Security Concepts and Technologies

Encryption, Authentication and Data Integrity

Network security is critical to ensure the privacy, security and smooth functioning of networks and related services.

Businesses, organizations and individuals must implement appropriate security measures to protect themselves from the many threats in the digital world.

This security course introduces different methods to ensure the confidentiality, integrity and availability of data and resources in a computer network. The know-how imparted in this course lays the foundation for the independent assumption of tasks in the security planning and administration of IP-based networks. At the same time, it is the basis for a large number of advanced courses in the field of security.

Course Contents

Objectives of network security
Vulnerabilities of IP-based networks
Typical attack methods
Planning and management of security measures
Symmetric and asymmetric encryption
Data integrity and authenticity
Authentication measures
Certificates and PKI
IPsec and TLS for securing communication processes
Firewalls, IPS and proxies
Application security for e-mail, WWW and DNS
Network Access Control
LAN Security - From ARP inspection to IEEE 802. 1X
WLAN security
VPNs - securing private data
Security in cloud environments
SD-WAN and SASE
Endpoint security - antivirus, antispyware firewall & co.
Security awareness - involving employees

The detailed digital documentation package, consisting of an e-book and PDF, is included in the price of the course.

Premium Course Documents

In addition to the digital documentation package, the exclusive Premium Print Package is also available to you.

High-quality color prints of the ExperTeach documentation
Exclusive folder in an elegant design
Document pouch in backpack shape
Elegant LAMY ballpoint pen
Practical notepad

The Premium Print Package can be added during the ordering process for € 200,- plus VAT (only for classroom participation).

Target Group

Technical background and measures for network security, as taught in this security course, are basically of interest to anyone who comes into contact with computer networks and the Internet in any form. The course is particularly suitable for administrators, planners and consultants who require a comprehensive overview of this subject area.

Knowledge Prerequisites

Optimal prerequisites are a sound basic knowledge of the LAN, router and Internet environment as well as in-depth knowledge of the IP protocol.

1	Cybersecurity—Attacks and Countermeasures
1.1	Attack Vector and Attack Surface
1.1.1	Attackers and their Motives
1.1.2	Targets of Attack
1.2	Targets and Assets
1.2.1	Spying out Companies
1.2.2	Screening Networks
1.2.3	Social Engineering—Mining
1.3	Attack Variants
1.3.1	Exploitation
1.3.2	Social Engineering Attacks
1.3.3	DoS Variants
1.4	Protocol and Network Attacks
1.4.1	LAN Attacks
1.4.2	WLAN Security
1.4.3	The Internet Protocol and its Weaknesses
1.4.4	Attacks on Routers
1.4.5	Attacks on Layer 4
1.4.6	Attack Applications

2	Planning and Implementing Security
2.1	Legal Security Stipulations
2.1.1	Directives and Certifications (ISO 27001)
2.1.2	BSI IT Grundschutz (Baseline Protection Standard Issued by the German Federal Office for Information Security)
2.1.3	EPCIP
2.1.4	NIS2 and RCE
2.2	Structural Analysis—Plan
2.2.1	Security Policies
2.2.2	Security Policy—Create Access Rules
2.3	Overview of Protective Measures—To Do
2.4	Vulnerability Analysis and Penetration Tests—Check
2.5	Detect Attacks—Act

3	Basics of Cryptography
3.1	Encryption
3.1.1	Symmetrical Encryption
3.1.2	Asymmetrical Encryption
3.1.3	Key Management
3.2	Data Integrity via Hash Values
3.2.1	Typical Features
3.2.2	Known Procedures
3.3	Authentication
3.3.1	Password-based
3.3.2	Single Sign-On (SSO)
3.3.3	Biometrics
3.3.4	Public Key Procedure
3.4	Certificates
3.4.1	Apply for Certificates
3.4.2	Issue Certificates
3.4.3	Authentication
3.4.4	Certificate Revocation List
3.4.5	Infrastructure

