secure networking with PF firewall
The PF firewall is one of the most powerfull open-source firewall systems. PF is part of OpenBSD, NetBSD and FreeBSD (incl. kGNU/FreeBSD via Debian) and since version 10.7 'Lion' also part of MacOS X.
This training give an introduction into building firewall systems using the 'pf' firewall system. Included in the training are advanced topics such as redunant firewall-cluster and load-balancing.
The training covers the use of the pf-firewall in IPv4 and IPv6 networks.
Trainer und Dozenten
The trainer, Carsten Strotmann, has more than 15 years experience in working with Linux/Unix and DNS in TCP/IP networks. Carsten Strotmann designs, implements and operates firewall systems using commercial- and open-source software since 1997.
Voraussetzungen
This training is designed for system administrators with experience and knowledge on Unix/Linux/BSD-Unix system administration and IP networking (IPv4 or IPv6).
Almost all topics listed below will be covered in hands-on exercises during the training. Every attendee can follow on his/her own laptop or can use the laptops provided. Please be aware that experience with Unix/Linux is required to follow along with some of the advanced exercises.
The required network knowledge can be learned in the
- TCP/IP training.
The system administration knowledge can be gained from
.Inhalt
the history of the pf firewall
firewall overview
- Packet Filter
- Application Level Gateway
- Stateful Packet Inspection
- State-Table in firewalls
use-cases for firewall systems
- perimeter firewall
- internal firewall
- host-firewall
the pf-firewall on different operating systems
- OpenBSD
- NetBSD
- FreeBSD
- MacOS X
pf-firewall basics
- enable the pf-firewall
- a simple ruleset for a host-firewall
- flushing and loading of firewall rules
- pf-firewall logging (pflog)
- macros and lists in the firewall ruleset
- how to write a readable ruleset
- firewall ruleset documentation
- Block Policy: 'drop' or 'return'
- tagging -- marking network packets
IPv4 filter
- ICMPv4
- FTP
- Network Address Translation (NAT)
- Routing protocols
IPv6 filter
- ICMPv6
- IPv6 multicast
dynamic rulesets
- dynamic adapting firewall rules
- the 'tables' datastructure
load-balancing and quality of service
- load-balancing of incoming traffic to a cluster of servers
- denial-of-service attack mitigation
- DNS load-balancing
PF-firewall high availability
- state-table sync with a firewall-cluster
- the CARP-protocol
- Updating a firewall cluster
transparent proxy
- spamfilter with PF-Firewall
- transparent HTTP-Proxy
- authenticating users to the firewall
PF-Firewall monitoring
- Monitoring tools
- Alarm on attacks
- Reporting
- network traffic accounting
PF-Firewall tricks
- filter based on operating-systems (OS-Fingerprinting)
- Port-Knocking
- Packet Filter
- Application Level Gateway
- Stateful Packet Inspection
- State-Table in firewalls
use-cases for firewall systems
- perimeter firewall
- internal firewall
- host-firewall
the pf-firewall on different operating systems
- OpenBSD
- NetBSD
- FreeBSD
- MacOS X
pf-firewall basics
- enable the pf-firewall
- a simple ruleset for a host-firewall
- flushing and loading of firewall rules
- pf-firewall logging (pflog)
- macros and lists in the firewall ruleset
- how to write a readable ruleset
- firewall ruleset documentation
- Block Policy: 'drop' or 'return'
- tagging -- marking network packets
IPv4 filter
- ICMPv4
- FTP
- Network Address Translation (NAT)
- Routing protocols
IPv6 filter
- ICMPv6
- IPv6 multicast
dynamic rulesets
- dynamic adapting firewall rules
- the 'tables' datastructure
load-balancing and quality of service
- load-balancing of incoming traffic to a cluster of servers
- denial-of-service attack mitigation
- DNS load-balancing
PF-firewall high availability
- state-table sync with a firewall-cluster
- the CARP-protocol
- Updating a firewall cluster
transparent proxy
- spamfilter with PF-Firewall
- transparent HTTP-Proxy
