CCNA Security Implementing Cisco IOS Network Security (IINS) v3
CLASS DATE(s):
Request a Class

COURSE LENGTH: 5 Days

COURSE COST: $3295

COURSE TIMES: 9:00am - 5:00pm

Printable version of this course
print

COURSE OVERVIEW

Implementing Cisco Network Security (IINS) v3.0 is a 5-day instructor-led course focusing on security principles and technologies, using Cisco security products to provide hands-on examples. Using instructor-led discussions, extensive hands-on lab exercises, and supplemental materials, this course allows learners to understand common security concepts, and deploy basic security techniques utilizing a variety of popular security appliances within a real-life network infrastructure.

AUDIENCE AND PREREQUISITES

Who Should Attend Channel Partner / Reseller Customer Employee The knowledge and skills that a learner must have before attending this course are as follows:

  • Skills and knowledge equivalent to those learned in Interconnecting Cisco Networking Devices Part 1 (ICND1).
  • Working knowledge of the Windows operating system.
  • Working knowledge of Cisco IOS networking and concepts.
The knowledge and skills that a learner must have before attending this course are as follows:

Skills and knowledge equivalent to those learned in Interconnecting Cisco Networking Devices Part 1 (ICND1)
Working knowledge of the Windows operating system
Working knowledge of Cisco IOS networking and concepts

PREREQUISITE COURSES  

*Course Cost listed does not include the cost of courseware, required in your registration. Please refer to your Invoice for the additional cost. If you have any questions, please contact us (learn@vtec.org or 207-775-0244). This course is subject to a minimum enrollment to run the course. This course may run as a virtual instructor led class if the minimum enrollment is not met.

COURSE TOPICS:


Course Objectives
Describe common network security concepts
Secure routing and switching infrastructure
Deploy basic authentication, authorization and accounting services
Deploy basic firewalling services
Deploy basic site-to-site and remote access VPN services
Describe the use of more advanced security services such as intrusion protection, content security and identity management

Module 1: Security Concepts
Lesson 1: Threatscape
DoS and DDoS, Spoofing
Reflection and Amplification Attacks
Social Engineeringm Evolution of Phishing
Password Attacks, Reconnaissance Attacks
Buffer Overflow Attacks, Man-in-the-Middle Attacks
Malware, Vectors of Data Loss and Exfiltration, Hacking Tools
Lesson 2: Threat Defense Technologies, Firewalls, Intrusion Prevention Systems, VPNs, Endpoint Security, Logging
Lesson 3: Security Policy and Basic Security Architectures- Information Security Overview, Classifying Assets, Vulnerabilities, and Countermeasures, Managing Risk, Regulatory Compliance, Principles,
Lesson 4: Cryptographic Technologies - Cryptography Overview, Hash Algorithms, Encryption Overview, Cryptanalysis, Symmetric Encryption Algorithms, Asymmetric Encryption Algorithms,
Use Case: SSH, Digital Signatures, PKI Overview, PKI Operations, Use Case: SSL/TLS, Key Management, Discovery 1: Exploring Cryptographic Technologies
Lesson 5: Module Summary, References, Lesson 6: Module Self-Check

Module 2: Secure Network Devices
Lesson 1: Implementing AAA, Introduction to AAA, AAA Databases, AAA Protocols, AAA Servers
SSH Configuration and Operation on IOS, IOS Authorization with Privilege Levels
Implementing Local AAA Authentication and Authorization, Authorization with Role-Based CLI, TACACS+ on IOS, Discovery 2: Configure and Verify AAA
Lesson 2: Management Protocols and Systems - IOS File System, Copying Files to and from Network Devices
Validating IOS Images Using MD5, Digitally Signed Images, IOS Resilient Configuration, NTP, Syslog
Memory and CPU Threshold Notifications, Netflow, Configuration Management Protocol Options
HTTPS Configuration and Operation, SNMPv3 Configuration and Operation
Locking Down Management Access with ACLs, Other Password Considerations, Discovery 3: Configuration Management Protocols
Lesson 3: Securing the Control Plane - The Control Plane, Control Plane Policing
Control Plane Protection, Authenticating Routing Protocols, OSPF Route Authentication, EIGRP Route Authentication, Discovery 4: Securing Routing Protocols
Lesson 4: Module Summary - References
Lesson 5: Module Self-Check

Module 3: Layer 2 Security
Lesson 1: Securing Layer 2 Infrastructure - Introduction to Layer 2 Security
Ethernet Switching Overview, VLAN Overview, VLAN Configuration
802.1Q Trunking, Trunk Attacks, Trunk Configuration and Attack Mitigation, CDP, ACL Primer, ACLs on Switches
MAC Address Abuse, Port Security, Private VLANs, Private VLAN Edge, Discovery 5: VLAN Security and ACLs on Switches, Discovery 6: Port Security and Private VLAN Edge
Lesson 2: Securing Layer 2 Protocols - STP Overview, STP Attacks, STP Attack Mitigation
DHCP Overview, DHCP Attacks, DHCP Snooping
ARP Overview, ARP Cache Poisoning Attack, Dynamic ARP Inspection,
Discovery 7: Securing DHCP, ARP, and STP
Lesson 3: Module Summary
References
Lesson 4: Module Self-Check

