-
A core component in the implementation of a security policy is the firewall. It is meant to protect the internal network against attacks from the Internet. The functions performed by modern firewall systems by far exceed simple filtering technologies. They often merge with the activities performed by proxies. Intrusion Prevention Systems (IPS) are designed to analyze the traffic in the network, to identify attacks, and to initiate counter-measures. The course at hand discusses the basic technologies and working methods on which firewalls and IPS are based. The implementation of these systems into an existing network and the interaction with other components are further focal points of the course.
-
Course Contents
-
- Working Mode of Firewalls and IPS
- Static Packet Filters, Access Lists
- Dynamic Packet Filters, Stateful Firewalls
- Personal Firewalls
- Generic Proxies and Application Layer Gateways
- Authentication at the Firewall, Active Directory Integration
- Application Firewalls
- BYOD, Devices, and Application Analysis
- DMZ Concepts
- High Availability and Load Sharing
- Firewalls and Virtualization
- Layer-2 Firewalling
- Firewalls and IPv6
- Intrusion Detection (IDS) vs. Intrusion Prevention (IPS)
- IPS Technologies (HIPS, NIPS, PIPS)
- Interaction of Firewalls and IPS
You will receive the comprehensive documentation package of the ExperTeach Networking series – printed documentation, e-book, and personalized PDF! As online participant, you will receive the e-book and the personalized PDF.
-
Target Group
-
Network designers and project managers will learn the planning and implementation of a security solution at the perimeter. Technicians will acquire the technological know-how for the operation of firewalls and IPS, also as a basis for follow-up product training. Attendance at this course can be credited for T.I.S.P. recertification.
-
Knowledge Prerequisites
-
Basic know-how of the Internetworking terminology, as well as knowledge of the IP protocol are required.
| 1 Introduction and motivation |
| 1.1 A barrier between networks |
| 1.1.1 Tasks of the firewall |
| 1.1.2 The DMZ |
| 1.1.3 Interaction with other network components |
| 1.2 The Internet Protocol |
| 1.2.1 The IP header - format and functions |
| 1.2.2 IPv6 |
| 1.2.3 Attacks by extension headers |
| 1.2.4 UDP - connectionless and unsecured |
| 1.2.5 TCP - connection oriented and secured |
| 1.3 Firewall and proxy in the OSI model |
| 1.4 The firewall at the center of the attack |
| 1.4.1 Information gathering by the attackers |
| 1.4.2 IP spoofing |
| 1.4.3 Denial of Service |
| 1.5 Application layer control |
| 1.5.1 Firewalls and proxies |
| 1.5.2 Firewall protocol understanding |
| 1.5.3 Application control by proxies |
| 1.6 Attacks on programs |
| 2 Network design |
| 2.1 Planning and network design - The right location |
| 2.2 DMZ concepts - An overview |
| 2.3 Network Address Translation (NAT) and Firewalls |
| 2.3.1 The NAT terminologies |
| 2.3.2 NAT and IPv6 |
| 2.3.3 NAT - Without Problems? |
| 2.3.4 An example - NAT and active FTP |
| 2.4 Firewalls and VPN |
| 2.4.1 Separate gateway |
| 2.4.2 Firewall as VPN gateway |
| 2.4.3 Firewalls and remote sites |
| 2.5 Firewall cluster |
| 2.5.1 The cluster in the OSI model |
| 2.5.2 Redundancy with VRRP |
| 2.5.3 Load sharing with multicasts |
| 2.5.4 Load Sharing with Pivot Firewall |
| 2.5.5 Load sharing with dynamic IP routing |
| 2.5.6 Load sharing with content switches |
| 2.5.7 Evaluation of the methods |
| 2.5.8 The DMZ |
| 3 Inventory, Planning and Security Policy |
| 3.1 Inventory with system |
| 3.2 Security policy - Who is allowed to do what? |
| 3.2.1 The Security Policy - Details |
| 3.2.2 Security Policy and Firewall |
| 3.2.3 Documentation - also for the firewall |
| 3.2.4 Logging strategies - What is important? |
| 3.2.5 Checking the rules and regulations |
| 3.3 The Price of Security - Financial and Time Expenditure |
| 3.3.1 Hardware and software costs |
| 3.3.2 Installation costs |
| 3.3.3 Administrative costs |
| 3.3.4 Update planning - the hacker never sleeps |
| 4 Packet filters and other firewalls |
| 4.1 The rules of a firewall |
| 4.1.1 Triggers |
| 4.1.2 Actions |
| 4.1.3 Working off the set of rules |
