-
Central components for implementing a security policy are firewall, proxy and IPS. Firewalls are typically designed to protect the internal network from unwanted access from the internet. Proxies examine the transmitted data in detail and block or modify unwanted content. Intrusion prevention systems (IPS) are designed to analyze network traffic, detect attacks and take countermeasures. The functionality of modern firewall systems goes far beyond simple filtering techniques and combines the various mechanisms.This course deals with the basic technologies and working methods on which firewalls, proxies and IPS are based. The combination of these systems and interaction with other components is a further focus.
-
Course Contents
-
- Attack scenarios, procedures, techniques
- Static packet filters, access lists
- Dynamic packet filters, stateful firewalls
- Layer 2 firewalling
- Security in industrial networks
- Personal firewalls, endpoint security, SASE
- Proxies generic or as specialists
- Web proxy
- TLS proxy
- Mail relay
- DNS proxy
- URL filtering and application control
- Authentication on firewall or proxy, Active Directory integration
- DMZ concepts, NAT, VPN, interaction with VoIP
- High availability and load balancing
- IPS, IDS - Prevention vs. Detection
- IPS types (HIPS, NIPS, ClIPS, WIPS)
- IPS methods and other HIDS techniques
- SIEM systems, XDR
The detailed digital documentation package, consisting of an e-book and PDF, is included in the price of the course.
Premium Course Documents
In addition to the digital documentation package, the exclusive Premium Print Package is also available to you.
- High-quality color prints of the ExperTeach documentation
- Exclusive folder in an elegant design
- Document pouch in backpack shape
- Elegant LAMY ballpoint pen
- Practical notepad
The Premium Print Package can be added during the ordering process for € 150,- plus VAT (only for classroom participation).
-
Target Group
-
Those who work in network design or project management learn how security solutions work and how to implement them. Technical staff acquire the basic technological know-how for operating firewalls, proxies and IPS, also as a basis for subsequent product training from the relevant manufacturers.
-
Knowledge Prerequisites
-
Basic knowledge of network and Internet terminology and in particular knowledge of IP protocols is required.
| 1 Introduction and motivation |
| 1.1 A barrier between networks |
| 1.1.1 Tasks of the firewall |
| 1.1.2 The DMZ |
| 1.1.3 Interaction with other network components |
| 1.2 The Internet Protocol |
| 1.2.1 The IP header - format and functions |
| 1.2.2 IPv6 |
| 1.2.3 Attacks by extension headers |
| 1.2.4 UDP - connectionless and unsecured |
| 1.2.5 TCP - connection oriented and secured |
| 1.3 Firewall and proxy in the OSI model |
| 1.4 The firewall at the center of the attack |
| 1.4.1 Information gathering by the attackers |
| 1.4.2 IP spoofing |
| 1.4.3 Denial of Service |
| 1.5 Application layer control |
| 1.5.1 Firewalls and proxies |
| 1.5.2 Firewall protocol understanding |
| 1.5.3 Application control by proxies |
| 1.6 Attacks on programs |
| 2 Network design |
| 2.1 Planning and network design - The right location |
| 2.2 DMZ concepts - An overview |
| 2.3 Network Address Translation (NAT) and Firewalls |
| 2.3.1 The NAT terminologies |
| 2.3.2 NAT and IPv6 |
| 2.3.3 NAT - Without Problems? |
| 2.3.4 An example - NAT and active FTP |
| 2.4 Firewalls and VPN |
| 2.4.1 Separate gateway |
| 2.4.2 Firewall as VPN gateway |
| 2.4.3 Firewalls and remote sites |
| 2.5 Firewall cluster |
| 2.5.1 The cluster in the OSI model |
| 2.5.2 Redundancy with VRRP |
| 2.5.3 Load sharing with multicasts |
| 2.5.4 Load Sharing with Pivot Firewall |
| 2.5.5 Load sharing with dynamic IP routing |
