Course Overview

The Securing Cisco Networks with Open Source Snort course shows you how to deploy a network intrusion detection system based on Snort. Through a combination of expert instruction and hands-on practice, you will learn how to install, configure, operate, and manage a Snort system, rules writing with an overview of basic options, advanced rules writing, how to configure PulledPork, and how to use OpenAppID to provide protection of your network from malware. You will learn techniques of tuning and performance monitoring, traffic flow through Snort rules, and more.

Course Objectives

After completing this course, you should be able to:

  • Describe Snort technology and identify the resources available for maintaining a Snort deployment 
  • Install and configure a Snort deployment 
  • Configure the command-line options for starting a Snort as a sniffer, a logger, and an intrusion detector, and create a script to start Snort automatically 
  • Identify and configure available Snort intrusion detection outputs 
  • Describe rule sources, updates, and utilities for managing rules and updates 
  • Detail the components of the snort.lua file and determine how to configure it for your deployment 
  • Configure Snort for inline operation using the inline-only features 
  • Configure rules for Snort using basic rule syntax 
  • Describe how traffic flows through Snort and how to optimize rules for better performance 
  • Configure advanced-rule options for Snort rules 
  • Configure OpenAppID features and functionality 
  • Tune Snort for efficient operation and profile system performance 

Course Content

Snort Technology Introduction

  • Snort Basics
  • Snort Resources

Snort Installation

  • Installation Prerequisites
  • Performing the Snort Installation

Snort Operation Introduction

  • Running Snort from the Command Line
  • Configuring Snort to Start Automatically

Snort Intrusion Detection Output

  • Configuring Snort Intrusion Detection Output

Rule Management

  • Snort Rulesets
  • PulledPork Installation and Configuration

Snort Configuration

  • Examining the snort.lua File
  • Inspector Configuration

Inline Operation and Configuration

  • Configuring Inline Operation
  • Configuring Inline-Specific Features

Snort Rule Syntax and Usage

  • Basic Rule Syntax
  • Common Rule Options

Snort Rule Traffic Processing Flow

  • Examining Snort Traffic Flow

Advanced Rule Options

  • PCRE Rule Options
  • Hash Rules
  • Byte Rule Options
  • Implementing Flowbits
  • File Detention

OpenAppID Detection Configuration

  • Exploring the Open AppID Preprocessor
  • Examining AppID Events and Statistics
  • Detector Basics

Snort Tuning

  • Viewing Performance Statistics
  • Configuring Snort Rule Filters
  • Implementing BPFs in Snort
  • Performance Profiling

Labs

  • Discovery Lab 1: Connecting to the Lab Environment
  • Discovery Lab 2: Snort Installation
  • Discovery Lab 3: Snort Operation
  • Discovery Lab 4: Snort Intrusion Detection Output
  • Discovery Lab 5: PulledPork Installation
  • Discovery Lab 6: Configuring Variables
  • Discovery Lab 7: Reviewing Inspector Configurations
  • Discovery Lab 8: Inline Operation
  • Discovery Lab 9: Basic Rule Syntax and Usage
  • Discovery Lab 10: Advanced Rule Options
  • Discovery Lab 11: OpenAppID Configuration
  • Discovery Lab 12: Tuning Snort

Course Overview

Learn how to deploy and use Cisco® Email Security Appliance to establish protection for your email systems against phishing, business email compromise and ransomware. Help streamline email security policy management. This hands-on course provides you with the knowledge and skills to implement, troubleshoot, and administer Cisco Email Security Appliance, including key capabilities such as advanced malware protection, spam blocking, anti-virus protection, outbreak filtering, encryption, quarantines, and data loss prevention.

This course is worth 24 Continuing Education (CE) Credits.