4	Securing Communication Processes
4.1	IPSec—Security for IP
4.1.1	The IPsec Header
4.1.2	IKEv1
4.1.3	IKEv2
4.2	SSL/TLS—Application Security
4.2.1	The TLS Protocol Stack
4.2.2	TLS Versions and SSL
4.2.3	The Connection Setup up to TLS 1.2
4.2.4	The Connection Setup under TLS 1.3

5	Design of Secure Networks
5.1	Separating Security Zones
5.1.1	VLANs—Separation on Layer 2
5.1.2	IP Security Zones
5.2	Firewalls
5.2.1	Static Packet Filters
5.2.2	Stateful Firewalls
5.2.3	Rule Sets
5.2.4	Next Generation Firewall
5.2.5	DMZ Concepts
5.3	Proxy—Representative of Client and Server
5.4	Intrusion Prevention System
5.4.1	Host-based IPS—HIPS
5.4.2	Network-based IPS— NIPS
5.4.3	Detection and Prevention Methods
5.5	SIEM Systems

6	Securing Applications
6.1	Securing the Services
6.2	DNS Communication
6.2.1	DNSSEC
6.2.2	DANE
6.2.3	DNS over TLS/DTLS vs. DNS over HTTPS
6.3	Secure e-mail Communication
6.3.1	Spam
6.3.2	Malware in e-mails
6.3.3	Phishing
6.3.4	E-Mail: Security Concepts
6.3.5	Anti-spoofing with SPF, DKIM, and DMARC
6.4	Web Security
6.4.1	Protective Measures
6.4.2	Web Application Firewall—Reverse Proxy
6.5	TLS Inspection
6.5.1	Outbound Inspection
6.5.2	Inbound Inspection

7	Network Access Control
7.1	RADIUS—An AAA Service
7.1.1	Protocol Procedures
7.1.2	The Packet Format
7.1.3	RADIUS Authentication and Authorization
7.1.4	RADIUS Accounting
7.1.5	AD Integration
7.1.6	LDAP Connection
7.2	LAN Security
7.2.1	IEEE 802.1X
7.2.2	MAC Auth or MAB
7.2.3	Web Auth and Guest Access
7.2.4	MacSec—IEEE 802.1AE
7.3	WLAN Security
7.3.1	WPA2, and IEEE 802.11i
7.3.2	WPA3—Improved Security
7.4	VPN Connections
7.4.1	Site-2-Site VPNs
7.4.2	Remote Access VPNs
7.4.3	Client-less TLS VPN

8	Protect Cloud Services
8.1	Cloud Computing—IT in Transition
8.1.1	Drivers for the Cloud
8.1.2	Cloud Variants—Private, Public, & Co.
8.2	Security in the Cloud
8.2.1	Public Cloud vs. Internal IT
8.2.2	Cloud Models and Responsibility for Security
8.2.3	Data Protection in the Cloud
8.2.4	C5 Certificate—Audits for the Cloud
8.3	Secure Server Virtualization
8.3.1	Protection Measures in Virtual Networks
8.3.2	Container Virtualization
8.4	Secure Access to the Cloud
8.4.1	Availability of Services in the Cloud
8.4.2	Protect Client to Cloud Services
8.4.3	SD-WAN
8.5	Secure Access Service Edge (SASE)

9	Endpoint Security
9.1	Client-side Attacks
9.2	Protective Measures
9.2.1	Virus and Threat Protection
9.2.2	Patch Management
9.2.3	Hard Drive Encryption
9.2.4	Host-based Firewalls
9.3	Secure Peripheral Devices

10	Security Awareness
10.1	Humans—the weakest link in the chain?
10.1.1	Limits of IT Security
10.1.2	Education and Training Required
10.2	Topics and Learning Objectives of Security Awareness Measures
10.2.1	Making Security Measures Transparent
10.2.2	Communicate Behavioral Measures
10.2.3	Making Confidentiality Plausible
10.2.4	Explaining the Background
10.3	Methods of Security Awareness Training
10.3.1	Integrate into Everyday Life
10.3.2	In-depth Measures

