Course Overview

Gain the knowledge and skills needed to manage and mitigate cybersecurity incidents effectively.

This course is designed to equip cybersecurity professionals with the essential knowledge and skills required to effectively manage and mitigate cybersecurity incidents. Learn various components and phases of incident response frameworks, explore state-of-the-art tools and techniques, and engage in practical exercises to hone their incident response capabilities.

By the end of this course, students will gain hands-on experience with industry-leading tools and techniques used in malware analysis, incident response, and threat hunting, and be equipped with the tools, techniques, and methodologies required to protect your organization from evolving cyber threats and ensure a resilient cybersecurity posture.

Our Cybersecurity Specialization courses follow the 9 pillars of Cybersecurity, providing key skills necessary to be successful as a cybersecurity professional.

Course Objectives

  • Identify key components and phases of advanced incident response frameworks.
  • List the tools and techniques used in malware analysis, incident response, and threat hunting.
  • Explain the importance and function of each phase in an incident response framework.
  • Describe the process and methodologies behind static and dynamic malware analysis.
  • Demonstrate the use of advanced tools like SIEM, EDR, and forensic analysis software in handling cybersecurity incidents.
  • Perform threat hunting exercises using industry-standard tools and techniques.
  • Analyze complex incident scenarios to determine the root cause and impact.
  • Compare different incident response frameworks and their application in various organizational contexts.
  • Evaluate the effectiveness of incident response strategies and frameworks using predefined metrics.
  • Assess emerging threats and trends to determine their potential impact on cybersecurity defenses.
  • Design a customized incident response framework tailored to specific organizational needs.
  • Develop comprehensive incident reports and documentation based on real-world incident simulations.

Course Content

Incident Response Frameworks and Advanced Techniques

  • Advanced Incident Response Frameworks
  • Progressive Cyber Incident Analysis Approaches
  • Leading-Edge Malware Analysis Practices  
  • Threat Hunting and Proactive Defense  
  • Hands-on Practice:
    • Advanced malware analysis exercise  
    •   Threat hunting exercise
  • Case studies: Discuss complex incident response scenarios and lessons learned  

Incident Handling Tools and Emerging Trends

  • Advanced Incident Handling Tools
  • Emerging Threats and Trends
  • Incident Response Automation and Orchestration
  • Incident Response Metrics and Reporting
  • Hands-on Practice:
    • Incident response automation exercise
    • Incident reporting exercise

Course Overview

Learn how to integrate security within DevOps

DevSecOps is designed to empower you with the knowledge and skills necessary to seamlessly integrate security into your DevOps pipeline. You will gain a deep understanding of DevSecOps principles and practices, ensuring that security is an integral part of your software development lifecycle (SDLC). By mastering continuous security testing methods and tools, you will be equipped to identify and address vulnerabilities early, enhancing the overall security posture of your applications.

Learn the knowledge and tools to ensure continuous security and compliance, safeguarding your software solutions from potential threats.

Our Cybersecurity Specialization courses follow the 9 pillars of Cybersecurity, providing key skills necessary to be successful as a cybersecurity professional.

Course Objectives

  • Understand DevSecOps principles and practices to integrate security within the DevOps pipeline
  • Master secure software development lifecycle (SDLC) techniques
  • Get familiar with continuous security testing methods and tools to identify vulnerabilities early
  • Enhance secure coding practices by understanding common vulnerabilities and how to mitigate them.
  • Advanced threat modeling and risk assessment strategies
  • Implement best practices for container security using container orchestration tools.
  • Leverage Infrastructure as Code (IaC) security to secure infrastructure from the ground up
  • Master identity and access management (IAM) principles to manage user identities and permissions securely
  • Get hands-on experience with application security testing (AST) tools to uncover and remediate security flaws.
  • Utilize security information and event management (SIEM) tools for real-time analysis of security alerts
  • Develop strategies for effective incident response and digital forensics
  • Understand compliance and regulatory requirements
  • Enhancements to secure DevOps toolchains
  • Integrate cloud-specific security services provided by major cloud providers to protect cloud-based applications and infrastructure.
  • Interact with network security tools to safeguard network communications.
  • Design professional scripts to automate security tasks and improve efficiency
  • Query databases securely, ensuring data integrity and protection against database-related vulnerabilities.
  • Process and protect sensitive data using security measures to ensure compliance with data protection laws and best practices.

Course Content

Overview of DevSecOps

  • DevSecOps principles
  • The DevOps lifecycle and security integration
  • Key challenges in implementing DevSecOps

Security by Design

  • Secure software development lifecycle (SSDLC)
  • Threat modeling and risk assessment
  • Best practices for secure coding
  • Resources: OWASP Top Ten, NIST Cybersecurity Framework

Infrastructure as Code (IaC) Security

  • Introduction to IaC and its benefits
  • Security considerations for IaC
  • Tools to Address : Terraform, Azure Resource Manager (ARM)
  • Resources To be used: Terraform: HashiCorp Terraform, Azure ARM: Azure Documentation

Continuous Integration and Continuous Security

  • Secure CI/CD pipeline design,
    • Implementing Zero Trust in CI/CD Pipelines
    • Incident Response and Recovery in CI/CD Pipelines”
  • Integrating security tools into CI/CD pipelines
    • Implementing Security Gates in CI/CD Pipelines”
  • Tools to Cover: Jenkins, GitHub Actions, Azure DevOps
  • Resources to use: Jenkins: Jenkins Documentation, GitHub Actions: GitHub Actions

Application Security Testing

  • Static Application Security Testing (SAST)
  • Dynamic Application Security Testing (DAST)
  • Tools: SonarQube, OWASP ZAP, Other SAST Tools (Checkmarx, Veracode), Other DAST Tools (Burp Suite, Acunetix)
  • Resources: SonarQube: SonarQube Documentation, OWASP ZAP: OWASP ZAP Documentation