Course Objectives

After completing this course you should be able to:

  • Describe and administer the Cisco Email Security Appliance (ESA)
  • Control sender and recipient domains
  • Control spam with Talos SenderBase and anti-spam
  • Use anti-virus and outbreak filters
  • Use mail policies
  • Use content filters
  • Use message filters
  • Prevent data loss
  • Perform LDAP queries
  • Authenticate Simple Mail Transfer Protocol (SMTP) sessions
  • Authenticate email
  • Encrypt email
  • Use system quarantines and delivery methods
  • Perform centralized management using clusters
  • Test and troubleshoot

Course Content

Describing the Cisco Email Security Appliance

  • Cisco Email Security Appliance Overview
  • Technology Use Case
  • Cisco Email Security Appliance Data Sheet
  • SMTP Overview
  • Email Pipeline Overview
  • Installation Scenarios
  • Initial Cisco Email Security Appliance Configuration
  • Centralizing Services on a Cisco Content Security Management Appliance (SMA)
  • Release Notes for AsyncOS 11.x

Controlling Sender and Recipient Domains

  • Public and Private Listeners
  • Configuring the Gateway to Receive Email
  • Host Access Table Overview
  • Recipient Access Table Overview
  • Configuring Routing and Delivery Features

Controlling Spam with Talos SenderBase and Anti-Spam

  • SenderBase Overview
  • Anti-Spam
  • Managing Graymail
  • Protecting Against Malicious or Undesirable URLs
  • File Reputation Filtering and File Analysis
  • Bounce Verification

Using Anti-Virus and Outbreak Filters

  • Anti-Virus Scanning Overview
  • Sophos Anti-Virus Filtering
  • McAfee Anti-Virus Filtering
  • Configuring the Appliance to Scan for Viruses
  • Outbreak Filters
  • How the Outbreak Filters Feature Works
  • Managing Outbreak Filters

Using Mail Policies

  • Cisco Email Security Manager Overview
  • Mail Policies Overview
  • Handling Incoming and Outgoing Messages Differently
  • Configuring Mail Policies
  • Matching Users to a Mail Policy
  • Message Splintering

Using Content Filters

  • Content Filters Overview
  • Content Filter Conditions
  • Content Filter Actions
  • Filter Messages Based on Content
  • Text Resources Overview
  • Using and Testing the Content Dictionaries Filter Rules
  • Understanding Text Resources
  • Text Resource Management
  • Using Text Resources

Using Message Filters

  • Message Filters Overview
  • Components of a Message Filter
  • Message Filter Processing
  • Message Filter Rules
  • Message Filter Actions
  • Attachment Scanning
  • Examples of Attachment Scanning Message Filters
  • Using the CLI to Manage Message Filters
  • Message Filter Examples
  • Configuring Scan Behavior

Preventing Data Loss

  • Data Loss Prevention (DLP) Scanning Process
  • Setting Up Data Loss Prevention
  • Policies for Data Loss Prevention
  • Message Actions
  • Updating the DLP Engine and Content Matching Classifiers

Using LDAP

  • Overview of LDAP
  • Working with LDAP
  • Using LDAP Queries
  • Authenticating End-Users of the Spam Quarantine
  • Configuring External LDAP Authentication for Users
  • Testing Servers and Queries
  • Using LDAP for Directory Harvest Attack Prevention
  • Spam Quarantine Alias Consolidation Queries
  • Validating Recipients Using an SMTP Server

Describing SMTP Session Authentication

  • Configuring AsyncOS for SMTP Authentication
  • Authenticating SMTP Sessions Using Client Certificates
  • Checking the Validity of a Client Certificate
  • Authenticating User Using LDAP Directory
  • Authenticating SMTP Connection Over Transport Layer Security (TLS) Using a Client Certificate
  • Establishing a TLS Connection from the Appliance
  • Updating a List of Revoked Certificates

Using Email Authentication

  • Email Authentication Overview
  • Overview of Sender Policy Framework (SPF) and SIDF Verification
  • Configuring DomainKeys and DomainKeys Identified Mail (DKIM) Signing
  • Verifying Incoming Messages Using DKIM
  • Domain-based Message Authentication Reporting and Conformance (DMARC) Verification
  • Forged Email Detection

Using Email Encryption

  • Overview of Cisco Email Encryption
  • Encrypting Messages
  • Determining Which Messages to Encrypt
  • Inserting Encryption Headers into Messages
  • Encrypting Communication with Other Message Transfer Agents (MTAs)
  • Working with Certificates
  • Managing Lists of Certificate Authorities
  • Enabling TLS on a Listener’s Host Access Table (HAT)
  • Enabling TLS and Certificate Verification on Delivery
  • Secure/Multipurpose Internet Mail Extensions (S/MIME) Security Services

Administering the Cisco Email Security Appliance

  • Distributing Administrative Tasks
  • System Administration
  • Managing and Monitoring Using the Command Line Interface (CLI)
  • Other Tasks in the GUI
  • Advanced Network Configuration
  • Using Email Security Monitor
  • Tracking Messages
  • Logging

