OneSource Professional Training Solutions
OneSource Professional Training Solutions, Inc. presents

IINS - Implementing Cisco IOS Network Security On-Site Training

This on-site training class is also available as Public Schedule Seminar.

IINS - Implementing Cisco IOS Network Security

Course Description/Agenda

In this course, you'll focus on the necessity of a comprehensive security policy and how it affects the posture of the network. You will also learn how to analyze and mitigate attacks, taking the mystery out of them.

You will learn to perform basic tasks to secure a small branch type office network using Cisco IOS security features available through web-based GUIs (Cisco Router and Security Device Manager [SDM]) and the command-line interface (CLI) on the Cisco routers and switches.

We made significant enhancements to the standard IINS course materials and lab exercises, providing you with information that is vital for security professionals. Exclusive lessons and labs you won't find anywhere else include:

  • Self-signed certificate management in IOS routers
  • Spoof mitigation with Unicast reverse path forwarding
  • Route table protection with route authentication
  • Ethical hacking
  • NAT coverage
  • GRE over IPsec, which provides a VPN solution that is compatible with ZBF

Our IINS course covers everything you need to prepare for the CCNA Security certification exam. In addition, our exclusive material provides the bigger picture and adds relevancy so the standard concepts are easier to understand, retain, and put into practice.

You Get...

  • Five extra security e-Lab credits, good for 30 days, so you can practice and refine your skills
  • Enhanced content that exceeds standard authorized Cisco content
  • World-class Certified Cisco Systems instructors
  • An enhanced lab topology based on our Flexible Security Architecture that represents a real-world network

What You'll Learn

  • Develop a comprehensive network security policy to counter threats against information security
  • Configure routers with Cisco IOS Software security features, including management and reporting functions
  • Configure a Cisco IOS zone-based firewall (ZBF) to perform basic security operations on a network
  • Configure site-to-site VPNs using Cisco IOS features
  • Configure IPS on Cisco network routers
  • Configure security features on IOS switches to mitigate various Layer 2 attacks
  • Configure Network Address Translation (NAT) to allow connectivity from the internal network to the external network
  • How a network can be compromised using freely available tools
  • Implement line passwords, and enable passwords and secrets
  • Examine Authentication, Authorization, and Accounting (AAA) concepts and features using the local database
  • Run an SDM security audit and analyze the results
  • Configure packet filtering on the Perimeter Router
  • Define a virtual tunnel interface Using GRE with IPsec

Who Should Attend

  • Network designers
  • Network and security administrators
  • Network, systems, and security engineers
  • Network and security managers

Course Prerequisites

  • ICND1 and ICND2 or CCNA Boot Camp
  • Working knowledge of the Windows operating system

Course Outline

1. Exclusive - NAT and PAT

  • Basics of NAT and PAT
  • Configuring NAT and PAT
  • Maintaining NAT and PAT
  • Advanced Concepts

2. Introduction to Network Security Principles

  • Network Security Fundamentals
  • Network Attack Methodologies
  • Operations Security
  • Security Policy
  • Building Cisco Self-Defending Networks
  • Cryptographic Services
  • Symmetric Encryption
  • Cryptographic Hashes and Digital Signatures
  • Asymmetric Encryption and PKI

3. Perimeter Security

  • Securing Administrative Access to Cisco Routers
  • Cisco SDM
  • Configuring AAA on a Cisco Router Using the Local Database
  • Configuring AAA on a Cisco Router to Use Cisco Secure ACS
  • Implementing Secure Management and Reporting
  • Locking Down the Router

4. Network Security Using Cisco IOS Firewalls

  • Firewall Technologies
  • Creating Static Packet Filters Using ACLs
  • Configuring Cisco IOS Zone-Based Policy Firewall

5. Site-to-Site VPNs

  • IPsec Fundamentals
  • Building a Site-to-Site IPsec VPN
  • Configuring IPsec on a Site-to-Site VPN Using Cisco SDM
  • Exclusive - IPsec over GRE

6. Network Security Using Cisco IOS IPS

  • IPS Technologies
  • Configuring Cisco IOS IPS Using Cisco SDM

7. LAN, SAN, Voice, and Endpoint Security Overview

  • Endpoint Security
  • SAN Security
  • Voice Security
  • Mitigating Layer 2 Attacks


Lab 1: Exclusive - Network Address Translation

  • Test and Verify NAT
  • Verify the Configurations

Lab 2: Ethical Hacking

  • Use Nmap to Scan the Network
  • Exclusive - Perform Vulnerability Analysis with Nessus
  • Exclusive - Execute a Buffer Overflow Attack with Metasploit
  • Exclusive - Perform a Port Forwarding Attack with Fpipe
  • Exclusive - Launch a SYN Flood Attack with Hping
  • Exclusive - Simulate Worm Propagation
  • Exclusive - Perform an ARP Cache Poisoning Attack with Cain

Lab 3: Securing IOS Administrative Access

  • Set Passwords on the Physical Lines
  • Configure Enable and Enable Secret Passwords
  • Set VTY Line Passwords
  • Use Service Password Encryption
  • Exclusive - How Secure are Encrypted Passwords?
  • Exclusive - How Secure are Hashed Passwords?
  • Password Min-Length
  • Line Timeouts
  • Exclusive - Privilege Levels
  • Configure Banner Messages
  • Verify the IOS-FW Configuration

Lab 4: Exclusive - Preparing Cisco SDM

  • Prepare the Admin PC for SDM
  • Prepare the IOS-FW for SDM
  • Install SDM on the Admin PC
  • Launch SDM
  • Manage IOS-FW Keys and Certificates
  • Launch SDM again
  • Verify Router Configuration

Lab 5: Configuring IOS AAA with the Local Database

  • Enable AAA
  • Test AAA
  • Define and Test other Usernames
  • Configure Role-Based CLI
  • Exclusive - Role-Based CLI and AAA Authorization
  • Exclusive - SDM's Built-In Roles
  • Enhanced Login Features
  • Verify the Router Configuration

Lab 6: Configuring IOS AAA with ACS

  • Connect to ACS
  • Set Up IOS-FW to ACS Communication
  • Define a New Group and User in ACS
  • Configure ACS-Based Authentication and Authorization
  • Test ACS-Based Authentication and Authorization
  • Configure ACS and Active Directory Integration

    More Seminar Information

    OneSource Professional Training Solutions, Inc.
    OneSource Professional Training Solutions

    Delivery Method

    On-Site Training On-Site Training

    Also Available As

    Seminar Seminar

Add to favorites Add to favorites
Email Email this page

On-Site Training
Information Request Form

Please complete the form for more information and/or a quote for this on-site class.




City and State


Number of students:
(at least 10 for consideration)

When do you want to hold the

How long would you like for the

Additional comments to trainer:

We value your privacy!