Container Security

  • Securing Docker images and containers
  • Best practices for container security
  • Tools: Docker, Aqua Security. Kubernetes Security
  • Resources: Docker: Docker Documentation, Trivy: Aqua Trivy Documentation

Monitoring and Logging

  • Importance of monitoring and logging in security
  • Tools for monitoring and logging: ELK Stack, Prometheus, Grafana, SIEM (Security Information and Event Management), Grafana for Visualizing Security Metrics
  • Resources: ELK Stack: Elastic Documentation, Prometheus: Prometheus

Incident Response and Forensics

  • Incident response planning and execution
  • Forensic analysis and post-incident review
  • Tools: Splunk, Wireshark, SOAR (Security Orchestration, Automation, and Response), Volatility
  • Resources: Splunk: Splunk Documentation, Wireshark: Wireshark Documentation

Compliance and Governance

  • Understanding security compliance requirements
  • Implementing security policies and governance
  • Standards: GDPR, HIPAA, PCI-DSS, CCPA (California Consumer Privacy Act)
  • Resources: GDPR: EU GDPR Information, HIPAA: HIPAA Journal, PCI-DSS: PCI Security Standards Council

Data Security and Privacy

  • Protecting sensitive data
  • Encryption techniques and key management
  • Tools: Vault by HashiCorp, Azure Key Vault, Google Cloud Key Management Service (KMS), AWS Key Management Service (KMS),
  • Resources: Vault: HashiCorp Vault Documentation, Azure Key Vault: Azure

Capstone Project

Course Overview

This is a deep dive course on infrastructure attacks and its security. In this workshop you will identify the areas of vulnerability and gain knowledge about the most sophisticated attacks on the systems and identity solutions in order to steal personal information. We will also learn how modern malware works and what are the ways to discover its operations. After we are familiar with the sensitivities of the infrastructure, we will learn how to identify if the machine is under attack or if the whole system has been compromised. At the end we will look at different strategies and techniques on implementing endpoint security, including various approaches of securing the communication channel.

Course Objectives

After you complete this course you will be able to:

  • Analyze emerging trends in attacks
  • Identify areas of vulnerability within your organization
  • Prepare a risk assessment for your organization
  • Report and recommend countermeasures
  • Develop a threat management plan for your organization

Course Content

Module 1: Identifying Areas of Vulnerability

This part introduces the new cybersecurity challenges and trends, emphasizing on data security and integration through and into the cloud and the challenges of the coordination of the cloud and on-premise security solutions. Security is a business enabler, and it is only when it is viewed from a business perspective that we can truly make the right decisions. You will learn how to define values of your company which needs to be protected or restricted. You will know how to find obvious and not so obvious sensitive information which can be monetized by adversaries. Having that scope defined and knowing your resources you will know where the biggest gaps in your security posture are.

  • Defining the assets which your company needs to protect
  • Defining the other sensitive information that needs to be protected

Module 2: Modern Attack Techniques

In this world where most of the things happen online, hacking provides wider opportunities for the hackers to gain unauthorized access to the unclassified information like credit card details, email account details, and other personal information. So, it is also important to know some of the hacking techniques that are commonly used to get your personal information in an unauthorized way. In this module you will become familiar with the modern hacking techniques.

  • OS platform threats and attacks
  • Web based threats and attacks
  • E-mail threats and attacks
  • Physical access threats and attacks
  • Social threats and attacks
  • Wireless threats and attacks

Module 3: Identity Attacks

There are many methods widely in use today to steal personal information. These attacks on confidential data can be extremely high-tech, involving the latest technologies and most recent security exploits. Many of the attack methods, however, are very low-tech, involving little or no technology at all. By taking a detailed look at the various types of attacks, you will become familiar with the techniques used by cybercriminals. 

  • Performing the identity attacks
  • Cached logons (credentials)
  • Data Protection API (DPAPI) for user’s secrets protection 
  • Credential Guard in details
  • Performing the LSA Secrets dump and implementing prevention
  • Active Directory and Azure AD security
  • Authentication Mechanism Assurance
  • Using virtual smart cards
  • Multi-factor Authentication

Module 4: Malicious Software Techniques

The hacker can run a malicious program which the user believes to be authentic. This way, after installing the malicious program, the hacker gets unprivileged access. Techniques are becoming more sophisticated than ever. In this module you will learn how modern malware works and what are the ways to discover its operations.

  • Types of the attacks
  • Points of entry 3
  • Persistence methods
  • Hiding traces
  • Case study: ransomware examples

Module 5: Discovery and Analysis of the Modern Attacks

Most computer vulnerabilities can be exploited in a variety of ways. Hacker attacks may use a single specific exploit, several exploits at the same time, a misconfiguration in one of the system components or even a backdoor from an earlier attack. Due to this, detecting hacker attacks is not an easy task. This module gives a few basic guidelines to help you figure out either if your machine is under attack or if the security of your system has been compromised.

  • Defining Critical Security Controls
  • Incident response checklist 
  • Suspicious Activities Time Line 
  • Filtering Suspicious Activities Network traffic inspection
  • Malware analysis tools
  • Host, Port and Service Discovery
  • Vulnerability Scanning
  • Monitoring Patching, Applications, Service Logs
  • Detecting the most common attacks: a. DNS Reconnaissance b. Directory Service Enumeration c. Enumerating high privileges accounts d. SMB Session Enumeration e. Enumerate Credentials stored in memory f. Overpass – the – hash g. Harvesting Credentials h. Pass – The – Ticket i. Remote Code Execution j. Compromise KRBTGT Account k. Golden Ticket
  • Using Sysmon in the advanced monitoring configuration
  • Log Collection
  • Scripting and Automation 
  • PowerShell for extraction and information gathering
  • Industry Best Practices

Module 6: Designing and Implementing Endpoint Security

In Enterprise level organizations IT landscape is divided into smaller parts based on their primary function or localization in IT environment. Sometimes you cannot implement security controls globally and you will need a deep understanding of current security posture of each element to wisely put additional layers of security. Having full environment divided into functional parts is also a better approach from financial point of view. Getting internal sponsor acceptance is easier if the benefit is delivered quicker.