| 4.2 Static packet filters - access lists |
| 4.2.1 How static packet filters work |
| 4.2.2 Static packet filters - weaknesses and limitations |
| 4.2.3 Conclusion |
| 4.3 Dynamic packet filters - stateful inspection |
| 4.3.1 The concept of the state table |
| 4.3.2 The rules of a stateful firewall |
| 4.3.3 Dynamic packet filters - strengths and weaknesses |
| 4.4 AD integration |
| 4.5 Transparent firewalls and switches as firewalls |
| 4.5.1 Protocol filtering |
| 4.5.2 Ethernet access lists |
| 4.5.3 Attack types in the LAN and their defense |
| 4.6 Personal firewalls |
| 5 Proxies - Targeting Application Control |
| 5.1 Proxy - term and basic installation types |
| 5.1.1 Forward Proxies |
| 5.1.2 Reverse Proxies |
| 5.2 Generic proxies |
| 5.2.1 Forwarding |
| 5.2.2 SOCKS |
| 5.3 Application Layer Gateways |
| 5.3.1 Mode of operation |
| 5.3.2 Limitations |
| 5.4 Web Proxies |
| 5.4.1 HTTP basics |
| 5.4.2 URL filtering |
| 5.4.3 HTTP header changes |
| 5.4.4 Active content |
| 5.4.5 Alternative: Application Layer Firewalls |
| 5.4.6 Caching |
| 5.4.7 Proxies and virus scanning |
| 5.4.8 SSL/TLS proxies |
| 5.5 Authentication at the proxy |
| 5.5.1 The server side |
| 5.5.2 The client side |
| 5.5.3 Example 1: HTTP at an explicit proxy |
| 5.5.4 Example 2: HTTP on a transparent proxy |
| 5.5.5 Single sign-on |
| 5.5.6 Other aspects |
| 5.5.7 Substitute authentication |
| 5.6 Mail Relays |
| 5.7 DNS proxies |
| 6 Intrusion detection and prevention |
| 6.1 Basics |
| 6.1.1 Network-based IDS |
| 6.1.2 Host-based intrusion detection systems |
| 6.2 Attack detection |
| 6.2.1 Pattern recognition |
| 6.2.2 Protocol analysis |
| 6.2.3 Anomaly detection |
| 6.2.4 HIDS techniques |
| 6.2.5 Correlations |
| 6.2.6 Global correlations |
| 6.2.7 Other methods |
| 6.2.8 Bypassing IDSs |
| 6.3 Measures |
| 6.4 Security Information and Event Management - SIEM |
| 6.4.1 Identifying relevant data |
| 6.4.2 Correlating messages |
| 7 Combination of security architectures |
| 7.1 Application control and more |
| 7.1.1 The limits of the classic firewall |
| 7.1.2 Application analysis |
| 7.2 Tasks of Next Generation Firewalls |
| 7.3 Special case: Web Application Firewall (WAF) |
| 7.4 Voice over IP |
| 7.4.1 Components of VoIP |
| 7.4.2 Architecture |
| 7.4.3 VoIP and firewalls |
| 7.4.4 Session Border Controller |
| 7.5 Variety of designations |
| 8 Firewall products |
| 8.1 Check Point |
| 8.2 ASA - Cisco Systems |
| 8.3 Firepower - Cisco Systems |
| 8.4 Palo Alto |
| 8.5 Juniper |
| 8.6 Fortinet |
| 8.7 Sophos |
| 8.8 Genoa |
| 8.9 Blue Coat Proxy |
| 8.10 Other providers |
| 8.11 AlgoSec and others Firewall Analyzer |
| 8.12 Open Source Firewalls |
| 8.13 Open Source Proxy: Squid |
-
Classroom training
- Do you prefer the classic training method? A course in one of our Training Centers, with a competent trainer and the direct exchange between all course participants? Then you should book one of our classroom training dates!
-
Hybrid training
- Hybrid training means that online participants can additionally attend a classroom course. The dynamics of a real seminar are maintained, and the online participants are able to benefit from that. Online participants of a hybrid course use a collaboration platform, such as WebEx Training Center or Saba Meeting. To do this, a PC with browser and Internet access is required, as well as a headset and ideally a Web cam. In the seminar room, we use specially developed and customized audio- and video-technologies. This makes sure that the communication between all persons involved works in a convenient and fault-free way.
-
Online training
- You wish to attend a course in online mode? We offer you online course dates for this course topic. To attend these seminars, you need to have a PC with Internet access (minimum data rate 1Mbps), a headset when working via VoIP and optionally a camera. For further information and technical recommendations, please refer to.
-
Tailor-made courses
-
You need a special course for your team? In addition to our standard offer, we will also support you in creating your customized courses, which precisely meet your individual demands. We will be glad to consult you and create an individual offer for you.
