-
The advent of the cloud in the daily working environment does not only entail advantages, but also some risks. One of these risks refers to the topic of cloud security. No matter whether a cloud is operated on-premises or hosted, the operator of the cloud platform has to think carefully about cloud security beforehand. In this environment, conventional protection measures quickly reach their limits. Modern cloud security methods, in contrast, offer effective protection on the one hand, but also options of flexibility and scalability of the cloud, on the other hand. The course gives a holistic overview as well as a sound know-how basis on the topic of cloud security, along with a presentation of current threats and possible solution approaches by different vendors.
-
Course Contents
-
- Setup of a Cloud Data Center from a Security Viewpoint
- Network Security
- Hard- and Software Firewalls
- Security Concepts with SDN
- Virtualization Security
- Hypervisor Security
- Design Examples with Cisco, VMware, and Others
- Workplace Security
- Identity and Access Management
- Bring Your Own Device
You will receive the comprehensive documentation package of the ExperTeach Networking series – printed documentation, e-book, and personalized PDF! As online participant, you will receive the e-book and the personalized PDF.
-
Target Group
-
The course at hand addresses technicians and pre-sales staff concerned with the setup of cloud security.
-
Knowledge Prerequisites
-
Basic network and IT knowledge should be available. In addition, the participant should be able to define basic terms of the cloud and cloud infrastructure. Ideally, the participant has the knowledge taught in the course Cloud Deployment - Getting Started, Development and Migration.
-
Alternatives
-
For all those who want to deal more comprehensively with the topic of SDDC in the sense of a cloud infrastructure, there is the 5-day course Cloud Computing Platforms - Cloud Infrastructures and Cloud Security. In addition to most of the contents of the Software-Defined Data Center course, this course covers aspects of topics such as cloud computing, WAN connectivity and security.
| 1 Introduction to Cloud Security |
| 1.1 Cloud Security Basics |
| 1.2 Cloud Security - Organizational Aspects |
| 1.2.1 Data protection and compliance |
| 1.2.2 Multi-Cloud |
| 1.2.3 Responsibilities in Cloud Security |
| 1.2.4 Public cloud: What should be considered? |
| 1.2.5 Overview of compliance programs |
| 1.3 Application security in cloud environments |
| 1.3.1 OWASP Top 10 |
| 2 Private Cloud and Virtualization Security |
| 2.1 Physical access |
| 2.2 Network Security in Virtualized Environments |
| 2.3 Data Center Edge Security |
| 2.4 Data Center Core Security |
| 2.5 Security in the Aggregation Layer |
| 2.5.1 IP access lists |
| 2.5.2 Quality of Service |
| 2.6 Security in the Access Layer |
| 2.7 Virtualization |
| 2.8 Introduction to SAN Security |
| 2.9 Server security in virtualized environments |
| 2.10 Hypervisor Security |
| 2.10.1 VMware |
| 2.10.2 KVM |
| 2.10.3 Hyper-V |
| 2.10.4 Container virtualization (Docker) |
| 2.11 Example based on OpenStack |
| 2.12 Example based on VMware NSX |
| 2.12.1 NSX Distributed Firewall |
| 2.12.2 Edge Devices |
| 2.12.3 Check Point vSec |
| 3 Public Cloud: IaaS protection etc. |
| 3.1 Service Virtualization |
| 3.1.1 Local Server Load Balancing |
| 3.1.2 Virtual Firewalls - Contexts |
| 3.2 Next Generation Firewalls |
| 3.2.1 Stateful Inspection |
| 3.2.2 Content Awareness and URL Filtering |
| 3.2.3 Bot detection |
| 3.2.4 IDS and IPS |
| 3.2.5 Malware Protection |
| 3.2.6 Identity Based Firewalling |
| 3.2.7 Market and functional overview |
| 3.2.8 Palo Alto |
| 3.2.9 Fortinet |
| 3.2.10 Cisco |
| 3.3 Security and Network Function Virtualization |
| 3.3.1 Security vulnerabilities of NFV |
| 3.3.2 Protective measures |
| 3.3.3 NFV Security Management Lifecycle |
| 3.3.4 NFV Security Framework |
| 3.4 Concepts with SDN |
| 3.4.1 Realization of the VNF FG |
| 3.4.2 Advantages of the VNF FG |