  • Strategy for protecting Internet facing systems
  • Strategy for protecting internal systems
  • Strategy for protecting users’ workstation
  • Strategy for protecting (against) BYOD devices
  • Implementing automation and access control (Just Enough Administration, Desired State Configuration)
  • Application whitelisting (AppLocker, Device Guard etc.)
  • Configuring firewalls
  • Privileged accounts
  • Securing authentication
  • Storage and full disk encryption
  • Control Folder Access
  • Application Guard

Module 7: Securing the Communication Channel Approach

In some organizations there is no strict architecture design defined. Especially in modern approach where most of the services are Cloud-based. This module will focus on systems communication channel rather than systems placement or role in the organization. This method is best for smaller companies as well as organizations which are in the transition phase or are changing significantly its structure.

  • Implementing tunneling
  • Designing secure access
  • Sniffing the network techniques
  • The meaning of partitioning the network
  • Ensuring confidentiality with encryption
  • Searching for rogue servers
  • Securing networking services
  • Limiting the impact of common attacks


Course Overview

The NGINX workshop is a 2-day course that provides the foundation you need to administer, configure, and manage NGINX using best practices, with an extra emphasis on Load Balancing and Caching.  

The course encompasses the NGINX Core, Caching and Load Balancing training modules. 

Whether you are new to NGINX, starting your first NGINX project, or refining your DevOps skills, the 2-day NGINX workshop will give you a solid foundation. 

Through lecture, and hands-on activities, you will implement NGINX as a web server, load balancer, and as a reverse proxy. You’ll secure your site with SSL/TLS and you’ll learn how to monitor and troubleshoot your site with live activity monitoring, custom logging, and dynamic server configuration using the NGINX API. As you do, you’ll build a solid foundation for starting your own deployment of NGINX. 

Following this, students will explore different configurations to set up and fine tune cache performance, as well as discussions on caching techniques including cache locking, cache slicing, microcaching and the scenarios where they can be applied. This is followed by discussing various load balancing configurations and monitoring, as well as NGINX’s HA and synchronization configuration. 

The workshop combines lecture, instructor demos, and hands-on activities to expose participants to NGINX. Participants will be given a personal training environment for class activities in which they can implement the use case in question. 

Course Objectives

• Understand the use cases for NGINX

• Learn the NGINX configuration context logic

• Serve static content

• Proxy connections to upstream servers

• Monitor systems using the NGINX dashboard

• Configure and customize NGINX logging

• Use NGINX variables

• Use rewrites, routing, and maps

• Configure HTTP load balancing

• Configure and optimize NGINX Caching

• Configure servers through the NGINX API

• Configure HTTPS and site security

• Understand and configure NGINX HA Clustering 

Course Overview

Learn how to deploy and operate F5 SSL Orchestrator to maximize infrastructure investments, efficiencies, and security with dynamic, policy-based encryption, decryption, and traffic steering through multiple inspection devices. Combining hands-on lab exploration with instructor-led lectures, gain practical experience implementing comprehensive encrypted traffic protection using SSL Orchestrator Guided Configuration. Build deployments for transparent and explicit forward proxies, gateway reverse proxies and existing application protecting inbound enterprise traffic, then modify those deployments changing a gateway to application mode and applying TLS v1.3 requirements. Incorporate multiple security devices at layer 2 and layer 3 with ICAP and receive-only devices in varying topology deployments.

Explore interception rules and context-based policies allowing for targeted SSL visibility based on context engine steering using geolocation, IP reputation and URL categorization. Implement dynamic service chaining of security devices to provide service insertion, service resiliency, service monitoring, and load balancing in hands-on lab scenarios. Discuss the essentials of PKI and certificates with lab practice to import certificates and private keys, then incorporate into security configurations for each topology deployment.

Course Content

Chapter 1: Introducing SSL Orchestrator 

• Internet Security and SSL Visibility

• Introducing SSL Orchestrator and its role in network security

• SSL Orchestrator Placement on the Network

• Platform and Licensing Requirements

Chapter 2: Certificate Fundamentals

• Overview of Internet Security Model

• Understanding Certificate Use

• Managing Certificates on SSL Orchestrator (BIG-IP)

Chapter 3: Architecture Overview

• Inbound and outbound inspection

• Cipher diversity

• Broad topology and inspection device support

• Dynamic service chaining and policy-based traffic steering

• Advanced monitoring

• Dynamic scaling and evaluation

Chapter 4: Guided Configuration

• Reviewing the Landing Page

• Selecting a Topology

• Making SSL Certificate Configurations

• Creating Services and Service Handling

• Constructing a Service Chain

• Building a Security Policy

• Defining an Interception Rule

• Examining Egress settings

• Reviewing the Summary Page and Deployment

• Exploring the SSL Orchestrator Dashboard

Chapter 5: Services

• Relationship of devices to services

• Inline layer 2, layer 3 and HTTP inspection services

• ICAP and TAP passive inspection services

Chapter 6: Topologies

• Selecting the appropriate topology

• Benefits and limitations of topologies

• Existing application integration

• Layer 2 virtual wire concepts

Chapter 7: Components

• Initial and subsequent forward proxy flow

• Flow and header based signaling

• Access components

• Appropriate naming of service objects

• Authentication

• Tee connector design and flow

Chapter 8: Managing Security Policy

• Creating security policies

• Reviewing per-request policy for an outbound topology

• Navigating Visual Policy Editor

Chapter 9: Solving SSL Orchestrator Problems

• Collecting system information

• Solving traffic flow issues

• Guided Configuration and iAppLX issues

• Troubleshooting with cURL

• Traffic captures with tcpdump

• Cleanup and deleting configurations

Chapter 10: SSL Orchestrator High Availability

• Review BIG-IP High Availability

• SSL Orchestrator High Availability (HA) Requirements

• Installation and Upgrade Cautions

• SSL Orchestrator in Scaled Mode

• Troubleshooting SSL Orchestrator HA

Course Overview

This 2-day course uses lectures and hands-on exercises to give participants real-time experience in configuring and using the BIG-IQ® product.

