Workshop Details
Disclaimer: Training will be conducted subject to confirmation of a minimum 15 registrations otherwise it will be rescheduled
This is to inform you that, due to the ongoing receipt of nominations from various government organizations, the training has been rescheduled to next week to accommodate all potential participants. We appreciate your understanding and will share the updated schedule shortly.
Workshop Name:
Comprehensive Training Course on Linux OS & Security: Week 1: Secure Mail & Web Hosting with Penetration Testing & Hardening
Secure Mail Server Setup & Configuration, Secure Web Hosting & DNS Configuration, Penetration Testing, Hardening & Troubleshooting
Organized By:
National Centre for Cyber Security - Air University, Islamabad
Date:
2nd - 4th May, 2025
Duration:
3 Days (20 Hours - Friday, Saturday, Sunday)
Mode of Training:
On-site
Targeted Audience:
IT Professionals & Students
Payment Category:
Paid
For Professionals:
PKR 25,000 (exclusive of tax)
For Students:
PKR 6,000 (AU Students), PKR 8,000 (Others) (exclusive of tax)
Entertainment:
Lunch with two tea breaks per day (Saturday & Sunday)
Technical Content to be Covered:
Installing & Configuring a Secure Mail Server (Postfix & Dovecot)
- Introduction to Secure Email Communication
- SMTP, IMAP, POP3 Protocols & Security Considerations
- Understanding TLS/SSL Encryption for Mail Security
- Installing & Configuring Postfix (MTA)
- Setting up Postfix on CentOS
- Configuring relay restrictions & SMTP authentication
- Implementing TLS for secure email transmission
- Installing & Configuring Dovecot (MDA)
- Setting up Dovecot for IMAP/POP3
- Enabling mailbox encryption & authentication
- User Authentication & Virtual Mailbox Domains
- Setting up virtual users & domains
- Integrating Postfix & Dovecot for seamless mail flow
Securing Mail Services & Webmail Setup
- SPF, DKIM, DMARC: Email Security & Anti-Spoofing
- Preventing email spoofing & phishing attacks
- Configuring SPF (Sender Policy Framework)
- Implementing DKIM (DomainKeys Identified Mail)
- Enforcing DMARC (Domain-based Message Authentication)
- Configuring Webmail Interface (
SquirrelMail
)
- Installing & securing
SquirrelMail
on Apache/Nginx
- Configuring authentication & TLS encryption
- Protecting Mail Server with
iptables
& Fail2Ban
- Setting firewall rules for SMTP, IMAP, POP3
- Blocking brute force attacks with Fail2Ban
- Testing Email Flow & Debugging Common Issues
- Sending & receiving email tests
- Checking mail logs for troubleshooting
Secure Web Hosting & DNS Server Configuration
- Installing & Configuring a Web Server (Apache/Nginx)
- Setting up a secure virtual host
- Enabling HTTPS with Let's Encrypt SSL
- Restricting access with firewall & security policies
- Configuring DNS Server for Mail & Web Hosting (BIND)
- Setting up authoritative DNS for mail & web domains
- Configuring A, MX, TXT, SPF, and CNAME records
- Content Security & Web Application Hardening
- Securing Apache/Nginx configurations
- Preventing directory listing, XSS, and SQL injection
Penetration Testing for Web & Mail Services
- Introduction to Penetration Testing & Vulnerability Assessment
- Understanding OWASP Top 10 Web Security Risks
- Email & Web Application Attack Vectors
- Penetration Testing Mail Servers (Postfix & Dovecot)
- Testing for open relays & spoofing vulnerabilities
- Checking SPF, DKIM & DMARC configurations
- Using Metasploit & Hydra for brute force testing
- Penetration Testing Web Servers (Apache/Nginx & SquirrelMail)
- Scanning for security vulnerabilities using Nmap & Nikto
- Testing for SQL injection, XSS, CSRF, and LFI/RFI
- Conducting stress tests & DoS simulations
- Logging, Monitoring, & Detecting Attacks
- Analyzing logs for security incidents (
/var/log/maillog
, /var/log/httpd/access_log
)
- Configuring automated alerts for suspicious activities
Security Hardening & Patch Management
- Hardening Linux OS for Web & Mail Security
- Disabling unnecessary services & restricting SSH access
- Enforcing SELinux
- Configuring strong password policies & access control
- Advanced
iptables
& Firewall Rules for Secure Hosting
- Setting up rules for mail, web, and DNS services
- Preventing DoS/DDoS attacks with rate limiting
- Patch Management & Vulnerability Mitigation
- Keeping web & mail server software up to date
- Applying security patches to prevent exploits
- Automating updates & security monitoring
- Final Security Audit & Best Practices Review
- Conducting a full security assessment
- Implementing industry best practices for hosting security
Key Takeaways:
- Deploy a secure mail server with Postfix & Dovecot
- Harden email security with SPF, DKIM, DMARC & encryption
- Set up secure web hosting with Apache/Nginx & DNS configuration
- Protect servers with iptables & OS-level hardening
- Conduct penetration testing & patch vulnerabilities in web & mail services
Disclaimer: Training will be conducted subject to confirmation of a minimum 15 registrations otherwise it will be rescheduled
Registration
Registration:
"Register Yourself"