R. L. Geant
R. C. NetDev
IPsec training course contents
What is IPsec?
How to spell IPsec, IPsec is IP security, confidentiality, integrity, authenticity, replay protection, what is a VPN? Network layer security, IPsec and IPv4, IPsec and IPv6, the suite of protocols, the standard, IPsec RFCs, IPsec history.
Hands on: Analysis of “normal” IP packets.
The IPsec protocols, AH vs ESP, Why two headers? transport mode, tunnel mode, Remote access VPNs, site to site VPNs, security associations, SA database, Security Parameters Index, implementations: Host tack, Bump in the Stack, Bump in the Wire.
Hands on: Configuring IPsec.
What AH does, the stack, The AH header, What is authenticated? Device authentication. AH in transport mode, AH in tunnel mode.
Hands on: AH packet analysis.
What ESP does, the ESP header, ESP in transport mode, ESP in tunnel mode, ESP and SA, ESP and SPI.
Hands on: ESP packet analysis, policy configuration.
IPsec is a framework, standard algorithms, ESP keys, the role of IKE, key lifetimes, how IKE generates the keys, DES, 3DES, AES, cipher block chaining, counter mode, other encryption.
Hands on: Encryption configuration.
Authentication types, IPsec authentication, Authentication algorithms: MD5, keyed SHA-1, HMAC-MD5, HMAC-SHA-1, HMAC-RIPEMD, other authentication algorithms.
Hands on: Authentication configuration.
Internet Key Exchange, IKE and the SAD, the two phase negotiation, ISAKMP, ISAKMP header, pre shared keys, digital signatures, public key encryption, Diffie Hellman, proposals, counter proposals, nonces, identities, phase 1 negotiation: main mode, aggressive mode, base mode. Phase 2 negotiation: quick mode, new group mode.
Hands on: IKE packet analysis.
PFS, IKE and dynamic addresses, XAUTH, hybrid authentication, CRACK, ULA, PIC. User level authentication. IKE renegotiation, heartbeats.
Hands on: Troubleshooting IPsec.
The IKEv2 exchange, IKE_SA_INIT, IKE_AUTH, CREATE_CHILD_SA, IKEv2 packets, the informational exchange. Comparing IKev1 vs IKE v2. Hands on: IKEv2 configuration and analysis.
What is PKI?, Digital certificates, Certificate authorities, CA servers, RA, VA, certificates, CA hierarchy, CRLs, certificate formats.
Hands on: installing and configuring certificate servers.
NAT, IPsec overhead and fragmentation.
IPsec strengths and weaknesses. Where to get further information.
Why Choose Us
SNT trainers score an average of over 90% on the three main areas of:
- Ability to teach
- Technical knowledge
- Answering questions
We limit our maximum class size to 8 delegates; often we have less than this. This ensures optimal interactivity between delegates and instructor.
"Excellent course. The small class size was a great benefit…" M.B. IBM
We write our own courses; courseware does not just consist of slides and our slides are diagrams not bullet point text. A typical chapter provides clearly defined objectives with a chapter overview, slides with text underneath, a quiz at the end to check the learning of the students. Hands on exercises are at the end and are used to reinforce the theory.