Students are introduced to BIG-IQ, its interface, and its various functionality. 

We first look at building and configuring the BIG-IQ system. Once this initial classroom environment is built, we detail the steps to get going administering BIG-IQ, then use it to manage BIG-IP devices. 

After this we examine other system configurations: setting up a BIG-IQ DCD logging device, building a BIG-IQ High Availability pair, and managing BIG-IP devices in a cluster.

Course Topics

• Introducing BIG-IQ

• Setting Up the BIG-IQ System

• Administering the BIG-IQ System

• Managing BIG-IP LTM Devices

• Setting Up the BIG-IQ DCD System

• Custom Roles and Groups

• Managing BIG-IP DSC

• Administering BIG-IQ High Availability

Course Objectives

• Build the BIG-IQ system. Perform the initial setup, licensing and configuration, then connect it to the network so it’s ready for use

• Take an overall look at the BIG-IQ product suite. What does it include, how does it approach BIG-IP centralized management

• With the BIG-IQ configured, connect and explore system features including the necessary initial tasks and associated steps

• Bring your BIG-IP devices running LTM under central management by BIG-IQ. Discover their current configuration and create and deploy new traffic passing objects to them

• The BIG-IQ needs a DCD to manage BIG-IP statistics and log data, see how to set it up and link it to the BIG-IQ system

• Take a deeper look into user accounts on BIG-IQ and see how to create very granular accounts which limit user access

• BIG-IP allows multiple devices to be configured into clusters. Learn how BIG-IQ remotely manages these clusters

• Configure two existing BIG-IQ systems into an active-standby pair. Create and synchronize configuration objects, fail the pair over, de-configure the pair and return them to standalone systems.

Course Content

Day 1:

1 Introducing BIG-IQ

Build the BIG-IQ system. Perform the initial setup, licensing and configuration, then connect it to the network so it’s ready for use.

2 Setting Up the BIG-IQ System

Take an overall look at the BIG-IQ product suite. What does it include, how does it approach BIG-IP centralized management.

3 Administering the BIG-IQ System

With the BIG-IQ configured, steps on connecting in and exploring system features. Discussion of the necessary initial tasks and associated steps.

4 Managing BIG-IP LTM Devices

Now bring your BIG-IP devices running LTM under central management by BIG-IQ. Discover their current configuration and create and deploy new traffic passing objects to them.

DAY 2

5 Setting Up the BIG-IQ DCD System

The BIG-IQ needs a DCD to manage BIG-IP statistics and log data, here is how we set it up and link it to the BIG-IQ system.

6 Custom Roles and Groups

We already looked at how user accounts are set up on BIG-IQ, let’s look deeper and see how to create very granular accounts which limit user access.

7 Managing BIG-IP DSC

BIG-IP allows multiple devices to be configured into clusters. How does BIG-IQ remotely manage these clusters?

8 Administering BIG-IQ High Availability

Configure two existing BIG-IQ systems into an active-standby pair. Create and synchronize configuration objects, fail the pair over, de-configure the pair and return them to standalone systems

Modules covered per day can be class dependent.

Course Outline

• BIG-IQ Overview 

o BIG-IQ Centralized Management

o BIG-IQ Approach

o BIG-IQ Core Functionality

o REST API

o BIG-IQ Data Collection Device (DCD)

o BIG-IP Cloud Edition (CE)

o Setting Up the BIG-IQ System

• Administering the BIG-IQ System 

o Controlling Access to the BIG-IQ

o Creating, Authenticating, Configuring Users and their Roles

o System Backups

o Configuring DNS, NTP, and SMTP

o Monitoring the BIG-IQ, DCD, and BIG-IP events and alerts

o Monitoring BIG-IQ with iHealth

o Post Installation Issues; Licensing, Changing Management IP, Master Key, Restoring Backups

o Managing BIG-IP LTM Devices 

 BIG-IP LTM Device Discovery

 BIG-IP Device Backup

 Deploying to BIG-IP Devices, Various Methods and Logs

 BIG-IQ Configuration Snapshots

 Managing BIG-IP Certificates

 Managing BIG-IP Licenses

 Monitoring BIG-IP Devices with iHealth

 Management of QKView Reports from Managed BIG-IP Devices

o Setting Up the BIG-IQ Data Collection Device

o Custom Role Types and Groups 

 Setting up User Accounts with custom roles and privileges

o Managing BIG-IP DSC 

 Discovery and management of BIG-IP Device Clusters (DSC) with BIG-IQ

o Administering BIG-IQ High Availability 

 Configuration and management of BIG-IQ systems in a High Availability pair

Course Overview

This 3-day course gives network professionals a functional understanding of BIG-IP Local Traffic Manager, introducing students to both commonly used and advanced BIG-IP LTM features and functionality. 

Incorporating lecture, extensive hands-on labs, and classroom discussion, the course helps students build the well-rounded skill set needed to manage BIG-IP LTM systems as part of a flexible and high performance application delivery network.

