CI-640553
Implementing Cisco IOS Network Security: CCNA Security Training (Exam 640-553)
| AUD $857 |
Package Includes: |
|
Schedule our instructor led classroom training at your convenience and never miss another lecture or fall behind. You are in complete control. We have invited the Best Cisco Trainers in the industry to help us develop the ultimate training and certification program which includes everything you will need to fully prepare for the Cisco certification exams.
Cisco Certified Network Associate Security (CCNA® Security) affirms associate-level knowledge and skills required to secure Cisco networks. With CCNA Security certification, a network professional validates the skills required to develop a security infrastructure, recognize threats and vulnerabilities to networks, and mitigate security threats. The CCNA Security curriculum emphasizes core security technologies, the installation, troubleshooting and monitoring of network devices to maintain integrity, confidentiality and availability of data and devices, and competency in the technologies that Cisco uses in its security structure. Expert Trainer Kenneth Mayer - Certified CEH Trainer (CCSI, MCT, CCNP, CCDA) Ken Mayer is a Microsoft Certified Trainer as well as a Certified Ethical Hacker Trainer and Security consultant. He started his career in computer technology in 1980s. He has offered a wide variety of IT training and high level consulting projects for Fortune 500 companies across the United States and Western Europe. He has achieved the Certified Cisco Systems Instructor certification. The CCSI certification involved a two-day lab and observation event held on Cisco in Paris, France Facility. This gave Ken the accreditation to be able to deliver Cisco Authorized Courses as a CCSI. He has taught the full line of Cisco CCNA, CCDA, CCNP, CCDP and CCIP course curriculums, including Cisco's security appliances such as PIX and IDS. Course Features: * Main Menu Move through hours of in-depth content - quickly and easily due to the efficient and organized structure. * PowerPoint Utilizing PowerPoint presentations enhances the delivery by displaying a variety of visual information to the user. This type of representation allows the user to better interpret the material through charts, definitions, graphs, and more... * Controls Move forward, back, and repeat entire topics or just a section. A progress bar illuminates as you advance through exercises. * Full Motion Video All courses feature full-motion videos of instructors teaching the information as if they are speaking directly to you. Our unique delivery simulates a one-on-one classroom environment creating a more personal lesson and learning experience. * Study Guides Printable study guides for the entire course are available. This allows all material to be viewed, reviewed, and printed for viewing at a later date. * Review Exercises Each section has a review quiz to aid in the learning process by validating the comprehension of the material covered before moving on to a new section. * Resume All courses are resumed to where you left off last session allowing you to learn when it is convenient for you without the hassle of remembering where you where. * Live Demonstrations Demonstrations are a way for the instructor to show and tell the user how to perform a task by actually doing it on screen in front of them. In this format it gives the user the power to see things done by a professional in the intended environment as many times as they would like. * Certificate of Completion Career Academy is recognized worldwide for its technology-based IT training curriculums. Upon successful completion of our program, you will be receiving a Career Academy Distance Education Certificate of Completion. Course Outline Course Introduction Course Introduction Module 1 - Understanding Network Security Principles Understanding Network Security Principles Exploring Security Fundamentals Why Network Security is a Necessity Three Primary Goals of Network Security Confidentiality Integrity Availability Categorizing