643 Courses

Duration 2 Days 12 CPD hours This course is intended for Application developers who want to increase their understanding of Spring Security with hands-on experience and build secure Spring and Spring Boot applications. Overview By the end of the course, you should be able to meet the following objectives: Use Spring Security in Spring and Spring Boot applications Configure the Spring Security filter chain Protect HTTP endpoints with expression-based access control and the AuthorizationManager API Protect method execution Use different authentication mechanisms Handle passwords in an efficient way Integrate Spring Security with Junit 5 and MockMVC to test HTTP and method security Protect against common vulnerabilities and threats Understand what OAuth2 is Use and configure the Spring Authorization Server Implement a resource server and client This 2-day course offers hands-on experience with the major features of Spring Security, which includes configuration, authentication, authorization, password handling, testing, protecting against security threats, and the OAuth2 support to secure applications. On completion, participants will have a foundation for securing enterprise and microservices applications. Security Introduction Need for security Basic security concepts Common security vulnerabilities Spring Security Basics Introduction to Spring Security High-level architecture Overview of SecurityContext Spring Security with Spring Boot Customizing Authentication Building blocks for authentication Authentication mechanisms based on user name and password Other authentication mechanisms Authentication events Securing Web Applications Configuring authorization Using AccessDecisionsManager for authorization Using AuthorizationManager for authorization Bypassing security Method Security Method security architecture Declarative method security with annotations Security Testing Spring Security Testing Support Security mock annotations and meta-annotations Using MockMvc to test security Handling Passwords Password hashing Upgrading passwords (Optional) Protecting Against Common Vulnerabilities Hardening web applications with security headers Preventing cross-site request forgery Encrypting data in transit OAuth5 and OIDC Concepts Need for OAuth Overview of OAuth5 and OIDC OAuth5 grant types Types of tokens Spring Security OAuth5 support and OAuth5 login Spring Authorization Server Introduction to Authorization Server Spring Authorization Server endpoints Spring Authorization Server configuration Protecting and accessing resources with OAuth5 Resource server Using JWT tokens Using opaque tokens Configuring an OAuth5 client Additional course details:Notes Delivery by TDSynex, Exit Certified and New Horizons an VMware Authorised Training Centre (VATC) Nexus Humans VMware Spring Security training program is a workshop that presents an invigorating mix of sessions, lessons, and masterclasses meticulously crafted to propel your learning expedition forward. This immersive bootcamp-style experience boasts interactive lectures, hands-on labs, and collaborative hackathons, all strategically designed to fortify fundamental concepts. Guided by seasoned coaches, each session offers priceless insights and practical skills crucial for honing your expertise. Whether you're stepping into the realm of professional skills or a seasoned professional, this comprehensive course ensures you're equipped with the knowledge and prowess necessary for success. While we feel this is the best course for the VMware Spring Security course and one of our Top 10 we encourage you to read the course outline to make sure it is the right content for you. Additionally, private sessions, closed classes or dedicated events are available both live online and at our training centres in Dublin and London, as well as at your offices anywhere in the UK, Ireland or across EMEA.