| 2.5.6 Load sharing with content switches |
| 2.5.7 Evaluation of the methods |
| 2.5.8 The DMZ |
| 3 Inventory, Planning and Security Policy |
| 3.1 Inventory with system |
| 3.2 Security policy - Who is allowed to do what? |
| 3.2.1 The Security Policy - Details |
| 3.2.2 Security Policy and Firewall |
| 3.2.3 Documentation - also for the firewall |
| 3.2.4 Logging strategies - What is important? |
| 3.2.5 Checking the rules and regulations |
| 3.3 The Price of Security - Financial and Time Expenditure |
| 3.3.1 Hardware and software costs |
| 3.3.2 Installation costs |
| 3.3.3 Administrative costs |
| 3.3.4 Update planning - the hacker never sleeps |
| 4 Packet filters and other firewalls |
| 4.1 The rules of a firewall |
| 4.1.1 Triggers |
| 4.1.2 Actions |
| 4.1.3 Working off the set of rules |
| 4.2 Static packet filters - access lists |
| 4.2.1 How static packet filters work |
| 4.2.2 Static packet filters - weaknesses and limitations |
| 4.2.3 Conclusion |
| 4.3 Dynamic packet filters - stateful inspection |
| 4.3.1 The concept of the state table |
| 4.3.2 The rules of a stateful firewall |
| 4.3.3 Dynamic packet filters - strengths and weaknesses |
| 4.4 AD integration |
| 4.5 Transparent firewalls and switches as firewalls |
| 4.5.1 Protocol filtering |
| 4.5.2 Ethernet access lists |
| 4.5.3 Attack types in the LAN and their defense |
| 4.6 Personal firewalls |
| 5 Proxies - Targeting Application Control |
| 5.1 Proxy - term and basic installation types |
| 5.1.1 Forward Proxies |
| 5.1.2 Reverse Proxies |
| 5.2 Generic proxies |
| 5.2.1 Forwarding |
| 5.2.2 SOCKS |
| 5.3 Application Layer Gateways |
| 5.3.1 Mode of operation |
| 5.3.2 Limitations |
| 5.4 Web Proxies |
| 5.4.1 HTTP basics |
| 5.4.2 URL filtering |
| 5.4.3 HTTP header changes |
| 5.4.4 Active content |
| 5.4.5 Alternative: Application Layer Firewalls |
| 5.4.6 Caching |
| 5.4.7 Proxies and virus scanning |
| 5.4.8 SSL/TLS proxies |
| 5.5 Authentication at the proxy |
| 5.5.1 The server side |
| 5.5.2 The client side |
| 5.5.3 Example 1: HTTP at an explicit proxy |
| 5.5.4 Example 2: HTTP on a transparent proxy |
| 5.5.5 Single sign-on |
| 5.5.6 Other aspects |
| 5.5.7 Substitute authentication |
| 5.6 Mail Relays |
| 5.7 DNS proxies |
| 6 Intrusion detection and prevention |
| 6.1 Basics |
| 6.1.1 Network-based IDS |
| 6.1.2 Host-based intrusion detection systems |
| 6.2 Attack detection |
| 6.2.1 Pattern recognition |
| 6.2.2 Protocol analysis |
| 6.2.3 Anomaly detection |
| 6.2.4 HIDS techniques |
| 6.2.5 Correlations |
| 6.2.6 Global correlations |
| 6.2.7 Other methods |
| 6.2.8 Bypassing IDSs |
| 6.3 Measures |
| 6.4 Security Information and Event Management - SIEM |
| 6.4.1 Identifying relevant data |
| 6.4.2 Correlating messages |
| 7 Combination of security architectures |
| 7.1 Application control and more |
| 7.1.1 The limits of the classic firewall |
| 7.1.2 Application analysis |
| 7.2 Tasks of Next Generation Firewalls |
| 7.3 Special case: Web Application Firewall (WAF) |
| 7.4 Voice over IP |
| 7.4.1 Components of VoIP |
| 7.4.2 Architecture |
| 7.4.3 VoIP and firewalls |
| 7.4.4 Session Border Controller |
| 7.5 Variety of designations |
| 8 Firewall products |
| 8.1 Check Point |
| 8.2 ASA - Cisco Systems |
| 8.3 Firepower - Cisco Systems |
| 8.4 Palo Alto |
| 8.5 Juniper |
| 8.6 Fortinet |
| 8.7 Sophos |
| 8.8 Genoa |
| 8.9 Blue Coat Proxy |
| 8.10 Other providers |
| 8.11 AlgoSec and others Firewall Analyzer |
| 8.12 Open Source Firewalls |
| 8.13 Open Source Proxy: Squid |
-
Classroom training
- Do you prefer the classic training method? A course in one of our Training Centers, with a competent trainer and the direct exchange between all course participants? Then you should book one of our classroom training dates!
