Service Hardening

This training is based on the most frequently occurring configuration security issues that our team has encountered over years of penetration testing

Service Hardening

Kestus:

21 akadeemilist tundi

Toimumiskoht:

Clarified Security office

Training location: Lõõtsa 12, Tallinn (Training is held in English)

Goals: to clarify various configuration security issues and practical aspects on hardening services.

Training in a nutshell: Service Hardening is about configuring services to reduce their attack surface. By combining various low priority configuration issues, an attacker may be able to gain access and even elevate in a system without leaving much traces behind. Training focuses on practices that can be applied to almost any service – without modifying the program code.

Keep in mind that hardening reduces attack surface, it does not make a system secure!

 

Target audience: developers, administrators, testers, security incident handlers and

anyone else who has to deal with creating or maintaining services.

 

The main topics covered are:

  • Certificates - chain verification, extended key usage, status, transparency, CAA
  • TLS - protocol versions, cipher suites, forward secrecy, CCA
  • SSH - host keys and SSHFP, agent forwarding
  • E-mail - DKIM, SPF, DMARC
  • DNS - DoT/DoH, DNSSEC
  • Logging - log tampering, creating meaningful logs

For each topic, first the theory is explained, based on this, the student will attack a service in a lab environment and finally, the student will harden that service to withstand such attack.

 

The results of the training:

  • The main outcome is to help trainees understand different possible attacks that can be conducted towards services with default configuration.
  • How to defend themselves against such threats and also the importance of logging certain data, so that resulting logs would be most beneficial when solving possible security incidents.

Length: 21 academic hours

The prerequisite for issuing the certificate is full participation in training.

Each training participant must bring his own laptop with a charger and, if necessary, other work-related equipment (mouse, etc.). The laptop must have a network cable slot or the ability to connect to a Wi-Fi network and a screen resolution of at least 1920x1080. All operating systems are suitable, the main thing is to have a remote desktop client (RDP).

 

The training price includes:

  • educational materials;
  • training;
  • certificate.

As added value, we offer:

  • warm drinks with cookies;

 

You can take part in the training with the Unemployment Insurance Fund training card.

We also recommend that you get acquainted with the in-service training grants offered by the Unemployment Insurance Fund to employers: the training allowance for employers and the reimbursement of the employee's training expenses to the employer.

 

Trainer: Mait Peekma

Pentester (networks, devices/hardware), trainer

Mait is a versatile pentester with extensive pentesting and stress-testing background in the banking sector. Mait joined the team in March 2012 and came from Swedbank security team where he was mostly involved with WebApps and network pentesting.

Mait is the author and trainer of our Service Hardening course.

Mait has a M.Sc (cum laude) in IT from Tallinn University of Technology. He wrote his Masters thesis about ZigBee wireless protocol security.

See you at training!

Koolitajad

  • Mait Peekma

    Pentester (networks, devices/hardware), trainer

    Certifications: GIAC Web Application Penetration Tester (GWAPT)

    Mait is a versatile pentester with extensive pentesting and stress-testing background in the banking sector. Mait joined the team in March 2012 and came from Swedbank security team where he was mostly involved with WebApps and network pentesting.

    Mait is the author and trainer of our Service Hardening course.

    Mait has a M.Sc (cum laude) in IT from Tallinn University of Technology. He wrote his Masters thesis about ZigBee wireless protocol security.

    Mait Peekma

    Pentester (networks, devices/hardware), trainer

    Certifications: GIAC Web Application Penetration Tester (GWAPT)

    Mait is a versatile pentester with extensive pentesting and stress-testing background in the banking sector. Mait joined the team in March 2012 and came from Swedbank security team where he was mostly involved with WebApps and network pentesting.

    Mait is the author and trainer of our Service Hardening course.

    Mait has a M.Sc (cum laude) in IT from Tallinn University of Technology. He wrote his Masters thesis about ZigBee wireless protocol security.