Duration 2 Days 12 CPD hours This course is intended for This course is intended for System and network engineers, technical architects and technical support personnel Overview Upon successful completion of this course, students will be able to install and operate a Cisco DNA Center (DNAC) This course will cover the basics of installing and operation of the Cisco DNA Center (DNAC). The Cisco DNAC is a stand-alone product that provides a single dashboard for every fundamental management task to simplify running an enterprise network. The DNAC is the management piece of the Software Defined Access (SDA) solution. Intent-based Networking overview DNA Center overview. DNA Center as a Platform. DNA Center Architecture & Design. DNA Center Installation DNA Center/Identity Services Engine (ISE) Integration ISE Integration configuration in DNA Center. DNA - Global - Add servers (e.g. ISE server(s)). DNA Center integration configuration in ISE. Approve pxGrid in ISE.Verify DNA/ISE integration DNA Center - Device Inventory Add networks devices to the DNA Center device inventory. Verify DNA Center Inventory configuration. DNA Center - Design - Network Hierarchy. Verify DNA Center - design configuration DNA Center - Design - Software Image Management (SWIM) Review SWIM image repository listing. Create golden software image & role. Verify golden software image creation DNA Center - Design ? Templates and Policies Templates ? Apache Velocity Engine. Command Runner. Policies: Group-Based, Application,Traffic Copy, IP-Based DNA Center - Provision Configuration Add devices to newly created sites/locations. Plug and Play (PnP). Verify DNA Center - provision configuration. DNA Center - Assurance Collection. DNA Center ? Administration

Duration 2 Days 12 CPD hours This course is intended for This course is designed for technical professionals who need to know how to deploy a Cisco Integrated Threat Defense solution in their network environment. The primary audience for this course includes: Systems and network engineersTechnical architectsTechnical support personnelChannel partners and resellers Overview After completing this course, you should be able to: Describe the current network security landscape and the Cisco Integrated Threat Defense (ITD) solutionDescribe the key components of the ITD solution and their use in the networkConfigure the ISE for a baseline of operation in the ITD solutionConfigure the integration between the Stealthwatch and ISE platformsConfigure the integration between the Cisco Firepower and ISE platformsConfigure the integration between Cisco Firepower and AMP for Endpoints This course begins with an analysis of the current cybersecurity landscape and includes details on why networks today need an integrated threat defense architecture. You will integrate and verify proper operation of the key Cisco Integrated Threat Defense products, including Cisco Identity Services Engine (ISE), Cisco Stealthwatch©, Cisco Firepower© NGFW, and Cisco AMP for Endpoints. Verification includes the introduction of malware into the network to ensure proper identification, analysis, and quarantine. Course Outline Integrated Threat Defense Introduction Itd Products Identity Services Engine Setup Integration Of Stealthwatch With Identity Services Engine Integration Of Firepower With Identity Services Engine Integration Of Firepower With Amp For Endpoints

Duration 2 Days 12 CPD hours This course is intended for The intended audience for this comprehensive course on Information Assurance and STIGs includes professionals with roles such as: IT professionals - System administrators, network engineers, and security analysts who are responsible for maintaining and securing IT infrastructure and web applications. Developers - Software engineers and web developers who design, implement, and maintain web applications, and need to integrate security best practices throughout the development process. Project teams - Cross-functional teams that collaborate on application development projects, including members from development, testing, and deployment teams. Technical leads - Senior software engineers or architects who oversee technical aspects of projects and ensure the implementation of secure design and coding practices. Project managers - Professionals responsible for planning, executing, and closing projects, ensuring that security requirements are met throughout the project lifecycle. Overview Working in an interactive learning environment, guided by our application security expert, you'll explore: The concepts and terminology behind defensive coding Threat Modeling as a tool in identifying software vulnerabilities based on realistic threats against meaningful assets The entire spectrum of threats and attacks that take place against software applications in today's world The role that static code reviews and dynamic application testing to uncover vulnerabilities in applications The vulnerabilities of programming languages as well as how to harden installations The basics of Cryptography and Encryption and where they fit in the overall security picture The requirements and best practices for program management as specified in the STIGS The processes and measures associated with the Secure Software Development (SSD) The basics of security testing and planning Understand the concepts and terminology behind defensive coding