Service Hardening NEW! (inglise keeles)

Training duration: 2 days of instructions with hands-on labs (16 hours). Duration may depend on audience

Group size: 12 participants maximum

Target audience: developers, administrators, testers, security incident handlers and anyone else who has to deal with creating or maintaining services.

The training is held by our partner Clarified Security.

Contents of the training:This course is based on the most frequently occurring configuration security issues that our team has encountered over years of penetration testing.

The main topics covered are:

Public Key Certificates – chain verification, status, transparency
Reverse proxy – IP-address and certificate info forwarding
TLS – protocol, cipher suites, forward secrecy, CCA
SSH – host keys and SSHFP, agent forwarding
DNS – DoT/DoH, DNSSEC
E-mail – DKIM, SPF, DMARC
Logging – log tampering, creating meaningful logs
For each topic, first the theory is explained, based on this, the student will attack a service in a lab environment and finally, for selected topics, the student will harden that service to withstand such attack.

Course methods
Trainer will engage participants with lectures, live attack demonstrations and practical examples followed by individual hands-on exercise scenarios. The course is interactive, practical, and besides active participation also full of attack stories that help to change the perspective and understanding of real life security threats.

Intended outcome
The goal of hardening services is to reduce the attack surface. The main outcome of the training is to help trainees understand different possible attacks that can be conducted towards services with default configuration. How to defend themselves against such threats and also the importance of logging certain data, so that resulting logs would be beneficial when solving possible security incidents.

Delivery
We can deliver on-site or remotely at group pricing anywhere in the World where decent broadband connection is available. Ask us for the group pricing or for times and locations of our public courses. Public groups are currently available directly or via partners in Estonia.

Täienduskoolituse õppekavarühm: Informatsiooni- ja kommunikatsioonitehnoloogia interdistsiplinaarne õppekavarühm

Registreerimine

Osalemine
Vabu kohti: saadaval
The Osalemine ticket is sold out. You can try another ticket or another date.

Kuupäev

27.nov. 2024 - 28.nov. 2024

Kellaaeg

09:00 - 17:00

Hind

1200€ +km

Asukoht

Clarified Security OÜ
Lõõtsa 12, 11415 Tallinn
Valdkonnad
Registreerimine

Koolitaja

  • Marko Belzetski
    Marko Belzetski
    Pentester (WebApps) and trainer

    Marko joined the team in August 2016 as a Web Application Pentester. Although his previous work experience has mainly been in finance and business support, he has also done freelance web application development. Marko holds a bachelor in business administration from Northwood University and is currently obtaining a degree in IT Systems Development from Estonian Information Technology College.

Kõik toimumised