Data Data Classification Cont. Controls in a Security Solution Responding to a Security Incident Legal and Ethical Ramifications Understanding the Methods of Network Attacks Vulnerability Potential Attackers Classifying the Potential Hacker Categories of Attacks Mind-Set of the Attacker Defense in Depth Understanding IP Spoofing Session Hijacking Other IP Spoof Examples Defending the IP Spoofing Attack Understanding Confidentiality Attacks Confidentiality Attack Strategies Types of Attacks Best Practices Demo - MITM Attacks Module 1 Review Module 2 - Developing a Secure Network Developing a Secure Network Increasing Operations Security System Development Life Cycle Operations Security Overview Evaluating Network Security Baselining Finding Weakness in Security Risk Assessment Disaster Recovery Plans Disaster Recovery Constructing a Comprehensive Security Policy Security Policy Fundamentals Security Policy Components Security Policy Responsibilities Risk Analysis Factors Contributing to a Secure Network Creating a Cisco Self-Defending Network Evolving Security Threats Cisco Self-Defending Network Cisco Self-Defending Hierarchical Structure Cisco Security Manager Cisco Security MARS Cisco Integrated Security Products Module 2 Review Module 3 - Defending the Perimeter Defending the Perimeter ISR: Integrated Services Router Supported Routers ISR Enhanced Features Password Protecting a Router Privilege Levels Login Enhancements Cisco Security Device Overview Starting Cisco SDM and Cisco SDM Express Files Required to Run Cisco SDM from a Router Launching Cisco SDM Express Launching Cisco SDM Navigating the Cisco SDM Interface Cisco SDM Wizards in Configure Mode Configure Mode - Advanced Configuration Monitor Mode Preview Commands Enabling HTTP Secure-Server and Default Certificate URL/Certificate Identity Mismatch Demo - Password Protecting a Router Demo - Login Policies Demo - View Module 3 Review Module 4 - Configuring AAA Configuring AAA AAA Model-Network Security Architecture Implementing Cisco AAA Implementing Authentication Using Local Services Authenticating Router Access Router Local Authentication Configuration Steps Configuring User Accounts Using Cisco SDM Enabling and Disabling AAA Using Cisco SDM Enabling AAA Configuring AAA Authentication Using Cisco SDM Configuring AAA Authorization Using Cisco SDM Review of AAA CLI Commands Why Use Cisco Secure ACS? Cisco Secure ACS Cisco Secure ACS Features Cisco Secure ACS for Windows Cisco Secure ACS Solution Engine Cisco Secure ACS Express 5.0 Cisco Secure ACS View 4.0 TACACS+ and RADIUS AAA Protocols TACACS+ Overview RADIUS Overview TACACS+/RADIUS Comparison Cisco Secure ACS Prerequisites Cisco Secure ACS 4.1 Homepage Network Configuration Interface Configuration External Databases Windows Database Unknown User Policy Group Setup User Setup SDM Configuration Adding a AAA Server Creating a AAA Login Authentication Policy Applying an Authentication Policy Creating a AAA Exec Authorization Policy Creating a AAA Network Authorization Policy AAA Accounting Configuration AAA Configuration for TACACS+ Example Demo - AAA Authentication Demo - Authentication Servers Demo - ACS Server Module 4 Review Module 5 - Securing the Router Securing the Router Locking Down the Router Vulnerable Router Services and Interfaces Management Service Vulnerabilities Locking Down a Router Using Cisco AutoSecure Security Audit Home Page Performing a Security Audit Performing a One-Step Lockdown Using Secure Management and Reporting Secure Management and Reporting Architecture Secure Management and Reporting Guidelines Configuring Syslog Support Syslog Severity Levels SNMPv1 and SNMPv2 Architecture Community Strings SNMPv3 Architecture Secure Shell SSH v1 vs. v2 Enabling Syslog Logging Using Logs to Monitor Network Security Enabling SNMP with Cisco SDM SNMP Trap Receiver Enabling SSH Using Cisco SDM VTY Settings Demo - Router Hardening Module 5 Review Module 6 - Securing Layer 2 Devices Securing Layer 2 Devices Defending against Layer 2 attacks Why Worry About Layer 2 Security? Domino Effect