Using System Quarantines and Delivery Methods

  • Describing Quarantines
  • Spam Quarantine
  • Setting Up the Centralized Spam Quarantine
  • Using Safelists and Blocklists to Control Email Delivery Based on Sender
  • Configuring Spam Management Features for End Users
  • Managing Messages in the Spam Quarantine
  • Policy, Virus, and Outbreak Quarantines
  • Managing Policy, Virus, and Outbreak Quarantines
  • Working with Messages in Policy, Virus, or Outbreak Quarantines
  • Delivery Methods

Centralized Management Using Clusters

  • Overview of Centralized Management Using Clusters
  • Cluster Organization
  • Creating and Joining a Cluster
  • Managing Clusters
  • Cluster Communication
  • Loading a Configuration in Clustered Appliances
  • Best Practices

Testing and Troubleshooting

  • Debugging Mail Flow Using Test Messages: Trace
  • Using the Listener to Test the Appliance
  • Troubleshooting the Network
  • Troubleshooting the Listener
  • Troubleshooting Email Delivery
  • Troubleshooting Performance
  • Web Interface Appearance and Rendering Issues
  • Responding to Alerts
  • Troubleshooting Hardware Issues
  • Working with Technical Support

Labs

  • Discovery Lab 1: Verify and Test Cisco ESA Configuration
  • Discovery Lab 2: Advanced Malware in Attachments (Macro Detection)
  • Discovery Lab 3: Protect Against Malicious or Undesirable URLs Beneath Shortened URLs
  • Discovery Lab 4: Protect Against Malicious or Undesirable URLs Inside Attachments
  • Discovery Lab 5: Intelligently Handle Unscannable Messages
  • Discovery Lab 6: Leverage AMP Cloud Intelligence Via Pre-Classification Enhancement
  • Discovery Lab 7: Integrate Cisco ESA with AMP Console
  • Discovery Lab 8: Prevent Threats with Anti-Virus Protection
  • Discovery Lab 9: Applying Outbreak Filters
  • Discovery Lab 10: Configure Attachment Scanning
  • Discovery Lab 11: Configure Outbound Data Loss Prevention
  • Discovery Lab 12: Integrate Cisco ESA with LDAP and Enable the LDAP Accept Query
  • Discovery Lab 13: DomainKeys Identified Mail (DKIM)
  • Discovery Lab 14: Sender Policy Framework (SPF)
  • Discovery Lab 15: Forged Email Detection
  • Discovery Lab 16: Configure the Cisco SMA for Tracking and Reporting
  • Discovery Lab 17: Configure the Cisco Secure Email and Web Manager for Tracking and Reporting

Course Overview

This course is designed for students who are planning to take the Secure storage for Azure Files and Azure Blob Storage assessment, and provides a bridge between fundamental level skills and entry-level associate skills. This course helps learners progress in multiple IT roles, including infrastructure, security, and networking.

Course Objectives

In this course, the student will have many opportunities to practice configuring and securing storage. These skills include creating and configuring storage accounts, blob containers, file shares, storage networking, and storage security.

Course Content

This course will cover;

  • Create and configure a storage account
  • Create and configure Blob Storage
  • Create and configure Azure Files
  • Configure networking for storage
  • Configure encryption for storage

Course Overview

This learning path guides you in securing Azure services and workloads using Microsoft Cloud Security Benchmark controls in Microsoft Defender for Cloud via the Azure portal.

Course Objectives

  • Filter network traffic with a network security group using the Azure portal
  • Create a Log Analytics workspace for Microsoft Defender for Cloud
  • Set up Microsoft Defender for Cloud
  • Configure and integrate a Log Analytics agent and workspace in Defender for Cloud
  • Configure Azure Key Vault networking settings
  • Connect an Azure SQL server using an Azure Private Endpoint using the Azure portal

Course Content

Module 1: Filter network traffic with a network security group using the Azure portal

  • In this module, we will focus on filtering network traffic using Network Security Groups (NSGs) in the Azure portal. Learn how to create, configure, and apply NSGs for improved network security.

Module 2: Create a Log Analytics workspace for Microsoft Defender for Cloud

  • In this module, you’ll discover how to create a Log Analytics workspace in the Azure portal for Microsoft Defender for Cloud, improving data collection and security analysis.

