Service Hardening

Training location: Lõõtsa 12, Tallinn (Training is held in English)

Goals: to clarify various configuration security issues and practical aspects on hardening services.

Training in a nutshell: Service Hardening is about configuring services to reduce their attack surface. By combining various low priority configuration issues, an attacker may be able to gain access and even elevate in a system without leaving much traces behind. Training focuses on practices that can be applied to almost any service – without modifying the program code.

Keep in mind that hardening reduces attack surface, it does not make a system secure!

Target audience: developers, administrators, testers, security incident handlers and

anyone else who has to deal with creating or maintaining services.

The main topics covered are:

• Certificates - chain verification, extended key usage, status, transparency, CAA
• TLS - protocol versions, cipher suites, forward secrecy, CCA
• SSH - host keys and SSHFP, agent forwarding
• E-mail - DKIM, SPF, DMARC
• DNS - DoT/DoH, DNSSEC
• Logging - log tampering, creating meaningful logs

For each topic, first the theory is explained, based on this, the student will attack a service in a lab environment and finally, the student will harden that service to withstand such attack.

The results of the training:

• The main outcome is to help trainees understand different possible attacks that can be conducted towards services with default configuration.
• How to defend themselves against such threats and also the importance of logging certain data, so that resulting logs would be most beneficial when solving possible security incidents.

Length: 21 academic hours

Täienduskoolituse õppekavarühm: 0688 Informatsiooni- ja kommunikatsioonitehnoloogia interdistsiplinaarne õppekavarühm

The prerequisite for issuing the certificate is full participation in training.

Each training participant must bring his own laptop with a charger and, if necessary, other work-related equipment (mouse, etc.). The laptop must have a network cable slot or the ability to connect to a Wi-Fi network and a screen resolution of at least 1920x1080. All operating systems are suitable, the main thing is to have a remote desktop client (RDP).

The training price includes:

• educational materials;
• training;
• certificate.

As added value, we offer:

• warm drinks with cookies;

You can take part in the training with the Unemployment Insurance Fund training card.

We also recommend that you get acquainted with the in-service training grants offered by the Unemployment Insurance Fund to employers: the training allowance for employers and the reimbursement of the employee's training expenses to the employer.

Trainer: Mait Peekma

Pentester (networks, devices/hardware), trainer

Mait is a versatile pentester with extensive pentesting and stress-testing background in the banking sector. Mait joined the team in March 2012 and came from Swedbank security team where he was mostly involved with WebApps and network pentesting.

Mait is the author and trainer of our Service Hardening course.

Mait has a M.Sc (cum laude) in IT from Tallinn University of Technology. He wrote his Masters thesis about ZigBee wireless protocol security.