Module 4: Firewall
Lesson 1: Firewall Technologies - Firewall Overview,
Packet Filters, Stateful Firewalls, Proxy Servers, Next Generation Firewalls, Logging, Discovery 8: Explore Firewall Technologies
Lesson 2: Introducing the Cisco ASA v9.2
Introducing the Cisco ASA Family of Security Appliances, Cisco ASA Firewall Features, Modes of Deployment, v, High-Availability and Failover,
Configuring Management Access on the Cisco ASA, Configuring Cisco ASA Interfaces,
NAT Fundamentals, Configure NAT on Cisco ASA, Configure Static NAT on Cisco ASA
Configure Dynamic NAT on Cisco ASA, Configure PAT on Cisco ASA,
Configure Policy NAT on Cisco ASA, Verify NAT Operations, Discovery 9: Cisco ASA Interfaces and NAT
Lesson 3: Cisco ASA Access Control and Service Policies, Overview of Interface Access Rules, Configure Interface Access Rules, Configure Object Groups
Introducing Cisco ASA Modular Policy Framework, Configuring Cisco MPF Service Policy Rules, Discovery 10: Access Control Using the Cisco ASA
Lesson 4: Cisco IOS Zone Based Firewall, Zone-Based Policy Firewall Overview, Zones and Zone Pairs
Introduction to Cisco Common Classification Policy Language, Default Policies, Traffic Flows, and Zone Interaction, Cisco Common Classification Policy Language (C3PL) Configuration Overview

.
Configuring Zone-Based Policy Firewall Class-Maps
Configuring Zone-Based Policy Firewall Policy-Maps
Discovery 11: Exploring Cisco IOS Zone-Based Firewall
Lesson 5: Module Summary
References
Lesson 6: Module Self-Check

Module 5: VPN
Lesson 1: IPsec Technologies - IPsec VPNs, IPsec Security Services, IPsec Framework , Internet Key Exchange
IKE Phase 1, ISAKMP Configuration, IPsec Protocols, IKE Phase 2, IPsec Configuration, Suite B Cryptographic Standard, IKE Version 2, IPsec with IPv6, Discovery 12: Explore IPsec Technologies
Lesson 2: Site-to-Site VPN - Site-to-Site Tunnel Negotiation Process, Configuring Site-to-Site IPsec VPN, Step 1: Ensure That ACLs Are Compatible with IPsec, Step 2: Create ISAKMP IKE Phase 1
Policies, Step 3: Configure Transform Sets.
Step 4: Create Crypto ACLs Using Extended ACLs
Step 5: Configure IPsec Crypto Maps
Verifying the IPsec Configuration, Configuring Site-to-Site VPN on Cisco ASA, Monitoring Site-to-Site VPN Configuration in ASDM
Discovery 13: IOS-Based Site-to-Site VPN,
Lesson 3: Client Based Remote Access VPN, Secure Sockets Layer and Transport Layer Security, Basic Cisco AnyConnect SSL VPN, Cisco AnyConnect SSL VPN Solution Components,
SSL VPN Server Authentication, SSL VPN Client Authentication, SSL VPN Client IP Address Assignment, Basic AnyConnect SSL VPN Configuration Tasks, Discovery 15: Remote Access VPN: ASA and AnyConnect
Lesson 4: Clientless Remote Access VPN, Cisco Clientless SSL VPN and Use Cases
Cisco Clientless SSL VPN Resource Access Methods and Solution, Server Authentication in Basic Clientless SSL VPN

.
Client-Side Authentication in Basic Clientless SSL VPN, Clientless SSL VPN URL Entry and Bookmarks,
Basic Access Control for Clientless SSL VPN
Basic Clientless SSL VPN Configuration Tasks
Discovery 16: Clientless Remote Access VPN
Lesson 5: Module Summary, References
Lesson 6: Module Self-Check

Module 6: Advanced Topics
Lesson 1: Intrusion Detection and Protection
Introduction to IPS, IPS Terminology, Evasion Techniques and Countermeasures, Protecting the Network with FireSIGHT
FireSIGHT Protection Before an Attack, and During an Attack
FireSIGHT Protection After an Attack, FireSIGHT Deployment Options
Inline and Passive Mode Deployment Options
Lesson 2: Endpoint Protection - Endpoint Security Overview
Personal Firewalls, Antivirus and Antispyware, Centralized Endpoint Policy Enforcement, Cisco AMP for Endpoints
Lesson 3: Content Security, Cisco ESA Deployment, Overview, Features and Benefits
Cisco ESA GUI Management, Mail Processing,Cisco WSA Deployment and Overview
Cisco WSA Features and Benefits, Cisco WSA GUI Management
Cisco CWS Deployment, Cisco CWS Overview, Cisco CWS Features and Benefits
Lesson 4: Advanced Network Security Architectures, Modular Network Architectures, Security Issues in Modern Networks

.
Identity Management, BYOD Challenge, Cisco TrustSec
Lesson 5: Module Summary, References
Lesson 6: Module Self-Check
Lab 1: Configure AAA and Secure Remote Administration
Lab 2: Configure Secure Network Management Protocols
Lab 3: Configure Secure EIGRP Routing
Lab 4: Configure Secure Layer 2 Infrastructure
Lab 5: Configure DHCP Snooping and STP Protection
Lab 6: Configure Interfaces and NAT on the Cisco ASA
Lab 7: Configure Network Access Control with the Cisco ASA
Lab 8: Configure Site-to-Site VPN on IOS
Lab 9: Configure AnyConnect Remote Access VPN on ASA
Lab 10: Configure Clientless SSL VPN on the ASA