Module 3: Set up Microsoft Defender for Cloud

  • In this module, you’ll learn how to implement Microsoft Defender for Cloud using the Azure portal, to strengthen security and threat detection in your Azure environment.

Module 4: Configure and integrate a Log Analytics agent and workspace in Defender for Cloud

  • This module will guide you to configure and integrate a Log Analytics agent with a workspace in Defender for Cloud via the Azure portal, boosting security analysis.

Module 5: Configure Azure Key Vault networking settings

  • In this module, you’ll learn to configure Azure Key Vault networking settings via the Azure portal, ensuring secure and controlled access to your stored secrets.

Module 6: Connect an Azure SQL server using an Azure Private Endpoint using the Azure portal

  • This module will guide you on securely connecting an Azure SQL server via Azure Private Endpoint in the Azure portal, enhancing data communication security.

Course Overview

Red Hat Single Sign-On Administration (DO313) is designed for system administrators who want to install, configure and manage Red Hat Single Sign-On servers for securing applications. Learn about the different ways to authenticate and authorize applications using single sign-on standards like OAuth and OpenID Connect (OIDC). You will also learn how to install and configure Red Hat SIngle Sign-On on the OpenShift Container Platform. This course is based on Red Hat Single Sign-On version 7.6.

Course Objectives

  • Installing Red Hat Single Sign-On on virtual machines and on OpenShift Container Platform
  • Authenticating and authorizing applications using OAuth and OIDC
  • Configuring Identity Brokering and user identity federation from external systems
  • Configuring password policies

Course Content

Introduce Red Hat Single Sign-On

Identify the main components of Red Hat Single Sign-OnInstall and Configure Red Hat Single Sign-On

Identify the best option for installing and configuring RHSSO depending on the infrastructureAuthentication and Authorization

Configure authentication and authorization for applicationsIdentity Brokering and User Federation

Configure RHSSO to secure applications from multiple identity providers by using user federation and social loginsRed Hat Single Sign-On on OpenShift

Install and configure Red Hat Single Sign-On on OpenShift

Course Overview

Maintaining security of computing systems is a process of managing risk through the implementation of processes and standards backed by technologies and tools. In this course, you will learn about resources that can be used to help you implement and comply with your security requirements.

Course Objectives

  • Manage compliance with OpenSCAP.
  • Enable SELinux on a server from a disabled state, perform basic analysis of the system policy, and mitigate risk with advanced SELinux techniques.
  • Proactively identify and resolve issues with Red Hat Insights.
  • Monitor activity and changes on a server with Linux Audit and AIDE.
  • Protect data from compromise with USBGuard and storage encryption.
  • Manage authentication controls with PAM.
  • Manually apply provided Ansible Playbooks to automate mitigation of security and compliance issues.
  • Scale OpenSCAP and Red Hat Insights management with Red Hat Satellite and Red Hat Ansible Tower.

Course Content

  • Manage security and risk: Define strategies to manage security on Red Hat Enterprise Linux servers.
  • Automate configuration and remediation with Ansible: Remediate configuration and security issues with Ansible Playbooks.
  • Protect data with LUKS and NBDE: Encrypt data on storage devices with LUKS and use NBDE to manage automatic decryption when servers are booted.
  • Restrict USB device access: Protect system from rogue USB device access with USBGuard
  • .Control authentication with PAM: Manage authentication, authorization, session settings, and password controls by configuring pluggable authentication modules (PAMs).
  • Record system events with audit: Record and inspect system events relevant to security, using the Linux kernel’s audit subsystem and supporting tools.
  • Monitor file system changes: Detect and analyze changes to a server’s file systems and their contents using AIDE.
  • Mitigate risk with SELinux: Improve security and confinement between processes by using SELinux and advanced SELinux techniques and analyses.
  • Manage compliance with OpenSCAP: Evaluate and remediate a server’s compliance with security policies by using OpenSCAP.
  • Automate compliance with Red Hat Satellite: Automate and scale your ability to perform OpenSCAP checks and remediate compliance issues using Red Hat Satellite.
  • Analyze and remediate issues with Red Hat Insights: Identify, detect, and correct common issues and security vulnerabilities with Red Hat Enterprise Linux systems by using Red Hat Insights.
  • Perform a comprehensive reviewReview the content covered in this course by completing hands-on review exercises.

