Training

CCNA Security

Introduction

The CCNA Security certification helps a candidate learn the ability to install, configure, operate, and troubleshoot medium-size routed and switched networks. CCNA certified professionals have the aptitude and skills to make connections to remote sites via a WAN, and mitigate basic security threats. Signellent's CCNA Security training covers (but is not limited to) the use of these topics: Layer 2 Security, IPS/IDS, IP Security, Private VLANs, VACLs, Cisco Licensing for firewall features, AAA, Context Based Access Control (CBAC), Zone Based Firewall (ZBF),IPSEC VPNs – Site-to-Site, Remote access, SSL Clientless and Full client VPN on ASA. CCNA Security Routing and Switching certifications are valid for three years. The CCNA Security course details the core security technologies, the installation, troubleshooting and monitoring of network devices to maintain integrity, confidentiality and availability of data and devices, and competency in the technologies used by Cisco.

Course Highlights

Signellent's expert instructor led course is designed to either be for 12 days (Weekdays - 3hrs.) OR 12-week (Sunday/Saturday) to cater to both working and upcoming professionals. We pride ourselves in providing our students with a high success rate by highlighting the goals from day one. Our major course highlights are as below,

  • The course is based on CISCO guidelines
  • Dedicated attention by instructors to Monitoring and evaluate candidates' progress on a daily basis
  • Daily lab exercises to give extensive familiarity with the equipment
  • Regular evaluation
  • Industry Experienced CISCO Certified instructors
  • The CCNA module is designed to meet the objective of the CCNA program.
  • The course is customized keeping in mind the ultimate aim of achieving technology proficiency and CCNA certification.
  • Dedicated Professional to manage, track and evaluate the candidate's performance from registration to completion.
  • This course is especially beneficial for candidates who aim at building academic knowledge that is supplemented by applied lab exercises.
  • 12 week or 40 days, of intensive training+ rigorous lab exercises.
  • Course kits contains reference material and add ons to enable students prepare better.
  • Apt balance of theoretical and practical application
  • Customized tests at the end of course to ensure best results.
  • Stern passing standards with progress report of each candidate.
  • Facility of Lab on cloud for students who want to practice remotely
  • Students can attend the same lecture numerous times till they feel comfortable with the topic.
Course Objectives

After you complete this course you will be able to:

  • Mitigation methods for common network attacks
  • Describe Common threats to the physical installation
  • Secure router access using strong encrypted passwords, and using IOS login enhancements, IPV6 security.
  • Describe the major network access methods and outline the key features of each
  • Understanding multiple privilege levels and Role Based CLI.
  • Describe securing the control, data and management plane.
  • AAA using CLI on routers and switches and ASA.
  • Describe standard, extended, and named IP IOS ACLs to filter packets
  • Describing and implementing secure network management In-band, Out of band, Management Plane, SSH,SNMP,SSL,NTP
  • Describe Layer 2 security using Cisco switches from likes of STP attacks, ARP spoofing, MAC spoofing, CAM overflows
  • Describe VLAN Security with PVLAN, VLAN hopping and Native VLAN.
  • Use the appropriate show and debug commands to detect anomalies.
  • Describe operational strengths and weaknesses of the different firewall technologies
  • Describe the types of NAT used in firewall technologies - Static, Dynamic, PAT
  • Explain the purpose and operations of the Spanning-Tree Protocol security
  • mplement the Cisco Adaptive Security Appliance (ASA) like NAT, ACL, Default MPF, Cisco ASA security level.
  • Describe the features and operation of ASA
  • Describe the different methods used in cryptography
  • Implement an IOS IP Sec site-to-site VPN with pre-shared key authentication
  • Implement SSL VPN using ASA device manager.
COURSE TOPICS

Following Topics will be covered in CCNA Security Course.

Common Security Threats:

  • Describe common security threats.
  • Common threats to the physical installation.
  • Mitigation methods for common network attacks
  • Email-based threats
  • Web-based attacks
  • Mitigation methods for Worm, Virus, and Trojan Horse attacks
  • Phases of a secure network lifecycle
  • Security needs of a typical enterprise with a comprehensive security policy

Security and Cisco Routers:

  • CCP Security Audit feature
  • CCP One-Step Lockdown feature
  • Secure router access using strong encrypted passwords, and using IOS login enhancements, IPV6 security
  • Multiple privilege levels
  • Role-based CLI
  • Cisco IOS image and configuration files

AAA on Cisco Devices:

  • Implement authentication, authorization, and accounting (AAA)
  • AAA using CCP on routers
  • AAA using CLI on routers and switches
  • Describe TACACS+, RADIUS
  • Describe AAA – Authentication, Authorization, Accounting, Verify AAA functionality.

IOS ACLs:

  • Describe standard, extended, and named IP IOS ACLs to filter packets
  • IPv4
  • Object groups
  • ACL operations
  • Types of ACLs (dynamic, reflexive, time-based ACLs)
  • ACL wild card masking
  • Standard ACLs, Extended ACLs, Named ACLs, VLSM
  • Implement IP ACLs to mitigate threats in a network Filter IP traffic SNMP, DDoS attacks, IP ACLs to prevent IP spoofing, VACLs.

