-
Network security is critical to ensure the privacy, security and smooth functioning of networks and related services.Businesses, organizations and individuals must implement appropriate security measures to protect themselves from the many threats in the digital world.This security course introduces different methods to ensure the confidentiality, integrity and availability of data and resources in a computer network. The know-how imparted in this course lays the foundation for the independent assumption of tasks in the security planning and administration of IP-based networks. At the same time, it is the basis for a large number of advanced courses in the field of security.
-
Course Contents
-
- Objectives of Network Security
- Weaknesses of the TCP/IP Architecture
- Special Features of IPv6
- Typical Attacks: DoS, Spoofing, Cache Poisoning, etc.
- Symmetrical and Asymmetrical Encryption (AES, 3DES, RSA, ECC, ...)
- Data Integrity and Keyed Hash (MD5, SHA-1)
- Authentication, Signatures, and Certificates
- IPsec and SSL and their Application in VPNs
- Applications: SSH, SCP, PGP, HTTPS, etc.
- Endpoint Security: Virus Scanner, Hard Disk Encryption, Media Control, etc.
- LAN and WLAN Security: Port Security, WPA2, 802.1x, MAC Security
- Firewalls and DMZ
- Intrusion Detection and Prevention
- Security in Virtualized Environments / Cloud Security
- Hands-On Exercises at the Test Network
You will receive the comprehensive documentation package of the ExperTeach Networking series – printed documentation, e-book, and personalized PDF! As online participant, you will receive the e-book and the personalized PDF.
-
Target Group
-
Technical background and measures for network security, as taught in this security course, are basically of interest to anyone who comes into contact with computer networks and the Internet in any form. The course is particularly suitable for administrators, planners and consultants who require a comprehensive overview of this subject area.
-
Knowledge Prerequisites
-
Optimal prerequisites are a sound basic knowledge of the LAN, router and Internet environment as well as in-depth knowledge of the IP protocol.
| 1 Motivation for network security |
| 1.1 Goals of network security |
| 1.1.1 Confidentiality |
| 1.1.2 Integrity |
| 1.1.3 Authenticity |
| 1.1.4 Availability |
| 1.2 The basic threats |
| 1.2.1 Eavesdropping |
| 1.2.2 Spoofing |
| 1.2.3 Denial of service |
| 1.3 The Internet Protocol |
| 1.3.1 The IPv4 header |
| 1.3.2 The IPv6 header |
| 1.4 The transport protocols |
| 1.4.1 UDP - connectionless and unsecured |
| 1.4.2 TCP - Connection oriented and secured |
| 1.5 Vulnerabilities of the TCP/IP architecture |
| 1.5.1 IP spoofing |
| 1.5.2 Malformed Packets |
| 1.5.3 Fragmentation attacks |
| 1.5.4 IPv6 extension headers |
| 1.5.5 SYN flooding |
| 1.5.6 Attacks on existing connections |
| 1.5.7 Session hijacking |
| 1.5.8 The RST attack |
| 1.5.9 Attacks against DNS |
| 1.5.10 Attacks against routing |
| 1.6 Typical tools and programs |
| 1.6.1 Information gathering |
| 1.6.2 Attack tools |
| 1.6.3 Information sources |
| 1.6.4 The BSI's basic protection catalogs |
| 2 (IT) security through encryption |
| 2.1 The beginnings of cryptography |
| 2.2 Symmetric encryption |
| 2.2.1 Lifetime and distribution of keys |
| 2.2.2 Generation of keys |
| 2.2.3 Diffie-Hellman |
| 2.3 Asymmetric encryption |
| 2.3.1 RSA |
| 2.3.2 Hybrid methods |
| 2.4 Data integrity: hash values |
| 2.4.1 Typical properties |
| 2.4.2 Attacks on hash values |
| 2.4.3 Keyed hash |
| 3 Authentication |
| 3.1 Basic principles |
| 3.1.1 The Man in the Middle |