Request for customized courses
You can find the complete description of this course with dates and prices ready for download at as PDF.-
A core component in the implementation of a security policy is the firewall. It is meant to protect the internal network against attacks from the Internet. The functions performed by modern firewall systems by far exceed simple filtering technologies. They often merge with the activities performed by proxies. Intrusion Prevention Systems (IPS) are designed to analyze the traffic in the network, to identify attacks, and to initiate counter-measures. The course at hand discusses the basic technologies and working methods on which firewalls and IPS are based. The implementation of these systems into an existing network and the interaction with other components are further focal points of the course.
-
Course Contents
-
- Working Mode of Firewalls and IPS
- Static Packet Filters, Access Lists
- Dynamic Packet Filters, Stateful Firewalls
- Personal Firewalls
- Generic Proxies and Application Layer Gateways
- Authentication at the Firewall, Active Directory Integration
- Application Firewalls
- BYOD, Devices, and Application Analysis
- DMZ Concepts
- High Availability and Load Sharing
- Firewalls and Virtualization
- Layer-2 Firewalling
- Firewalls and IPv6
- Intrusion Detection (IDS) vs. Intrusion Prevention (IPS)
- IPS Technologies (HIPS, NIPS, PIPS)
- Interaction of Firewalls and IPS
You will receive the comprehensive documentation package of the ExperTeach Networking series – printed documentation, e-book, and personalized PDF! As online participant, you will receive the e-book and the personalized PDF.
-
Target Group
-
Network designers and project managers will learn the planning and implementation of a security solution at the perimeter. Technicians will acquire the technological know-how for the operation of firewalls and IPS, also as a basis for follow-up product training. Attendance at this course can be credited for T.I.S.P. recertification.
-
Knowledge Prerequisites
-
Basic know-how of the Internetworking terminology, as well as knowledge of the IP protocol are required.
| 1 Introduction and motivation |
| 1.1 A barrier between networks |
| 1.1.1 Tasks of the firewall |
| 1.1.2 The DMZ |
| 1.1.3 Interaction with other network components |
| 1.2 The Internet Protocol |
| 1.2.1 The IP header - format and functions |
| 1.2.2 IPv6 |
| 1.2.3 Attacks by extension headers |
| 1.2.4 UDP - connectionless and unsecured |
| 1.2.5 TCP - connection oriented and secured |
| 1.3 Firewall and proxy in the OSI model |
| 1.4 The firewall at the center of the attack |
| 1.4.1 Information gathering by the attackers |
| 1.4.2 IP spoofing |
| 1.4.3 Denial of Service |
| 1.5 Application layer control |
| 1.5.1 Firewalls and proxies |
| 1.5.2 Firewall protocol understanding |
| 1.5.3 Application control by proxies |
| 1.6 Attacks on programs |
| 2 Network design |
| 2.1 Planning and network design - The right location |
| 2.2 DMZ concepts - An overview |
| 2.3 Network Address Translation (NAT) and Firewalls |
| 2.3.1 The NAT terminologies |
| 2.3.2 NAT and IPv6 |
| 2.3.3 NAT - Without Problems? |
| 2.3.4 An example - NAT and active FTP |
| 2.4 Firewalls and VPN |
| 2.4.1 Separate gateway |
| 2.4.2 Firewall as VPN gateway |
| 2.4.3 Firewalls and remote sites |
| 2.5 Firewall cluster |
| 2.5.1 The cluster in the OSI model |
| 2.5.2 Redundancy with VRRP |
| 2.5.3 Load sharing with multicasts |
| 2.5.4 Load Sharing with Pivot Firewall |
| 2.5.5 Load sharing with dynamic IP routing |
| 2.5.6 Load sharing with content switches |
| 2.5.7 Evaluation of the methods |
| 2.5.8 The DMZ |
| 3 Inventory, Planning and Security Policy |
| 3.1 Inventory with system |
| 3.2 Security policy - Who is allowed to do what? |
| 3.2.1 The Security Policy - Details |
| 3.2.2 Security Policy and Firewall |
| 3.2.3 Documentation - also for the firewall |
| 3.2.4 Logging strategies - What is important? |
| 3.2.5 Checking the rules and regulations |
| 3.3 The Price of Security - Financial and Time Expenditure |
| 3.3.1 Hardware and software costs |
| 3.3.2 Installation costs |
| 3.3.3 Administrative costs |
| 3.3.4 Update planning - the hacker never sleeps |
| 4 Packet filters and other firewalls |
| 4.1 The rules of a firewall |
| 4.1.1 Triggers |
| 4.1.2 Actions |
| 4.1.3 Working off the set of rules |
| 4.2 Static packet filters - access lists |