Course Overview

Manage security of Red Hat Enterprise Linux systems deployed in bare-metal, virtual, and cloud environments

Red Hat Security: Linux in Physical, Virtual, and Cloud (RH415) is designed for security administrators and system administrators who need to manage the secure operation of servers running Red Hat® Enterprise Linux®, whether deployed on physical hardware, as virtual machines, or as cloud instances.

This course is based on Red Hat Enterprise Linux 7.5, Red Hat Satellite 6.3, Red Hat Ansible® Engine 2.5, Red Hat Ansible Tower 3.2, and Red Hat Insights.

Maintaining security of computing systems is a process of managing risk through the implementation of processes and standards backed by technologies and tools. In this course, you will learn about resources that can be used to help you implement and comply with your security requirements.

Course Objectives

This course is intended to develop the skills needed to reduce security risk and to implement, manage, and remediate compliance and security issues in an efficient way. The tools and techniques can be used to ensure that systems are configured and deployed in a way that meets security and compliance needs, that they continue to meet those requirements, and that all existing systems can be audited and remediations and changes consistently applied as those requirements are revised. This flexibility may help the business to efficiently reduce risk of security breaches, which have a high cost in business disruption, brand erosion, loss of customer and shareholder trust, and financial costs for post-incident remediation. In addition, the organization may be able to use the tools in this course to help demonstrate that compliance requirements set by customers, auditors, or other stakeholders have been met.

As a result of attending this course, you should be able to use security technologies included in Red Hat Enterprise Linux to manage security risk and help meet compliance requirements.

After completing this course you  should be able to demonstrate these skills:

  • Analyze and remediate system compliance using OpenSCAP and SCAP Workbench, employing and customizing baseline policy content provided with Red Hat Enterprise Linux.
  • Monitor security-relevant activity on your systems with the kernel’s audit infrastructure.
  • Explain and implement advanced SELinux techniques to restrict access by users, processes, and virtual machines.
  • Confirm the integrity of files and their permissions with AIDE.
  • Prevent unauthorized USB devices from being used with USBGuard.
  • Protect data at rest but provide secure automatic decryption at boot using NBDE.
  • Proactively identify risks and misconfigurations of systems and remediate them with Red Hat Insights.
  • Analyze and remediate compliance at scale with OpenSCAP, Red Hat Insights, Red Hat Satellite, and Red Hat Ansible Tower.

Course Content

Manage security and risk

  • Define strategies to manage security on Red Hat Enterprise Linux servers.

Automate configuration and remediation with Ansible

  • Remediate configuration and security issues with Ansible Playbooks.

Protect data with LUKS and NBDE

  • Encrypt data on storage devices with LUKS and use NBDE to manage automatic decryption when servers are booted.

Restrict USB device access

  • Protect system from rogue USB device access with USBGuard.

Control authentication with PAM

  • Manage authentication, authorization, session settings, and password controls by configuring pluggable authentication modules (PAMs).

Record system events with audit

  • Record and inspect system events relevant to security, using the Linux kernel’s audit subsystem and supporting tools.

Monitor file system changes

  • Detect and analyze changes to a server’s file systems and their contents using AIDE.

Mitigate risk with SELinux

  • Improve security and confinement between processes by using SELinux and advanced SELinux techniques and analyses.

Manage compliance with OpenSCAP

  • Evaluate and remediate a server’s compliance with security policies by using OpenSCAP.

Automate compliance with Red Hat Satellite

  • Automate and scale your ability to perform OpenSCAP checks and remediate compliance issues using Red Hat Satellite.

Analyze and remediate issues with Red Hat Insights

  • Identify, detect, and correct common issues and security vulnerabilities with Red Hat Enterprise Linux systems by using Red Hat Insights.

Perform a comprehensive review

  • Review the content covered in this course by completing hands-on review exercises.

Course Overview

Provide help to secure, centralized identity management services to coordinate user authentication and authorization with client systems, network services, and Windows domains.

Course Description

Red Hat Security: Identity Management and Authentication (RH362) provides the skills to configure and manage Identity Management (IdM), the comprehensive identity management component bundled with Red Hat Enterprise Linux. This course helps students to gain the skills with this technology most requested by customers.