Course Topics

• BIG-IP initial setup (licensing, provisioning, and network configuration)

• A review of BIG-IP local traffic configuration objects

• Using dynamic load balancing methods

• Modifying traffic behavior with persistence (including SSL, SIP, universal, and destination address affinity persistence)

• Monitoring application health with Layer 3, Layer 4, and Layer 7 monitors (including transparent, scripted, and external monitors)

• Processing traffic with virtual servers (including network, forwarding, and reject virtual servers)

• Processing traffic with SNATs (including SNAT pools and SNATs as listeners)

• Modifying traffic behavior with profiles (including TCP profiles, advanced HTTP profile options, caching, compression, and OneConnect profiles)

• Advanced BIG-IP LTM configuration options (including VLAN tagging and trunking, SNMP features, packet filters, and route domains)

• Customizing application delivery with iRules and local traffic policies

• Securing application delivery using BIG-IP LTM

Course Objectives

At the end of this course, the student will be able to: 

• Back up the BIG-IP system configuration for safekeeping

• Configure virtual servers, pools, monitors, profiles, and persistence objects

• Test and verify application delivery through the BIG-IP system using local traffic statistics

• Configure priority group activation on a load balancing pool to allow servers to be activated only as needed to process traffic

• Compare and contrast member-based and node-based dynamic load balancing methods

• Configure connection limits to place a threshold on traffic volume to particular pool members and nodes

• Differentiate between cookie, SSL, SIP, universal, and destination address affinity persistence, and describe use cases for each

• Describe the three Match Across Services persistence options and use cases for each

• Configure health monitors to appropriately monitor application delivery through a BIG-IP system

• Configure different types of virtual services to support different types of traffic processing through a BIG-IP system

• Configure different types of SNATs to support routing of traffic through a BIG-IP system

• Configure VLAN tagging and trunking

• Restrict administrative and application traffic through the BIG-IP system using packet filters, port lockdown, and virtual server settings

• Configure SNMP alerts and traps in support of remote monitoring of the BIG-IP system

• Use iRules and local traffic policies appropriately to customize application delivery through the BIG-IP system

• Configure the BIG-IP to detect and mitigate some common attacks at the network and application layers using LTM features such as SYN check, eviction policies, iRules and Local Traffic Policies

Course Content

Chapter 1: Setting Up the BIG-IP System

• Introducing the BIG-IP System

• Initially Setting Up the BIG-IP System

• Archiving the BIG-IP Configuration

• Leveraging F5 Support Resources and Tools

Chapter 2: Reviewing Local Traffic Configuration

• Reviewing Nodes, Pools, and Virtual Servers

• Reviewing Address Translation

• Reviewing Routing Assumptions

• Reviewing Application Health Monitoring

• Reviewing Traffic Behavior Modification with Profiles

• Reviewing the TMOS Shell (TMSH)

• Reviewing Managing BIG-IP Configuration Data

Chapter 3: Load Balancing Traffic with LTM

• Exploring Load Balancing Options

• Using Priority Group Activation and Fallback Host

• Comparing Member and Node Load Balancing

Chapter 4: Modifying Traffic Behavior with Persistence

• Reviewing Persistence

• Introducing Cookie Persistence

• Specifying Default and Fallback Persistence

• Introducing SSL Persistence

• Introducing SIP Persistence

• Introducing Universal Persistence

• Introducing Destination Address Affinity Persistence

• Using Match Across Options for Persistence

Chapter 5: Monitoring Application Health

• Differentiating Monitor Types

• Customizing the HTTP Monitor

• Monitoring an Alias Address and Port

• Monitoring a Path vs. Monitoring a Device

• Managing Multiple Monitors

• Using Application Check Monitors

• Using Manual Resume and Advanced Monitor Timer Settings

Chapter 6: Processing Traffic with Virtual Servers

• Understanding the Need for Other Virtual Server Types

• Forwarding Traffic with a Virtual Server

• Understanding Virtual Server Order of Precedence

• Path Load Balancing

Chapter 7: Processing Traffic with SNATs

• Overview of SNATs

• Using SNAT Pools

• SNATs as Listeners

• SNAT Specificity

• VIP Bounceback

• Additional SNAT Options

• Network Packet Processing Review

Chapter 8: Modifying Traffic Behavior with Profiles

• Profiles Overview

• TCP Express Optimization

• TCP Profiles Overview

• HTTP Profile Options

• HTTP/2 Profile Options

• OneConnect

• Offloading HTTP Compression to BIG-IP

• Web Acceleration Profile and HTTP Caching

• Stream Profiles

• F5 Acceleration Technologies

Chapter 9: Selected Topics

• VLAN, VLAN Tagging, and Trunking

• Restricting Network Access

• SNMP Features

• Segmenting Network Traffic with Route Domains

Chapter 10: Customizing Application Delivery with iRules

• Getting Started with iRules

• Understanding When iRules are Triggered

• Deploying iRules

• Constructing an iRule

• Testing and Debugging iRules

• Exploring iRules Documentation

Chapter 11: Customizing Application Delivery with Local Traffic Policies

• Getting Started with Local Traffic Policies

• Configuring and Managing Policy Rules

Chapter 12: Securing Application Delivery with LTM

• Understanding Today’s Threat Landscape

• Integrating LTM Into Your Security Strategy

• Defending Your Environment Against SYN Flood Attacks

• Defending Your Environment Against Other Volumetric Attacks

• Addressing Application Vulnerabilities with iRules and Local Traffic Policies

• Detecting and Mitigating Other Common HTTP Threats

Chapter 13: Final Lab Project

• About the Final Lab Project

Chapter 14: Additional Training and Certification

• Getting Started Series Web-Based Training

• F5 Instructor Led Training Curriculum

• F5 Professional Certification Program

Course Changes since v15

Updates for the v16.1 release include changes to TCP Profiles and Securing Application Delivery chapters. All remaining content was reviewed and updated for relevance to the BIG-IP v16.1 release.

Course Overview

This 2-day course gives networking professionals a functional understanding of the BIG-IP DNS system as it is commonly used. 

The course covers configuration and ongoing management of the BIG-IP DNS system, and includes a combination of lecture, discussion, and hands-on labs.