Basic Approaches to Protecting Layer 2 Switches Inspection Options VLAN Hopping Double Tagging Mitigating VLAN Hopping Network Attacks Double Tagging Defense STP PortFast Root Guard Verifying BPDU Guard BPDU Guard CAM Table Overflow Spoofing MAC Address Configuring Port Security Configuring Port Security Aging Port Security Example Cisco Identity Based Networking Services 802.1x Configuring the Authentication Server Configuring Authentication and the Interface Demo - Layer 2 Security Module 6 Review Module 7 - Implementing Endpoint Security Implementing Endpoint Security Examining Endpoint Security Software Security Concepts Operating System Vulnerabilities Application Vulnerabilities Input Validation Buffer Overflow Types of Buffer Overflows Worms, Viruses, and Trojan Horses Anatomy of a Worm Attack Securing Endpoints with Cisco Technologies IronPort Perimeter Security Appliances IronPort E-Mail Security Appliance IronPort Web Security Appliance Cisco NAC Products NAC Framework Cisco NAC Appliance Overview - Components Cisco NAC Appliance Overview Cisco Security Agent Architecture Application, Kernel, and Interceptors Cisco Security Agent Interceptors Cisco Security Agent Attack Response Operating System Guidelines Application Guidelines Module 7 Review Module 8 - Providing SAN Security Providing SAN Security Overview of SAN Operations Benefits of SAN Usage SAN Basics Logical Unit Number (LUN) Masking World Wide Names Fibre Channel Fabric Zoning Virtual SANs SAN Security Scope SAN Management Threats Fabric and Target Access Threats Target Access Security - Zoning IP Storage and Transmission Security Module 8 Review Module 9 - Exploring Secure Voice Solutions Exploring Secure Voice Solutions Defining VoIP The Need for VoIP VoIP Components Major VoIP Protocols Threats to IP Telephony Endpoints Spam over IP Telephony SPIT Example Fraud SIP Vulnerabilities Separate Voice VLAN Protect IP Telephony with Firewalls Protect IP Telephony with VPNs Protect IP Telephony Endpoints Protect IP Telephony Servers Module 9 Review Module 10 - Exploring Firewall Technology Exploring Firewall Technology Cisco IOS Zone-Based Policy Firewall Firewall History Traditional Stateful Inspection ACLs Types of IP ACLs Basics of the ACL Applying the ACL ACL Configuration Guidelines Wildcard Bits - How to Check the Corresponding Address Bits Numbered Standard IPv4 ACL Configuration Applying Standard ACLs to Control vty Access Numbered Extended IPv4 ACL Configuration Established Command Displaying ACLs Zone-Based Policy Firewall Benefits of Zone-Based Policy Firewall Zone-Based Policy Firewall Actions Zone-Based for Application Traffic Zone-Based Policy Firewall Rules for Router Traffic Basic Firewall Configuration Wizard Basic Firewall Interface Configuration Applying Security Policy Finishing the Wizard Manually Configuring a Zone-Based Policy Firewall Define Zones Define Class Maps Define Policy Maps Assign Policy Maps to Zone Pairs Reviewing the Cisco IOS Zone-Based Policy Firewall Cisco IOS Zone-Based Firewall Policy Configuration Viewing the Firewall Log Monitoring the Cisco IOS Zone-Based Policy Firewall Advanced Inspection Options Demo - ACL Module 10 Review Module 11 - Using Cisco IOS IPS to Secure the Network Using Cisco IOS IPS to Secure the Network Examining IPS Technologies Types of IDS and IPS Sensors Sensors IPS Attack Responses Signatures Using Cisco SDM to Configure IPS IPS Policies Wizard IPS Config Location and Category IPS Policy Summary Setting Signature Severity Configuring Signature Actions Editing Signatures Using Cisco SDM Viewing SDEE Alarm Messages Viewing Syslog IPS Alarms Verifying IPS Policies Target Value Rating Event Action Overrides Event Action Filters Module 11 Review Module 12 - Designing a Cryptographic Solution Designing a Cryptographic Solution Introducing Cryptographic Services Cryptography Uses Yesterday and Today Cryptographic Definitions A Few More Definitions Historical Uses of Symmetric Cryptography Historical Uses of Symmetric Cryptography �V Hieroglyphics Historical Uses of Symmetric Cryptography �V