Some topics covered in this course are central management and provisioning of user accounts; design and installation of IdM server topologies; operation of the integrated DNS and TLS Certificate Authority services; management of two-factor authentication, smart card authentication, and operation as a single-sign on provider; integration and management of two-way trusts with Active Directory; and troubleshooting and disaster recovery planning. Registration of Linux clients to IdM and operation in enterprise environments that use both Linux and Microsoft Windows clients and servers is discussed.

Note: This course is five days. Durations may vary based on the delivery. For full course details, scheduling, and pricing, select your location then “get started” on the right hand menu.


Course Content Summary

– Design an Identity Management topology for scale and resiliency.

– Describe key technologies used by IdM, including SSSD, PAM, Kerberos, and PKI.

– Install Identity Management (IdM) servers, replicas, and clients using Ansible Playbooks.

– Manage IdM services, including integrated DNS and CA.

– Configure and manage Kerberos authentication and secure services.

– Configure and manage TLS certificates.

– Create and manage a trust relationship with Microsoft Active Directory.

– Configure to help secure user authentication, including two-factor authentication and single sign-on.

– Configure and manage Sudo, HBAC, and RBAC policies.

– Manage secrets, vaults, certificates, and keys.

– Troubleshoot identity management.

– Integrate Satellite 6 and Red Hat Ansible Automation Platform with IdM.

– Configure IdM backup and recovery.

Course Objectives

Impact on the organization

Businesses will be able to integrate and centralize lifecycle management and security policy implementation and enforcement, and extend that consolidated management to additional enterprise configuration management products from the Red Hat portfolio, including Red Hat Ansible Automation Platform and Red Hat Satellite Server.

Impact on the individual

As a result of attending this course, you will gain an understanding of the architecture of an identity management realm and trusted relationships using both Identity Management in Red Hat Enterprise Linux and Microsoft Active Directory. You will be able to create, manage, and troubleshoot user management structures, security policies, local and remote secure access methods, and implementation technologies such as SSSD, Kerberos, PKI, and certificates.

Course Content

  1. Identity Management in Red Hat Enterprise Linux Introduce Identity Management in Red Hat Enterprise Linux (IdM) and its high-level architecture.
  2. Identity Management Core Technologies Review the core technologies of Identity Management (IdM) in Red Hat Enterprise Linux.
  3. Installing Identity Management in Red Hat Enterprise Linux Install Identity Management servers, replicas, and clients on Red Hat Enterprise Linux 9.
  4. Implementing an Identity Management Topology Implement continuous functionality and high availability of IdM services in single-site and geographically distributed topologies.
  5. Managing the CA and DNS Integrated Services Manage the Certificate Authority (CA) and the Domain Name System (DNS) services that are integrated with Identity Management.
  6. Managing Users and Controlling User Access Configure users for authorized access to services and resources.
  7. Configuring Alternative Authentication Services Configure and manage smart card authentication, secrets, and two-factor authentication.
  8. Integrating Identity Management with Active Directory Implement a cross-forest trust between Identity Management and Active Directory, and configure ID views to map POSIX attributes to Active Directory users.
  9. Integrating Identity Management with Red Hat Utilities Integrate an Identity Management deployment with Red Hat Satellite and Red Hat Ansible Automation Platform.
  10. Troubleshooting and Disaster Recovery Planning for IdM Troubleshooting and preparing for disaster recovery with Identity Management.
  11. Comprehensive Review Build a small, resilient Identity Management topology to include multiple replicas and clients, populated with multiple users, credentials, policies, and access rights.

Course Overview

Provide help to secure, centralized identity management services to coordinate user authentication and authorization with client systems, network services, and Windows domains.

Course Description

Red Hat Security: Identity Management and Authentication (RH362) provides the skills to configure and manage Identity Management (IdM), the comprehensive identity management component bundled with Red Hat Enterprise Linux. This course helps students to gain the skills with this technology most requested by customers.

Some topics covered in this course are central management and provisioning of user accounts; design and installation of IdM server topologies; operation of the integrated DNS and TLS Certificate Authority services; management of two-factor authentication, smart card authentication, and operation as a single-sign on provider; integration and management of two-way trusts with Active Directory; and troubleshooting and disaster recovery planning. Registration of Linux clients to IdM and operation in enterprise environments that use both Linux and Microsoft Windows clients and servers is discussed.

Note: This course is five days. Durations may vary based on the delivery. For full course details, scheduling, and pricing, select your location then “get started” on the right hand menu.