Secure Network Management and Reporting:

  • Describe secure network management
  • In-band
  • Out of band
  • Management protocols
  • Management plane
  • Implement secure network management via SSH, syslog, SNMP, NTP, CLI, CCP, SSL

Common Layer 2 Attacks:

  • Describe Layer 2 security using Cisco switches.
  • STP attacks, ARP spoofing, MAC spoofing, CAM overflows.
  • Describe VLAN Security - Voice VLAN,PVLAN,VLAN hopping, Native VLAN.
  • Implement VLANs and trunking- VLAN definition, Grouping functions into VLANs Trunking, Native VLAN, VLAN trunking protocols, Inter-VLAN routing.
  • Implement Spanning Tree
  • Potential issues with redundant switch topologies- STP operations, Resolving issues with STP.

Cisco Firewall Technologies:

  • Describe operational strengths and weaknesses of the different firewall technologies.
  • Proxy firewalls, Packet and stateful packet, Application firewall, Personal firewall.
  • Describe stateful firewalls - Operations, Function of the state table
  • Describe the types of NAT used in firewall technologies – Static, Dynamic, PAT .
  • Implement Zone Based Firewall using CCP - Zone to zone, Self zone.
  • Implement the Cisco Adaptive Security Appliance (ASA) – NAT, ACL, Default MPF, Cisco ASA sec level.
  • Implement NAT and PAT, Functions of NAT, PAT, and NAT Overload, Translating inside source addresses, Overloading Inside global addresses.

Cisco IPS:

  • Describe IPS deployment considerations
  • SPAN
  • IPS product portfolio
  • Placement and Caveats
  • Describe IPS technologies, Attack responses, Monitoring options - Signature engines.
  • Global correlation and SIO.

VPN Technologies:

  • Describe the different methods used in cryptography
  • Symmetric & Asymmetric, HMAC, Message digest, PKI
  • Describe VPN technologies – IPsec, SSL
  • Describe the building blocks of IPsec – IKE,ESP, AH, Tunnel mode, Transport mode.
  • Implement an IOS IPsec site-to-site VPN with pre-shared key authentication and Verify VPN operations.
  • Implement SSL VPN using ASA device manager - Clientless & AnyConnect.
LAB TOPICS

Following hands-on labs sessions will be provided to CCNA Security students.

Lab 1. Securing the Router for Administrative Access

  • Task 1: Basic Network Device Configuration.
  • Task 2: Configure basic IP addressing for routers and PCs.
  • Task 3: Configure static routing, including default routes.
  • Task 4: Configure and encrypt all passwords.
  • Task 5: Configure a login warning banner.
  • Task 6: Configure enhanced username password security.
  • Task 7: Configure enhanced virtual login
  • Task 8: Configure an SSH server on a router

Lab 2. Securing Administrative Access Using AAA and RADIUS

  • Task 1: Configure basic settings such as host name, and access passwords.
  • Task 2: Configure static routing.
  • Task 3: Configure Local Authentication
  • Task 4: Configure a local database user  for the console, vty, and aux lines.
  •  
  • Task 5: Configure Local Authentication Using AAA
  • Task 6: Configure the local user database using Cisco IOS.
  • Task 7: Configure AAA local authentication using Cisco IOS.

Lab 3. Configuring CBAC and Zone-Based Firewalls

  • Task 1: Configuring a Context-Based Access Control (CBAC) Firewall
  • Task 2: Configure CBAC using AutoSecure.
  • Task 3: Examine the resulting CBAC configuration.
  •  

Lab 4. Configuring CBAC and Zone-Based Firewalls

  • Task 1: Define zones
  • Task 2: Configure ACLs and call them in class maps.
  • Task 3:Describe traffic between zones.
  • Task 4: Create policy maps to apply actions to the traffic of the class maps.
  • Task 5: Define zone pairs and assign policy maps to the zone pairs.

Lab 5. Layer 2 attacks

  • Task 1: Configuring Native VLAN on a Trunk Links.
  • Task 2: Disabling Dynamic Trunking Protocol
  • Task 3: Preventing Layer 2 Loops with BPDU Guard
  • Task 4: Protecting the Root Bridge using STP Root Guard
  • Task 5: Protecting the CAM Table using Port Security
  • Task 6: Preventing DHCP Rogue Servers by using DHCP Snooping
  • Task 7: Preventing Spoofed ARP via Dynamic ARP Inspection
  • Task 8: Preventing IP Spoofs using IP Source Guard

Lab 6. Configuring a Site-to-Site VPN Using Cisco IOS

  • Task 1: Configure a Site-to-Site VPN Using Cisco IOS
  •  
  • Task 2: Configure IPsec VPN settings on R1 and R3
  •  
  • Task 3: Verify site-to-site IPsec VPN configuration
  •  
  • Task 4: Test IPsec VPN operation
  •  

Lab 7. Miscellaneous

  • Task 1: Basics of ASA
  • Task 2: Implementing SSL Clientless VPN
  • Task 3: Implementing SSL Full client VPN (anyconnect)

Please get in touch with us.



Enroll Now

CCNA-SECURITY