Understand Threat Modeling as a tool in identifying software vulnerabilities based on realistic threats against meaningful assets Learn the entire spectrum of threats and attacks that take place against software applications in today's world Discuss the role that static code reviews and dynamic application testing to uncover vulnerabilities in applications Understand the vulnerabilities of programming language as well as how to harden installations Understand the basics of Cryptography and Encryption and where they fit in the overall security picture Understand the fundamentals of XML Digital Signature and XML Encryption as well as how they are used within the web services arena Understand the requirements and best practices for program management as specified in the STIGS Understand the processes and measures associated with the Secure Software Development (SSD) Understand the basics of security testing and planning The Information Assurance (STIG) Overview is a comprehensive two-day course that delves into the realm of Information Assurance, empowering you to enhance your cybersecurity skills, understand the essentials of STIGs, and discover cutting-edge web application security practices. This immersive experience is tailored for IT professionals, developers, project teams, technical leads, project managers, testing/QA personnel, and other key stakeholders who seek to expand their knowledge and expertise in the evolving cybersecurity landscape. The course focuses on the intricacies of best practices for design, implementation, and deployment, inspired by the diverse and powerful STIGs, ultimately helping participants become more proficient in application security.The first half of the course covers the foundations of DISA's Security Technical Implementation Guides (STIGs) and learn the ethical approach to bug hunting, while exploring the language of cybersecurity and dissecting real-life case studies. Our expert instrtors will guide you through the importance of respecting privacy, working with bug bounty programs, and avoiding common mistakes in the field.The next half delves into the core principles of information security and application protection, as you learn how to identify and mitigate authentication failures, SQL injections, and cryptographic vulnerabilities. You?ll gain experience with STIG walkthroughs and discover the crucial steps for securing web applications.Throughout the course, you'll also explore the fundamentals of application security and development, including checklists, common practices, and secure development lifecycle (SDL) processes. You?ll learn from recent incidents and acquire actionable strategies to strengthen your project teams and IT organizations. You'll also have the opportunity to explore asset analysis and design review methodologies to ensure your organization is prepared to face future cybersecurity challenges. DISA's Security Technical Implementation Guides (STIGs) The motivations behind STIGs Requirements that the various software development roles must meet Implementing STIG requirements and guidelines Why Hunt Bugs? The Language of CyberSecurity The Changing Cybersecurity Landscape AppSec Dissection of SolarWinds The Human Perimeter Interpreting the 2021 Verizon Data Breach Investigation Report First Axiom in Web Application Security Analysis First Axiom in Addressing ALL Security Concerns Lab: Case Study in Failure Safe and Appropriate Bug Hunting/Hacking Working Ethically Respecting Privacy Bug/Defect Notification Bug Bounty Programs Bug Hunting Mistakes to Avoid Principles of Information Security Secuity Is a Lifecycle Issue Minimize Attack Surface Area Layers of Defense: Tenacious D Compartmentalize Consider All Application States Do NOT Trust the Untrusted Identification and Authentication Failures Applicable STIGs Quality and Protection of Authentication Data Proper hashing of passwords Handling Passwords on Server Side Session Management HttpOnly and Security Headers Lab: STIG Walk-Throughs Injection Applicable STIGs Injection Flaws SQL Injection Attacks Evolve Drill Down on Stored Procedures Other Forms of Server-Side Injection Minimizing Injection Flaws Client-side Injection: XSS Persistent, Reflective, and DOM-Based XSS Best Practices for Untrusted Data Lab: STIG Walk-Throughs Applications: What Next? Common Vulnerabilities and Exposures CWE/SANS Top 25 Most Dangerous SW Errors Strength Training: Project Teams/Developers Strength Training: IT Organizations Cryptographic Failures Applicable STIGs Identifying Protection Needs Evolving Privacy Considerations Options for Protecting Data Transport/Message Level Security Weak Cryptographic Processing Keys and Key Management Threats of Quantum Computing Steal Now, Crack Later Threat Lab: STIG Walk-Throughs Application Security and Development Checklists Checklist Overview, Conventions, and Best Practices Leveraging Common AppSec Practices and Control Actionable Application Security Additional Tools for the Toolbox Strength Training: Project Teams/Developers Strength Training: IT Organizations Lab: Recent Incidents SDL Overview Attack Phases: Offensive Actions and Defensive Controls Secure Software Development Processes Shifting Left Actionable Items Moving Forward Lab: Design Study Review Asset Analysis Asset Analysis Process Types of Application-Related Assets Adding Risk Escalators Discovery and Recon Design Review Asset Inventory and Design Assets, Dataflows, and Trust Boundaries Risk Escalators in Designs Risk Mitigation Options