A	List of Abbreviations

Classroom training: Do you prefer the classic training method? A course in one of our Training Centers, with a competent trainer and the direct exchange between all course participants? Then you should book one of our classroom training dates!
Hybrid training: Hybrid training means that online participants can additionally attend a classroom course. The dynamics of a real seminar are maintained, and the online participants are able to benefit from that. Online participants of a hybrid course use a collaboration platform, such as WebEx Training Center or Saba Meeting. To do this, a PC with browser and Internet access is required, as well as a headset and ideally a Web cam. In the seminar room, we use specially developed and customized audio- and video-technologies. This makes sure that the communication between all persons involved works in a convenient and fault-free way.
Online training: You wish to attend a course in online mode? We offer you online course dates for this course topic. To attend these seminars, you need to have a PC with Internet access (minimum data rate 1Mbps), a headset when working via VoIP and optionally a camera. For further information and technical recommendations, please refer to.
Tailor-made courses: You need a special course for your team? In addition to our standard offer, we will also support you in creating your customized courses, which precisely meet your individual demands. We will be glad to consult you and create an individual offer for you.

You can find the complete description of this course with dates and prices ready for download at as PDF.

Network security is critical to ensure the privacy, security and smooth functioning of networks and related services.

Businesses, organizations and individuals must implement appropriate security measures to protect themselves from the many threats in the digital world.

Course Contents

Objectives of network security
Vulnerabilities of IP-based networks
Typical attack methods
Planning and management of security measures
Symmetric and asymmetric encryption
Data integrity and authenticity
Authentication measures
Certificates and PKI
IPsec and TLS for securing communication processes
Firewalls, IPS and proxies
Application security for e-mail, WWW and DNS
Network Access Control
LAN Security - From ARP inspection to IEEE 802. 1X
WLAN security
VPNs - securing private data
Security in cloud environments
SD-WAN and SASE
Endpoint security - antivirus, antispyware firewall & co.
Security awareness - involving employees

The detailed digital documentation package, consisting of an e-book and PDF, is included in the price of the course.

Premium Course Documents

In addition to the digital documentation package, the exclusive Premium Print Package is also available to you.

High-quality color prints of the ExperTeach documentation
Exclusive folder in an elegant design
Document pouch in backpack shape
Elegant LAMY ballpoint pen
Practical notepad

The Premium Print Package can be added during the ordering process for € 200,- plus VAT (only for classroom participation).

Target Group

Knowledge Prerequisites

Optimal prerequisites are a sound basic knowledge of the LAN, router and Internet environment as well as in-depth knowledge of the IP protocol.

1	Cybersecurity—Attacks and Countermeasures
1.1	Attack Vector and Attack Surface
1.1.1	Attackers and their Motives
1.1.2	Targets of Attack
1.2	Targets and Assets
1.2.1	Spying out Companies
1.2.2	Screening Networks
1.2.3	Social Engineering—Mining
1.3	Attack Variants
1.3.1	Exploitation
1.3.2	Social Engineering Attacks
1.3.3	DoS Variants
1.4	Protocol and Network Attacks
1.4.1	LAN Attacks
1.4.2	WLAN Security
1.4.3	The Internet Protocol and its Weaknesses
1.4.4	Attacks on Routers
1.4.5	Attacks on Layer 4
1.4.6	Attack Applications

2	Planning and Implementing Security
2.1	Legal Security Stipulations
2.1.1	Directives and Certifications (ISO 27001)
2.1.2	BSI IT Grundschutz (Baseline Protection Standard Issued by the German Federal Office for Information Security)
2.1.3	EPCIP
2.1.4	NIS2 and RCE
2.2	Structural Analysis—Plan
2.2.1	Security Policies
2.2.2	Security Policy—Create Access Rules
2.3	Overview of Protective Measures—To Do
2.4	Vulnerability Analysis and Penetration Tests—Check
2.5	Detect Attacks—Act

