Service Hardening
This training is based on the most frequently occurring configuration security issues that our team has encountered over years of penetration testing
Kestus:
21 akadeemilist tundi
Toimumiskoht:
Clarified Security office
Training location: Lõõtsa 12, Tallinn (Training is held in English)
Goals: to clarify various configuration security issues and practical aspects on hardening services.
Training in a nutshell: Service Hardening is about configuring services to reduce their attack surface. By combining various low priority configuration issues, an attacker may be able to gain access and even elevate in a system without leaving much traces behind. Training focuses on practices that can be applied to almost any service – without modifying the program code.
Keep in mind that hardening reduces attack surface, it does not make a system secure!
Target audience: developers, administrators, testers, security incident handlers and
anyone else who has to deal with creating or maintaining services.
The main topics covered are:
- Certificates - chain verification, extended key usage, status, transparency, CAA
- TLS - protocol versions, cipher suites, forward secrecy, CCA
- SSH - host keys and SSHFP, agent forwarding
- E-mail - DKIM, SPF, DMARC
- DNS - DoT/DoH, DNSSEC
- Logging - log tampering, creating meaningful logs
For each topic, first the theory is explained, based on this, the student will attack a service in a lab environment and finally, the student will harden that service to withstand such attack.
The results of the training:
- The main outcome is to help trainees understand different possible attacks that can be conducted towards services with default configuration.
- How to defend themselves against such threats and also the importance of logging certain data, so that resulting logs would be most beneficial when solving possible security incidents.
Length: 21 academic hours
Täienduskoolituse õppekavarühm: 0688 Informatsiooni- ja kommunikatsioonitehnoloogia interdistsiplinaarne õppekavarühm
The prerequisite for issuing the certificate is full participation in training.
Each training participant must bring his own laptop with a charger and, if necessary, other work-related equipment (mouse, etc.). The laptop must have a network cable slot or the ability to connect to a Wi-Fi network and a screen resolution of at least 1920x1080. All operating systems are suitable, the main thing is to have a remote desktop client (RDP).
The training price includes:
- educational materials;
- training;
- certificate.
As added value, we offer:
- warm drinks with cookies;
You can take part in the training with the Unemployment Insurance Fund training card.
We also recommend that you get acquainted with the in-service training grants offered by the Unemployment Insurance Fund to employers: the training allowance for employers and the reimbursement of the employee's training expenses to the employer.
Trainer: Mait Peekma
Pentester (networks, devices/hardware), trainer
Mait is a versatile pentester with extensive pentesting and stress-testing background in the banking sector. Mait joined the team in March 2012 and came from Swedbank security team where he was mostly involved with WebApps and network pentesting.
Mait is the author and trainer of our Service Hardening course.
Mait has a M.Sc (cum laude) in IT from Tallinn University of Technology. He wrote his Masters thesis about ZigBee wireless protocol security.
Koolitajad
Mait Peekma
Pentester (networks, devices/hardware), trainer
Certifications: GIAC Web Application Penetration Tester (GWAPT)
Mait is a versatile pentester with extensive pentesting and stress-testing background in the banking sector. Mait joined the team in March 2012 and came from Swedbank security team where he was mostly involved with WebApps and network pentesting.
Mait is the author and trainer of our Service Hardening course.
Mait has a M.Sc (cum laude) in IT from Tallinn University of Technology. He wrote his Masters thesis about ZigBee wireless protocol security.
Mait Peekma
Pentester (networks, devices/hardware), trainer
Certifications: GIAC Web Application Penetration Tester (GWAPT)
Mait is a versatile pentester with extensive pentesting and stress-testing background in the banking sector. Mait joined the team in March 2012 and came from Swedbank security team where he was mostly involved with WebApps and network pentesting.
Mait is the author and trainer of our Service Hardening course.
Mait has a M.Sc (cum laude) in IT from Tallinn University of Technology. He wrote his Masters thesis about ZigBee wireless protocol security.
Ajakava
Kestus:
21 akadeemilist tundi
Toimumiskoht:
Clarified Security office
Training location: Lõõtsa 12, Tallinn (Training is held in English)
Goals: to clarify various configuration security issues and practical aspects on hardening services.
Training in a nutshell: Service Hardening is about configuring services to reduce their attack surface. By combining various low priority configuration issues, an attacker may be able to gain access and even elevate in a system without leaving much traces behind. Training focuses on practices that can be applied to almost any service – without modifying the program code.
Keep in mind that hardening reduces attack surface, it does not make a system secure!
Target audience: developers, administrators, testers, security incident handlers and
anyone else who has to deal with creating or maintaining services.
