|
OneSource Professional Training Solutions, Inc.
presents
IINS - Implementing Cisco IOS Network Security On-Site Training
IINS - Implementing Cisco IOS Network Security
Course Description/Agenda
In this course, you'll focus on the necessity of a comprehensive security
policy and how it affects the posture of the network. You will also learn how to
analyze and mitigate attacks, taking the mystery out of them.
You will learn to perform basic tasks to secure a small branch type office
network using Cisco IOS security features available through web-based GUIs
(Cisco Router and Security Device Manager [SDM]) and the command-line interface
(CLI) on the Cisco routers and switches.
We made significant enhancements to the standard IINS course materials and
lab exercises, providing you with information that is vital for security
professionals. Exclusive lessons and labs you won't find anywhere else include:
-
Self-signed certificate management in IOS routers
-
Spoof mitigation with Unicast reverse path forwarding
-
Route table protection with route authentication
-
Ethical hacking
-
NAT coverage
-
GRE over IPsec, which provides a VPN solution that is compatible with ZBF
Our IINS course covers everything you need to prepare for the CCNA Security
certification exam. In addition, our exclusive material provides the bigger
picture and adds relevancy so the standard concepts are easier to understand,
retain, and put into practice.
You Get...
-
Five extra security e-Lab credits, good for 30 days, so you can practice and refine your skills
-
Enhanced content that exceeds standard authorized Cisco content
-
World-class Certified Cisco Systems instructors
- An enhanced lab topology
based on our Flexible Security Architecture that represents a real-world
network
What You'll Learn
- Develop a comprehensive network security policy to counter threats
against information security
-
Configure routers with Cisco IOS Software security features, including
management and reporting functions
-
Configure a Cisco IOS zone-based firewall (ZBF) to perform basic security
operations on a network
-
Configure site-to-site VPNs using Cisco IOS features
-
Configure IPS on Cisco network routers
-
Configure security features on IOS switches to mitigate various Layer 2
attacks
-
Configure Network Address Translation (NAT) to allow connectivity from
the internal network to the external network
-
How a network can be compromised using freely available tools
-
Implement line passwords, and enable passwords and secrets
-
Examine Authentication, Authorization, and Accounting (AAA) concepts and
features using the local database
-
Run an SDM security audit and analyze the results
-
Configure packet filtering on the Perimeter Router
-
Define a virtual tunnel interface Using GRE with IPsec
Who Should Attend
- Network designers
- Network and security administrators
- Network, systems, and security engineers
- Network and security managers
Course Prerequisites
- ICND1 and ICND2 or CCNA Boot Camp
- Working knowledge of the Windows operating system
Course Outline 1. Exclusive - NAT and PAT
-
Basics of NAT and PAT
-
Configuring NAT and PAT
-
Maintaining NAT and PAT
-
Advanced Concepts
2. Introduction to Network Security Principles
-
Network Security Fundamentals
-
Network Attack Methodologies
-
Operations Security
-
Security Policy
-
Building Cisco Self-Defending Networks
-
Cryptographic Services
-
Symmetric Encryption
-
Cryptographic Hashes and Digital Signatures
-
Asymmetric Encryption and PKI
3. Perimeter Security
-
Securing Administrative Access to Cisco Routers
-
Cisco SDM
-
Configuring AAA on a Cisco Router Using the Local Database
-
Configuring AAA on a Cisco Router to Use Cisco Secure ACS
-
Implementing Secure Management and Reporting
-
Locking Down the Router
4. Network Security Using Cisco IOS Firewalls
-
Firewall Technologies
-
Creating Static Packet Filters Using ACLs
-
Configuring Cisco IOS Zone-Based Policy Firewall
5. Site-to-Site VPNs
-
IPsec Fundamentals
-
Building a Site-to-Site IPsec VPN
-
Configuring IPsec on a Site-to-Site VPN Using Cisco SDM
-
Exclusive - IPsec over GRE
6. Network Security Using Cisco IOS IPS
-
IPS Technologies
-
Configuring Cisco IOS IPS Using Cisco SDM
7. LAN, SAN, Voice, and Endpoint Security Overview
-
Endpoint Security
-
SAN Security
-
Voice Security
-
Mitigating Layer 2 Attacks
Labs Lab 1: Exclusive - Network Address Translation
- Test and Verify NAT
- Verify the Configurations
Lab 2: Ethical Hacking
- Use Nmap to Scan the Network
- Exclusive - Perform Vulnerability Analysis with Nessus
- Exclusive - Execute a Buffer Overflow Attack with Metasploit
- Exclusive - Perform a Port Forwarding Attack with Fpipe
- Exclusive - Launch a SYN Flood Attack with Hping
- Exclusive - Simulate Worm Propagation
- Exclusive - Perform an ARP Cache Poisoning Attack with Cain
Lab 3: Securing IOS Administrative Access
- Set Passwords on the Physical Lines
- Configure Enable and Enable Secret Passwords
- Set VTY Line Passwords
- Use Service Password Encryption
- Exclusive - How Secure are Encrypted Passwords?
- Exclusive - How Secure are Hashed Passwords?
- Password Min-Length
- Line Timeouts
- Exclusive - Privilege Levels
- Configure Banner Messages
- Verify the IOS-FW Configuration
Lab 4: Exclusive - Preparing Cisco SDM
- Prepare the Admin PC for SDM
- Prepare the IOS-FW for SDM
- Install SDM on the Admin PC
- Launch SDM
- Manage IOS-FW Keys and Certificates
- Launch SDM again
- Verify Router Configuration
Lab 5: Configuring IOS AAA with the Local Database
- Enable AAA
- Test AAA
- Define and Test other Usernames
- Configure Role-Based CLI
- Exclusive - Role-Based CLI and AAA Authorization
- Exclusive - SDM's Built-In Roles
- Enhanced Login Features
- Verify the Router Configuration
Lab 6: Configuring IOS AAA with ACS
- Connect to ACS
- Set Up IOS-FW to ACS Communication
- Define a New Group and User in ACS
- Configure ACS-Based Authentication and Authorization
- Test ACS-Based Authentication and Authorization
- Configure ACS and Active Directory Integration
-
|
Add to favorites
Email this page
|
On-Site Training
Seminar