Ajakava

Day1
Day 2

09:00 – 09:15

Gathering

The course takes place at Clarified Security office (Lõõtsa 12 Tallinn; 8th floor)
Car parking: https://www.ulemistecity.ee/en/getting-here/

09:30 – 11:00

1. Public Key Certificates

• chain verification
• wildcard 

Methods: lecture; labs

11:00 – 11:15

Coffee break

11:15 – 12:45

2. Public Key Certificates

• status
• transparency

Methods: lecture; labs

12:45 – 13:30

Lunch

13:30 – 15:00

3. HTTP

• reverse proxy

Methods: lecture; labs

15:00 – 15:15

Coffee break

15:15 – 17:00

4.TLS

• Protocol
• cipher suites
• FS
• CCA

Methods: lecture; labs

Service Hardening

Kestus:

21 akadeemilist tundi

Toimumiskoht:

Clarified Security office

Training location: Lõõtsa 12, Tallinn (Training is held in English)

Goals: to clarify various configuration security issues and practical aspects on hardening services.

Training in a nutshell: Service Hardening is about configuring services to reduce their attack surface. By combining various low priority configuration issues, an attacker may be able to gain access and even elevate in a system without leaving much traces behind. Training focuses on practices that can be applied to almost any service – without modifying the program code.

Keep in mind that hardening reduces attack surface, it does not make a system secure!

 

Target audience: developers, administrators, testers, security incident handlers and

anyone else who has to deal with creating or maintaining services.

 

The main topics covered are:

  • Certificates - chain verification, extended key usage, status, transparency, CAA
  • TLS - protocol versions, cipher suites, forward secrecy, CCA
  • SSH - host keys and SSHFP, agent forwarding
  • E-mail - DKIM, SPF, DMARC
  • DNS - DoT/DoH, DNSSEC
  • Logging - log tampering, creating meaningful logs

For each topic, first the theory is explained, based on this, the student will attack a service in a lab environment and finally, the student will harden that service to withstand such attack.

 

The results of the training:

  • The main outcome is to help trainees understand different possible attacks that can be conducted towards services with default configuration.
  • How to defend themselves against such threats and also the importance of logging certain data, so that resulting logs would be most beneficial when solving possible security incidents.

Length: 21 academic hours

The prerequisite for issuing the certificate is full participation in training.

Each training participant must bring his own laptop with a charger and, if necessary, other work-related equipment (mouse, etc.). The laptop must have a network cable slot or the ability to connect to a Wi-Fi network and a screen resolution of at least 1920x1080. All operating systems are suitable, the main thing is to have a remote desktop client (RDP).

 

The training price includes:

  • educational materials;
  • training;
  • certificate.

As added value, we offer:

  • warm drinks with cookies;

 

You can take part in the training with the Unemployment Insurance Fund training card.

We also recommend that you get acquainted with the in-service training grants offered by the Unemployment Insurance Fund to employers: the training allowance for employers and the reimbursement of the employee's training expenses to the employer.

 

Trainer: Mait Peekma

Pentester (networks, devices/hardware), trainer

Mait is a versatile pentester with extensive pentesting and stress-testing background in the banking sector. Mait joined the team in March 2012 and came from Swedbank security team where he was mostly involved with WebApps and network pentesting.

Mait is the author and trainer of our Service Hardening course.

Mait has a M.Sc (cum laude) in IT from Tallinn University of Technology. He wrote his Masters thesis about ZigBee wireless protocol security.

See you at training!

Koolitajad

  • Mait Peekma

    Pentester (networks, devices/hardware), trainer

    Certifications: GIAC Web Application Penetration Tester (GWAPT)

    Mait is a versatile pentester with extensive pentesting and stress-testing background in the banking sector. Mait joined the team in March 2012 and came from Swedbank security team where he was mostly involved with WebApps and network pentesting.

    Mait is the author and trainer of our Service Hardening course.

    Mait has a M.Sc (cum laude) in IT from Tallinn University of Technology. He wrote his Masters thesis about ZigBee wireless protocol security.

