Security courses on Networks and Systems

I’m teaching about security networks and systems every afternoon in Cáceres, Spain, where I’m speaking and showing about what I know and what I do in my job. I think, it’s being great because students are learning a lot of things about security, they ask everything that goes through their heads and even they participate to add knowledge to the group. It’s fantastic. We have already done two courses of 32 hours each, the first one was called Basic Security course on Networks and Systems and the second one was called Advanced Security course on Networks and Systems and I’m going to write about them today.

The first week was for Information Security Fundamentals and Information Security Plan where we started with security awareness, methodologies and tools. There are very different profiles on class like IT engineers, building engineers as well as electrical technicians thus security awareness was interesting to advise and warn about security risks with lots of examples, images and videos. On the other hand, we started playing with wireless security tools like Wiggle, Airodump-ng, Wireshark, etc where we see that everything is in the air as we also spoke about Bluetooth Security, SIEM and Event Correlation.

The second week, we finished the Basic Security course with Infrastructure Protection and Contingency Plan where we spoke about Antivirus, Application Control, Web Filtering, Antispam, IPS/IDS and we also deployed a virtual firewall as well as we configured FortiGate firewalls and pfSense firewalls. I think these lessons were useful because we made lots of firewall configurations where students learnt about what’s a network firewall and how firewall policies allow and deny traffic into a company. On the other hand, we were talking about Business Continuity and Disaster Recovery where I highlighted the ISO 22301 and COBIT 5.

We started the third week with the Advanced Security course where I spoke about Information Security Governance Fundamentals, Advanced Access Control Systems and Design and development of secure applications. Three units for one week where we spoke about COSO, balanced scorecard, ISO 38500, ISO 27000, ISO 20000, ITIL as well as web application concepts. However, the funny days were when we analysed HTTP headers with a web debugging proxy like Fiddler to learn about how to make our app safer with HTTP Security Policy. What’s more, they already knew about network firewalls thus it was time to introduce Web Application Firewalls with a basic SQL Injection attack and some basic SQL sentences over the MySQL engine.

Last week we finished the Advanced Security course with the last two units about Cryptography Fundamentals and Computer Security Regulations and Laws. The first unit was lively because each student configured a hardware firewall to make a LAN to LAN VPN and Dialup to Site VPN as well as SSL VPN in tunnel mode and portal mode. Moreover, students learnt about Authentication, Confidentiality and Integrity along with Diffie Hellman algorithm, asymmetrical cryptography and symmetric cryptography. With regards to regulations and laws, we were talking about LOPD, ISO 27001, ENS and PCI-DSS.

Regards my friends and keep studying!!