Course Content Summary

– Design an Identity Management topology for scale and resiliency.

– Describe key technologies used by IdM, including SSSD, PAM, Kerberos, and PKI.

– Install Identity Management (IdM) servers, replicas, and clients using Ansible Playbooks.

– Manage IdM services, including integrated DNS and CA.

– Configure and manage Kerberos authentication and secure services.

– Configure and manage TLS certificates.

– Create and manage a trust relationship with Microsoft Active Directory.

– Configure to help secure user authentication, including two-factor authentication and single sign-on.

– Configure and manage Sudo, HBAC, and RBAC policies.

– Manage secrets, vaults, certificates, and keys.

– Troubleshoot identity management.

– Integrate Satellite 6 and Red Hat Ansible Automation Platform with IdM.

– Configure IdM backup and recovery.

Course Objectives

Impact on the organization

Businesses will be able to integrate and centralize lifecycle management and security policy implementation and enforcement, and extend that consolidated management to additional enterprise configuration management products from the Red Hat portfolio, including Red Hat Ansible Automation Platform and Red Hat Satellite Server.

Impact on the individual

As a result of attending this course, you will gain an understanding of the architecture of an identity management realm and trusted relationships using both Identity Management in Red Hat Enterprise Linux and Microsoft Active Directory. You will be able to create, manage, and troubleshoot user management structures, security policies, local and remote secure access methods, and implementation technologies such as SSSD, Kerberos, PKI, and certificates.

Course Content

  1. Identity Management in Red Hat Enterprise Linux Introduce Identity Management in Red Hat Enterprise Linux (IdM) and its high-level architecture.
  2. Identity Management Core Technologies Review the core technologies of Identity Management (IdM) in Red Hat Enterprise Linux.
  3. Installing Identity Management in Red Hat Enterprise Linux Install Identity Management servers, replicas, and clients on Red Hat Enterprise Linux 9.
  4. Implementing an Identity Management Topology Implement continuous functionality and high availability of IdM services in single-site and geographically distributed topologies.
  5. Managing the CA and DNS Integrated Services Manage the Certificate Authority (CA) and the Domain Name System (DNS) services that are integrated with Identity Management.
  6. Managing Users and Controlling User Access Configure users for authorized access to services and resources.
  7. Configuring Alternative Authentication Services Configure and manage smart card authentication, secrets, and two-factor authentication.
  8. Integrating Identity Management with Active Directory Implement a cross-forest trust between Identity Management and Active Directory, and configure ID views to map POSIX attributes to Active Directory users.
  9. Integrating Identity Management with Red Hat Utilities Integrate an Identity Management deployment with Red Hat Satellite and Red Hat Ansible Automation Platform.
  10. Troubleshooting and Disaster Recovery Planning for IdM Troubleshooting and preparing for disaster recovery with Identity Management.
  11. Comprehensive Review Build a small, resilient Identity Management topology to include multiple replicas and clients, populated with multiple users, credentials, policies, and access rights.

Course Overview

Learn how to detect insider threats triggered by anomalous or malicious user behavior. Get ready to install, configure, and tune IBM Security® QRadar UBA and the Machine Learning app. Improve your skill to investigate user behavior with UBA and expand your threat detection capabilities across your network with the QRadar® Advisor with Watson app.

Virtual Learning

This interactive training can be taken from any location, your office or home and is delivered by a trainer. This training does not have any delegates in the class with the instructor, since all delegates are virtually connected. Virtual delegates do not travel to this course, Global Knowledge will send you all the information needed before the start of the course and you can test the logins.

Course Objectives

  • Analyze UBA concepts, such as the senseValue variable, risk scores, and the IBM Sense DSM.
  • Identify how QRadar rules are connected to UBA and how user information is imported into the app.
  • Install and configure the app, as well as the User Import tool and the the Machine Learning app.
  • Tune UBA settings to improve the application’s behavior and performance.
  • Analyze how UBA can help you detect and investigate insider threats.
  • Analyze how to use the UBA Dashboard.
  • Investigate how to detect malicious user behavior.

Course Content

Unit 1: Architecture and Overview

Unit 2: Setup

  • Installation
  • Configuration
  • User Import
  • Machine Learning configuration

Unit 3: Tuning

Unit 4: An overview to detecting and investigating insider threats

Unit 5: Student exercise