Defending the Perimeter from Cyber Attacks Training

Installing a firewall

• Determining the appropriate firewall type
• Selecting and hardening the operating system
• Virtualising the firewall appliance

Configuring a firewall to support outgoing services

• Supporting simple services: HTTP, SMTP
• Filtering dangerous content and handling encrypted traffic
• Managing complex services: VoIP, audio and video

Providing external services securely

• Implementing publicly accessible servers
• Building a DMZ architecture
• Supporting SMTP mail

Allowing access to internal services

• Customising DNS for firewall architectures
• Configuring Network Address Translation (NAT)
• Developing access lists for client server applications

Deploying an IDS

• Placing Network IDS (NIDS) within your network architecture
• Operating sensors in stealth mode

Detecting intrusions in the enterprise

• Designing a multi-layer IDS hierarchy
• Managing distributed IDS

Interpreting alerts

• Verifying IDS operation
• Minimising false positives and negatives
• Validating IDS events and recognising attacks

Stopping intruders

• Exploiting IDS active responses
• Snipping a TCP session
• Controlling access with a firewall update

Building VPN tunnels

• Compulsory vs. voluntary tunnels
• Supporting remote users with layer 2 tunnels
• Connecting remote sites with layer 3 tunnels

Deploying client software

• Assessing remote access VPN alternatives
• Implementing remote user authentication
• Leveraging Layer 2 Tunnelling Protocol (L2TP)
• Protecting L2TP tunnels with IPsec Transport Mode

Applying cryptographic protection

• Ensuring confidentiality with symmetric encryption
• Exchanging symmetric keys with asymmetric encryption
• Checking message integrity with hashing
• Managing digital certificates with PKI

Comparing tunnelling and protection methods

• Employing VPN concentrators and VPN-capable routers
• Applying IPsec Tunnel Mode
• Assessing tunnelling protocols
• Evaluating VPN topologies

Reducing the impact of denial-of-service (DoS) attacks

• Mitigating bombardment attacks
• Rejecting connection-based attacks with IPSs
• Blackholing and sinkholing
• Implementing a DoS Defence System (DDS)
• Blacklisting attack sites and address ranges

Perimeter architectures

• Integrating IDS and VPNs with your firewall architecture
• Positioning externally accessible servers
• Monitoring and controlling wireless networks