- authenticating users to the firewall
PF-Firewall monitoring
- Monitoring tools
- Alarm on attacks
- Reporting
- network traffic accounting
PF-Firewall tricks
- filter based on operating-systems (OS-Fingerprinting)
- Port-Knocking
- OpenBSD
- NetBSD
- FreeBSD
- MacOS X
pf-firewall basics
- enable the pf-firewall
- a simple ruleset for a host-firewall
- flushing and loading of firewall rules
- pf-firewall logging (pflog)
- macros and lists in the firewall ruleset
- how to write a readable ruleset
- firewall ruleset documentation
- Block Policy: 'drop' or 'return'
- tagging -- marking network packets
IPv4 filter
- ICMPv4
- FTP
- Network Address Translation (NAT)
- Routing protocols
IPv6 filter
- ICMPv6
- IPv6 multicast
dynamic rulesets
- dynamic adapting firewall rules
- the 'tables' datastructure
load-balancing and quality of service
- load-balancing of incoming traffic to a cluster of servers
- denial-of-service attack mitigation
- DNS load-balancing
PF-firewall high availability
- state-table sync with a firewall-cluster
- the CARP-protocol
- Updating a firewall cluster
transparent proxy
- spamfilter with PF-Firewall
- transparent HTTP-Proxy
- authenticating users to the firewall
PF-Firewall monitoring
- Monitoring tools
- Alarm on attacks
- Reporting
- network traffic accounting
PF-Firewall tricks
- filter based on operating-systems (OS-Fingerprinting)
- Port-Knocking
- ICMPv4
- FTP
- Network Address Translation (NAT)
- Routing protocols
IPv6 filter
- ICMPv6
- IPv6 multicast
dynamic rulesets
- dynamic adapting firewall rules
- the 'tables' datastructure
load-balancing and quality of service
- load-balancing of incoming traffic to a cluster of servers
- denial-of-service attack mitigation
- DNS load-balancing
PF-firewall high availability
- state-table sync with a firewall-cluster
- the CARP-protocol
- Updating a firewall cluster
transparent proxy
- spamfilter with PF-Firewall
- transparent HTTP-Proxy
- authenticating users to the firewall
PF-Firewall monitoring
- Monitoring tools
- Alarm on attacks
- Reporting
- network traffic accounting
PF-Firewall tricks
- filter based on operating-systems (OS-Fingerprinting)
- Port-Knocking
- dynamic adapting firewall rules
- the 'tables' datastructure
load-balancing and quality of service
- load-balancing of incoming traffic to a cluster of servers
- denial-of-service attack mitigation
- DNS load-balancing
PF-firewall high availability
- state-table sync with a firewall-cluster
- the CARP-protocol
- Updating a firewall cluster
transparent proxy
- spamfilter with PF-Firewall
- transparent HTTP-Proxy
- authenticating users to the firewall
PF-Firewall monitoring
- Monitoring tools
- Alarm on attacks
- Reporting
- network traffic accounting
PF-Firewall tricks
- filter based on operating-systems (OS-Fingerprinting)
- Port-Knocking
- state-table sync with a firewall-cluster
- the CARP-protocol
- Updating a firewall cluster
transparent proxy
- spamfilter with PF-Firewall
- transparent HTTP-Proxy
- authenticating users to the firewall
PF-Firewall monitoring
- Monitoring tools
- Alarm on attacks
- Reporting
- network traffic accounting
PF-Firewall tricks
- filter based on operating-systems (OS-Fingerprinting)
- Port-Knocking
- Monitoring tools
- Alarm on attacks
- Reporting
- network traffic accounting
PF-Firewall tricks
- filter based on operating-systems (OS-Fingerprinting)
- Port-Knocking
Kurszeiten
Wer möchte, reist bis 22 Uhr am Vortag an und nutzt den Abend bereits zum Fachsimpeln am Kamin oder im Park.
An Kurstagen gibt es bei uns ab 8 Uhr Frühstück.
Unsere Kurse beginnen um 9 Uhr und enden um 18 Uhr.
Neben den kleinen Pausen gibt es eine Stunde Mittagspause mit leckerem, frisch in unserer Küche zubereitetem Essen.
Nach der Schulung anschließend Abendessen und Angebote für Fachsimpeln, Ausflüge uvm. Wir schaffen eine Atmosphäre, in der Fachleute sich ungezwungen austauschen. Wer das nicht will, wird zu nichts gezwungen und findet auch jederzeit Ruhe.