The main topics covered are:
- Certificates - chain verification, extended key usage, status, transparency, CAA
- TLS - protocol versions, cipher suites, forward secrecy, CCA
- SSH - host keys and SSHFP, agent forwarding
- E-mail - DKIM, SPF, DMARC
- DNS - DoT/DoH, DNSSEC
- Logging - log tampering, creating meaningful logs
For each topic, first the theory is explained, based on this, the student will attack a service in a lab environment and finally, the student will harden that service to withstand such attack.
The results of the training:
- The main outcome is to help trainees understand different possible attacks that can be conducted towards services with default configuration.
- How to defend themselves against such threats and also the importance of logging certain data, so that resulting logs would be most beneficial when solving possible security incidents.
Length: 21 academic hours
Täienduskoolituse õppekavarühm: 0688 Informatsiooni- ja kommunikatsioonitehnoloogia interdistsiplinaarne õppekavarühm
The prerequisite for issuing the certificate is full participation in training.
Each training participant must bring his own laptop with a charger and, if necessary, other work-related equipment (mouse, etc.). The laptop must have a network cable slot or the ability to connect to a Wi-Fi network and a screen resolution of at least 1920x1080. All operating systems are suitable, the main thing is to have a remote desktop client (RDP).
The training price includes:
- educational materials;
- training;
- certificate.
As added value, we offer:
- warm drinks with cookies;
You can take part in the training with the Unemployment Insurance Fund training card.
We also recommend that you get acquainted with the in-service training grants offered by the Unemployment Insurance Fund to employers: the training allowance for employers and the reimbursement of the employee's training expenses to the employer.
Trainer: Mait Peekma
Pentester (networks, devices/hardware), trainer
Mait is a versatile pentester with extensive pentesting and stress-testing background in the banking sector. Mait joined the team in March 2012 and came from Swedbank security team where he was mostly involved with WebApps and network pentesting.
Mait is the author and trainer of our Service Hardening course.
Mait has a M.Sc (cum laude) in IT from Tallinn University of Technology. He wrote his Masters thesis about ZigBee wireless protocol security.
Koolitajad
Mait Peekma
Pentester (networks, devices/hardware), trainer
Certifications: GIAC Web Application Penetration Tester (GWAPT)
Mait is a versatile pentester with extensive pentesting and stress-testing background in the banking sector. Mait joined the team in March 2012 and came from Swedbank security team where he was mostly involved with WebApps and network pentesting.
Mait is the author and trainer of our Service Hardening course.
Mait has a M.Sc (cum laude) in IT from Tallinn University of Technology. He wrote his Masters thesis about ZigBee wireless protocol security.
Mait Peekma
Pentester (networks, devices/hardware), trainer
Certifications: GIAC Web Application Penetration Tester (GWAPT)
Mait is a versatile pentester with extensive pentesting and stress-testing background in the banking sector. Mait joined the team in March 2012 and came from Swedbank security team where he was mostly involved with WebApps and network pentesting.
Mait is the author and trainer of our Service Hardening course.
Mait has a M.Sc (cum laude) in IT from Tallinn University of Technology. He wrote his Masters thesis about ZigBee wireless protocol security.
Ajakava
Lisainfo
Registreerudes e-poe, e-kirja või telefoni teel, saadame Teile arve ja täpsema info osalemise kohta.
Üksteist päeva enne koolitust saadame Teile e-kirjaga meenutuse osalemise infoga.
Koolitusel osalemine on nimeline, kuid saate osalejat tasuta muuta kuni koolituse alguseni.
Koolituse eest tasumine toimub arvel viidatud arveldusarvele. Arve saadetakse maksja aadressile e-postiga. Arve tuleb tasuda enne koolituse algust arvel märgitud maksetähtajaks.
IT Koolitus on Eesti Töötukassa koolituskaardi koostööpartner. Tutvuge koolituskaardi infoga SIIN.
Täpsema info saamiseks võtke meiega ühendust telefonil 618 1727 või [email protected].
Tühistamisinfo
Kui te ei saa mingil põhjusel koolitusel osaleda, palun andke sellest teada e-posti aadressil [email protected]. Kui teatate mitteosalemisest vähemalt 10 tööpäeva ette, lepime Teiega kokku uue aja või tagastame 100% koolituse maksumusest. Tagastame koolituse osalustasu täismahus juhul, kui pole tehtud koolituse korraldamisega seotud kulutusi (ostetud õppematerjale jms).
Kui teatate mitteosalemisest 5-9 tööpäeva enne koolitust, kuulub tasumisele 50% arvest.
Hilisemal teavitamisel, koolitusele mitteilmumisel, sellest mitteteatamisel või koolituse poolelijätmisel õppetasu ei tagastata.
Asukoht ja kontaktid
Aadress
Lõõtsa 12, Tallinn (8.korrus)IT Koolitus | Vana-Lõuna 39/1, Tallinn | 6181727 | [email protected]