Course Detail
CCNA [Cisco Certified Network Associate]
[Download Outline]
CCNA Security Course Contents
Outline
- Building a Simple Network
- Establishing Internet Connectivity
- Managing Network Device Security
- Introducing IPv6 Building a Medium-Sized Network
- Troubleshooting Basic Connectivity Wide Area Networks
- Implementing an EIGRP-Based Solution
- Implementing a Scalable OSPF-Based Solution Network Device Management
Describe common security threats
- Common threats to the physical installation
- Mitigation methods for common network attacks
- Email-based threats
- Web-based attacks
- Mitigation methods for Worm, Virus, and Trojan Horse attacks
- Phases of a secure network lifecycle
- Security needs of a typical enterprise with a comprehensive security policy
- Mobile/remote security
- DLP
Security and Cisco Routers
Implement Security on Cisco routers
- CCP Security Audit feature
- CCP One-Step Lockdown feature
- Secure router access using strong encrypted passwords, and using IOS login enhancements, IPV6 security
- Multiple privilege levels
- Role-Based CLI
- Cisco IOS image and configuration files
Describe securing the control, data and management plane
Describe CSM
Describe IPv4 to IPv6 transition
- Reasons for IPv6
- Understanding IPv6 addressing
- Assigning IPv6 addresses
- Routing considerations for IPv6
AAA on Cisco Devices
Implement authentication, authorization, and accounting (AAA)
- 8.1.a AAA using CCP on routers
- 8.1.b AAA using CLI on routers and switches
- AAA on ASA
Describe TACACS+
Describe RADIUS
Describe AAA
- Authentication
- Authorization
- Accounting
Verify AAA functionality
IOS ACLs
Describe standard, extended, and named IP IOS ACLs to filter packets
- IPv4
- IPv6
- Object groups
- ACL operations
- Types of ACLs (dynamic, reflexive, time-based ACLs)
- ACL wild card masking
- Standard ACLs
- Extended ACLs
- Named ACLs
- VLSM
Describe considerations when building ACLs
- Sequencing of ACEs
- Modification of ACEs
Implement IP ACLs to mitigate threats in a network
- Filter IP traffic
- SNMP
- DDoS attacks
- CLI
- CCP
- IP ACLs to prevent IP spoofing
- VACLs
Secure Network Management and Reporting
Describe secure network management
- In-band
- Out of band
- Management protocols
- Management enclave
- Management plane
Implement secure network management
- SSH
- syslog
- SNMP
- NTP
- SCP
- CLI
- CCP
- SSL
Common Layer 2 Attacks
Describe Layer 2 security using Cisco switches
- STP attacks
- ARP spoofing
- MAC spoofing
- CAM overflows
- CDP/LLDP
Describe VLAN Security
- Voice VLAN
- PVLAN
- VLAN hopping
- Native VLAN
Implement VLANs and trunking
- VLAN definition
- Grouping functions into VLANs
- Considering traffic source to destination paths
- Trunking
- Native VLAN
- VLAN trunking protocols
- Inter-VLAN routing
Implement Spanning Tree
- Potential issues with redundant switch topologies
- STP operations
- Resolving issues with STP
Cisco Firewall Technologies
Describe operational strengths and weaknesses of the different firewall technologies
- Proxy firewalls
- Packet and stateful packet
- Application firewall
- Personal firewall
Describe stateful firewalls
- Operations
- Function of the state table
Describe the types of NAT used in firewall technologies
Implement Zone Based Firewall using CCP
Implement the Cisco Adaptive Security Appliance (ASA)
- NAT
- ACL
- Default MPF
- Cisco ASA sec level
Implement NAT and PAT
- Functions of NAT, PAT, and NAT Overload
- Translating inside source addresses
- 7.6.c Overloading Inside global addresses
Cisco IPS
Describe IPS deployment considerations
- SPAN
- IPS product portfolio
- Placement
- Caveats
Describe IPS technologies
- Attack responses
- Monitoring options
- Syslog
- SDEE
- Signature engines
- Signatures
- Global correlation and SIO
- Network-based
- Host-based
Configure Cisco IOS IPS using CCP
VPN Technologies
Describe the different methods used in cryptography
- Symmetric
- Asymmetric
- HMAC
- Message digest
- PKI
Describe VPN technologies
Describe the building blocks of IPSec
- IKE
- ESP
- AH
- Tunnel mode
- Transport mode
Implement an IOS IPSec site-to-site VPN with pre-shared key authentication
Verify VPN operations
Implement SSL VPN using ASA device manager
Practical Approach
- A real-time examples will be given throughout the lectures, starting from design, analysis, implementation and maintenance of network.
www.ict-trainings.com/curriculum/ccna-security-leaflet.pdf