Course Contents

This five-day course focuses on the necessity of a comprehensive security policy and how it affects the overall operation of the network. Learners will be able to perform basic tasks to secure a small branch type office network using Cisco IOS security features available through web-based GUIs (Cisco Router and Security Device Manager [SDM]) and the command-line interface (CLI) on the Cisco routers and switches.

Course Objectives

Upon completion of this course, participants will gain foundational knowledge required to prepare for the CCNA Security Specialization [Associate level] exam (640-553). Learners will be able to:

• Develop a comprehensive network security policy to counter threats against information security
• Configure routers on the network perimeter with Cisco IOS Software security features
• Configure a Cisco IOS zone-based firewall to perform basic security operations on a network
• Configure site-to-site VPNs using Cisco IOS features
• Configure IPS on Cisco network routers
• Configure LAN devices to control access, resist attacks, shield other network devices and systems, and protect the integrity and confidentiality of network traffic

Who Should Attend

Individuals who possess a general networking background, have prior experience with the Cisco Internetworking Operating System (IOS), and have achieved CCNA® certification are the target audience for this class. Targeted learners perform jobs in engineering support, development test engineering and other technical areas that may have a need to monitor and enhance security within Cisco networks.

Recommended Prerequisites

To fully benefit from CCNA Security, you should already possess a valid CCNA certification or equivalent work experience that provides routing and switching fundamentals.

The participant should have working skills and knowledge of the following:

• Basic browser navigation
• Basic understanding of LAN, WAN and Internet operation
• IP addressing including subnetting
• Routing and switching principles
• Access Control List (ACL) functionality

Course Outline

Course topics include basic security components and terminology, security fundamentals, VPN and firewall options, and an overview of endpoint security - including voice devices. Utilizing the skills learned in this course, participants will be able to install, troubleshoot, and monitor Cisco security network devices.

Specific course topics include:

Module 1: Introduction to Network Security Principles

• Network Security Fundamentals
• Attack Methodologies
• Operations Security
• Cisco Self-Defending Networks

Module 2: Perimeter Security

• Administrative Access to Cisco Routers
• Cisco SDM
• AAA on a Cisco Router Using the Local Database and on Secure ACS
• Secure Management/Reporting
• Locking Down the Router

Module 3: Network Security Using Cisco IOS Firewalls

• Firewall Technologies
• Static Packet Filters Using ACLs
• Cisco IOS Zone-Based Policy Firewall

Module 4: Site-to-Site VPNs

• Cryptographic Services
• Symmetric Encryption
• Examining Cryptographic Hashes and Digital Signatures
• Asymmetric Encryption and PKI
• IPsec Fundamentals
• Site-to-Site IPsec VPN
• IPsec on a Site-to-Site VPN Using Cisco SDM

Module 5: Network Security Using Cisco IOS IPS

• IPS Technologies
• Cisco IOS IPS Using Cisco SDM

Module 6: LAN, SAN, Voice, and Endpoint Security Overview

• Endpoint Security
• SAN Security
• Voice Security
• Layer 2 Attacks