| 3.5 Example based on ACI from Cisco |
| 3.5.1 Use of device packages |
| 3.5.2 Service Graphs Templates |
| 3.5.3 Virtual router (CSR1000v) |
| 3.5.4 Example of virtual edge router: Juniper vMX |
| 3.6 Example: Deploying Networks in Azure |
| 3.6.1 Subnets |
| 3.6.2 Routing |
| 3.6.3 DNS |
| 3.7 Security features |
| 3.7.1 User-defined routes (UDR) |
| 3.7.2 Network Security Groups (NSG) |
| 3.7.3 DDoS protection |
| 3.7.4 Firewall |
| 3.8 Coupling of networks |
| 3.8.1 Peerings |
| 3.8.2 Gateways (for VPN etc.) |
| 3.8.3 Hybrid vs. cloud-only |
| 4 Access permissions and management |
| 4.1 User accounts and passwords |
| 4.1.1 Access via CLI |
| 4.1.2 Default parameters |
| 4.2 Identity management |
| 4.2.1 Central user management |
| 4.2.2 Market and function overview |
| 4.2.3 What is a directory service? |
| 4.2.4 Active Directory |
| 4.3 Authentication in the network (SSO) |
| 4.3.1 Single sign-on |
| 4.3.2 Security Assertion Markup Language (SAML) |
| 4.3.3 Open Authentication 2 (OAuth2) |
| 4.4 Information about user activity |
| 4.5 Example: Microsoft Azure Active Directory |
| 4.6 Security and identity management |
| 4.7 Example: Keystone from OpenStack |
| 5 Access to the cloud |
| 5.1 Setting up cloud infrastructures |
| 5.1.1 Hybrid Cloud: Impact on all layers |
| 5.2 VPNs at a glance |
| 5.2.1 MPLS VPNs |
| 5.2.2 IP VPNs |
| 5.3 VPN gateways for cloud connectivity |
| 5.3.1 Cloud-based VPN |
| 5.4 Example: MS Express Route |
| 5.5 vCloud Air Hybrid Cloud Manager |
| 5.6 Cisco CloudCenter |
| 6 Danger from the user |
| 6.1 Security measures for clients |
| 6.1.1 Anti-virus programs |
| 6.1.2 Personal firewalls |
| 6.1.3 Patch management |
| 6.1.4 Hard disk encryption |
| 6.2 Security awareness measures |
| 6.2.1 Involving users |
| 6.2.2 Reveal reasons |
| 6.2.3 Making restrictions understandable |
| 6.3 Cisco AMP |
| 6.4 The concept of proxies |
| 6.4.1 Transparent proxies |
| 6.4.2 Reverse proxies |
| 6.4.3 Generic proxies |
| 6.4.4 Application Layer Gateways |
| 6.4.5 Mode of operation |
| 6.4.6 Limitations |
| 6.4.7 Web proxies |
| 6.4.8 Authentication at the firewall |
| 6.5 Mail relays |
| 6.6 Market and function overview |
| 6.6.1 Blue Coat Proxy Appliance |
| 6.6.2 Zscaler |
| 6.6.3 Cisco IronPort - Web Security Appliance |
| 6.7 The Mobility Story - BYOD |
| 6.7.1 Attacking mobile devices |
| 6.7.2 Mobile device management |
| 6.7.3 VDI and group policies |
| 6.8 DNS layer security |
| 6.9 SaaS integration |
| 6.9.1 Shadow IT |
| 6.9.2 Shadow IT risk assessment |
| 6.9.3 CASB and CASM |
-
Classroom training
- Do you prefer the classic training method? A course in one of our Training Centers, with a competent trainer and the direct exchange between all course participants? Then you should book one of our classroom training dates!
-
Hybrid training
- Hybrid training means that online participants can additionally attend a classroom course. The dynamics of a real seminar are maintained, and the online participants are able to benefit from that. Online participants of a hybrid course use a collaboration platform, such as WebEx Training Center or Saba Meeting. To do this, a PC with browser and Internet access is required, as well as a headset and ideally a Web cam. In the seminar room, we use specially developed and customized audio- and video-technologies. This makes sure that the communication between all persons involved works in a convenient and fault-free way.
-
Online training
- You wish to attend a course in online mode? We offer you online course dates for this course topic. To attend these seminars, you need to have a PC with Internet access (minimum data rate 1Mbps), a headset when working via VoIP and optionally a camera. For further information and technical recommendations, please refer to.
-
Tailor-made courses
-
You need a special course for your team? In addition to our standard offer, we will also support you in creating your customized courses, which precisely meet your individual demands. We will be glad to consult you and create an individual offer for you.