Course Topics

• Overview of the Domain Name System and DNS resolution flow through BIG-IP DNS

• Configuring DNS listeners

• Accelerating DNS resolution with DNS Express, DNS cache, and DNS server load balancing

• Intelligent DNS resolution with wide IPs and wide IP pools

• Using probes and metrics to assist the intelligent DNS resolution process

• Intelligent DNS load balancing methods

• Monitoring intelligent DNS resources

• Logging GSLB load balancing decisions

• Using DNSSEC

• Integrating iRules in the DNS resolution process

• Managing BIG-IP DNS sync groups

Course Objectives

Upon successful completion of this course, the student will be able to: 

• Provision the BIG-IP system for operation

• Back up the BIG-IP system configuration for safekeeping

• Describe how the Domain Name System (DNS) resolves host names into IP addresses

• Describe how the BIG-IP DNS system can participate in the DNS resolution process DNS resolution with wide IPs and wide IP pools

• Describe how the BIG-IP DNS system can participate in the DNS resolution process

• Cache DNS query responses on BIG-IP DNS to accelerate DNS resolution

• Load balance DNS queries to a pool of DNS servers and monitor pool health

• Configure the key features of the BIG-IP DNS system to perform intelligent DNS resolution

• Describe the LDNS probes used by BIG-IP DNS to support path-based load balancing

• Configure a wide IP pool to use a path load balancing method

• View and confirm DNS resolution behavior using path load balancing methods

• Use static and dynamic load balancing methods to intelligently resolve DNS queries

• Use persistence to effectively return one or more clients to the same virtual server on each query

• Use manual resume to control certain load balancing behavior in the event of an outage

• Configure and use load balancing decision logs to fine-tune and troubleshoot DNS resolution

• Configure monitors on the BIG-IP DNS system in support of DNS resolution

• Configure BIG-IP DNS to participate in the DNSSEC chain of trust

• Configure limit settings on virtual servers, servers, and wide IP pools to temporarily direct client traffic away from resources that may not be performing at certain thresholds of efficiency

• Configure iRules on a wide IP to customize intelligent DNS resolution

• Describe the other wide IP types provided with BIG-IP DNS

• Configure a BIG-IP DNS sync group

• Apply all the principles learned throughout the course to configure a BIG-IP DNS system based on hypothetical specifications

Course Content

Chapter 1: Setting Up the BIG-IP System

• Introducing the BIG-IP System

• Initially Setting Up the BIG-IP System

• Archiving the BIG-IP Configuration

• Leveraging F5 Support Resources and Tools

Chapter 2: Introducing the Domain Name System (DNS) and BIG-IP DNS

• Understanding the Domain Name System (DNS)

• Reviewing the Name Resolution Process

• Implementing BIG-IP DNS

• Using DNS Resolution Diagnostic Tools

Chapter 3: Accelerating DNS Resolution

• Introducing DNS Resolution with BIG-IP DNS

• BIG-IP DNS Resolution Decision Flow

• Configuring BIG-IP DNS Listeners

• Resolving DNS Queries in the Labs (Lab Zone Records)

• Load Balancing Queries to a DNS Server Pool

• Accelerating DNS Resolution with DNS Cache

• Accelerating DNS Resolution with DNS Express

• Introducing Wide IPs

• Using Other Resolution Methods with BIG-IP DNS

• Integrating BIG-IP DNS into Existing DNS Environments

Chapter 4: Implementing Intelligent DNS Resolutions

• Introducing Intelligent DNS Resolution

• Identifying Physical Network Components

• Identifying Logical Network Components

• Collecting Metrics for Intelligent Resolution

• Configuring Data Centers

• Configuring a BIG-IP DNS System as a Server

• Configuring a BIG-IP LTM System as a Server

• Establishing iQuery Communication between BIG-IP Systems

• Configuring a Non-F5 Server

• Defining Links and Routers

• Configuring Wide IP Pools

• Configuring Wide IPs

• Managing Object Status and State

• Using the Traffic Management Shell (TMSH)

Chapter 5: Using LDNS Probes and Metrics

• Introducing LDNS Probes and Metrics

• Types of LDNS Probes

• Excluding an LDNS from Probing

• Configuring Probe Metrics Collection

Chapter 6: Load Balancing Intelligent DNS Resolution

• Introducing Load Balancing on BIG-IP DNS

• Using Static Load Balancing Methods

o Round Robin

o Ratio

o Global Availability

o Static Persist

o Other Static Load Balancing Methods

• Using Dynamic Load Balancing Methods

o Round Trip Time

o Completion Rate

o CPU

o Hops

o Least Connections

o Packet Rate

o Kilobytes per Second

o Other Dynamic Load Balancing Methods

• Using Quality of Service Load Balancing

• Persisting DNS Query Responses

• Configuring GSLB Load Balancing Decision Logs

• Using Manual Resume

• Using Topology Load Balancing

Chapter 7: Monitoring Intelligent DNS Resources

• Exploring Monitors

• Configuring Monitors

• Assigning Monitors to Resources

• Monitoring Best Practices

Chapter 8: Advanced BIG-IP DNS Topics

• Implementing DNSSEC

• Setting Limits for Resource Availability

• Using iRules with Wide IPs

• Introducing Other Wide IP Types

• Implementing BIG-IP DNS Sync Groups

Course Changes since v15

The Configuring DNS v16.1 course presents much of the same content as v15.1, with very minor modifications.



Course Overview

This 3-day course gives network administrators, network operators, and network engineers a functional understanding of BIG-IP Access Policy Manager as it is commonly deployed in both application delivery network and remote access settings. 

The course introduces students to BIG-IP Access Policy Manager, its configuration objects, how it commonly deployed, and how typical administrative and operational activities are performed. 

The course includes lecture, hands-on labs, interactive demonstrations, and discussions.