Duration 3 Days 18 CPD hours This course is intended for This course benefits individuals responsible for configuring and monitoring devices running the Junos OS. Overview After successfully completing this course, you should be able to: Describe the basic design architecture of the Junos OS. Identify and provide a brief overview of Junos devices. Navigate within the Junos CLI. Perform tasks within the CLI operational and configuration modes. Restore a Junos device to its factory-default state. Perform initial configuration tasks. Configure and monitor network interfaces. Describe user configuration and authentication options. Perform secondary configuration tasks for features and services such as system logging (syslog) and tracing, Network Time Protocol (NTP), configuration archival, and SNMP. Monitor basic operation for the Junos OS and devices. Identify and use network utilities. Upgrade the Junos OS. Perform file system maintenance and password recovery on a Junos device. Navigate within the Junos J-Web interface. Explain basic routing operations and concepts. View and describe routing and forwarding tables. Configure and monitor static routing. Configure and monitor OSPF. Describe the framework for routing policy and firewall filters. Explain the evaluation of routing policy and firewall filters. Identify instances where you might use routing policy. Write and apply a routing policy. Identify instances where you might use firewall filters. Write and apply a firewall filter. Describe the operation and configuration for unicast reverse path forwarding (RPF). This three-day course provides students with the foundational knowledge required to work with the Juniper Networks Junos operating system and to configure Junos devices. The course provides a brief overview of the Junos device families and discusses the key architectural components of the software. Key topics include user interface options with a heavy focus on the command-line interface (CLI), configuration tasks typically associated with the initial setup of devices, interface configuration basics with configuration examples, secondary system configuration, and the basics of operational monitoring and maintenance of Junos devices. The course then delves into foundational routing knowledge and configuration examples including general routing concepts, routing policy, and firewall filters. Course Outline COURSE INTRODUCTION Junos Operating System Fundamentals The Junos OS Traffic Processing Overview of Junos Devices User Interface Options: The Junos CLI User Interface Options The Junos CLI: CLI Basics The Junos CLI: Operational Mode The Junos CLI: Configuration Mode User Interface Options: The J-Web Interface User Interface Options The Junos CLI: CLI Basics The Junos CLI: Operational Mode The Junos CLI: Configuration Mode Initial Configuration Factory-Default Configuration Initial Configuration Interface Configuration Secondary System Configuration User Configuration and Authentication System Logging and Tracing Network Time Protocol Archiving Configurations SNMP Operational Monitoring and Maintenance Monitoring Platform and Interface Operation Network Utilities Maintaining the Junos OS Password Recovery System Clean-Up Interface Configuration Examples Review of the Interface Configuration Hierarchy Interface Configuration Examples Using Configuration Groups Routing Fundamentals Routing Concepts: Overview of Routing Routing Concepts: The Routing Table Routing Concepts: Routing Instances Static Routing Dynamic Routing Routing Policy Routing Policy Overview Case Study: Routing Policy Firewall Filters Firewall Filters Overview Case Study: Firewall Filters Unicast Reverse-Path-Forwarding Checks Class of Service CoS Overview Traffic Classification Traffic Queueing Traffic Scheduling Case Study: CoS JTAC Procedures Opening a Support Case Customer Support Tools Transferring Files to JTAC Juniper Security Concepts Security Challenges Juniper Networks? Security Focus A IPv6 Fundamentals IPv6 Addressing Protocols and Services Configuration Additional course details: Nexus Humans Juniper - Introduction to the Junos Operating System (IJOS) training program is a workshop that presents an invigorating mix of sessions, lessons, and masterclasses meticulously crafted to propel your learning expedition forward. This immersive bootcamp-style experience boasts interactive lectures, hands-on labs, and collaborative hackathons, all strategically designed to fortify fundamental concepts. Guided by seasoned coaches, each session offers priceless insights and practical skills crucial for honing your expertise. Whether you're stepping into the realm of professional skills or a seasoned professional, this comprehensive course ensures you're equipped with the knowledge and prowess necessary for success. While we feel this is the best course for the Juniper - Introduction to the Junos Operating System (IJOS) course and one of our Top 10 we encourage you to read the course outline to make sure it is the right content for you. Additionally, private sessions, closed classes or dedicated events are available both live online and at our training centres in Dublin and London, as well as at your offices anywhere in the UK, Ireland or across EMEA.