| 3.1.2 Authentication and authorization |
| 3.1.3 User-related logging |
| 3.1.4 Device authentication and user authentication |
| 3.1.5 Architecture |
| 3.1.6 Authentication maintenance |
| 3.1.7 Replay attacks |
| 3.2 Identification options |
| 3.2.1 Static passwords |
| 3.2.2 One-time passwords |
| 3.2.3 Biometrics |
| 3.2.4 Public-key authentication |
| 3.2.5 Two-factor authentication (2FA) |
| 3.2.6 Tickets and certificates |
| 3.3 Certificates |
| 3.3.1 Digital signature |
| 3.3.2 Concept |
| 3.3.3 PKI and CA |
| 3.4 Authentication procedures |
| 3.4.1 Procedure with password transmission |
| 3.4.2 Challenge - Response |
| 3.4.3 EAP |
| 3.5 Central authentication |
| 3.5.1 RADIUS |
| 3.5.2 DIAMETER |
| 3.5.3 TACACS+ |
| 3.5.4 LDAP |
| 3.5.5 Kerberos |
| 3.5.6 NTLM |
| 4 Securing connections and applications |
| 4.1 VPN concepts |
| 4.2 Network Layer: IPsec |
| 4.2.1 IPsec - The operating modes |
| 4.2.2 IPsec headers |
| 4.2.3 Tunnel setup and management |
| 4.2.4 Security Associations |
| 4.2.5 IKEv1 |
| 4.2.6 IKEv2 |
| 4.3 Transport Layer: SSL/TLS |
| 4.3.1 SSL/TLS |
| 4.3.2 The SSL/TLS connection structure |
| 4.3.3 HPKP and HSTS |
| 4.3.4 Architecture of SSL/TLS VPNs |
| 4.4 Secure applications |
| 4.4.1 SSH |
| 4.4.2 PGP and S/MIME |
| 4.4.3 DNSSEC |
| 4.4.4 Securing VoIP |
| 4.5 Anonymizers |
| 5 Security on the LAN |
| 5.1 How a LAN works |
| 5.1.1 The Ethernet protocol |
| 5.1.2 Hubs |
| 5.1.3 Switches |
| 5.1.4 VLANs |
| 5.2 Dangers on the LAN |
| 5.2.1 MAC spoofing |
| 5.2.2 ARP cache poisoning |
| 5.2.3 Neighbor solicitation |
| 5.2.4 Flooding of the switching table |
| 5.2.5 VLAN hopping |
| 5.2.6 Mirror ports |
| 5.2.7 DHCP spoofing |
| 5.2.8 Router advertisements |
| 5.2.9 ICMP attacks |
| 5.2.10 Spanning tree attacks |
| 5.3 LAN security |
| 5.3.1 Port security |
| 5.3.2 Private VLANs |
| 5.4 How a WLAN works |
| 5.4.1 Service Set Identifier (SSID) |
| 5.4.2 From cell to cell and roaming |
| 5.5 WLAN security |
| 5.5.1 Inadequate measures |
| 5.5.2 Security standards |
| 5.5.3 Weaknesses and gaps in the WLAN |
| 5.6 IEEE 802.1X |
| 5.6.1 Automatic VLAN assignment |
| 5.6.2 MACSec |
| 5.7 LoRa WAN - Security in the IoT |
| 5.7.1 LoRaWAN - Security |
| 5.7.2 Key management |
| 6 Firewalls |
| 6.1 Firewalls |
| 6.1.1 Static packet filters |
| 6.1.2 Dynamic packet filters - stateful firewalls |
| 6.1.3 Proxies |
| 6.1.4 Next Generation Firewalls |
| 6.2 Network design |
| 6.2.1 Network Address Translation (NAT) and Firewalls |
| 6.2.2 DMZ concepts - an overview |
| 6.2.3 Firewalls and VPNs |
| 6.2.4 Failover and load balancing |
| 6.3 IDS and IPS |
| 6.3.1 Positioning |
| 6.3.2 How IDS/IPS works |
| 6.3.3 Measures |
| 6.3.4 Correlations |
| 6.4 Security Information and Event Management - SIEM |
| 6.4.1 Identifying relevant data |
| 6.4.2 Correlating messages |
| 7 Endpoint Security |
| 7.1 Attacks on operating systems and programs |
| 7.1.1 Malware |
| 7.1.2 Exploits |
| 7.1.3 Buffer overflow |
| 7.1.4 Drive-by infection |
| 7.1.5 Active content |
| 7.1.6 Phishing and whaling |
| 7.1.7 QR codes |
| 7.2 Attacks on web servers |
| 7.2.1 Cross site scripting |
| 7.2.2 SQL injection |
| 7.3 Endpoint security |
| 7.3.1 Anti-virus programs |
| 7.3.2 Patch management |
| 7.3.3 Hard disk encryption |
| 7.3.4 Data loss prevention |
| 7.3.5 Bluetooth |
| 7.4 Security in virtual environments and the cloud |
-
Classroom training
- Do you prefer the classic training method? A course in one of our Training Centers, with a competent trainer and the direct exchange between all course participants? Then you should book one of our classroom training dates!
