentals Implementing Site-to-Site VPN Solutions Implementing Cisco Internetwork Operating System (Cisco IOS©) Site-to-Site FlexVPN Solutions Implement Cisco IOS Group Encrypted Transport (GET) VPN Solutions Implementing Cisco AnyConnect VPNs Implementing Clientless VPNs Lab Outline Explore IPsec Technologies Implement and Verify Cisco IOS Point-to-Point VPN Implement and Verify Cisco Adaptive Security Appliance (ASA) Point-to-Point VPN Implement and Verify Cisco IOS Virtual Tunnel Interface (VTI) VPN Implement and Verify Dynamic Multipoint VPN (DMVPN) Troubleshoot DMVPN Implement and Verify FlexVPN with Smart Defaults Implement and Verify Point-to-Point FlexVPN Implement and Verify Hub and Spoke FlexVPN Implement and Verify Spoke-to-Spoke FlexVPN Troubleshoot Cisco IOS FlexVPN Implement and Verify AnyConnect Transport Layer Security (TLS) VPN on ASA Implement and Verify Advanced Authentication, Authorization, and Accounting (AAA) on Cisco AnyConnect VPN Implement and Verify Clientless VPN on ASA

Securing UNIX systems training course description This course teaches you everything you need to know to build a safe Linux environment. The first section handles cryptography and authentication with certificates, openssl, mod_ssl, DNSSEC and filesystem encryption. Then Host security and hardening is covered with intrusion detection, and also user management and authentication. Filesystem Access control is then covered. Finally network security is covered with network hardening, packet filtering and VPNs. What will you learn Secure UNIX accounts. Secure UNIX file systems. Secure UNIX access through the network. Securing UNIX systems course details Who will benefit: Linux technical staff needing to secure their systems. Prerequisites: Linux system administration (LPIC-1) Duration 5 days Securing UNIX systems course contents Cryptography Certificates and Public Key Infrastructures X.509 certificates, lifecycle, fields and certificate extensions. Trust chains and PKI. openssl. Public and private keys. Certification authority. Manage server and client certificates. Revoke certificates and CAs. Encryption, signing and authentication SSL, TLS, protocol versions. Transport layer security threats, e.g. MITM. Apache HTTPD with mod_ssl for HTTPS service, including SNI and HSTS. HTTPD with mod_ssl to authenticate users using certificates. HTTPD with mod_ssl to provide OCSP stapling. Use OpenSSL for SSL/TLS client and server tests. Encrypted File Systems Block device and file system encryption. dm-crypt with LUKS to encrypt block devices. eCryptfs to encrypt file systems, including home directories and, PAM integration, plain dm-crypt and EncFS. DNS and cryptography DNSSEC and DANE. BIND as an authoritative name server serving DNSSEC secured zones. BIND as an recursive name server that performs DNSSEC validation, KSK, ZSK, Key Tag, Key generation, key storage, key management and key rollover, Maintenance and resigning of zones, Use DANE. TSIG. Host Security Host Hardening BIOS and boot loader (GRUB 2) security. Disable useless software and services, sysctl for security related kernel configuration, particularly ASLR, Exec-Shield and IP / ICMP configuration, Exec-Shield and IP / ICMP configuration, Limit resource usage. Work with chroot environments, Security advantages of virtualization. Host Intrusion Detection The Linux Audit system, chkrootkit, rkhunter, including updates, Linux Malware Detect, Automate host scans using cron, AIDE, including rule management, OpenSCAP. User Management and Authentication NSS and PAM, Enforce password policies. Lock accounts automatically after failed login attempts, SSSD, Configure NSS and PAM for use with SSSD, SSSD authentication against Active Directory, IPA, LDAP, Kerberos and local domains, Kerberos and local domains, Kerberos tickets. FreeIPA Installation and Samba Integration FreeIPA, architecture and components. Install and manage a FreeIPA server and domain, Active Directory replication and Kerberos cross-realm trusts, sudo, autofs, SSH and SELinux integration in FreeIPA. Access Control Discretionary Access Control File ownership and permissions, SUID, SGID. Access control lists, extended attributes and attribute classes. Mandatory Access Control TE, RBAC, MAC, DAC. SELinux, AppArmor and Smack. etwork File Systems NFSv4 security issues and improvements, NFSv4 server and clients, NFSv4 authentication mechanisms (LIPKEY, SPKM, Kerberos), NFSv4 pseudo file system, NFSv4 ACLs. CIFS clients, CIFS Unix Extensions, CIFS security modes (NTLM, Kerberos), mapping and handling of CIFS ACLs and SIDs in a Linux system. Network Security Network Hardening FreeRADIUS, nmap, scan methods. Wireshark, filters and statistics. Rogue router advertisements and DHCP messages. Network Intrusion Detection ntop, Cacti, bandwidth usage monitoring, Snort, rule management, OpenVAS, NASL. Packet Filtering Firewall architectures, DMZ, netfilter, iptables and ip6tables, standard modules, tests and targets. IPv4 and IPv6 packet filtering. Connection tracking, NAT. IP sets and netfilter rules, nftables and nft. ebtables. conntrackd Virtual Private Networks OpenVPN server and clients for both bridged and routed VPN networks. IPsec server and clients for routed VPN networks using IPsec-Tools / racoon. L2TP.