-
Network security is critical to ensure the privacy, security and smooth functioning of networks and related services.Businesses, organizations and individuals must implement appropriate security measures to protect themselves from the many threats in the digital world.This security course introduces different methods to ensure the confidentiality, integrity and availability of data and resources in a computer network. The know-how imparted in this course lays the foundation for the independent assumption of tasks in the security planning and administration of IP-based networks. At the same time, it is the basis for a large number of advanced courses in the field of security.
-
Course Contents
-
- Objectives of network security
- Vulnerabilities of IP-based networks
- Typical attack methods
- Planning and management of security measures
- Symmetric and asymmetric encryption
- Data integrity and authenticity
- Authentication measures
- Certificates and PKI
- IPsec and TLS for securing communication processes
- Firewalls, IPS and proxies
- Application security for e-mail, WWW and DNS
- Network Access Control
- LAN Security - From ARP inspection to IEEE 802. 1X
- WLAN security
- VPNs - securing private data
- Security in cloud environments
- SD-WAN and SASE
- Endpoint security - antivirus, antispyware firewall & co.
- Security awareness - involving employees
The detailed digital documentation package, consisting of an e-book and PDF, is included in the price of the course.
Premium Course Documents
In addition to the digital documentation package, the exclusive Premium Print Package is also available to you.
- High-quality color prints of the ExperTeach documentation
- Exclusive folder in an elegant design
- Document pouch in backpack shape
- Elegant LAMY ballpoint pen
- Practical notepad
The Premium Print Package can be added during the ordering process for € 200,- plus VAT (only for classroom participation). -
Target Group
-
Technical background and measures for network security, as taught in this security course, are basically of interest to anyone who comes into contact with computer networks and the Internet in any form. The course is particularly suitable for administrators, planners and consultants who require a comprehensive overview of this subject area.
-
Knowledge Prerequisites
-
Optimal prerequisites are a sound basic knowledge of the LAN, router and Internet environment as well as in-depth knowledge of the IP protocol.
1 | Cybersecurity—Attacks and Countermeasures |
1.1 | Attack Vector and Attack Surface |
1.1.1 | Attackers and their Motives |
1.1.2 | Targets of Attack |
1.2 | Targets and Assets |
1.2.1 | Spying out Companies |
1.2.2 | Screening Networks |
1.2.3 | Social Engineering—Mining |
1.3 | Attack Variants |
1.3.1 | Exploitation |
1.3.2 | Social Engineering Attacks |
1.3.3 | DoS Variants |
1.4 | Protocol and Network Attacks |
1.4.1 | LAN Attacks |
1.4.2 | WLAN Security |
1.4.3 | The Internet Protocol and its Weaknesses |
1.4.4 | Attacks on Routers |
1.4.5 | Attacks on Layer 4 |
1.4.6 | Attack Applications |
2 | Planning and Implementing Security |
2.1 | Legal Security Stipulations |
2.1.1 | Directives and Certifications (ISO 27001) |
2.1.2 | BSI IT Grundschutz (Baseline Protection Standard Issued by the German Federal Office for Information Security) |
2.1.3 | EPCIP |
2.1.4 | NIS2 and RCE |
2.2 | Structural Analysis—Plan |
2.2.1 | Security Policies |
2.2.2 | Security Policy—Create Access Rules |
2.3 | Overview of Protective Measures—To Do |
2.4 | Vulnerability Analysis and Penetration Tests—Check |
2.5 | Detect Attacks—Act |
3 | Basics of Cryptography |
3.1 | Encryption |
3.1.1 | Symmetrical Encryption |
3.1.2 | Asymmetrical Encryption |
3.1.3 | Key Management |
3.2 | Data Integrity via Hash Values |
3.2.1 | Typical Features |
3.2.2 | Known Procedures |
3.3 | Authentication |
3.3.1 | Password-based |