    Mait Peekma

    Pentester (networks, devices/hardware), trainer

    Certifications: GIAC Web Application Penetration Tester (GWAPT)

    Mait is a versatile pentester with extensive pentesting and stress-testing background in the banking sector. Mait joined the team in March 2012 and came from Swedbank security team where he was mostly involved with WebApps and network pentesting.

    Mait is the author and trainer of our Service Hardening course.

    Mait has a M.Sc (cum laude) in IT from Tallinn University of Technology. He wrote his Masters thesis about ZigBee wireless protocol security.

Ajakava

Day1
Day 2

09:00 – 09:15

Gathering

The course takes place at Clarified Security office (Lõõtsa 12 Tallinn; 8th floor)
Car parking: https://www.ulemistecity.ee/en/getting-here/

09:30 – 11:00

1. Public Key Certificates

• chain verification
• wildcard 

Methods: lecture; labs

11:00 – 11:15

Coffee break

11:15 – 12:45

2. Public Key Certificates

• status
• transparency

Methods: lecture; labs

12:45 – 13:30

Lunch

13:30 – 15:00

3. HTTP

• reverse proxy

Methods: lecture; labs

15:00 – 15:15

Coffee break

15:15 – 17:00

4.TLS

• Protocol
• cipher suites
• FS
• CCA

Methods: lecture; labs

Registreerimine

Hind
Osalejaid

05.-06.04.2023 Service Hardening

1000,00 €

1200,00 € km-ga

0
  • Registreeri Töötukassa kaudu

05.-06.04.2023 Service Hardening

OsalejaidHind
0

1000,00 €

1200,00 € km-ga

  • Registreeri Töötukassa kaudu

Lisainfo

Registreerudes e-poe, e-kirja või telefoni teel, saadame Teile arve ja täpsema info osalemise kohta.
Üksteist päeva enne koolitust saadame Teile e-kirjaga meenutuse osalemise infoga.

Koolitusel osalemine on nimeline, kuid saate osalejat tasuta muuta kuni koolituse alguseni.

Koolituse eest tasumine toimub arvel viidatud arveldusarvele. Arve saadetakse maksja aadressile e-postiga. Arve tuleb tasuda enne koolituse algust arvel märgitud maksetähtajaks.

IT Koolitus on Eesti Töötukassa koolituskaardi koostööpartner. Tutvuge koolituskaardi infoga SIIN.
Täpsema info saamiseks võtke meiega ühendust telefonil 618 1727 või [email protected].

Tühistamisinfo

Kui Te ei saa mingil põhjusel osaleda, palun andke sellest kindlasti teada e-posti aadressil [email protected] või telefonil 618 1727 . Kui teatate koolitusel mitteosalemisest kuni 10 tööpäeva enne algust, pakume mõnd muud samaväärset koolitust või tagastame 100% tasutud koolituse maksumusest. Mitteosalemisest vähemalt 5 tööpäeva varem teatades, tagastame 50%. Muul juhul kuulub arve tasumisele. Raha tagastame ette antud summas juhul, kui pole tehtud koolituse korraldamisega seotud kulutusi (ostetud õppematerjale jms). Koolitusele mitteilmumisel, sellest mitteteatamisel või koolituse poolelijätmisel õppetasu ei tagastata.

IT Koolitusel on õigus koolitusgrupi mitte täitumisel koolituse toimumine edasi lükata või koolitus ära jätta. Koolitusele registreerunuid teavitatakse kursuse edasi lükkumisest või ära jätmisest telefoni või e-posti teel. Koolituse ära jäämisel korraldajatest tulenevatel põhjustel makstakse õppetasu tagasi.

Asukoht ja kontaktid

Aadress

Lõõtsa 12, Tallinn (8.korrus)

IT Koolitus Vana-Lõuna 39/1, Tallinn 6181727 [email protected]

© AS Äripäev 2000-2023
  • Aadress: Vana Lõuna 39/1, 19094 Tallinn
  • Klienditugi: 667 0099 (8:15-17:00)
  • E-post: [email protected]