Duration 5 Days 30 CPD hours This course is intended for This course is designed for professionals in the following job roles: Network security engineer CCNP Security candidate Channel Partner Overview After taking this course, you should be able to: Introduce site-to-site VPN options available on Cisco router and firewalls Introduce remote access VPN options available on Cisco router and firewalls Review site-to-site and remote access VPN design options Review troubleshooting processes for various VPN options available on Cisco router and firewalls The Implementing Secure Solutions with Virtual Private Networks (SVPN) v1.0 course teaches you how to implement, configure, monitor, and support enterprise Virtual Private Network (VPN) solutions. Through a combination of lessons and hands-on experiences you will acquire the knowledge and skills to deploy and troubleshoot traditional Internet Protocol Security (IPsec), Dynamic Multipoint Virtual Private Network (DMVPN), FlexVPN, and remote access VPN to create secure and encrypted data, remote accessibility, and increased privacy. Course Outline Introducing VPN Technology Fundamentals Implementing Site-to-Site VPN Solutions Implementing Cisco Internetwork Operating System (Cisco IOS©) Site-to-Site FlexVPN Solutions Implement Cisco IOS Group Encrypted Transport (GET) VPN Solutions Implementing Cisco AnyConnect VPNs Implementing Clientless VPNs Lab Outline Explore IPsec Technologies Implement and Verify Cisco IOS Point-to-Point VPN Implement and Verify Cisco Adaptive Security Appliance (ASA) Point-to-Point VPN Implement and Verify Cisco IOS Virtual Tunnel Interface (VTI) VPN Implement and Verify Dynamic Multipoint VPN (DMVPN) Troubleshoot DMVPN Implement and Verify FlexVPN with Smart Defaults Implement and Verify Point-to-Point FlexVPN Implement and Verify Hub and Spoke FlexVPN Implement and Verify Spoke-to-Spoke FlexVPN Troubleshoot Cisco IOS FlexVPN Implement and Verify AnyConnect Transport Layer Security (TLS) VPN on ASA Implement and Verify Advanced Authentication, Authorization, and Accounting (AAA) on Cisco AnyConnect VPN Implement and Verify Clientless VPN on ASA

Duration 2 Days 12 CPD hours This course is intended for This course is designed for network and software engineers who hold the following job roles: Network administrators Network operators Overview After taking this course, you should be able to: Explain the benefits of using Cisco DNA Center in a traditional, enterprise network Explain at a detailed level the Cisco DNA Center Assurance system architecture, functional components, features, and data-processing concepts Explain the health scores, metrics, and strategies that you use for monitoring network devices, clients, and applications with Cisco DNA Assurance Describe how Cisco DNA Center Assurance analyzes the streaming telemetry and collected data, correlates the data, performs root cause analysis, and displays detected issues, insights, and trends Describe the Cisco DNA Center Assurance troubleshooting tools, mechanisms, strategies, and scenarios to proactively detect and resolve wireless network, client, and application issues and pinpoint the root cause Deploy and configure Cisco DNA Center to use Assurance features for monitoring and troubleshooting network devices, clients, and applications The Leveraging Cisco Intent-Based Networking DNA Assurance (DNAAS) v2.1 course provides you with the skills to monitor and troubleshoot a traditional brownfield network infrastructure by using Cisco© Digital Network Architecture (Cisco DNA?) Assurance. The course focuses on highlighting issues rather than on monitoring data. The advanced artificial intelligence and machine learning features within Cisco DNA Assurance enable you to isolate the root cause of a problem and to take appropriate actions to quickly resolve issues. Cisco DNA Assurance can be used to perform the work of a Level 3 support engineer. Course Outline Introducing Cisco DNA Center Assurance Monitoring Health and Performance with Cisco DNA Center Assurance Troubleshooting Issues, Observing Insights and Trends Troubleshooting Wireless Issues with Cisco DNA Center Assurance Tools Additional course details: Nexus Humans Cisco Leveraging Cisco Intent-Based Networking DNA Assurance (DNAAS) v2.1 training program is a workshop that presents an invigorating mix of sessions, lessons, and masterclasses meticulously crafted to propel your learning expedition forward. This immersive bootcamp-style experience boasts interactive lectures, hands-on labs, and collaborative hackathons, all strategically designed to fortify fundamental concepts. Guided by seasoned coaches, each session offers priceless insights and practical skills crucial for honing your expertise. Whether you're stepping into the realm of professional skills or a seasoned professional, this comprehensive course ensures you're equipped with the knowledge and prowess necessary for success. While we feel this is the best course for the Cisco Leveraging Cisco Intent-Based Networking DNA Assurance (DNAAS) v2.1 course and one of our Top 10 we encourage you to read the course outline to make sure it is the right content for you. Additionally, private sessions, closed classes or dedicated events are available both live online and at our training centres in Dublin and London, as well as at your offices anywhere in the UK, Ireland or across EMEA.

