Workshops & Trainings

Upcoming Workshop / Event Detials
mission

Workshop Details


Disclaimer: Training will be conducted subject to confirmation of a minimum 15 registrations otherwise it will be rescheduled

This is to inform you that, due to the ongoing receipt of nominations from various government organizations, the training has been rescheduled to next week to accommodate all potential participants. We appreciate your understanding and will share the updated schedule shortly.

Workshop Name:
Comprehensive Training Course on Linux OS & Security: Week 1: Secure Mail & Web Hosting with Penetration Testing & Hardening
Secure Mail Server Setup & Configuration, Secure Web Hosting & DNS Configuration, Penetration Testing, Hardening & Troubleshooting

Organized By:
National Centre for Cyber Security - Air University, Islamabad

Date:
2nd - 4th May, 2025

Duration:
3 Days (20 Hours - Friday, Saturday, Sunday)

Mode of Training:
On-site

Targeted Audience:
IT Professionals & Students

Payment Category:
Paid

For Professionals:
PKR 25,000 (exclusive of tax)

For Students:
PKR 6,000 (AU Students), PKR 8,000 (Others) (exclusive of tax)

Entertainment:
Lunch with two tea breaks per day (Saturday & Sunday)

Technical Content to be Covered:

Installing & Configuring a Secure Mail Server (Postfix & Dovecot)

  • Introduction to Secure Email Communication
    • SMTP, IMAP, POP3 Protocols & Security Considerations
    • Understanding TLS/SSL Encryption for Mail Security
  • Installing & Configuring Postfix (MTA)
    • Setting up Postfix on CentOS
    • Configuring relay restrictions & SMTP authentication
    • Implementing TLS for secure email transmission
  • Installing & Configuring Dovecot (MDA)
    • Setting up Dovecot for IMAP/POP3
    • Enabling mailbox encryption & authentication
  • User Authentication & Virtual Mailbox Domains
    • Setting up virtual users & domains
    • Integrating Postfix & Dovecot for seamless mail flow

Securing Mail Services & Webmail Setup

  • SPF, DKIM, DMARC: Email Security & Anti-Spoofing
    • Preventing email spoofing & phishing attacks
    • Configuring SPF (Sender Policy Framework)
    • Implementing DKIM (DomainKeys Identified Mail)
    • Enforcing DMARC (Domain-based Message Authentication)
  • Configuring Webmail Interface (SquirrelMail)
    • Installing & securing SquirrelMail on Apache/Nginx
    • Configuring authentication & TLS encryption
  • Protecting Mail Server with iptables & Fail2Ban
    • Setting firewall rules for SMTP, IMAP, POP3
    • Blocking brute force attacks with Fail2Ban
  • Testing Email Flow & Debugging Common Issues
    • Sending & receiving email tests
    • Checking mail logs for troubleshooting

Secure Web Hosting & DNS Server Configuration

  • Installing & Configuring a Web Server (Apache/Nginx)
    • Setting up a secure virtual host
    • Enabling HTTPS with Let's Encrypt SSL
    • Restricting access with firewall & security policies
  • Configuring DNS Server for Mail & Web Hosting (BIND)
    • Setting up authoritative DNS for mail & web domains
    • Configuring A, MX, TXT, SPF, and CNAME records
  • Content Security & Web Application Hardening
    • Securing Apache/Nginx configurations
    • Preventing directory listing, XSS, and SQL injection

Penetration Testing for Web & Mail Services

  • Introduction to Penetration Testing & Vulnerability Assessment
    • Understanding OWASP Top 10 Web Security Risks
    • Email & Web Application Attack Vectors
  • Penetration Testing Mail Servers (Postfix & Dovecot)
    • Testing for open relays & spoofing vulnerabilities
    • Checking SPF, DKIM & DMARC configurations
    • Using Metasploit & Hydra for brute force testing
  • Penetration Testing Web Servers (Apache/Nginx & SquirrelMail)
    • Scanning for security vulnerabilities using Nmap & Nikto
    • Testing for SQL injection, XSS, CSRF, and LFI/RFI
    • Conducting stress tests & DoS simulations
  • Logging, Monitoring, & Detecting Attacks
    • Analyzing logs for security incidents (/var/log/maillog, /var/log/httpd/access_log)
    • Configuring automated alerts for suspicious activities

Security Hardening & Patch Management

  • Hardening Linux OS for Web & Mail Security
    • Disabling unnecessary services & restricting SSH access
    • Enforcing SELinux
    • Configuring strong password policies & access control
  • Advanced iptables & Firewall Rules for Secure Hosting
    • Setting up rules for mail, web, and DNS services
    • Preventing DoS/DDoS attacks with rate limiting
  • Patch Management & Vulnerability Mitigation
    • Keeping web & mail server software up to date
    • Applying security patches to prevent exploits
    • Automating updates & security monitoring
  • Final Security Audit & Best Practices Review
    • Conducting a full security assessment
    • Implementing industry best practices for hosting security

Key Takeaways:

  • Deploy a secure mail server with Postfix & Dovecot
  • Harden email security with SPF, DKIM, DMARC & encryption
  • Set up secure web hosting with Apache/Nginx & DNS configuration
  • Protect servers with iptables & OS-level hardening
  • Conduct penetration testing & patch vulnerabilities in web & mail services

Disclaimer: Training will be conducted subject to confirmation of a minimum 15 registrations otherwise it will be rescheduled

Registration

Registration:
"Register Yourself"             

Trainer Profile:

Rao Nazar Iqbal

Accomplished IT professional with over 25 years of extensive experience in operating systems, networking, and cybersecurity. A proven track record of designing, implementing, and managing secure IT infrastructures across diverse sectors, including industry, education, and government. Expertise in embedded systems, indigenous product development (firewalls, email systems, web systems), and internet domain management. Holds certifications in Red Hat, IBM, BSD, VMware, and Juniper technologies, with core competencies in system administration, network security, and secure communication protocols. Adept at leading cross-functional teams, driving innovation, and delivering robust, scalable, and secure IT solutions that align with organizational goals.