The Cisco Certified Internetwork Expert Security (CCIE Security) program recognizes individuals who have the knowledge and skills to implement, maintain and support extensive Cisco Network Security Solutions using the latest industry best practices and technologies. CCIE Security training covers (but is not limited to) the use of these topics:
System Hardening and availability, Threat identification and mitigation, intrusion Prevention and content security, implement WCCP, Identity Management, Perimeter security and service, Cisco IOS Zone-based Firewall, confidentiality and secured access. Boot camp includes intensive CCIE-lab workshop to improve time-management & troubleshooting skills. At the end of the boot camp students are ready to attempt the CCIE lab exam at Cisco Systems.
Signellent's expert instructor led course is designed to be 90 Hours to cater to both working and upcoming professionals. We pride ourselves in providing our students with a high success rate by highlighting the goals from day one. Our major course highlights are as below,
- The course is based on CISCO guidelines
- Dedicated attention by instructors to Monitoring and evaluate candidates' progress on a daily basis
- Daily lab exercises to give extensive familiarity with the equipment
- Regular evaluation
- Industry Experienced CISCO Certified instructors
- The CCIE module is designed to meet the objective of the CCIE program.
- The course is customized keeping in mind the ultimate aim of achieving technology proficiency and CCIE certification.
- Dedicated Professional to manage, track and evaluate the candidate's performance from registration to completion.
- This course is especially beneficial for candidates who aim at building academic knowledge that is supplemented by applied lab exercises.
- 90 Hours, of intensive training+ rigorous lab exercises.
- Course kits contains reference material and add ons to enable students prepare better.
- Apt balance of theoretical and practical application
- Customized tests at the end of course to ensure best results.
- Stern passing standards with progress report of each candidate.
- Facility of Lab on cloud for students who want to practice remotely
- Students can attend the same lecture numerous times till they feel comfortable with the topic.
After you complete this course you will be able to:
- The Cisco CCIE® Security Lab Exam version 4.0 covers the skills and competencies of security professionals in terms of configuring and troubleshooting Cisco security products and solutions.
- Candidates also learn to perform implementation, optimization and troubleshooting actions in each of the exam topic sections.
- Content may include both IPv4 and IPv6 concepts and applications.
- Discuss the CCIE R&S Lab Program and its content and elaborate on approach to expertise technologies required to pass CCIE Lab exam
- Discuss your baseline status for Cisco CCIE lab readiness
- Expertise Cloud Computing Security, Wireless Security, VOIP Security, Network Security with ASA and Cisco IPS, Video Security, IPv6 Networking and IPv6 Security.
- Resolve expert-level core task in multi-protocol environment, analysis, configuration, and troubleshooting looping issue
- Resolve and configure expert-level IP / Network Services task, Monitor, analyse, configure, and troubleshoot issues related to IP / Network Services
- Resolve expert-level multi-protocol, multi-technology, multi-featured core and advanced issues. Monitor, analyse, configure, and troubleshoot issues
- Expertise the logic of controlling access to networks & devices, minimizing overhead traffic, select and configure the appropriate access list features.
- Understand and configure new IOS features in multi-protocol environment.
Following Topics will be covered in CCIE Security Course.
SYSTEM HARDENING AND AVAILABILITY:
- Routing plane security features (protocol authentication route filtering)
- Control plane protection and management plane protection
- Broadcast control and switch port security
- Additional CPU protection mechanisms (options drop logging interval)
- Control device access (Telnet, HTTP, SSH, and privilege levels)
- Device services (SNMP, syslog, and NTP)
- Transit traffic control and congestion management
THREAT IDENTIFICATION AND MITIGATION:
- Identify and protect against fragmentation attacks, malicious IP option usage
- Identify and protect against network reconnaissance attacks
- Identify and protect against IP spoofing attacks, MAC spoofing, ARP spoofing
- Identify and protect against DoS, DDoS attacks, man-in-the-middle attacks
- Identify and protect against port redirection attacks
- Identify and protect against DHCP attacks, DNS attacks, MAC flooding attacks
- Identify and protect against VLAN hopping attacks
- Identify and protect against various Layer 2 and Layer 3 attacks
- NBAR, Net Flow, Capture and utilize packet captures
INTRUSION PREVENTION AND CONTENT SECURITY:
- Cisco IPS 4200 Series Sensor appliance and Cisco ASA appliance IPS module
- Initialize the sensor appliance
- Sensor appliance management
- Virtual sensors on the sensor appliance
- Implement security policies
- Promiscuous and inline monitoring on the sensor appliance
- Tune signatures on the sensor appliance
- Custom signatures on the sensor appliance
- Actions on the sensor appliance
- Signature engines on the sensor appliance
- Use Cisco IDM and Cisco IME to manage the sensor appliance
- Event action overrides and filters on the sensor appliance
- Event monitoring on the sensor appliance
IMPLEMENT WCCP :
- Active Directory integration
- Custom categories
- HTTPS configuration
- Services configuration (web reputation)
- Configure proxy bypass lists
- Web proxy modes
- Application visibility and control
- Identity-based AAA
- Cisco router and appliance AAA - RADIUS,TACACS+
- Device administration (Cisco IOS routers, Cisco ASA, and Cisco ACS5.x)
- Network access (TrustSec model) ,Authorization results for network access (ISE)
- IEEE 802.1X (Cisco ISE) ,VSAs (Cisco ASA, Cisco IOS, and Cisco ISE)
- Proxy authentication (Cisco ISE, Cisco ASA, and Cisco IOS)
- Cisco ISE - Profiling configuration (probes), Guest services, Posture assessment
- Client provisioning (CPP)
- Configure Microsoft Active Directory integration and identity sources
PERIMETER SECURITY AND SERVICES:
- Cisco ASA firewalls ,Basic firewall Initialization, Device management, Address translation
- ACLs, IP routing and route tracking, Object groups, VLANs, Configure EtherChannel
- High availability and redundancy
- Layer 2 transparent firewall, Security contexts (virtual firewall)
- Cisco Modular Policy Framework, Identity firewall services
- Configure Cisco ASA with ASDM, Context-aware services
- IPS capabilities, QoS capabilities
CISCO IOS ZONE-BASED FIREWALL :
- Network, secure group, and user-based policy
- Performance tuning - Network, protocol, and application inspection
- Perimeter security services
- Cisco IOS QoS and packet-marking techniques
- Traffic filtering using access lists
- Cisco IOS NAT , uRPF, Port to Application Mapping (PAM)
- Policy routing and route maps
CONFIDENTIALITY AND SECURE ACCESS:
- IKE (v1/v2), IPsec LAN-to-LAN (Cisco IOS and Cisco ASA)
- DMVPN, FlexVPN, GET VPN, Remote-access VPN
- Cisco EasyVPN Server (Cisco IOS and Cisco ASA)
- VPN Client 5.X, Clientless WebVPN, Cisco AnyConnect VPN
- Cisco EasyVPN Remote
- SSL VPN gateway, VPN high availability, QoS for VPN, VRF-aware VPN
- MACsec, Digital certificates (enrollment and policy matching), Wireless access
- EAP methods, WPA and WPA2, wIPS