How to Secure your Network Workshop

From SdNOG wiki
Jump to navigation Jump to search


Introduction

Hands on how to secure your network Three day course – Philip Paeps

Objectives

At the end of this course, participants will be familiar with new ways and methods to help them to secure their networks. The course is taught "hands-on" in a virtualised FreeBSD environment. Participants will configure some tasks and will learn to analyze and debug common mis-configurations and bugs

Prerequisites

Participants should be familiar with Unix-style operating systems. The course is taught on FreeBSD but the environment will be familiar to people with a systems administration background on Linux or Solaris. Participants should bring their own laptops.

Participants

Systems administrators and network operators who are running Network services in their organization.

Workshop Requirements

  • Some knowledge of Linux/UNIX command line
  • Good understanding of network basics (IP networking)
  • All participants will need to bring a laptop with WiFi access. You cannot use a tablet for this workshop.

Instructors

Philip Paeps

Agenda

Time Day 1: Sunday 14 August Day 2: Monday 15 August Day 3: Tuesday 16 August
08:30 – 09:15 (45 minutes) Registration and coffee Registration and coffee Registration and coffee
09:15 – 11:15 (120 minutes) • Introduction to security
• Network layers
• Defence in depth
•Basic physical layer security
• Firewalls
• Inclusive and exclusive policies
• Simple ACLs
• Securing websites: HTTP and HTTPS
• Configuring Apache and nginx
11:15 – 11:30 (15 minutes) Coffee break Coffee break Coffee break
11:30 – 13:00 (90 minutes) • Layer 1 and layer 2
• Ethernet: VLANS
• Wireless basics
• Statefull firewalls
•pf: the BSD packet filter
• Introduction to cryptography
• PKI, basics of letsencrypt.org
13:00 – 14:00 (60 minutes) Lunch Lunch Lunch
14:00 – 15:30 (90 minutes) • Wireless: WEP, WPA, WPA2?
• Captive portals
• Ethernet 802.1x
• Securing higher layers (applications)
• E-mail: what about spam?
• Sensible outbound filtering
• Generating letsencrypt.org certificates
• Configuring nginx and Apache with HTTPS
• Using SSL in other applications
15:30 – 15:45 (15 minutes) Coffee break Coffee break Coffee break
15:45 – 16:30 (45 minutes) •Introduction to firewalls (more tomorrow!)
• Discussion and Q&A
•Configuring postfix and dovecot to protect against spam (abuse)
• Discussion and Q&A
• Mitigation: what if it all goes wrong?
• Discussion and Q&A