-
Hybrid training
- Hybrid training means that online participants can additionally attend a classroom course. The dynamics of a real seminar are maintained, and the online participants are able to benefit from that. Online participants of a hybrid course use a collaboration platform, such as WebEx Training Center or Saba Meeting. To do this, a PC with browser and Internet access is required, as well as a headset and ideally a Web cam. In the seminar room, we use specially developed and customized audio- and video-technologies. This makes sure that the communication between all persons involved works in a convenient and fault-free way.
-
Online training
- You wish to attend a course in online mode? We offer you online course dates for this course topic. To attend these seminars, you need to have a PC with Internet access (minimum data rate 1Mbps), a headset when working via VoIP and optionally a camera. For further information and technical recommendations, please refer to.
-
Tailor-made courses
-
You need a special course for your team? In addition to our standard offer, we will also support you in creating your customized courses, which precisely meet your individual demands. We will be glad to consult you and create an individual offer for you.
You can find the complete description of this course with dates and prices ready for download at as PDF.-
Central components for implementing a security policy are firewall, proxy and IPS. Firewalls are typically designed to protect the internal network from unwanted access from the internet. Proxies examine the transmitted data in detail and block or modify unwanted content. Intrusion prevention systems (IPS) are designed to analyze network traffic, detect attacks and take countermeasures. The functionality of modern firewall systems goes far beyond simple filtering techniques and combines the various mechanisms.This course deals with the basic technologies and working methods on which firewalls, proxies and IPS are based. The combination of these systems and interaction with other components is a further focus.
-
Course Contents
-
- Attack scenarios, procedures, techniques
- Static packet filters, access lists
- Dynamic packet filters, stateful firewalls
- Layer 2 firewalling
- Security in industrial networks
- Personal firewalls, endpoint security, SASE
- Proxies generic or as specialists
- Web proxy
- TLS proxy
- Mail relay
- DNS proxy
- URL filtering and application control
- Authentication on firewall or proxy, Active Directory integration
- DMZ concepts, NAT, VPN, interaction with VoIP
- High availability and load balancing
- IPS, IDS - Prevention vs. Detection
- IPS types (HIPS, NIPS, ClIPS, WIPS)
- IPS methods and other HIDS techniques
- SIEM systems, XDR
The detailed digital documentation package, consisting of an e-book and PDF, is included in the price of the course.
Premium Course Documents
In addition to the digital documentation package, the exclusive Premium Print Package is also available to you.
- High-quality color prints of the ExperTeach documentation
- Exclusive folder in an elegant design
- Document pouch in backpack shape
- Elegant LAMY ballpoint pen
- Practical notepad
The Premium Print Package can be added during the ordering process for € 150,- plus VAT (only for classroom participation).
-
Target Group
-
Those who work in network design or project management learn how security solutions work and how to implement them. Technical staff acquire the basic technological know-how for operating firewalls, proxies and IPS, also as a basis for subsequent product training from the relevant manufacturers.
