How to Secure your Network Workshop
Introduction
Hands on how to secure your network Three day course – Philip Paeps
Objectives
At the end of this course, participants will be familiar with new ways and methods to help them to secure their networks. The course is taught "hands-on" in a virtualised FreeBSD environment. Participants will configure some tasks and will learn to analyze and debug common mis-configurations and bugs
Prerequisites
Participants should be familiar with Unix-style operating systems. The course is taught on FreeBSD but the environment will be familiar to people with a systems administration background on Linux or Solaris. Participants should bring their own laptops.
Participants
Systems administrators and network operators who are running Network services in their organization.
Workshop Requirements
- Some knowledge of Linux/UNIX command line
- Good understanding of network basics (IP networking)
- All participants will need to bring a laptop with WiFi access. You cannot use a tablet for this workshop.
Instructors
Agenda
| Time | Day 1: Sunday 14 August | Day 2: Monday 15 August | Day 3: Tuesday 16 August |
|---|---|---|---|
| 08:30 – 09:15 (45 minutes) | Registration and coffee | Registration and coffee | Registration and coffee |
| 09:15 – 11:15 (120 minutes) | • Introduction to security • Network layers • Defence in depth •Basic physical layer security |
• Firewalls • Inclusive and exclusive policies • Simple ACLs |
• Securing websites: HTTP and HTTPS • Configuring Apache and nginx |
| 11:15 – 11:30 (15 minutes) | Coffee break | Coffee break | Coffee break |
| 11:30 – 13:00 (90 minutes) | • Layer 1 and layer 2 • Ethernet: VLANS • Wireless basics |
• Statefull firewalls •pf: the BSD packet filter |
• Introduction to cryptography • PKI, basics of letsencrypt.org |
| 13:00 – 14:00 (60 minutes) | Lunch | Lunch | Lunch |
| 14:00 – 15:30 (90 minutes) | • Wireless: WEP, WPA, WPA2? • Captive portals • Ethernet 802.1x |
• Securing higher layers (applications) • E-mail: what about spam? • Sensible outbound filtering |
• Generating letsencrypt.org certificates • Configuring nginx and Apache with HTTPS • Using SSL in other applications |
| 15:30 – 15:45 (15 minutes) | Coffee break | Coffee break | Coffee break |
| 15:45 – 16:30 (45 minutes) | •Introduction to firewalls (more tomorrow!) • Discussion and Q&A |
•Configuring postfix and dovecot to protect against spam (abuse) • Discussion and Q&A |
• Mitigation: what if it all goes wrong? • Discussion and Q&A |