# How to Secure your Network Workshop

##### <span class="mw-headline" id="bkmrk-introduction-1">Introduction</span>

Hands on how to secure your network Three day course – [Philip Paeps](https://trouble.is/bio/)

##### <span class="mw-headline" id="bkmrk-objectives-1">Objectives</span>

At the end of this course, participants will be familiar with new ways and methods to help them to secure their networks. The course is taught "hands-on" in a virtualised FreeBSD environment. Participants will configure some tasks and will learn to analyze and debug common mis-configurations and bugs

##### <span class="mw-headline" id="bkmrk-prerequisites-1">Prerequisites</span>

Participants should be familiar with Unix-style operating systems. The course is taught on FreeBSD but the environment will be familiar to people with a systems administration background on Linux or Solaris. Participants should bring their own laptops.

##### <span class="mw-headline" id="bkmrk-participants-1">Participants</span>

Systems administrators and network operators who are running Network services in their organization.

##### <span class="mw-headline" id="bkmrk-workshop-requirement-1">Workshop Requirements</span>

- Some knowledge of Linux/UNIX command line
- Good understanding of network basics (IP networking)
- All participants will need to bring a laptop with WiFi access. You cannot use a tablet for this workshop.

##### <span class="mw-headline" id="bkmrk-instructors-1">Instructors</span>

[Philip Paeps](https://trouble.is/bio/)

##### <span class="mw-headline" id="bkmrk-agenda-1">Agenda</span>

<table class="wikitable" id="bkmrk-time-day-1%3A-sunday-1"><tbody><tr><th>Time</th><th>Day 1: Sunday 14 August</th><th>Day 2: Monday 15 August</th><th>Day 3: Tuesday 16 August</th></tr><tr><td>08:30 – 09:15 (45 minutes)</td><td>Registration and coffee</td><td>Registration and coffee</td><td>Registration and coffee</td></tr><tr><td>09:15 – 11:15 (120 minutes)</td><td>• Introduction to security   
• Network layers  
• Defence in depth  
•Basic physical layer security   
</td><td>• Firewalls   
• Inclusive and exclusive policies   
• Simple ACLs  
</td><td>• Securing websites: HTTP and HTTPS  
• Configuring Apache and nginx</td></tr><tr><td>11:15 – 11:30 (15 minutes)</td><td>Coffee break</td><td>Coffee break</td><td>Coffee break</td></tr><tr><td>11:30 – 13:00 (90 minutes)</td><td>• Layer 1 and layer 2  
• Ethernet: VLANS  
• Wireless basics</td><td>• Statefull firewalls  
•pf: the BSD packet filter</td><td>• Introduction to cryptography  
• PKI, basics of letsencrypt.org</td></tr><tr><td>13:00 – 14:00 (60 minutes)</td><td>Lunch</td><td>Lunch</td><td>Lunch</td></tr><tr><td>14:00 – 15:30 (90 minutes)</td><td>• Wireless: WEP, WPA, WPA2?  
• Captive portals  
• Ethernet 802.1x</td><td>• Securing higher layers (applications)  
• E-mail: what about spam?  
• Sensible outbound filtering</td><td>• Generating letsencrypt.org certificates  
• Configuring nginx and Apache with HTTPS   
• Using SSL in other applications</td></tr><tr><td>15:30 – 15:45 (15 minutes)</td><td>Coffee break</td><td>Coffee break</td><td>Coffee break</td></tr><tr><td>15:45 – 16:30 (45 minutes)</td><td>•Introduction to firewalls (more tomorrow!)  
• Discussion and Q&amp;A</td><td>•Configuring postfix and dovecot to protect against spam (abuse)  
• Discussion and Q&amp;A</td><td>• Mitigation: what if it all goes wrong?  
• Discussion and Q&amp;A</td></tr></tbody></table>