Course Topics

• Getting started with the BIG-IP system

• APM Traffic Processing and APM Configuration Wizards

• APM Access Policies, Access Profiles

• Visual Policy Editor, Branches and Endings

• APM Portal Access and Rewrite Profiles

• Single Sign-On and Credential Caching

• APM Network Access and BIG-IP Edge Client

• Layer 4 and Layer 7 Access Control Lists

• APM Application Access and Webtop Types

• Remote Desktop, Optimized Tunnels and Webtop Links

• LTM Concepts including Virtual Servers, Pools, Monitors and SNAT’ing

• APM + LTM Use Case for Web Applications

• Visual Policy Editor Macros

• AAA Servers and Authentication and Authorization with Active Directory and RADIUS

• Endpoint Security with Windows Process Checking, Protected Workspace and Firewalls

• iRules, Customization and SAML

Course Objectives

At the end of this course, the student will be able to: 

• Configure remote access methods Network Access, Portal Access and Application Access and understand the differences and use cases for each

• Configure APM and LTM to work together for advanced application delivery as well as understand the APM + LTM use case versus the remote access use case

• Configure advanced policies using the Visual Policy Editor with all of its features such as macros, branches and multiple endings

• Understand the role of iRules and how they work together with BIG-IP in general and APM in specific

• Understand the role of Federated Single Sign-On using SAML and deploy a basic configuration

• Configure multiple authentication methods and understand how they can work together in a single access policy

• Set up, license, and provision the BIG-IP system out-of-the-box

• Create, restore from, and manage BIG-IP archives

• Use profiles to manipulate the way the BIG-IP system processes traffic through a virtual server

Course Content

Chapter 1: Setting Up the BIG-IP System

• Introducing the BIG-IP System

• Initially Setting Up the BIG-IP System

• Archiving the BIG-IP Configuration

• Leveraging F5 Support Resources and Tools

Chapter 2: Configuring Web Application Access

• Review of BIG-IP LTM

• Introduction to the Access Policy

• Web Access Application Configuration Overview

• Web Application Access Configuration in Detail

Chapter 3: Exploring the Access Policy

• Navigating the Access Policy

Chapter 4: Managing BIG-IP APM

• BIG-IP APM Sessions and Access Licenses

• Session Variables and sessiondump

• Session Cookies

• Access Policy General Purpose Agents List

Chapter 5: Using Authentication

• Introduction to Access Policy Authentication

• Active Directory AAA Server

• RADIUS

• One-Time Password

• Local User Database

Chapter 6: Understanding Assignment Agents

• List of Assignment Agents

Chapter 7: Configuring Portal Access

• Introduction to Portal Access

• Portal Access Configuration Overview

• Portal Access Configuration

• Portal Access in Action

Chapter 8: Configuring Network Access

• Concurrent User Licensing

• VPN Concepts

• Network Access Configuration Overview

• Network Access Configuration

• Network Access in Action

Chapter 9: Deploying Macros

• Access Policy Macros

• Configuring Macros

• An Access Policy is a Flowchart

• Access Policy Logon Agents

• Configuring Logon Agents

Chapter 10: Exploring Client-Side Checks

• Client-Side Endpoint Security

Chapter 11: Exploring Server-Side Checks

• Server-Side Endpoint Security Agents List

• Server-Side and Client-Side Checks Differences

Chapter 12: Using Authorization

• Active Directory Query

• Active Directory Nested Groups

• Configuration in Detail

Chapter 13: Configuring App Tunnels

• Application Access

• Remote Desktop

• Network Access Optimized Tunnels

• Landing Page Bookmarks

Chapter 14: Deploying Access Control Lists

• Introduction to Access Control Lists

• Configuration Overview

• Dynamic ACLs

• Portal Access ACLs

Chapter 15: Signing On with SSO

• Remote Desktop Single Sign-On

• Portal Access Single Sign-On

Chapter 16: Using iRules

• iRules Introduction

• Basic TCL Syntax

• iRules and Advanced Access Policy Rules

Chapter 17: Customizing BIG-IP APM

• Customization Overview

• BIG-IP Edge Client

• Advanced Edit Mode Customization

• Landing Page Sections

Chapter 18: Deploying SAML

• SAML Conceptual Overview

• SAML Configuration Overview

Chapter 19: Exploring Webtops and Wizards

• Webtops

• Wizards

Chapter 20: Using BIG-IP Edge Client

• BIG-IP Edge Client for Windows Installation

• BIG-IP Edge Client in Action

Chapter 21: Configuration Project

Chapter 22: Additional Training and Certification

• Getting Started Series Web-Based Training

• F5 Instructor Led Training Curriculum

• F5 Professional Certification Program

Course Changes since v15

Configuring BIG-IP APM did not change significantly with version 16.1. Minor changes were made to remove out of date features and show the improved VPN split tunnelling configuration.

Course Overview

This 2-day course uses lectures and hands-on lab exercises to give participants real-time experience in setting up and configuring the BIG-IP® Advanced Firewall Manager system. 

Students are introduced to the AFM user interface, stepping through various options that demonstrate how AFM is configured to build a network firewall and to detect and protect against DoS (Denial of Service) attacks. Reporting and log facilities are also explained and used in the course labs. 

Further Firewall functionality and additional DoS facilities for DNS and SIP traffic are discussed.

Course Topics

• Configuration and management of the BIG-IP AFM system

• AFM Network Firewall concepts

• Network firewall options and modes

• Network firewall rules, policies, address/port lists, rule lists and schedules

• IP Intelligence facilities of dynamic black and white lists, IP reputation database and dynamic IP shunning

• Detection and mitigation of DoS attacks

• Event logging of firewall rules and DoS attacks

• Reporting and notification facilities

• DoS Whitelists

• DoS Sweep/Flood

• DNS Firewall and DNS DoS

• SIP DoS

• Port Misuse

• Network Firewall iRules

• Various AFM component troubleshooting commands

Course Objectives

After completing this course, participants will be able to complete the following tasks: 

• Configure and manage an AFM system

• Configure AFM Network Firewall in a positive or negative security model

• Configure Network Firewall to allow or deny network traffic using rules based on protocol, source, destination, geography, and other predicate types

• Prebuild firewall rules using lists and schedule components

• Enforce firewall rules immediately or test them using policy staging

• Use Packet Tester and Flow Inspector features to check network connections against your security configurations for Network Firewall, IP intelligence and DoS features

• Configure various IP Intelligence features to identify, record, allow or deny access by IP address

