Subject: LAN Security Training
Date: 14 - 15 Oct 10
Location: Melle
Type: Open
Description: LAN Security Training

LAN Security Training

Secure your network in depth

Everyone knows that it's necessary for a good network security to have an virusscanner, install a firewall, keep your systems up-to-date... But the Layer 2 & 3 are often forgotten. Learn how you can secure these layers, and improve your overall security.

Join our hands-on training about security concepts, protocols and techniques to secure your Layer 2 & 3. With this brimming 2 day training with plenty of practical tests and excercices, you become a network security expert.

  

Requisite foreknowledge:

  • Basic network knowledge: IP-address, DNS, gateway
  • Basic knowledge of Windows 2003: Active Directory
Price: € 650,00 (VAT not included)

What do you learn in this training?

  • Port authentication with 802.1x
    In a traditional wired network everybody with physical access can gain access to your internal network. When we talk about wireless network everybody is aware of the fact that you need authenticity. The same awareness should be present with wired networks. By using the 802.11x protocol you can force authentication before your machines have any connection with your internal network.
    • Different authentication possibilities, such as RADIUS, freeRADIUS, IAS, EAP...
    • Advantages and disadvantages of these variants
    • Points of interest concerning security
    • Minimum requierements
  • VLAN
    When machines need access to a traditional LAN they’re usually connected to the switch of the relevant department. However, there may rise some administrative and practical problems if the clients’ physical location is changed. (e.g. another switch). However, if you use a virtual LAN you only need to connect the client to the corresponding VLAN, regardless of its physical location.
    • Terminologies
    • Static and dynamic assignment
    • VLAN information exchange between switches
    • Trunking
    • Secure routing
    • Multihomed servers, Guest-VLAN's and integration of WLAN into VLAN
  • Network Access Control systems
    Client PC’s who don’t have antivirus installed, or that have an out-of-date antivirus, pose a threat to the network. The principle of the weakest link is present here since a weaker machine could infect others. Network access Control is a technique that ensures that machines in the network can’t make a connection as long as they do not comply with Policy's, anti-virus software, latest updates, etc.
    • Different options for execution methods
    • Extended tests, including dynamic VLAN assignment
  • DHCP-snooping
    If hackers gain access to your network, they can install their own DHCP Server. The hacker can then send IP-addresses to your employees, and steal information from their PC’s. With DHCP snooping, a trusted or untrusted state can be granted to a switch port allowing only IP-addresses from DHCP servers which are connected to a trusted port.
    • DHCP-snoopiing terminilogies
    • Techniques to intercept unknown DHCP-servers
  • Spanning Tree Protocol
    Today's networks are often build redundantly so there exists a second connection to fall back on when the first connection drops. However, the drawback is that this will create loops in the network where duplicate packets could exist. The Spanning Tree Protocol avoids this risk by putting the redundant connection in standby, and activate it again if necessary.
    • Prevent network failure caused by false connections
    • Use and best practices of the Spanning Tree Protocol
    • Network testing