I spoke earlier this week to the author of Learning Tree’s new course (2010) Defending The Perimeter From Cyberattacks: Hands-On, Adrian Brian. Adrian and I have been friends for many years and when he told me he had just written this new course, I wanted to share it with you right away.
This course addresses a gap in Learning Tree’s cybersecurity curriculum. It is a guide to practical protection for enterprise networks in three areas: the firewall, remote access to the network through VPNs and intrusion detection. These concepts are introduced in the course Adrian and I wrote together, but are expanded here and more intensive hands-on exercises are added.
While this course is clearly of benefit to the practitioners who actually configure firewalls, VPNs, intrusion detection systems and other perimeter protection systems, it also has a wider appeal. Adrian explained to me that those who interact with the practitioners need to understand this too. “It helps everyone involved to understand how these tools work and to actually use them,” he told me.
The course goes into detail about firewalls that the introductory security course cannot address. He talks about where to put servers (e.g. web, mail and DNS) in a firewall environment and how to support back-end web servers through the firewall.
One of the exercises participants in the pilot of the course found especially interesting was using the firewall to examine encrypted traffic. Many administrators are unaware that firewalls can be configured to examine the https traffic of users. Other interesting exercises include creating stateless filters in a router, configuring IPSec, and setting up and testing intrusion detection.
This course is also available for attendance via Learning Tree AnyWare allowing participants to attend class at home, at the office, or in selected Learning Tree Education Centers. In order to make this work the course creates a network of virtual machines on each classroom PC (AnyWare users connect to the PCs via a remote login tool). That virtual network consists of five computers: a simulated router, an external computer for attacking the protected computers, a firewall bastion host, and internal and external servers.
“The course exposes participants to real tools used in real networks,” Adrian explained. The course promises to be an action-filled week with many exciting hands-on exercises. I’m looking forward to taking this course later this year in preparation for subsequently teaching it. You can get a copy of the course outline on Learning Tree’s course 2010 page. I look forward to seeing you in the class. Oh, and whoever is teaching it that week, tell him or her you heard about it here.