- course id
- IPSEC
- duration
- 2-3 day(s)
- Aimed At
-
Technical professionals who implement, test, support, or trouble-shoot IPSec v2 and related protocols. The course will also benefit technical sales and sales support personnel needing a more in-depth understanding of IPSec v2 to support secure networks and the needs of certain government agencies.
- Prerequisites
-
To get the most out of the course, you should have a strong working knowledge of the IP protocol suite and an understanding of basic security concepts such as encryption, tunneling, and key management. These topics will be reviewed only briefly in this course.
- Course in a Nutshell
-
This is an in-depth, heavily hands-on workshop on the technical aspects of IPSec v2 with special emphasis on protocols, implementation, and operations as described in RFC 2401 and 2412. It includes four protocol analyzer labs that will help you understand the internal workings of IPSec v2. The labs cover Layer 2 Tunneling Protocol version 3 (L2TPv3), Encapsulating Security Protocol (ESP), Authentication Header (AH), and Internet Key Exchange, and Internet Security Association Key Management Protocol (IKE/ISAKMP).
- Customize It!
-
Customize this course to your group’s requirements at little-to-no added cost. We can teach distinct versions of this course tailored for audiences such as network engineers and technicians, equipment/application designers, and less technical audiences such as managers, sales/marketing specialists, and operations/support personnel. The specific topics discussed in the course, as well as the depth of treatment for each, can also be tailored to your need.
- Learn How To
-
- Course Outline
-
Course Intro
- Overview
- ClearSight Analyzer
- Logistics and Labs
- Introductions
IPSec v2 Overview
- RFC 2401 and 2412
- Security and the OSI Model
- Crypto Building Blocks
- Crypto Concepts
- Keys and Key Management
- Public/private Key Infrastructure
- Key Recovery
- Tunnels and L2TPv3
- Virtual Private Networks (VPNs)
- IPSec Architectural Model
L2TPv3 Lab: View setup of an L2TPv3 tunnel and logical multimedia connections within the tunnel. Lab covers appropriate parts of PPP, L2TPv3, PAP and CHAP protocols.LAB Debrief: Group Discussion
IP Security Overview- Encapsulating Security Payload (ESP)
- Authentication Header (AH)
- Internet Key Exchange (IKE)
IPSec Architecture
- IETF IPSec v2 Roadmap
- IPSec Implementation
- IPSec Modes
- Transport Mode
- Transport Mode with NAT Traversal
- Tunnel Mode
- Security Associations (SAs)
- IPSec Processing
- Fragmentation
- Internet Control Message Protocol (ICMP)
Encapsulating Security Payload (ESP)
- ESP Header
- ESP Modes
- ESP Procedures
LAB Debrief: Group Discussion
Authentication Header (AH)
- AH Header
- AH Modes
- AH Procedures
AH Lab: View call traces of traffic that uses the Authentication Header with and without Encapsulating Security Payload. Lab includes hacks against and countermeasures to ESP and AH security vulnerabilities.LAB Debrief: Group Discussion
The Internet Key Exchange
- ISAKMP
- Public/private Key Exchange Systems
- Diffie-Hellman and Variations
- Internet Key Exchange (IKE)
- IPSec ISAKMP Domain of Interpretation (DOI)
IKE/ISAKMP Lab: View call traces of completed and aborted tunnel establishment and key exchanges using IKE and ISAKMP.LAB Debrief: Group Discussion
Security Policy for IPSec
- Defining Policy
- Policy Representation and Distribution
- Policy Management System
- Policy Deployment
IPSec Implementation
- Implementation Architecture
- IPSec Protocol Procedures
- Fragmentation and Protocol Maximum Transmission Unit Length
- ICMP
- End-to-End Security View
Conclusion
Eogogics Offers a Week of Hands-on VoIP/SIP Workshops Starting Late January