Scytale Cipher Historical Uses of Symmetric Cryptography �V Substitution Cipher Caesar Cipher Example Historical Uses of Symmetric Cryptography �V Vigenere Cipher Polyalphabetic Substitution Vignere Cipher Historical Uses of Symmetric Cryptography �V Enigma Machine Historical Uses of Symmetric Cryptography �V Vernam Cipher Methods of Encryption Confusing Terms Comparison Secret Key Cryptography (Symmetric Key) Data Encryption Standard (DES) DES Modes 1/3 DES Modes 2/3 DES Modes 3/3 Triple DES Advanced Encryption Standard (AES) Rivest-Shamir-Adleman (RSA) Diffie-Hellman Key Exchange SSL Overview SSL Tunnel Establishment Cryptographic Attacks Module 12 Review Module 13 - Implementing Digital Signatures Implementing Digital Signatures Overview of Hash Algorithms and HMACs What Is a Hash Function? Hashing in Action Hashed Message Authentication Code HMAC in Action Message Digest 5 Secure Hash Algorithm 1 MD5 and SHA-1 Compared Hash and HMAC Best Practices Overview of Digital Signatures Digital Signatures in Action Digital Signature Example Digital Signature Standard Digital Signature Best Practices Module 13 Review Module 14 - Exploring PKI and Asymmetric Encryption Exploring PKI and Asymmetric Encryption Asymmetric Encryption Overview Asymmetric Encryption Algorithms Public Key Confidentiality Scenario Asymmetric Confidentiality Process Public Key Authentication Scenario Asymmetric Authentication Process RSA Algorithm RSA Digital Signatures RSA Usage Guidelines The DH Algorithm The DH Key Exchange Algorithm Trusted Third-Party Protocols Trusted Third-Party Example PKI Terminology and Components PKI Topologies - Single-Root CA PKI Topologies - Hierarchical CAs PKI Topologies - Cross-Certified CAs PKI and Usage Keys PKI Server Offload Overview of Standardization X.509v3 Public-Key Cryptography Standards Simple Certificate Enrollment Protocol Identity Management Using Digital Certificates and CAs Retrieving CA Certificates Certificate Enrollment Authentication Using Certificates Features of Digital Certificates and CAs Caveats of Digital Certificates and CAs Applications of Certificates Module 14 Review Module 15 - Building a Site-to-Site IPsec VPN Solution Building a Site-to-Site IPsec VPN Solution What is a VPN? Benefits of VPNs Site-to-Site VPNs Remote-Access VPNs Cisco IOS SSL VPN Cisco VPN Products Cisco VPN-Enabled IOS Routers Cisco ASA Adaptive Security Appliances VPN Clients Hardware-Based Encryption What is IPsec? IPsec Security Services Encryption Algorithms DH Key Exchange Data Integrity Authentication IPsec Advantages IPsec Versus SSL IPsec Security Protocols Authentication Header AH Authentication and Integrity Encapsulating Security Payload ESP Protocol Modes of Use - Tunnel Versus Transport Mode Tunnel Mode IPsec Framework Internet Key Exchange IKE Communication Negotiation Phases IKE Phase 1 First Exchange - IKE Policy Is Negotiated Second Exchange - DH Key Exchange Third Exchange - Authenticate Peer Identity IKE Phase 2 Site-to-Site IPsec VPN Site-to-Site IPsec Configuration Step 1: Ensure That ACLs Are Compatible with Ipsec Step 2: Create ISAKMP (IKE) Policies IKE Policy Negotiation Configure PSKs Site-to-Site IPsec Configuration— Phase 1 Step 3: Configure Transform Sets Transform Set Negotiation Purpose of Crypto ACLs Step 4: Create Crypto ACLs Using Extended ACLs Configure Symmetric Peer Crypto ACLs Crypto Map Parameters Step 5: Configure IPsec Crypto Maps Example: Crypto Map Commands Applying Crypto Maps to Interfaces Test and Verify Ipsec show crypto isakmp policy Command show crypto ipsec transform-set Command show crypto map Command show crypto ipsec sa Introducing the Cisco SDM VPN Wizard Interface Site-to-Site VPN Components Launching the Site-to-Site VPN Wizard Quick Setup Step-by-Step Setup Connection Settings IKE Proposals IPsec Transform Sets Option 1: Single Source and Destination Subnet Option 2: Using an ACL Review the Generated Configuration Test Tunnel Configuration and Operation Monitor Tunnel Operation Advanced Monitoring Troubleshooting Demo - IPSec Module 15 Review Course Closure |