3	Basics of Cryptography
3.1	Encryption
3.1.1	Symmetrical Encryption
3.1.2	Asymmetrical Encryption
3.1.3	Key Management
3.2	Data Integrity via Hash Values
3.2.1	Typical Features
3.2.2	Known Procedures
3.3	Authentication
3.3.1	Password-based
3.3.2	Single Sign-On (SSO)
3.3.3	Biometrics
3.3.4	Public Key Procedure
3.4	Certificates
3.4.1	Apply for Certificates
3.4.2	Issue Certificates
3.4.3	Authentication
3.4.4	Certificate Revocation List
3.4.5	Infrastructure

4	Securing Communication Processes
4.1	IPSec—Security for IP
4.1.1	The IPsec Header
4.1.2	IKEv1
4.1.3	IKEv2
4.2	SSL/TLS—Application Security
4.2.1	The TLS Protocol Stack
4.2.2	TLS Versions and SSL
4.2.3	The Connection Setup up to TLS 1.2
4.2.4	The Connection Setup under TLS 1.3

5	Design of Secure Networks
5.1	Separating Security Zones
5.1.1	VLANs—Separation on Layer 2
5.1.2	IP Security Zones
5.2	Firewalls
5.2.1	Static Packet Filters
5.2.2	Stateful Firewalls
5.2.3	Rule Sets
5.2.4	Next Generation Firewall
5.2.5	DMZ Concepts
5.3	Proxy—Representative of Client and Server
5.4	Intrusion Prevention System
5.4.1	Host-based IPS—HIPS
5.4.2	Network-based IPS— NIPS
5.4.3	Detection and Prevention Methods
5.5	SIEM Systems

6	Securing Applications
6.1	Securing the Services
6.2	DNS Communication
6.2.1	DNSSEC
6.2.2	DANE
6.2.3	DNS over TLS/DTLS vs. DNS over HTTPS
6.3	Secure e-mail Communication
6.3.1	Spam
6.3.2	Malware in e-mails
6.3.3	Phishing
6.3.4	E-Mail: Security Concepts
6.3.5	Anti-spoofing with SPF, DKIM, and DMARC
6.4	Web Security
6.4.1	Protective Measures
6.4.2	Web Application Firewall—Reverse Proxy
6.5	TLS Inspection
6.5.1	Outbound Inspection
6.5.2	Inbound Inspection

7	Network Access Control
7.1	RADIUS—An AAA Service
7.1.1	Protocol Procedures
7.1.2	The Packet Format
7.1.3	RADIUS Authentication and Authorization
7.1.4	RADIUS Accounting
7.1.5	AD Integration
7.1.6	LDAP Connection
7.2	LAN Security
7.2.1	IEEE 802.1X
7.2.2	MAC Auth or MAB
7.2.3	Web Auth and Guest Access
7.2.4	MacSec—IEEE 802.1AE
7.3	WLAN Security
7.3.1	WPA2, and IEEE 802.11i
7.3.2	WPA3—Improved Security
7.4	VPN Connections
7.4.1	Site-2-Site VPNs
7.4.2	Remote Access VPNs
7.4.3	Client-less TLS VPN

8	Protect Cloud Services
8.1	Cloud Computing—IT in Transition
8.1.1	Drivers for the Cloud
8.1.2	Cloud Variants—Private, Public, & Co.
8.2	Security in the Cloud
8.2.1	Public Cloud vs. Internal IT
8.2.2	Cloud Models and Responsibility for Security
8.2.3	Data Protection in the Cloud
8.2.4	C5 Certificate—Audits for the Cloud
8.3	Secure Server Virtualization
8.3.1	Protection Measures in Virtual Networks
8.3.2	Container Virtualization
8.4	Secure Access to the Cloud
8.4.1	Availability of Services in the Cloud
8.4.2	Protect Client to Cloud Services
8.4.3	SD-WAN
8.5	Secure Access Service Edge (SASE)