-
Knowledge Prerequisites
-
Basic knowledge of network and Internet terminology and in particular knowledge of IP protocols is required.
| 1 Introduction and motivation |
| 1.1 A barrier between networks |
| 1.1.1 Tasks of the firewall |
| 1.1.2 The DMZ |
| 1.1.3 Interaction with other network components |
| 1.2 The Internet Protocol |
| 1.2.1 The IP header - format and functions |
| 1.2.2 IPv6 |
| 1.2.3 Attacks by extension headers |
| 1.2.4 UDP - connectionless and unsecured |
| 1.2.5 TCP - connection oriented and secured |
| 1.3 Firewall and proxy in the OSI model |
| 1.4 The firewall at the center of the attack |
| 1.4.1 Information gathering by the attackers |
| 1.4.2 IP spoofing |
| 1.4.3 Denial of Service |
| 1.5 Application layer control |
| 1.5.1 Firewalls and proxies |
| 1.5.2 Firewall protocol understanding |
| 1.5.3 Application control by proxies |
| 1.6 Attacks on programs |
| 2 Network design |
| 2.1 Planning and network design - The right location |
| 2.2 DMZ concepts - An overview |
| 2.3 Network Address Translation (NAT) and Firewalls |
| 2.3.1 The NAT terminologies |
| 2.3.2 NAT and IPv6 |
| 2.3.3 NAT - Without Problems? |
| 2.3.4 An example - NAT and active FTP |
| 2.4 Firewalls and VPN |
| 2.4.1 Separate gateway |
| 2.4.2 Firewall as VPN gateway |
| 2.4.3 Firewalls and remote sites |
| 2.5 Firewall cluster |
| 2.5.1 The cluster in the OSI model |
| 2.5.2 Redundancy with VRRP |
| 2.5.3 Load sharing with multicasts |
| 2.5.4 Load Sharing with Pivot Firewall |
| 2.5.5 Load sharing with dynamic IP routing |
| 2.5.6 Load sharing with content switches |
| 2.5.7 Evaluation of the methods |
| 2.5.8 The DMZ |
| 3 Inventory, Planning and Security Policy |
| 3.1 Inventory with system |
| 3.2 Security policy - Who is allowed to do what? |
| 3.2.1 The Security Policy - Details |
| 3.2.2 Security Policy and Firewall |
| 3.2.3 Documentation - also for the firewall |
| 3.2.4 Logging strategies - What is important? |
| 3.2.5 Checking the rules and regulations |
| 3.3 The Price of Security - Financial and Time Expenditure |
| 3.3.1 Hardware and software costs |
| 3.3.2 Installation costs |
| 3.3.3 Administrative costs |
| 3.3.4 Update planning - the hacker never sleeps |
| 4 Packet filters and other firewalls |
| 4.1 The rules of a firewall |
| 4.1.1 Triggers |
| 4.1.2 Actions |
| 4.1.3 Working off the set of rules |
| 4.2 Static packet filters - access lists |
| 4.2.1 How static packet filters work |
| 4.2.2 Static packet filters - weaknesses and limitations |
| 4.2.3 Conclusion |
| 4.3 Dynamic packet filters - stateful inspection |
| 4.3.1 The concept of the state table |
| 4.3.2 The rules of a stateful firewall |
| 4.3.3 Dynamic packet filters - strengths and weaknesses |
| 4.4 AD integration |
| 4.5 Transparent firewalls and switches as firewalls |
| 4.5.1 Protocol filtering |
| 4.5.2 Ethernet access lists |
| 4.5.3 Attack types in the LAN and their defense |
| 4.6 Personal firewalls |
| 5 Proxies - Targeting Application Control |
| 5.1 Proxy - term and basic installation types |
| 5.1.1 Forward Proxies |
| 5.1.2 Reverse Proxies |
| 5.2 Generic proxies |
| 5.2.1 Forwarding |
| 5.2.2 SOCKS |
| 5.3 Application Layer Gateways |
| 5.3.1 Mode of operation |
| 5.3.2 Limitations |
| 5.4 Web Proxies |
| 5.4.1 HTTP basics |
| 5.4.2 URL filtering |
| 5.4.3 HTTP header changes |
| 5.4.4 Active content |
| 5.4.5 Alternative: Application Layer Firewalls |
