Благодарим ви, че изпратихте вашето запитване! Един от членовете на нашия екип ще се свърже с вас скоро.
Благодарим ви, че направихте своята резервация! Един от членовете на нашия екип ще се свърже с вас скоро.
План на курса
VPN Fundamentals and Architecture
- VPN types: remote access, site-to-site, client-to-site
- VPN protocols comparison: WireGuard, OpenVPN, IPsec, SSTP
- Cryptographic foundations: symmetric and asymmetric encryption
- PKI and certificate management for VPNs
- Network architecture considerations for enterprise VPNs
WireGuard Protocol Deep Dive
- WireGuard design principles and architecture
- Cryptokey routing and endpoint management
- WireGuard vs traditional VPNs: performance and simplicity
- Protocol security analysis and formal verification
- Platform support and client availability
OpenVPN Architecture and Modes
- OpenVPN protocol overview: SSL/TLS-based VPN
- TUN vs TAP device modes
- UDP vs TCP transport considerations
- Layer 2 and Layer 3 VPN configurations
- OpenVPN cipher and HMAC configuration
- Legacy enterprise support requirements
WireGuard Server Deployment
- Linux kernel module installation and configuration
- WireGuard-tools and wg-quick utility
- Key generation and distribution strategies
- Server configuration: interfaces, peers, routing
- Multiple network support and routing tables
- High availability and load balancing setup
OpenVPN Server Deployment
- OpenVPN package installation
- Server configuration file creation
- Easy-RSA PKI setup and certificate generation
- TLS key generation for control channel security
- Client configuration templates
- Service integration and startup configuration
Client Configuration Management
- WireGuard client setup: Linux, Windows, macOS, mobile
- OpenVPN client configuration: OpenVPN Connect, Tunnelblick
- Configuration file generation and distribution
- QR code configuration for mobile devices
- Split tunneling configuration
- DNS leak prevention and configuration
Authentication and Authorization
- Certificate-based authentication (WireGuard and OpenVPN)
- LDAP/Active Directory integration with OpenVPN
- RADIUS authentication for enterprise integration
- Two-factor authentication integration (TOTP, hardware tokens)
- OAuth and SAML integration options
- Role-based access control implementation
Site-to-Site VPN Configuration
- Hub-and-spoke vs full mesh topologies
- WireGuard site-to-site with persistent keepalive
- OpenVPN site-to-site with shared keys and certificates
- Dynamic routing over VPN tunnels (BGP, OSPF)
- Failover and redundancy patterns
- NAT traversal and firewall traversal
Advanced WireGuard Features
- wg-easy and web-based management tools
- WireGuard with containers and Kubernetes
- WireGuard road warrior setup with roaming clients
- Pre-shared keys for additional security
- WireGuard in restricted network environments
- Multi-hop and cascading configurations
Advanced OpenVPN Features
- OpenVPN Access Server overview
- Client-specific configuration and CCD files
- Push configurations and routes to clients
- Irwins system and floating IPs
- Bridging and Ethernet over IP configurations
- Compression and performance tuning
- Plugins and scripting
Network Security and Firewall Integration
- Firewall rules for VPN servers
- iptables/nftables integration
- Traffic filtering and access control policies
- Kill switch implementation for clients
- Intrusion detection on VPN traffic
- DDoS protection for VPN endpoints
Monitoring and Logging
- WireGuard status and peer monitoring
- OpenVPN status and log analysis
- Connection tracking and user activity
- Prometheus/Grafana integration for VPN metrics
- Alerting on connection anomalies
- SIEM integration for security monitoring
Scalability and High Availability
- Load balancing VPN connections
- Active-passive and active-active HA configurations
- Session persistence and reconnection handling
- Geo-distributed VPN servers
- Capacity planning and performance testing
- Disaster recovery strategies
Management and Automation Tools
- Automated user provisioning and deprovisioning
- Configuration management (Ansible, Puppet, Chef)
- API-based management solutions
- Self-service portals for certificate management
- Policy-based deployment automation
Troubleshooting and Maintenance
- Common WireGuard issues and solutions
- OpenVPN troubleshooting methodology
- Connection debugging and packet capture
- Performance bottleneck identification
- Certificate and key management lifecycle
- Upgrade procedures and backward compatibility
Migration from Commercial VPNs
- Assessment of commercial VPN replacement candidates
- Migration planning and phased cutover
- User training and documentation
- Hybrid operation during transition
- Rollback strategies
- Lessons learned and best practices
Summary and Deployment Checklist
- Production deployment checklist
- Security hardening best practices
- Documentation requirements
- Ongoing maintenance considerations
Изисквания
- Understanding of TCP/IP networking and subnetting
- Experience with Linux system administration
- Knowledge of PKI and certificate concepts
- Familiarity with firewall and routing concepts
- Basic understanding of encryption and cryptographic principles
Audience
- Network Security Engineers
- System Administrators managing remote access
- DevOps Engineers building secure infrastructure
- IT Administrators responsible for workforce connectivity
21 Часове
Отзиви от потребители (2)
комункация, знания от опит, решаване на проблеми,
Marcin Walewski - Intel Technology Poland Sp. z o.o.
Курс - OpenStack Bootcamp
Машинен превод
Функцията виртуален работен плот в браузър беше доста хубава.
Mikael Karlsson - Polystar OSIX
Курс - OpenStack Architecture and Troubleshooting
Машинен превод