-
Hybrid training
- Hybrid training means that online participants can additionally attend a classroom course. The dynamics of a real seminar are maintained, and the online participants are able to benefit from that. Online participants of a hybrid course use a collaboration platform, such as WebEx Training Center or Saba Meeting. To do this, a PC with browser and Internet access is required, as well as a headset and ideally a Web cam. In the seminar room, we use specially developed and customized audio- and video-technologies. This makes sure that the communication between all persons involved works in a convenient and fault-free way.
-
Online training
- You wish to attend a course in online mode? We offer you online course dates for this course topic. To attend these seminars, you need to have a PC with Internet access (minimum data rate 1Mbps), a headset when working via VoIP and optionally a camera. For further information and technical recommendations, please refer to.
-
Tailor-made courses
-
You need a special course for your team? In addition to our standard offer, we will also support you in creating your customized courses, which precisely meet your individual demands. We will be glad to consult you and create an individual offer for you.
Request for customized courses
You can find the complete description of this course with dates and prices ready for download at as PDF.-
Network security is critical to ensure the privacy, security and smooth functioning of networks and related services.Businesses, organizations and individuals must implement appropriate security measures to protect themselves from the many threats in the digital world.This security course introduces different methods to ensure the confidentiality, integrity and availability of data and resources in a computer network. The know-how imparted in this course lays the foundation for the independent assumption of tasks in the security planning and administration of IP-based networks. At the same time, it is the basis for a large number of advanced courses in the field of security.
-
Course Contents
-
- Objectives of Network Security
- Weaknesses of the TCP/IP Architecture
- Special Features of IPv6
- Typical Attacks: DoS, Spoofing, Cache Poisoning, etc.
- Symmetrical and Asymmetrical Encryption (AES, 3DES, RSA, ECC, ...)
- Data Integrity and Keyed Hash (MD5, SHA-1)
- Authentication, Signatures, and Certificates
- IPsec and SSL and their Application in VPNs
- Applications: SSH, SCP, PGP, HTTPS, etc.
- Endpoint Security: Virus Scanner, Hard Disk Encryption, Media Control, etc.
- LAN and WLAN Security: Port Security, WPA2, 802.1x, MAC Security
- Firewalls and DMZ
- Intrusion Detection and Prevention
- Security in Virtualized Environments / Cloud Security
- Hands-On Exercises at the Test Network
You will receive the comprehensive documentation package of the ExperTeach Networking series – printed documentation, e-book, and personalized PDF! As online participant, you will receive the e-book and the personalized PDF.
-
Target Group
-
Technical background and measures for network security, as taught in this security course, are basically of interest to anyone who comes into contact with computer networks and the Internet in any form. The course is particularly suitable for administrators, planners and consultants who require a comprehensive overview of this subject area.
