Thank you for sending your enquiry! One of our team members will contact you shortly.
Thank you for sending your booking! One of our team members will contact you shortly.
Course Outline
Introduction to Network Security
- Network Topology; Network Classifications and the OSI Model
Network Protocols
- Protocol Standards: SLIP; PPP; ARP; RARP; IGMP; ICMP; SNMP; HTTP
- IP Security: Threat Vectors and Mitigation Strategies
- TCP and UDP: Threat Vectors and Mitigation Strategies
- Legacy Protocol Vulnerabilities: FTP, TFTP, TELNET, SMTP
Security Policy Framework
- Definition and Scope of Security Policy
- Characteristics of Effective Security Policies
- Structural Components of Security Policy
- Development and Implementation Methodologies
- Essential Requirements for Policy Efficacy
Physical Security Measures
- Physical Security Threat Landscape
- Access Control Mechanisms: Locks and Cryptography
- TEMPEST Standards and Protection
- Fire Safety: Suppression Systems and Gaseous Extinguishing
- Portable Device Security: Countermeasures for Laptops
- Biometric Authentication Systems
- Workstation Security: Boot-Level Access Controls
Network Attack Vectors
- Current Threat Statistics
- Terminology: Threats, Attacks, and Exploits
- Classification of Adversaries and Attack Types
- Specific Threats: Spoofing, Spamming, Eavesdropping, Phishing, Wardriving, Password Cracking
- Application Layer Threats: Defacement, SQL Injection, Wiretapping, Buffer Overflows
- Wireless Attack Vectors: War Driving, War Chalking, War Flying
- Denial of Service (DoS) and Distributed Denial of Service (DDoS) Attacks
Intrusion Detection Systems (IDS)
- IDS Functional Characteristics
- Host-Based vs. Network-Based IDS Architectures
- Detection Methodologies and Signature Types
- Intrusion Prevention Systems (IPS)
- Comparative Analysis: IDS vs. IPS
- IPS Implementation Tools
Firewall Technologies
- Threat Management and Security Task Allocation
- Mitigation of Unauthorized Access Attempts
- Centralized Management and Documentation Standards
- Defense-in-Depth: Multi-Layered Firewall Architectures
- Packet Filtering and Stateful Inspection Techniques
- Demilitarized Zone (DMZ) Configuration with Multiple Firewalls
- Specialized Firewall Types and Reverse Proxy Configurations
Packet Filtering and Proxy Infrastructure
- Network Address Translation (NAT)
- Application Layer Gateways and Proxy Services
- Virtual Private Network (VPN) Architecture and Authentication Protocols
Bastion Hosts and Honeypots
- Bastion Host Configuration and Role
- Honeypot and Honeynet Deployments
Router Hardening
- Internetwork Operating System (IOS) Management
- Router Troubleshooting Methodologies
- Router Hardening Procedures
- Components of Router Security Posture
- Router Security Assessment Tools
Operating System Security Hardening
- Windows Security Architecture
- Object Security and Permission Models
- NTFS File System Permissions
- Active Directory Services
- Kerberos Authentication and Security Protocols
- IP Security (IPsec) Implementation
- Linux Security Configurations
Patch Management Lifecycle
- Red Hat Up2date Utility Installation and Configuration
- Microsoft Patch Management Process and Windows Server Update Services (WSUS)
- Patch Deployment Tools: Qchain
- Security Compliance Tools: Microsoft Baseline Security Analyzer (MBSA)
- Additional Patch Management Solutions
Application Security
- Web Application Protection Strategies
- IPSec and SSL/TLS Security Implementations
- Secure Coding Practices and Development Guidelines
- Remote Administration Security Controls
Web Security Controls
- Network Device Configuration and Design
- Network Address Manipulation Techniques
- Client Authorization and Secure Transmission Protocols
- Portable Application Security
- Malicious Code Detection and Prevention
- Browser Security Configuration Standards
- Common Gateway Interface (CGI) Security
- Input Validation and Buffer Overflow Mitigation
Email Security
- Email Message Components
- Email Protocol Standards
- Email Security Risk Assessment
- Defensive Strategies Against Email Threats
Encryption Standards
- Encryption Integration within Firewalls
- Data Confidentiality Measures
- Digital Certificate Management
- Public Key Infrastructure (PKI) and Private Keys (Including PGP)
- Key Length Selection and Cryptographic Strength
- Analysis of Encryption Schemes, Including IPsec
Virtual Private Networks (VPNs)
- VPN Tunneling Protocols
- PPTP and L2TP Protocols
- VPN Security Architecture
Wireless Local Area Networks (WLAN)
- Wireless Network Classifications
- Antenna Technology
- WLAN Standards Compliance
- Bluetooth and Ultra-Wideband Technologies
- WEP Vulnerability Analysis (AirSnort, WEPCrack)
- WLAN Security Protocols: WPA, TKIP, WTLS
- Extensible Authentication Protocol (EAP) Methods
- Cryptographic Standards: AES, DES, RSA
- RADIUS and Multi-Factor Authentication
- Mobile Security via Digital Certificates
- PKI-Based Certificate Management
Fault Tolerance Strategies
- Network Security and Fault Tolerance Integration
- Rationale for Fault Tolerance Implementation
- Fault Tolerance Planning Frameworks
- Causes of System Failure
- Preventive Maintenance and Countermeasures
Incident Response Management
- Incident Definition and Classification
- Standard Operating Procedures for Response
- Incident Management Protocols
- Incident Response Framework
- PICERF Methodology for Incident Handling
- Incident Response Team Composition and Roles
Disaster Recovery and Business Continuity
- Disaster Recovery Definitions and Scope
- Disaster Recovery Planning Processes
- Business Continuity Planning Frameworks
- Disaster Prevention and Mitigation Strategies
Network Vulnerability Assessment
- Vulnerability Assessment Methodologies
- Objectives of Vulnerability Assessment
- Network Vulnerability Assessment Process
- Selection of Vulnerability Assessment Tools
Requirements
Course Prerequisites
No specific prerequisites are mandated for participation in this training.
Target Audience
This course is designed for system and network administrators, as well as other professionals seeking to enhance their proficiency in defensive network security technologies for government environments.
35 Hours
Testimonials (1)
The trainer had an excellent knowledge of fortigate and delivered the content very well. Thanks a lot to Soroush.