| 5.4.6 Caching |
| 5.4.7 Proxies and virus scanning |
| 5.4.8 SSL/TLS proxies |
| 5.5 Authentication at the proxy |
| 5.5.1 The server side |
| 5.5.2 The client side |
| 5.5.3 Example 1: HTTP at an explicit proxy |
| 5.5.4 Example 2: HTTP on a transparent proxy |
| 5.5.5 Single sign-on |
| 5.5.6 Other aspects |
| 5.5.7 Substitute authentication |
| 5.6 Mail Relays |
| 5.7 DNS proxies |
| 6 Intrusion detection and prevention |
| 6.1 Basics |
| 6.1.1 Network-based IDS |
| 6.1.2 Host-based intrusion detection systems |
| 6.2 Attack detection |
| 6.2.1 Pattern recognition |
| 6.2.2 Protocol analysis |
| 6.2.3 Anomaly detection |
| 6.2.4 HIDS techniques |
| 6.2.5 Correlations |
| 6.2.6 Global correlations |
| 6.2.7 Other methods |
| 6.2.8 Bypassing IDSs |
| 6.3 Measures |
| 6.4 Security Information and Event Management - SIEM |
| 6.4.1 Identifying relevant data |
| 6.4.2 Correlating messages |
| 7 Combination of security architectures |
| 7.1 Application control and more |
| 7.1.1 The limits of the classic firewall |
| 7.1.2 Application analysis |
| 7.2 Tasks of Next Generation Firewalls |
| 7.3 Special case: Web Application Firewall (WAF) |
| 7.4 Voice over IP |
| 7.4.1 Components of VoIP |
| 7.4.2 Architecture |
| 7.4.3 VoIP and firewalls |
| 7.4.4 Session Border Controller |
| 7.5 Variety of designations |
| 8 Firewall products |
| 8.1 Check Point |
| 8.2 ASA - Cisco Systems |
| 8.3 Firepower - Cisco Systems |
| 8.4 Palo Alto |
| 8.5 Juniper |
| 8.6 Fortinet |
| 8.7 Sophos |
| 8.8 Genoa |
| 8.9 Blue Coat Proxy |
| 8.10 Other providers |
| 8.11 AlgoSec and others Firewall Analyzer |
| 8.12 Open Source Firewalls |
| 8.13 Open Source Proxy: Squid |
-
Classroom training
- Do you prefer the classic training method? A course in one of our Training Centers, with a competent trainer and the direct exchange between all course participants? Then you should book one of our classroom training dates!
-
Hybrid training
- Hybrid training means that online participants can additionally attend a classroom course. The dynamics of a real seminar are maintained, and the online participants are able to benefit from that. Online participants of a hybrid course use a collaboration platform, such as WebEx Training Center or Saba Meeting. To do this, a PC with browser and Internet access is required, as well as a headset and ideally a Web cam. In the seminar room, we use specially developed and customized audio- and video-technologies. This makes sure that the communication between all persons involved works in a convenient and fault-free way.
-
Online training
- You wish to attend a course in online mode? We offer you online course dates for this course topic. To attend these seminars, you need to have a PC with Internet access (minimum data rate 1Mbps), a headset when working via VoIP and optionally a camera. For further information and technical recommendations, please refer to.
-
Tailor-made courses
-
You need a special course for your team? In addition to our standard offer, we will also support you in creating your customized courses, which precisely meet your individual demands. We will be glad to consult you and create an individual offer for you.
You can find the complete description of this course with dates and prices ready for download at as PDF.
Guaranteed date
Guaranteed with the next booking
Hybrid Training
Trainer language German