3.3.2 | Single Sign-On (SSO) |
3.3.3 | Biometrics |
3.3.4 | Public Key Procedure |
3.4 | Certificates |
3.4.1 | Apply for Certificates |
3.4.2 | Issue Certificates |
3.4.3 | Authentication |
3.4.4 | Certificate Revocation List |
3.4.5 | Infrastructure |
4 | Securing Communication Processes |
4.1 | IPSec—Security for IP |
4.1.1 | The IPsec Header |
4.1.2 | IKEv1 |
4.1.3 | IKEv2 |
4.2 | SSL/TLS—Application Security |
4.2.1 | The TLS Protocol Stack |
4.2.2 | TLS Versions and SSL |
4.2.3 | The Connection Setup up to TLS 1.2 |
4.2.4 | The Connection Setup under TLS 1.3 |
5 | Design of Secure Networks |
5.1 | Separating Security Zones |
5.1.1 | VLANs—Separation on Layer 2 |
5.1.2 | IP Security Zones |
5.2 | Firewalls |
5.2.1 | Static Packet Filters |
5.2.2 | Stateful Firewalls |
5.2.3 | Rule Sets |
5.2.4 | Next Generation Firewall |
5.2.5 | DMZ Concepts |
5.3 | Proxy—Representative of Client and Server |
5.4 | Intrusion Prevention System |
5.4.1 | Host-based IPS—HIPS |
5.4.2 | Network-based IPS— NIPS |
5.4.3 | Detection and Prevention Methods |
5.5 | SIEM Systems |
6 | Securing Applications |
6.1 | Securing the Services |
6.2 | DNS Communication |
6.2.1 | DNSSEC |
6.2.2 | DANE |
6.2.3 | DNS over TLS/DTLS vs. DNS over HTTPS |
6.3 | Secure e-mail Communication |
6.3.1 | Spam |
6.3.2 | Malware in e-mails |
6.3.3 | Phishing |
6.3.4 | E-Mail: Security Concepts |
6.3.5 | Anti-spoofing with SPF, DKIM, and DMARC |
6.4 | Web Security |
6.4.1 | Protective Measures |
6.4.2 | Web Application Firewall—Reverse Proxy |
6.5 | TLS Inspection |
6.5.1 | Outbound Inspection |
6.5.2 | Inbound Inspection |
7 | Network Access Control |
7.1 | RADIUS—An AAA Service |
7.1.1 | Protocol Procedures |
7.1.2 | The Packet Format |
7.1.3 | RADIUS Authentication and Authorization |
7.1.4 | RADIUS Accounting |
7.1.5 | AD Integration |
7.1.6 | LDAP Connection |
7.2 | LAN Security |
7.2.1 | IEEE 802.1X |
7.2.2 | MAC Auth or MAB |
7.2.3 | Web Auth and Guest Access |
7.2.4 | MacSec—IEEE 802.1AE |
7.3 | WLAN Security |
7.3.1 | WPA2, and IEEE 802.11i |
7.3.2 | WPA3—Improved Security |
7.4 | VPN Connections |
7.4.1 | Site-2-Site VPNs |
7.4.2 | Remote Access VPNs |
7.4.3 | Client-less TLS VPN |
8 | Protect Cloud Services |
8.1 | Cloud Computing—IT in Transition |
8.1.1 | Drivers for the Cloud |
8.1.2 | Cloud Variants—Private, Public, & Co. |
8.2 | Security in the Cloud |
8.2.1 | Public Cloud vs. Internal IT |
8.2.2 | Cloud Models and Responsibility for Security |
8.2.3 | Data Protection in the Cloud |
8.2.4 | C5 Certificate—Audits for the Cloud |
8.3 | Secure Server Virtualization |
8.3.1 | Protection Measures in Virtual Networks |
8.3.2 | Container Virtualization |
8.4 | Secure Access to the Cloud |
8.4.1 | Availability of Services in the Cloud |
8.4.2 | Protect Client to Cloud Services |
8.4.3 | SD-WAN |
8.5 | Secure Access Service Edge (SASE) |
9 | Endpoint Security |
9.1 | Client-side Attacks |
9.2 | Protective Measures |
9.2.1 | Virus and Threat Protection |
9.2.2 | Patch Management |
9.2.3 | Hard Drive Encryption |
9.2.4 | Host-based Firewalls |
9.3 | Secure Peripheral Devices |
10 | Security Awareness |
10.1 | Humans—the weakest link in the chain? |
10.1.1 | Limits of IT Security |
10.1.2 | Education and Training Required |
10.2 | Topics and Learning Objectives of Security Awareness Measures |
10.2.1 | Making Security Measures Transparent |
10.2.2 | Communicate Behavioral Measures |
10.2.3 | Making Confidentiality Plausible |
10.2.4 | Explaining the Background |
10.3 | Methods of Security Awareness Training |
10.3.1 | Integrate into Everyday Life |
10.3.2 | In-depth Measures |
A | List of Abbreviations |
-
Classroom training
- Do you prefer the classic training method? A course in one of our Training Centers, with a competent trainer and the direct exchange between all course participants? Then you should book one of our classroom training dates!
