Course Overview
The Cisco CCNA Security course provides a next step for individuals
who want to enhance their CCNA-level skill set and help meet the
growing demand for network security professionals. The course
provides an introduction to the core security concepts and skills
needed for the installation, troubleshooting, and monitoring of
network devices to maintain the integrity, confidentiality, and
availability of data and devices. CCNA Security helps prepare
students for entry-level security career opportunities and the
globally recognized Cisco CCNA Security certification.
Target Audience
Networking Professionals
and Internetworking Professionals
Prerequisites
CCNA Certification or equivalent experience.
Exam
640-553
Course Outline
1- Secure Cisco
routers
Cisco's Security
Device Manager (SDM)
Pre-installation
Configuration
Installing SDM
Launching and
Loading SDM
SDM Settings -
User Preferences
SDM Configure
Window
Additional Tasks
Tab
SDM Monitor Window
SDM in Internet
Explorer Problem
2-
Authentication, Authorization & Accounting (AAA)
What is AAA?
TACAS+ vs. RADIUS
TACAS+ and RADIUS
Configuration
Authentication
Configuration
No Authentication
Option
Telnet Login
Problem
Real World Not
About AAA Lists
Using AAA for
Privileged EXEC Mode and PPP
Accounting
Authorization
Configuring AAA
with SDM
3
-
Layer Two Security
Basic L2 Security
Features
Cisco Password
Rules Review
Preventing CAM
Overflow Attacks with Port Security
Port Security
Configuring Port
Security
Misconfiguring
Port Security
Aging Time for
Secure Addresses
Sticky Addresses
Configuring MAC
Table Event Notification
Dot1x Port-Based
Authentication
Cisco Lightweight
Extensible Authentication Protocol (LEAP)
Extensible
Authentiaction Protocol-Flexible Authentication via Secure Tunneling
(EAP-FAST)
Local SPAN
Configuration
Remote SPAN
Configuration
Filtering Intra-VLAN
Traffic
VLAN Access List (VACL)
Private VLAN
DHCP Snooping
Dynamic ARP
Inspection
IP Source Guard
MAC Address
Flooding Attacks
VLAN Hopping
Root Guard
BPDU Guard
4 - Layer Three Security
Configuring Enable
Password
Privileged Level
Password vs. Privleged Level Secret
Encrypting
Passwords
Strong Passwords
vs. Weak Passwords
Creating and
Testing Minimum Length Password Policy
"Salting" your MD5
Network Time
Protocol (NTP)
Configuring NTP
Master Time Source
Synchronizing
System Clocks
Configuring
Peering with NTP Peers Command
Other Clock
Commands
Telnet and SSH
Creating Banners
Different Types of
Network Attacks
Denial of Services
(DoS) Attack and SYN Flooding Attack
TCP Intercept
Defense
ICMP (Ping) Sweep,
Port Scan and Port Sweep
Ping of Death vs.
Invite of Death and Ping Floods
Smurf Attacks
Availability
Attacks: Don't Forget the Physical Layer!
IP Spoofing
IP Source Routing
Packet Sniffers
and Queries
Other
Confidentiality Attacks
Password Attacks
Salami Attack
Other Network
Attacks Types - Trust Exploitation
Superviews -
Role-Based CLI Views
AutoSecure
One-Step Lockdown.
Security Audit
NTP and SSH in SDM
Differences
Between SDM and AutoSecure
SNMP
Logging
Viruses and Worms
Cisco IOS Logging
Enhancements
Buffer Overflow
Cisco IOS
Resilient Configuration and Login Enhancements
exec-timeout
Command
5 - Implement the Cisco IOS IPS
feature set using SDM
Intrusion
Detection (IDS) vs. Intrusion Prevention (IPS)
Signatures and
Signature Types
NIPS and HIPS
Honeypots
Configuring IPS in
SDM
Editing IPS Rules
Editing Global
Settings
SDEE Message Logs
Viewing Signatures
Editing and
Deleting Signatures
Verifying Your IPS
Configuration
6 -Firewalls
Firewall Basics
Stateless and
Stateful Firewalls
Application Layer
Gateway (ALG)
The Cisco IOS
Firewall Feature Set Components
Authentication
Proxy
Plan for Firewall
Success Then Succeed!
ACL Review
Extended ACL
Review
Extended Access
Control Lists
Real-World ACL
Success Tips
Introduction to
Turbo ACLs
CBAC and "ip
inspect" command
Real-World Tips
and Best Practices
TCP and UDP Generic Inspection
Deep Pocket
Inspection (DPI)
Zone-Based
Firewall Configuration
Class Maps and
Policy Maps
Basic Zone
Commands
Configuring Zone
Pairs
Configuring
Firewall with SDM's Basic Firewall Wizard
Editing Firewall
with SDM
SDM's Advanced
Firewall Wizard
Watch Your
Directions - More Tips
ICMP Inspection
Final Note
7 - Cryptography and Virtual
Private Networks (VPNs)
Cryptography
Techniques
Asymmetric and
Symmetric Algorithms
RSA Algorithm
Diffie-Hellman
(DH)
A Word or Two
About SHA
What is VPN?
VPN Terminology
and Theory
Introduction to
PKI and the Certificate of Authority
Public Key
Cryptography Standards (PKCS)
Internet Key
Exchange (IKE)
Steps to Configure
Site-to-Site VPN
Configuring IKE
Policy Using Command Line
Policy Match
Criteria
Crypto ACLs
Mirror
Configuration
Creating Crypto
Map
Using SDM to
Configure Site-to-Site VPN
Generating Mirror
in SDM
Testing Our
Configuration
Verifying SDM
Configuration Using Command Line
The Return of
Generic Routing Encapsulation (GRE) Over IPSec
Using SDM to
Configure GRE over IPSec
8- Introduction to Voice and
SAN Security
Voice Over IP
Overview
Gateways and
Gatekeepers
VoIP Protocols
Typical VoIP
Attacks and Precautions
Introduction to
Storage Area Networking (SAN)
SAN Transport
Technologies and Protocols
SAN Security -
LUNS and LUN Masking
SAN Zones
Virtual SANs (VSANs)
FCAP and FCPAP
9- Introduction to Cisco
Network Solutions
System Development
Life Cycle
Cisco SDLC Phase 1
- Initiation
Cisco SDLC Phase 2
- Acquisition and Development
Cisco SDLC Phase 3
- Implementation
Cisco SDLC Phase 4
- Operation and Maintenance
Cisco SDLC Final
Phase - Disposition
Disaster Recover -
Hot, Warm and Cold Sites
Risk Analysis -
Quantitative and Qualitative
Cisco
Self-Defending Network
Cisco Security
Management Suite
IronPort
Cisco Security
Agent
Cisco Security
Agent Interceptors
Cisco ACS
"in-band" and "out
of band"