Duration 5 Days 30 CPD hours This course is intended for Operational Technology (OT) Engineers IT engineers Generalists, including managers, project leads, and solutions and business architects Overview Define what IIoT is and identify IIoT architectures. Identify IIoT market verticals, and their motivations and requirements. Explore Cisco IIoT networking devices, how they are different from other devices, and use common administrative tools for managing them. Explore industrial communications protocols for control and automation, and how they have been adapted to run on top of a TCP/IP network infrastructure. Describe wireless protocols used in IIoT environments, including architectures and devices used. Understand the TCP/IP protocol stack and how it is used with other protocols in IIoT environments. Discuss network protocols for clock synchronization between network devices, and describe available tools for IIoT network administration. Discuss wireless technologies used in a core LAN, and their relevance to IIoT implementations. Explore field WAN technologies and how they are used in IIoT environments. Explore legacy protocols and explain the methods available to transport non-routable protocols over modern networks. Explain fundamental concepts of Quality of Service (QoS) related to IIoT network environments. Discuss Multiprotocol Label Switching (MPLS) operation, components, terminology, and features, and explore its use in IIoT environments. Explore Layer 2 and Layer 3 VPN technologies and describe the way they can be used on IIoT deployments. Describe Dense Wave Division Multiplexing (DWDM) technology and its use in IIoT environments. Explore Layer 1 and Layer 2 high availability technologies and redundancy mechanisms. Describe Layer 3 high availability and the need for Layer 3 redundancy in IIoT deployments The Understanding Cisco Industrial IoT Networking Foundation (INFND) v1.0 course gives you an overview of the protocols, applications, and network infrastructure you need to support and manage Industrial Internet of Things (IIoT) solutions. You will learn about IIoT industry verticals and how different protocols are used within them. The course also covers configuring and verifying the protocols on Cisco© IIoT networking devices. Course Introduction.Defining Industrial Internet of ThingsExamining Common IIoT Verticals.Examining Cisco IIoT Networking Devices.Examining and Configuring Industrial Communication Protocols.Describing Wireless IIoT Protocols.Explaining and Configuring TCP/IP Protocols, Addressing, and Segmentation.Examining Network Services and Administration.Examining and Configuring Wireless Core LAN Technologies.Describing Field WAN Technologies.Examining and Configuring Transportation of Legacy Protocols.Describing, Configuring, and Verifying Quality of Service (QoS) for IIoT Protocols.Examining and Verifying MPLS and IIoT.Configuring and Explaining VPN Technology and IIoT.Describing DWDM.Configuring and Defining Layer 1 and Layer 2 High Availability Technologies.Defining and Configuring Layer 3 High Availability TechnologiesLab outline Connect to the Cisco IIoT Devices. Use Industrial Protocols with Cisco Industrial Ethernet Switches. Configure an 802.11 Client. Configure an IPv6 Address. Configure Layer 2 Network Address Translation (NAT) and IP Addressing in an Example IoT Deployment.

Duration 5 Days 30 CPD hours This course is intended for network professionals who are looking to build their foundational knowledge of the ClearPass product portfolio This training combines the following classes into one five day workshop, preparing you for the ACCP certification: ACF-Aruba ClearPass Fundamentals IAC-Implementing Aruba ClearPass Overview Ability to setup ClearPass as a AAA server Demostrate Configuration Guest, Ongurad, Onboard and Profiling features Integrate with External AD Server Understand Monitoring and Reporting Demostrate Scaling and deployment of best practices It prepares participants with foundational skills in Network Access Control using the ClearPass product portfolio. This 5-day classroom session includes both modules and labs to teach participants about the major features of the ClearPass portfolio Intro to ClearPass BYOD High Level Overview Posture and Profiling Guest and Onboard ClearPass for AAA Policy Service Rules Authentication Authorization and Roles Enforcement Policy and Profiles Authentication and Security Concepts Authentication Types Servers Radius COA Active Directory Certificates Intro to NAD NAD Devices Adding NAD to ClearPass Network Device Groups Network Device Attributes Aruba Controller as NAD Aruba Switch Aruba Instant Monitoring and Troubleshooting Monitoring Troubleshooting Logging Policy Simulation ClearPass Insight Insight Dashboard Insight Reports Insight Alerts Insight Search Insight Administration Insight