9	Endpoint Security
9.1	Client-side Attacks
9.2	Protective Measures
9.2.1	Virus and Threat Protection
9.2.2	Patch Management
9.2.3	Hard Drive Encryption
9.2.4	Host-based Firewalls
9.3	Secure Peripheral Devices

10	Security Awareness
10.1	Humans—the weakest link in the chain?
10.1.1	Limits of IT Security
10.1.2	Education and Training Required
10.2	Topics and Learning Objectives of Security Awareness Measures
10.2.1	Making Security Measures Transparent
10.2.2	Communicate Behavioral Measures
10.2.3	Making Confidentiality Plausible
10.2.4	Explaining the Background
10.3	Methods of Security Awareness Training
10.3.1	Integrate into Everyday Life
10.3.2	In-depth Measures

A	List of Abbreviations

Classroom training: Do you prefer the classic training method? A course in one of our Training Centers, with a competent trainer and the direct exchange between all course participants? Then you should book one of our classroom training dates!
Hybrid training: Hybrid training means that online participants can additionally attend a classroom course. The dynamics of a real seminar are maintained, and the online participants are able to benefit from that. Online participants of a hybrid course use a collaboration platform, such as WebEx Training Center or Saba Meeting. To do this, a PC with browser and Internet access is required, as well as a headset and ideally a Web cam. In the seminar room, we use specially developed and customized audio- and video-technologies. This makes sure that the communication between all persons involved works in a convenient and fault-free way.
Online training: You wish to attend a course in online mode? We offer you online course dates for this course topic. To attend these seminars, you need to have a PC with Internet access (minimum data rate 1Mbps), a headset when working via VoIP and optionally a camera. For further information and technical recommendations, please refer to.
Tailor-made courses: You need a special course for your team? In addition to our standard offer, we will also support you in creating your customized courses, which precisely meet your individual demands. We will be glad to consult you and create an individual offer for you.

You can find the complete description of this course with dates and prices ready for download at as PDF.

ExperTeach Identifier: SECU

Duration & Prices

Prices excl. V.A.T.

Classes in Germany

5 days

€ 2,595

Classes in Austria

5 days

€ 2,595

Classes in Switzerland

5 days

€ 3,390

Online training

5 days

€ 2,595

+ Premium Print Package (Optional)

€ 200

			Date	City
20250811	0	3	08/11/-08/15/25	Düsseldorf
20250811	0	3	08/11/-08/15/25	Live Online
20250818	1	1	08/18/-08/22/25	Frankfurt
20250915	2	3	09/15/-09/19/25	Frankfurt
20250915	2	3	09/15/-09/19/25	Live Online
20251103	0	3	11/03/-11/07/25	Düsseldorf
20251103	0	3	11/03/-11/07/25	Live Online
20251208	2	3	12/08/-12/12/25	München
20251208	2	3	12/08/-12/12/25	Live Online
20251208	2	1	12/08/-12/12/25	Zürich
20260119	2	3	01/19/-01/23/26	Berlin
20260119	2	3	01/19/-01/23/26	Hamburg
20260119	2	3	01/19/-01/23/26	Live Online
20260223	2	3	02/23/-02/27/26	Frankfurt
20260223	2	3	02/23/-02/27/26	Live Online
20260323	2	3	03/23/-03/27/26	Live Online
20260323	2	3	03/23/-03/27/26	Wien
20260504	2	3	05/04/-05/08/26	Düsseldorf
20260504	2	3	05/04/-05/08/26	Live Online
20260608	2	3	06/08/-06/12/26	München
20260608	2	3	06/08/-06/12/26	Live Online
20260608	2	1	06/08/-06/12/26	Zürich