LAN Security Training

Requisite foreknowledge:

• Basic network knowledge: IP-address, DNS, gateway
• Basic knowledge of Windows 2003: Active Directory

Price (VAT not included):

• One day: € 375,00
• Two days: € 650,00
• Complete course: € 950,00

What do you learn in this training?

• Port authentication with 802.1x
  In a traditional wired network everybody with physical access can gain access to your internal network. When we talk about wireless network everybody is aware of the fact that you need authenticity. The same awareness should be present with wired networks. By using the 802.11x protocol you can force authentication before your machines have any connection with your internal network.
  • Different authentication possibilities, such as RADIUS, freeRADIUS, IAS, EAP...
  • Advantages and disadvantages of these variants
  • Points of interest concerning security
  • Minimum requierements
• VLAN
  When machines need access to a traditional LAN they’re usually connected to the switch of the relevant department. However, there may rise some administrative and practical problems if the clients’ physical location is changed. (e.g. another switch). However, if you use a virtual LAN you only need to connect the client to the corresponding VLAN, regardless of its physical location.
  • Terminologies
  • Static and dynamic assignment
  • VLAN information exchange between switches
  • Trunking
  • Secure routing
  • Multihomed servers, Guest-VLAN's and integration of WLAN into VLAN
• Web-based authentication
  With web-based authentication you grant visitors access to the network by capturing the web traffic and redirecting the users to a login page. When they are succesfully identified, they will get access to the (V)LAN. The big difference with 802.1x port authentication, is that the user doesn't need to make any adaptations to his laptop settings.
• Network Access Control systems
  Client PC’s who don’t have antivirus installed, or that have an out-of-date antivirus, pose a threat to the network. The principle of the weakest link is present here since a weaker machine could infect others. Network access Control is a technique that ensures that machines in the network can’t make a connection as long as they do not comply with Policy's, anti-virus software, latest updates, etc.
  • Different options for execution methods
  • Extended tests, including dynamic VLAN assignment
• DHCP-snooping
  If hackers gain access to your network, they can install their own DHCP Server. The hacker can then send IP-addresses to your employees, and steal information from their PC’s. With DHCP snooping, a trusted or untrusted state can be granted to a switch port allowing only IP-addresses from DHCP servers which are connected to a trusted port.
  • DHCP-snooping terminilogies
  • Techniques to intercept unknown DHCP-servers
• Spanning Tree Protocol
  Today's networks are often build redundantly so there exists a second connection to fall back on when the first connection drops. However, the drawback is that this will create loops in the network where duplicate packets could exist. The Spanning Tree Protocol avoids this risk by putting the redundant connection in standby, and activate it again if necessary.
  • Prevent network failure caused by false connections
  • Use and best practices of the Spanning Tree Protocol
  • Network Testing
• Link Aggregation
  You can combine multiple ports to achieve more redundancy and higher performance. This technology, also known as Link Trunking, allows you to do this.
• Prevention of double IP-addresses
  When an unknown client (e.g. laptop of a sales representative, iPhone...) accesses the network and has the same IP-address as your domain controller or your mail server, these last become inaccessible. Through a group policy you can implement simple settings so that they remain accessible, unregarding the double IP-addresses.