Request for customized courses
You can find the complete description of this course with dates and prices ready for download at as PDF.-
The advent of the cloud in the daily working environment does not only entail advantages, but also some risks. One of these risks refers to the topic of cloud security. No matter whether a cloud is operated on-premises or hosted, the operator of the cloud platform has to think carefully about cloud security beforehand. In this environment, conventional protection measures quickly reach their limits. Modern cloud security methods, in contrast, offer effective protection on the one hand, but also options of flexibility and scalability of the cloud, on the other hand. The course gives a holistic overview as well as a sound know-how basis on the topic of cloud security, along with a presentation of current threats and possible solution approaches by different vendors.
-
Course Contents
-
- Setup of a Cloud Data Center from a Security Viewpoint
- Network Security
- Hard- and Software Firewalls
- Security Concepts with SDN
- Virtualization Security
- Hypervisor Security
- Design Examples with Cisco, VMware, and Others
- Workplace Security
- Identity and Access Management
- Bring Your Own Device
You will receive the comprehensive documentation package of the ExperTeach Networking series – printed documentation, e-book, and personalized PDF! As online participant, you will receive the e-book and the personalized PDF.
-
Target Group
-
The course at hand addresses technicians and pre-sales staff concerned with the setup of cloud security.
-
Knowledge Prerequisites
-
Basic network and IT knowledge should be available. In addition, the participant should be able to define basic terms of the cloud and cloud infrastructure. Ideally, the participant has the knowledge taught in the course Cloud Deployment - Getting Started, Development and Migration.
-
Alternatives
-
For all those who want to deal more comprehensively with the topic of SDDC in the sense of a cloud infrastructure, there is the 5-day course Cloud Computing Platforms - Cloud Infrastructures and Cloud Security. In addition to most of the contents of the Software-Defined Data Center course, this course covers aspects of topics such as cloud computing, WAN connectivity and security.
| 1 Introduction to Cloud Security |
| 1.1 Cloud Security Basics |
| 1.2 Cloud Security - Organizational Aspects |
| 1.2.1 Data protection and compliance |
| 1.2.2 Multi-Cloud |
| 1.2.3 Responsibilities in Cloud Security |
| 1.2.4 Public cloud: What should be considered? |
| 1.2.5 Overview of compliance programs |
| 1.3 Application security in cloud environments |
| 1.3.1 OWASP Top 10 |
| 2 Private Cloud and Virtualization Security |
| 2.1 Physical access |
| 2.2 Network Security in Virtualized Environments |
| 2.3 Data Center Edge Security |
| 2.4 Data Center Core Security |
| 2.5 Security in the Aggregation Layer |
| 2.5.1 IP access lists |
| 2.5.2 Quality of Service |
| 2.6 Security in the Access Layer |
| 2.7 Virtualization |
| 2.8 Introduction to SAN Security |
| 2.9 Server security in virtualized environments |
| 2.10 Hypervisor Security |
| 2.10.1 VMware |
| 2.10.2 KVM |
| 2.10.3 Hyper-V |
| 2.10.4 Container virtualization (Docker) |
| 2.11 Example based on OpenStack |
| 2.12 Example based on VMware NSX |
| 2.12.1 NSX Distributed Firewall |
| 2.12.2 Edge Devices |
| 2.12.3 Check Point vSec |
| 3 Public Cloud: IaaS protection etc. |
| 3.1 Service Virtualization |
| 3.1.1 Local Server Load Balancing |
| 3.1.2 Virtual Firewalls - Contexts |
| 3.2 Next Generation Firewalls |
| 3.2.1 Stateful Inspection |
| 3.2.2 Content Awareness and URL Filtering |
| 3.2.3 Bot detection |
| 3.2.4 IDS and IPS |
| 3.2.5 Malware Protection |
| 3.2.6 Identity Based Firewalling |
| 3.2.7 Market and functional overview |
| 3.2.8 Palo Alto |
| 3.2.9 Fortinet |
| 3.2.10 Cisco |
| 3.3 Security and Network Function Virtualization |
| 3.3.1 Security vulnerabilities of NFV |
| 3.3.2 Protective measures |
| 3.3.3 NFV Security Management Lifecycle |
| 3.3.4 NFV Security Framework |
| 3.4 Concepts with SDN |
| 3.4.1 Realization of the VNF FG |
| 3.4.2 Advantages of the VNF FG |
| 3.5 Example based on ACI from Cisco |