-
Hybrid training
- Hybrid training means that online participants can additionally attend a classroom course. The dynamics of a real seminar are maintained, and the online participants are able to benefit from that. Online participants of a hybrid course use a collaboration platform, such as WebEx Training Center or Saba Meeting. To do this, a PC with browser and Internet access is required, as well as a headset and ideally a Web cam. In the seminar room, we use specially developed and customized audio- and video-technologies. This makes sure that the communication between all persons involved works in a convenient and fault-free way.
-
Online training
- You wish to attend a course in online mode? We offer you online course dates for this course topic. To attend these seminars, you need to have a PC with Internet access (minimum data rate 1Mbps), a headset when working via VoIP and optionally a camera. For further information and technical recommendations, please refer to.
-
Tailor-made courses
-
You need a special course for your team? In addition to our standard offer, we will also support you in creating your customized courses, which precisely meet your individual demands. We will be glad to consult you and create an individual offer for you.

-
Network security is critical to ensure the privacy, security and smooth functioning of networks and related services.Businesses, organizations and individuals must implement appropriate security measures to protect themselves from the many threats in the digital world.This security course introduces different methods to ensure the confidentiality, integrity and availability of data and resources in a computer network. The know-how imparted in this course lays the foundation for the independent assumption of tasks in the security planning and administration of IP-based networks. At the same time, it is the basis for a large number of advanced courses in the field of security.
-
Course Contents
-
- Objectives of network security
- Vulnerabilities of IP-based networks
- Typical attack methods
- Planning and management of security measures
- Symmetric and asymmetric encryption
- Data integrity and authenticity
- Authentication measures
- Certificates and PKI
- IPsec and TLS for securing communication processes
- Firewalls, IPS and proxies
- Application security for e-mail, WWW and DNS
- Network Access Control
- LAN Security - From ARP inspection to IEEE 802. 1X
- WLAN security
- VPNs - securing private data
- Security in cloud environments
- SD-WAN and SASE
- Endpoint security - antivirus, antispyware firewall & co.
- Security awareness - involving employees
The detailed digital documentation package, consisting of an e-book and PDF, is included in the price of the course.
Premium Course Documents
In addition to the digital documentation package, the exclusive Premium Print Package is also available to you.
- High-quality color prints of the ExperTeach documentation
- Exclusive folder in an elegant design
- Document pouch in backpack shape
- Elegant LAMY ballpoint pen
- Practical notepad
The Premium Print Package can be added during the ordering process for € 200,- plus VAT (only for classroom participation). -
Target Group
-
Technical background and measures for network security, as taught in this security course, are basically of interest to anyone who comes into contact with computer networks and the Internet in any form. The course is particularly suitable for administrators, planners and consultants who require a comprehensive overview of this subject area.
-
Knowledge Prerequisites
-
Optimal prerequisites are a sound basic knowledge of the LAN, router and Internet environment as well as in-depth knowledge of the IP protocol.
