Training Course:Network Security 2: Integration and ImplementationSchool/Trainer:Global Knowledge Network (Singapore) Pte Ltd
Singapore, Singapore
Course Format: Classroom | E-learning | Virtual Class | Online | On-site | Blended | Self-paced
Course Description:
'' There is more to security than just buying and installing hardware and software products. Gain a valuable understanding of the level of effort and life cycle management issues involved in developing and maintaining robust security architectures. Take the principles and concepts learned in Network Security I to the next level - analysis, comprehension, and implementation.
Network Security II ensures that you know how to apply security best practices to real security architectures. Design security policies that meet your organization’s business objectives, apply them to the security architecture, and test your configuration during each stage of development. This powerful course will help you define your security strategy, put the pieces and parts together, and configure the final solution.
In this intense, hands-on course, spend over 70 percent of your time engaged in applying security principles to meet actual security scenario requirements. Learn to use multiple filtering devices and load balance the filtering duties between these multiple devices in an effective and efficient manner.
What You’ll Learn
Piece together network and security policy design in an intensive, hands-on environment
Analyze the trade-offs between performance and security
Translate policy requirements into a technical security solution
Develop and design Access Control Lists (ACL)
Configure bastion hosts
Implement IPsec-compliant Virtual Private Networks
Test your security architecture to determine if it meets NSA security guidelines
Repair holes reported by vulnerability detection techniques
Who Needs to Attend
Personnel responsible for designing or implementing security solutions for their networks, specifically network engineers and managers, security administrators, IS and data center managers, systems administrators, security analysts, and individuals seeking the T.I.C.S.A. Certified Security Associate certification from TruSecure or CompTIA Security+.
Pre-requisites
Network Security I is an essential pre-requisites
Course Outline
1. Routers as Security Devices
Router access
Physical security
Logins, passwords, privileges, and accounts
Remote access
Disabling unnecessary services
General services
Interface services
Routing and routing protocols
Routed protocols
Routing protocols
Routing table integrity
Disabling unneeded routing-related services
Access control lists
Basic syntax structures
Filtering traffic going to the router
Filtering traffic going through the router
Protecting against exploits
Auditing
Logging
Time services
2. Bastion Hosts
Define the bastion
Protecting itself from attack
Protecting the network from attack
Roles of the bastion host
Web server
Mail server
FTP server
DNS
Firewall or proxy
General configuration guidelines
Hardening the operating system
Removing POSIX and OS2 subsystems
Disabling services
Removing executables
Installing OS patches
Configuring filtering on the OS
Creating warning and logon banners
Enabling logging and auditing
Removing or disabling unwanted user accounts and access
Securing the application
Disabling or removing sample applications and scripts
Setting authentication methods
Enabling logging
Installing security patches
3. Virtual Private Networks Using IPsec
VPN solutions
Network layer-based (IPsec)
Data link layer-based (L2TP)
Non-IPsec
Authentication Header (AH)
Encapsulating Security Payload (ESP)
Internet Security Association Key Management Protocol (ISAKMP)
Two major IPsec concepts
Transport mode
Tunnel mode
Business Scenarios
Host-to-host
Gateway-to-gateway
Host-to-gateway
4. Architecture Integration
The DMZ
IP addresses
Inserting the bastions
NAT at the firewall
Locking the firewall
Device relationships
Router
Layer 3 filtering
Valid inbound traffic
Blocking inbound packets
Statically routing approved inbound traffic
Blocking selected outbound traffic
Firewall or proxy
Buffer zones
Layer 3 to Layer 7 filtering
Blocking selected outbound packets
Web and mail bastion hosts
Controlled origination from the DMZ
Servers respond
Intrusion detection system
Detect unauthorized activity
Identify the type of activity
Classify the level of danger
Notify the Incident Response Team
Restore to normal operations
Multiple points of vulnerability
Filtering inbound and outbound services
Rules best suited for the router
Ingress and egress IP spoof checks
Troublesome external IP addresses
Disallowed network services
Rules best suited for the firewall or proxy
User authentication
Application layer filtering
Hiding internal IP addresses
Directing traffic to its destination
Logical checks for inbound traffic
Logical checks for outbound traffic
Extenuating circumstances
Business-to-business connectivity
Business partners and suppliers
New and established customers
Remote access
Traveling users
Small Office/Home Office (SOHO)
Authentication and access control
Policy exceptions
Special services or new protocols
Drilling holes in the architecture
Generic proxies and plugs
Modifying and maintaining the architecture
Configuration management and change control
Policy changes causing architecture changes
Architecture changes causing policy changes
Testing the architecture for vulnerabilities
Initial installation
Periodic "health" checks
...''
Please go to the school's official website for training price and schedule:
http://www.globalknowledge.com.sg
http://www.globalknowledge.com.sg/security/NetworkSecurityII.asp
Phone:65.6332 2268/2330
School Address:
331 North Bridge Road #18-03/05
Odeon Towers
Singapore 188720
Tel: 65.6332 2268/2330
Fax: 65.6338 6149
Email: enquiries@globalknowledge.com.sg
Jobs & Resumes: Singapore
Houses & Roommates: Singapore
Other training courses offered by Global Knowledge Network (Singapore) Pte Ltd:
Enterprise Voice over Data Design (EVODD)
IP Telephony Troubleshooting (IPTT)
Cisco IP Telephony (CIPT) v3.3
CVoice (Cisco Voice over IP)
Cisco Secure Virtual Networks (CSVPN)
Aironet Wireless LAN Fundamentals and Cisco Wireless Site Survey (AWFSS)
Microsoft Certified Systems Administrator (MCSA)
Microsoft Certified System Engineer (MCSE)
Microsoft Certified System Engineer (MCSE) -Win2000
Network Security 1: Policy, Administration and Firewalls
Network Security 3: Applied Security
CISSP
Understanding Network Fundamental
Networking Management Design, Tools and Optimization
Internetworking Routers and Switches
Mastering TCP/IP
Converging Voice and Data Networks
Telecommunications Fundamentals I
Telecommunications Fundamentals II
Notice: The course description on this page was captured from the Internet as historical reference or submitted by visitors. It was archived statically and not updated from day to day.
|