| 4.2.1 How static packet filters work |
| 4.2.2 Static packet filters - weaknesses and limitations |
| 4.2.3 Conclusion |
| 4.3 Dynamic packet filters - stateful inspection |
| 4.3.1 The concept of the state table |
| 4.3.2 The rules of a stateful firewall |
| 4.3.3 Dynamic packet filters - strengths and weaknesses |
| 4.4 AD integration |
| 4.5 Transparent firewalls and switches as firewalls |
| 4.5.1 Protocol filtering |
| 4.5.2 Ethernet access lists |
| 4.5.3 Attack types in the LAN and their defense |
| 4.6 Personal firewalls |
| 5 Proxies - Targeting Application Control |
| 5.1 Proxy - term and basic installation types |
| 5.1.1 Forward Proxies |
| 5.1.2 Reverse Proxies |
| 5.2 Generic proxies |
| 5.2.1 Forwarding |
| 5.2.2 SOCKS |
| 5.3 Application Layer Gateways |
| 5.3.1 Mode of operation |
| 5.3.2 Limitations |
| 5.4 Web Proxies |
| 5.4.1 HTTP basics |
| 5.4.2 URL filtering |
| 5.4.3 HTTP header changes |
| 5.4.4 Active content |
| 5.4.5 Alternative: Application Layer Firewalls |
| 5.4.6 Caching |
| 5.4.7 Proxies and virus scanning |
| 5.4.8 SSL/TLS proxies |
| 5.5 Authentication at the proxy |
| 5.5.1 The server side |
| 5.5.2 The client side |
| 5.5.3 Example 1: HTTP at an explicit proxy |
| 5.5.4 Example 2: HTTP on a transparent proxy |
| 5.5.5 Single sign-on |
| 5.5.6 Other aspects |
| 5.5.7 Substitute authentication |
| 5.6 Mail Relays |
| 5.7 DNS proxies |
| 6 Intrusion detection and prevention |
| 6.1 Basics |
| 6.1.1 Network-based IDS |
| 6.1.2 Host-based intrusion detection systems |
| 6.2 Attack detection |
| 6.2.1 Pattern recognition |
| 6.2.2 Protocol analysis |
| 6.2.3 Anomaly detection |
| 6.2.4 HIDS techniques |
| 6.2.5 Correlations |
| 6.2.6 Global correlations |
| 6.2.7 Other methods |
| 6.2.8 Bypassing IDSs |
| 6.3 Measures |
| 6.4 Security Information and Event Management - SIEM |
| 6.4.1 Identifying relevant data |
| 6.4.2 Correlating messages |
| 7 Combination of security architectures |
| 7.1 Application control and more |
| 7.1.1 The limits of the classic firewall |
| 7.1.2 Application analysis |
| 7.2 Tasks of Next Generation Firewalls |
| 7.3 Special case: Web Application Firewall (WAF) |
| 7.4 Voice over IP |
| 7.4.1 Components of VoIP |
| 7.4.2 Architecture |
| 7.4.3 VoIP and firewalls |
| 7.4.4 Session Border Controller |
| 7.5 Variety of designations |
| 8 Firewall products |
| 8.1 Check Point |
| 8.2 ASA - Cisco Systems |
| 8.3 Firepower - Cisco Systems |
| 8.4 Palo Alto |
| 8.5 Juniper |
| 8.6 Fortinet |
| 8.7 Sophos |
| 8.8 Genoa |
| 8.9 Blue Coat Proxy |
| 8.10 Other providers |
| 8.11 AlgoSec and others Firewall Analyzer |
| 8.12 Open Source Firewalls |
| 8.13 Open Source Proxy: Squid |
-
Classroom training
- Do you prefer the classic training method? A course in one of our Training Centers, with a competent trainer and the direct exchange between all course participants? Then you should book one of our classroom training dates!
-
Hybrid training
- Hybrid training means that online participants can additionally attend a classroom course. The dynamics of a real seminar are maintained, and the online participants are able to benefit from that. Online participants of a hybrid course use a collaboration platform, such as WebEx Training Center or Saba Meeting. To do this, a PC with browser and Internet access is required, as well as a headset and ideally a Web cam. In the seminar room, we use specially developed and customized audio- and video-technologies. This makes sure that the communication between all persons involved works in a convenient and fault-free way.
-
Online training
- You wish to attend a course in online mode? We offer you online course dates for this course topic. To attend these seminars, you need to have a PC with Internet access (minimum data rate 1Mbps), a headset when working via VoIP and optionally a camera. For further information and technical recommendations, please refer to.
-
Tailor-made courses
-
You need a special course for your team? In addition to our standard offer, we will also support you in creating your customized courses, which precisely meet your individual demands. We will be glad to consult you and create an individual offer for you.
Request for customized courses
You can find the complete description of this course with dates and prices ready for download at as PDF.
Guaranteed date
Hybrid Training
Trainer language German