1 | Cybersecurity—Attacks and Countermeasures |
1.1 | Attack Vector and Attack Surface |
1.1.1 | Attackers and their Motives |
1.1.2 | Targets of Attack |
1.2 | Targets and Assets |
1.2.1 | Spying out Companies |
1.2.2 | Screening Networks |
1.2.3 | Social Engineering—Mining |
1.3 | Attack Variants |
1.3.1 | Exploitation |
1.3.2 | Social Engineering Attacks |
1.3.3 | DoS Variants |
1.4 | Protocol and Network Attacks |
1.4.1 | LAN Attacks |
1.4.2 | WLAN Security |
1.4.3 | The Internet Protocol and its Weaknesses |
1.4.4 | Attacks on Routers |
1.4.5 | Attacks on Layer 4 |
1.4.6 | Attack Applications |
2 | Planning and Implementing Security |
2.1 | Legal Security Stipulations |
2.1.1 | Directives and Certifications (ISO 27001) |
2.1.2 | BSI IT Grundschutz (Baseline Protection Standard Issued by the German Federal Office for Information Security) |
2.1.3 | EPCIP |
2.1.4 | NIS2 and RCE |
2.2 | Structural Analysis—Plan |
2.2.1 | Security Policies |
2.2.2 | Security Policy—Create Access Rules |
2.3 | Overview of Protective Measures—To Do |
2.4 | Vulnerability Analysis and Penetration Tests—Check |
2.5 | Detect Attacks—Act |
3 | Basics of Cryptography |
3.1 | Encryption |
3.1.1 | Symmetrical Encryption |
3.1.2 | Asymmetrical Encryption |
3.1.3 | Key Management |
3.2 | Data Integrity via Hash Values |
3.2.1 | Typical Features |
3.2.2 | Known Procedures |
3.3 | Authentication |
3.3.1 | Password-based |
3.3.2 | Single Sign-On (SSO) |
3.3.3 | Biometrics |
3.3.4 | Public Key Procedure |
3.4 | Certificates |
3.4.1 | Apply for Certificates |
3.4.2 | Issue Certificates |
3.4.3 | Authentication |
3.4.4 | Certificate Revocation List |
3.4.5 | Infrastructure |
4 | Securing Communication Processes |
4.1 | IPSec—Security for IP |
4.1.1 | The IPsec Header |
4.1.2 | IKEv1 |
4.1.3 | IKEv2 |
4.2 | SSL/TLS—Application Security |
4.2.1 | The TLS Protocol Stack |
4.2.2 | TLS Versions and SSL |
4.2.3 | The Connection Setup up to TLS 1.2 |
4.2.4 | The Connection Setup under TLS 1.3 |
5 | Design of Secure Networks |
5.1 | Separating Security Zones |
5.1.1 | VLANs—Separation on Layer 2 |
5.1.2 | IP Security Zones |
5.2 | Firewalls |
5.2.1 | Static Packet Filters |
5.2.2 | Stateful Firewalls |
5.2.3 | Rule Sets |
5.2.4 | Next Generation Firewall |
5.2.5 | DMZ Concepts |
5.3 | Proxy—Representative of Client and Server |
5.4 | Intrusion Prevention System |
5.4.1 | Host-based IPS—HIPS |
5.4.2 | Network-based IPS— NIPS |
5.4.3 | Detection and Prevention Methods |
5.5 | SIEM Systems |
6 | Securing Applications |
6.1 | Securing the Services |
6.2 | DNS Communication |
6.2.1 | DNSSEC |
6.2.2 | DANE |
6.2.3 | DNS over TLS/DTLS vs. DNS over HTTPS |
6.3 | Secure e-mail Communication |
6.3.1 | Spam |
6.3.2 | Malware in e-mails |
6.3.3 | Phishing |
6.3.4 | E-Mail: Security Concepts |
6.3.5 | Anti-spoofing with SPF, DKIM, and DMARC |
6.4 | Web Security |
6.4.1 | Protective Measures |
6.4.2 | Web Application Firewall—Reverse Proxy |
6.5 | TLS Inspection |
6.5.1 | Outbound Inspection |
6.5.2 | Inbound Inspection |
7 | Network Access Control |
7.1 | RADIUS—An AAA Service |
7.1.1 | Protocol Procedures |
7.1.2 | The Packet Format |
7.1.3 | RADIUS Authentication and Authorization |
7.1.4 | RADIUS Accounting |
7.1.5 | AD Integration |
7.1.6 | LDAP Connection |
7.2 | LAN Security |