-
Knowledge Prerequisites
-
Optimal prerequisites are a sound basic knowledge of the LAN, router and Internet environment as well as in-depth knowledge of the IP protocol.
| 1 Motivation for network security |
| 1.1 Goals of network security |
| 1.1.1 Confidentiality |
| 1.1.2 Integrity |
| 1.1.3 Authenticity |
| 1.1.4 Availability |
| 1.2 The basic threats |
| 1.2.1 Eavesdropping |
| 1.2.2 Spoofing |
| 1.2.3 Denial of service |
| 1.3 The Internet Protocol |
| 1.3.1 The IPv4 header |
| 1.3.2 The IPv6 header |
| 1.4 The transport protocols |
| 1.4.1 UDP - connectionless and unsecured |
| 1.4.2 TCP - Connection oriented and secured |
| 1.5 Vulnerabilities of the TCP/IP architecture |
| 1.5.1 IP spoofing |
| 1.5.2 Malformed Packets |
| 1.5.3 Fragmentation attacks |
| 1.5.4 IPv6 extension headers |
| 1.5.5 SYN flooding |
| 1.5.6 Attacks on existing connections |
| 1.5.7 Session hijacking |
| 1.5.8 The RST attack |
| 1.5.9 Attacks against DNS |
| 1.5.10 Attacks against routing |
| 1.6 Typical tools and programs |
| 1.6.1 Information gathering |
| 1.6.2 Attack tools |
| 1.6.3 Information sources |
| 1.6.4 The BSI's basic protection catalogs |
| 2 (IT) security through encryption |
| 2.1 The beginnings of cryptography |
| 2.2 Symmetric encryption |
| 2.2.1 Lifetime and distribution of keys |
| 2.2.2 Generation of keys |
| 2.2.3 Diffie-Hellman |
| 2.3 Asymmetric encryption |
| 2.3.1 RSA |
| 2.3.2 Hybrid methods |
| 2.4 Data integrity: hash values |
| 2.4.1 Typical properties |
| 2.4.2 Attacks on hash values |
| 2.4.3 Keyed hash |
| 3 Authentication |
| 3.1 Basic principles |
| 3.1.1 The Man in the Middle |
| 3.1.2 Authentication and authorization |
| 3.1.3 User-related logging |
| 3.1.4 Device authentication and user authentication |
| 3.1.5 Architecture |
| 3.1.6 Authentication maintenance |
| 3.1.7 Replay attacks |
| 3.2 Identification options |
| 3.2.1 Static passwords |
| 3.2.2 One-time passwords |
| 3.2.3 Biometrics |
| 3.2.4 Public-key authentication |
| 3.2.5 Two-factor authentication (2FA) |
| 3.2.6 Tickets and certificates |
| 3.3 Certificates |
| 3.3.1 Digital signature |
| 3.3.2 Concept |
| 3.3.3 PKI and CA |
| 3.4 Authentication procedures |
| 3.4.1 Procedure with password transmission |
| 3.4.2 Challenge - Response |
| 3.4.3 EAP |
| 3.5 Central authentication |
| 3.5.1 RADIUS |
| 3.5.2 DIAMETER |
| 3.5.3 TACACS+ |
| 3.5.4 LDAP |
| 3.5.5 Kerberos |
| 3.5.6 NTLM |
| 4 Securing connections and applications |
| 4.1 VPN concepts |
| 4.2 Network Layer: IPsec |
| 4.2.1 IPsec - The operating modes |
| 4.2.2 IPsec headers |
| 4.2.3 Tunnel setup and management |
| 4.2.4 Security Associations |
| 4.2.5 IKEv1 |
| 4.2.6 IKEv2 |
| 4.3 Transport Layer: SSL/TLS |
| 4.3.1 SSL/TLS |
| 4.3.2 The SSL/TLS connection structure |
| 4.3.3 HPKP and HSTS |
| 4.3.4 Architecture of SSL/TLS VPNs |
| 4.4 Secure applications |
| 4.4.1 SSH |
| 4.4.2 PGP and S/MIME |
| 4.4.3 DNSSEC |
| 4.4.4 Securing VoIP |
| 4.5 Anonymizers |
| 5 Security on the LAN |
| 5.1 How a LAN works |
| 5.1.1 The Ethernet protocol |
| 5.1.2 Hubs |
| 5.1.3 Switches |
| 5.1.4 VLANs |
| 5.2 Dangers on the LAN |
| 5.2.1 MAC spoofing |
| 5.2.2 ARP cache poisoning |
| 5.2.3 Neighbor solicitation |
| 5.2.4 Flooding of the switching table |
| 5.2.5 VLAN hopping |
| 5.2.6 Mirror ports |
| 5.2.7 DHCP spoofing |
| 5.2.8 Router advertisements |
| 5.2.9 ICMP attacks |