| 3.5.1 Use of device packages |
| 3.5.2 Service Graphs Templates |
| 3.5.3 Virtual router (CSR1000v) |
| 3.5.4 Example of virtual edge router: Juniper vMX |
| 3.6 Example: Deploying Networks in Azure |
| 3.6.1 Subnets |
| 3.6.2 Routing |
| 3.6.3 DNS |
| 3.7 Security features |
| 3.7.1 User-defined routes (UDR) |
| 3.7.2 Network Security Groups (NSG) |
| 3.7.3 DDoS protection |
| 3.7.4 Firewall |
| 3.8 Coupling of networks |
| 3.8.1 Peerings |
| 3.8.2 Gateways (for VPN etc.) |
| 3.8.3 Hybrid vs. cloud-only |
| 4 Access permissions and management |
| 4.1 User accounts and passwords |
| 4.1.1 Access via CLI |
| 4.1.2 Default parameters |
| 4.2 Identity management |
| 4.2.1 Central user management |
| 4.2.2 Market and function overview |
| 4.2.3 What is a directory service? |
| 4.2.4 Active Directory |
| 4.3 Authentication in the network (SSO) |
| 4.3.1 Single sign-on |
| 4.3.2 Security Assertion Markup Language (SAML) |
| 4.3.3 Open Authentication 2 (OAuth2) |
| 4.4 Information about user activity |
| 4.5 Example: Microsoft Azure Active Directory |
| 4.6 Security and identity management |
| 4.7 Example: Keystone from OpenStack |
| 5 Access to the cloud |
| 5.1 Setting up cloud infrastructures |
| 5.1.1 Hybrid Cloud: Impact on all layers |
| 5.2 VPNs at a glance |
| 5.2.1 MPLS VPNs |
| 5.2.2 IP VPNs |
| 5.3 VPN gateways for cloud connectivity |
| 5.3.1 Cloud-based VPN |
| 5.4 Example: MS Express Route |
| 5.5 vCloud Air Hybrid Cloud Manager |
| 5.6 Cisco CloudCenter |
| 6 Danger from the user |
| 6.1 Security measures for clients |
| 6.1.1 Anti-virus programs |
| 6.1.2 Personal firewalls |
| 6.1.3 Patch management |
| 6.1.4 Hard disk encryption |
| 6.2 Security awareness measures |
| 6.2.1 Involving users |
| 6.2.2 Reveal reasons |
| 6.2.3 Making restrictions understandable |
| 6.3 Cisco AMP |
| 6.4 The concept of proxies |
| 6.4.1 Transparent proxies |
| 6.4.2 Reverse proxies |
| 6.4.3 Generic proxies |
| 6.4.4 Application Layer Gateways |
| 6.4.5 Mode of operation |
| 6.4.6 Limitations |
| 6.4.7 Web proxies |
| 6.4.8 Authentication at the firewall |
| 6.5 Mail relays |
| 6.6 Market and function overview |
| 6.6.1 Blue Coat Proxy Appliance |
| 6.6.2 Zscaler |
| 6.6.3 Cisco IronPort - Web Security Appliance |
| 6.7 The Mobility Story - BYOD |
| 6.7.1 Attacking mobile devices |
| 6.7.2 Mobile device management |
| 6.7.3 VDI and group policies |
| 6.8 DNS layer security |
| 6.9 SaaS integration |
| 6.9.1 Shadow IT |
| 6.9.2 Shadow IT risk assessment |
| 6.9.3 CASB and CASM |
-
Classroom training
- Do you prefer the classic training method? A course in one of our Training Centers, with a competent trainer and the direct exchange between all course participants? Then you should book one of our classroom training dates!
-
Hybrid training
- Hybrid training means that online participants can additionally attend a classroom course. The dynamics of a real seminar are maintained, and the online participants are able to benefit from that. Online participants of a hybrid course use a collaboration platform, such as WebEx Training Center or Saba Meeting. To do this, a PC with browser and Internet access is required, as well as a headset and ideally a Web cam. In the seminar room, we use specially developed and customized audio- and video-technologies. This makes sure that the communication between all persons involved works in a convenient and fault-free way.
-
Online training
- You wish to attend a course in online mode? We offer you online course dates for this course topic. To attend these seminars, you need to have a PC with Internet access (minimum data rate 1Mbps), a headset when working via VoIP and optionally a camera. For further information and technical recommendations, please refer to.
-
Tailor-made courses
-
You need a special course for your team? In addition to our standard offer, we will also support you in creating your customized courses, which precisely meet your individual demands. We will be glad to consult you and create an individual offer for you.
Request for customized courses
You can find the complete description of this course with dates and prices ready for download at as PDF.
Guaranteed date
Hybrid Training
Trainer language German