7.2.1 | IEEE 802.1X |
7.2.2 | MAC Auth or MAB |
7.2.3 | Web Auth and Guest Access |
7.2.4 | MacSec—IEEE 802.1AE |
7.3 | WLAN Security |
7.3.1 | WPA2, and IEEE 802.11i |
7.3.2 | WPA3—Improved Security |
7.4 | VPN Connections |
7.4.1 | Site-2-Site VPNs |
7.4.2 | Remote Access VPNs |
7.4.3 | Client-less TLS VPN |
8 | Protect Cloud Services |
8.1 | Cloud Computing—IT in Transition |
8.1.1 | Drivers for the Cloud |
8.1.2 | Cloud Variants—Private, Public, & Co. |
8.2 | Security in the Cloud |
8.2.1 | Public Cloud vs. Internal IT |
8.2.2 | Cloud Models and Responsibility for Security |
8.2.3 | Data Protection in the Cloud |
8.2.4 | C5 Certificate—Audits for the Cloud |
8.3 | Secure Server Virtualization |
8.3.1 | Protection Measures in Virtual Networks |
8.3.2 | Container Virtualization |
8.4 | Secure Access to the Cloud |
8.4.1 | Availability of Services in the Cloud |
8.4.2 | Protect Client to Cloud Services |
8.4.3 | SD-WAN |
8.5 | Secure Access Service Edge (SASE) |
9 | Endpoint Security |
9.1 | Client-side Attacks |
9.2 | Protective Measures |
9.2.1 | Virus and Threat Protection |
9.2.2 | Patch Management |
9.2.3 | Hard Drive Encryption |
9.2.4 | Host-based Firewalls |
9.3 | Secure Peripheral Devices |
10 | Security Awareness |
10.1 | Humans—the weakest link in the chain? |
10.1.1 | Limits of IT Security |
10.1.2 | Education and Training Required |
10.2 | Topics and Learning Objectives of Security Awareness Measures |
10.2.1 | Making Security Measures Transparent |
10.2.2 | Communicate Behavioral Measures |
10.2.3 | Making Confidentiality Plausible |
10.2.4 | Explaining the Background |
10.3 | Methods of Security Awareness Training |
10.3.1 | Integrate into Everyday Life |
10.3.2 | In-depth Measures |
A | List of Abbreviations |
-
Classroom training
- Do you prefer the classic training method? A course in one of our Training Centers, with a competent trainer and the direct exchange between all course participants? Then you should book one of our classroom training dates!
-
Hybrid training
- Hybrid training means that online participants can additionally attend a classroom course. The dynamics of a real seminar are maintained, and the online participants are able to benefit from that. Online participants of a hybrid course use a collaboration platform, such as WebEx Training Center or Saba Meeting. To do this, a PC with browser and Internet access is required, as well as a headset and ideally a Web cam. In the seminar room, we use specially developed and customized audio- and video-technologies. This makes sure that the communication between all persons involved works in a convenient and fault-free way.
-
Online training
- You wish to attend a course in online mode? We offer you online course dates for this course topic. To attend these seminars, you need to have a PC with Internet access (minimum data rate 1Mbps), a headset when working via VoIP and optionally a camera. For further information and technical recommendations, please refer to.
-
Tailor-made courses
-
You need a special course for your team? In addition to our standard offer, we will also support you in creating your customized courses, which precisely meet your individual demands. We will be glad to consult you and create an individual offer for you.