| 5.2.10 Spanning tree attacks |
| 5.3 LAN security |
| 5.3.1 Port security |
| 5.3.2 Private VLANs |
| 5.4 How a WLAN works |
| 5.4.1 Service Set Identifier (SSID) |
| 5.4.2 From cell to cell and roaming |
| 5.5 WLAN security |
| 5.5.1 Inadequate measures |
| 5.5.2 Security standards |
| 5.5.3 Weaknesses and gaps in the WLAN |
| 5.6 IEEE 802.1X |
| 5.6.1 Automatic VLAN assignment |
| 5.6.2 MACSec |
| 5.7 LoRa WAN - Security in the IoT |
| 5.7.1 LoRaWAN - Security |
| 5.7.2 Key management |
| 6 Firewalls |
| 6.1 Firewalls |
| 6.1.1 Static packet filters |
| 6.1.2 Dynamic packet filters - stateful firewalls |
| 6.1.3 Proxies |
| 6.1.4 Next Generation Firewalls |
| 6.2 Network design |
| 6.2.1 Network Address Translation (NAT) and Firewalls |
| 6.2.2 DMZ concepts - an overview |
| 6.2.3 Firewalls and VPNs |
| 6.2.4 Failover and load balancing |
| 6.3 IDS and IPS |
| 6.3.1 Positioning |
| 6.3.2 How IDS/IPS works |
| 6.3.3 Measures |
| 6.3.4 Correlations |
| 6.4 Security Information and Event Management - SIEM |
| 6.4.1 Identifying relevant data |
| 6.4.2 Correlating messages |
| 7 Endpoint Security |
| 7.1 Attacks on operating systems and programs |
| 7.1.1 Malware |
| 7.1.2 Exploits |
| 7.1.3 Buffer overflow |
| 7.1.4 Drive-by infection |
| 7.1.5 Active content |
| 7.1.6 Phishing and whaling |
| 7.1.7 QR codes |
| 7.2 Attacks on web servers |
| 7.2.1 Cross site scripting |
| 7.2.2 SQL injection |
| 7.3 Endpoint security |
| 7.3.1 Anti-virus programs |
| 7.3.2 Patch management |
| 7.3.3 Hard disk encryption |
| 7.3.4 Data loss prevention |
| 7.3.5 Bluetooth |
| 7.4 Security in virtual environments and the cloud |
-
Classroom training
- Do you prefer the classic training method? A course in one of our Training Centers, with a competent trainer and the direct exchange between all course participants? Then you should book one of our classroom training dates!
-
Hybrid training
- Hybrid training means that online participants can additionally attend a classroom course. The dynamics of a real seminar are maintained, and the online participants are able to benefit from that. Online participants of a hybrid course use a collaboration platform, such as WebEx Training Center or Saba Meeting. To do this, a PC with browser and Internet access is required, as well as a headset and ideally a Web cam. In the seminar room, we use specially developed and customized audio- and video-technologies. This makes sure that the communication between all persons involved works in a convenient and fault-free way.
-
Online training
- You wish to attend a course in online mode? We offer you online course dates for this course topic. To attend these seminars, you need to have a PC with Internet access (minimum data rate 1Mbps), a headset when working via VoIP and optionally a camera. For further information and technical recommendations, please refer to.
-
Tailor-made courses
-
You need a special course for your team? In addition to our standard offer, we will also support you in creating your customized courses, which precisely meet your individual demands. We will be glad to consult you and create an individual offer for you.
Request for customized courses
You can find the complete description of this course with dates and prices ready for download at as PDF.
Guaranteed date
Guaranteed with the next booking
Classroom Training
Hybrid Training
Trainer language German