Replication Active Directory Adding AD as Auth Source Joining AD domain Using AD services External Authentication Multiple AD domains LDAP Static Host Lists SQL Database External Radius Server Guest Guest Account creation Web Login pages Guest Service configuration Self-registration pages Configuring NADS for Guest Guest Manager Deep Dive Web Login Deep Dive Sponsor Approval MAC Caching Onboard Intro to Onboard Basic Onboard Setup Onboard Deepdive Single SSID Onboarding Dual SSID Onboarding Profiling Intro to Profiling Endpoint Analysis Deep Dive Posture Intro to Posture Posture Deployment Options OnGuard Agent Health Collection OnGuard workflow 802.1x with Posture using Persistent/dissolvable agent OnGuard web LoginMonitoring and Updates Operation and Admin Users Operations Admin Users Clustering and Redundancy Clustering Redundancy LAB Licensing ClearPass Licensing Base License Applications Single Sign-On Deployment Options ClearPass Admin Login SSO Access Network SSO ASO-Auto-Sign On Configuration and Demo ClearPass Exchange Intro Examples General HTTP Palo Alto Firewall Configuration Case Study Objectives Discussion Advanced Labs Overview

Duration 5 Days 30 CPD hours This course is intended for Security Professionals working with Kubernetes Clusters Container Orchestration Engineers DevOps Professionals Overview In this course, students will learn and practice essential Kubernetes concepts and tasks in the following sections: Cloud Security Fundamentals Cluster Hardening System Hardening Minimize Microservice Vulnerabilities Supply Chain Security Disaster Recovery Secure Back-up and Restore This class prepares students for the Certified Kubernetes Security Specialist (CKS) exam. Kubernetes is a Cloud Orchestration Platform providing reliability, replication, and stabilitywhile maximizing resource utilization for applications and services. By the conclusion of this hands-on, vendor agnostic training you will be equipped with a thorough understanding ofcloud security fundamentals, along with the knowledge, skills and abilities to secure a Kubernetes cluster, detect threats, and properly resolve a security catastrophe. This courseincludes hands-on instruction which develops skills and knowledge for securing container-based applications and Kubernetes platforms, during build, deployment, and runtime. We prioritizecovering all objectives and concepts necessary for passing the Certified Kubernetes Security Specialist (CKS) exam. You will be provided the components necessary to assemble your ownhigh availability Kubernetes environment and harden it for your security needs. Learning Your Environment Underlying Infrastructure Using Vim Tmux Cloud Security Primer Basic Principles Threat Analysis Approach CIS Benchmarks Securing your Kubernetes Cluster Kubernetes Architecture Pods and the Control Plane Kubernetes Security Concepts Install Kubernetes using kubeadm Configure Network Plugin Requirements Kubeadm Basic Cluster Installing Kubeadm Join Node to Cluster Kubeadm Token Manage Kubeadm Tokens Kubeadm Cluster Upgrade Securing the kube-apiserver Configuring the kube-apiserver Enable Audit Logging Falco Deploy Falco to Monitor System Calls Enable Pod Security Policies Encrypt Data at Rest Encryption Configuration Benchmark Cluster with Kube-Bench Kube-Bench Securing ETCD ETCD Isolation ETCD Disaster Recovery ETCD Snapshot and Restore Purge Kubernetes Purge Kubeadm 3Purge Kubeadm Image Scanning Container Essentials Secure Containers Creating a Docker Image Scanning with Trivy Trivy Snyk Security Manually Installing Kubernetes Kubernetes the Alta3 Way Deploy Kubernetes the Alta3 Way Validate your Kubernetes Installation Sonobuoy K8s Validation Test Kubectl (Optional) Kubectl get and sorting kubectl get kubectl describe Labels (Optional) Labels Labels and Selectors Annotations Insert an Annotation Securing your Application Scan a Running Container Tracee Security Contexts for Pods Understanding Security Contexts AppArmor Profiles AppArmor Isolate Container Kernels gVisor Pod Security Pod Security Policies Deploy a PSP Pod Security Standards Enable PSS Open Policy Agent (OPA) Admission Controller Create a LimitRange Open Policy Agent Policy as Code Deploy Gatekeeper User Administration Contexts Contexts Authentication and Authorization Role Based Access Control Role Based Access Control RBAC Distributing Access Service Accounts Limit Pod Service Accounts Securing Secrets Secrets Create and Consume Secrets Hashicorp Vault Deploy Vault Securing the Network Networking Plugins NetworkPolicy Deploy a NetworkPolicy mTLS Linkerd mTLS with istio istio Threat Detection Active Threat Analysis Host Intrusion Detection Deploy OSSEC Network Intrusion Detection Deploy Suricata Physical Intrusion Detection Disaster Recovery Harsh Reality of Security Deploy a Response Plan Kasten K10 Backups Deploy K10