• Configure the Device DoS detection and mitigation feature to protect the BIG-IP device and all applications from multiple types of attack vectors

• Configure DoS detection and mitigation on a per-profile basic to protect specific applications from attack

• Use DoS Dynamic Signatures to automatically protect the system from DoS attacks based on long term traffic and resource load patterns

• Configure and use the AFM local and remote log facilities

• Configure and monitor AFM’s status with various reporting facilities

• Export AFM system reports to your external monitoring system directly or via scheduled mail

• Allow chosen traffic to bypass DoS checks using Whitelists

• Isolate potentially bad clients from good using the Sweep Flood feature

• Isolate and re-route potentially bad network traffic for further inspection using IP Intelligence Shun functionality

• Restrict and report on certain types of DNS requests using DNS Firewall

• Configure, mitigate, and report on DNS based DoS attacks with the DNS DoS facility

• Configure, mitigate, and report on SIP based DoS attacks with the SIP DoS facility

• Configure, block, and report on the misuse of system services and ports using the Port Misuse feature

• Build and configure Network Firewall rules using BIG-IP iRules

• Be able to monitor and do initial troubleshooting of various AFM functionality

Course Content

Chapter 1: Setting up the BIG-IP System 

• Introducing the BIG-IP System

• Initially Setting Up the BIG-IP System

• Archiving the BIG-IP System Configuration

• Leveraging F5 Support Resources and Tools 

Chapter 2: AFM Overview

• AFM Overview 

• AFM Availability

• AFM and the BIG-IP Security Menu

Chapter 3: Network Firewall

• AFM Firewalls

• Contexts

• Modes

• Packet Processing

• Rules and Direction

• Rules Contexts and Processing

• Inline Rule Editor

• Configuring Network Firewall

• Network Firewall Rules and Policies

• Network Firewall Rule Creation

• Identifying Traffic by Region with Geolocation

• Identifying Redundant and Conflicting Rules

• Identifying Stale Rules

• Prebuilding Firewall Rules with Lists and Schedules

• Rule Lists

• Address Lists 

• Port Lists

• Schedules

• Network Firewall Policies

• Policy Status and Management

• Other Rule Actions

• Redirecting Traffic with Send to Virtual

• Checking Rule Processing with Packet Tester

• Examining Connections with Flow Inspector

Chapter 4: Logs

• Event Logs

• Logging Profiles

• Limiting Log Messages with Log Throttling

• Enabling Logging in Firewall Rules

• BIG-IP Logging Mechanisms

• Log Publisher

• Log Destination

• Logging Global Rule Events

• Log Configuration Changes

• QKView and Log Files

• SNMP MIB

• SNMP Traps

Chapter 5: IP Intelligence

• Overview

• IP Intelligence Policy

• Feature 1: Dynamic White and Blacklists

• Blacklist Categories

• Feed Lists

• Applying an IP Intelligence Policy

• IP Intelligence Log Profile

• IP Intelligence Reporting

• Troubleshooting IP Intelligence Lists

• Feature 2: IP Intelligence Database

• Licensing

• Installation

• Linking the Database to the P Intelligence Policy

• Troubleshooting

• IP Intelligence iRule

Chapter 6: DoS Protection

• Denial of Service and DoS Protection Overview

• Device DoS Protection

• Configuring Device DoS Protection

• Variant 1 DoS Vectors

• Variant 2 DoS Vectors

• Automatic Configuration or Automatic Thresholds

• Variant 3 DoS Vectors

• Device DoS Profiles

• DoS Protection Profile

• Dynamic Signatures

• Dynamic Signatures Configuration

• DoS iRules

Chapter 7: Reports

• AFM Reporting Facilities Overview

• Examining the Status of Particular AFM Features

• Exporting the Data

• Managing the Reporting Settings

• Scheduling Reports

• Troubleshooting Scheduled Reports

• Examining AFM Status at High Level

• Mini Reporting Windows (Widgets)

• Building Custom Widgets

• Deleting and Restoring Widgets

• Dashboards

Chapter 8: DoS White Lists

• Bypassing DoS Checks with White Lists

• Configuring DoS White Lists

• tmsh options

• Per Profile Whitelist Address List

Chapter 9: DoS Sweep Flood Protection

• Isolating Bad Clients with Sweep Flood

• Configuring Sweep Flood

Chapter 10: IP Intelligence Shun

• Overview

• Manual Configuration

• Dynamic Configuration

• IP Intelligence Policy

• tmsh options

• Troubleshooting

• Extending the Shun Feature

• Route this Traffic to Nowhere – Remotely Triggered Black Hole

• Route this Traffic for Further Processing – Scrubber

Chapter 11: DNS Firewall

• Filtering DNS Traffic with DNS Firewall

• Configuring DNS Firewall

• DNS Query Types

• DNS Opcode Types

• Logging DNS Firewall Events

• Troubleshooting

Chapter 12: DNS DoS

• Overview

• DNS DoS

• Configuring DNS DoS

• DoS Protection Profile

• Device DoS and DNS

Chapter 13: SIP DoS

• Session Initiation Protocol (SIP)

• Transactions and Dialogs

• SIP DoS Configuration

• DoS Protection Profile

• Device DoS and SIP

Chapter 14: Port Misuse

• Overview

• Port Misuse and Service Policies

• Building a Port Misuse Policy

• Attaching a Service Policy

• Creating a Log Profile

Chapter 15: Network Firewall iRules

• Overview

• iRule Events

• Configuration

• When to use iRules

• More Information

Chapter 16: Recap

• BIG-IP Architecture and Traffic Flow

• AFM Packet Processing Overview

Chapter 17: Additional Training and Certification

• Getting Started Series Web-Based Training

• F5 Instructor Led Training Curriculum

• F5 Professional Certification Program

Course Changes since v15

Updates for the v16.1 release are minor. Course material including student guide and labs steps have been updated to reflect the version change and for any product changes to GUI appearance and screen options.