|
OneSource Professional Training Solutions, Inc.
presents
SECURE - Securing Networks with Cisco Routers and Switches On-Site Training
SECURE - Securing Networks with Cisco Routers and Switches
Course Description/Agenda
In this class, you will learn the industry best practices for securing your
Cisco routers and switches. You will learn to secure switches, including
advanced Layer 2 security and Identity-Based Networking Services (IBNS) based on
IEEE 802.1x. You will cover network platform security, VPN, Firewall, and IPS,
and you will learn to secure a router's control, plane, and management planes.
You will spend a large portion of the class on advanced VPN topics, including:
- Using digital certificates for VPN authentication
- GRE over IPsec
- Virtual Tunnel Interfaces
- Dynamic Multipoint VPN (DMVPN)
- Group Encryption Transport VPN (GET VPN)
- Remote access IPsec VPN with the Easy VPN Server
- Cisco VPN Client and Easy VPN Remote (hardware client)
- SSL VPN
A Global Knowledge Exclusive: Bonus Lab Credits
You'll receive five extra SECURE e-Lab credits (good for 30 days) to review
a topic after class, refine your skills, or get in extra practice-whatever lab
activities complete your training. What You'll Learn
- Advanced IOS security technologies for locking down routers and switches:
802.1x, COPP/COPr, and user-based authentication
- Various VPN technologies and their use in production environments: DMVPN, GRE,
GRE w/ IPSEC, IPSEC, GET, Ez-VPN, and SSL
- IOS IPS exploration with IME and Cisco configuration professional
- Launch live attacks against the network using BackTrack4 and learn mitigation
techniques
- Use Cisco IME software to monitor alerts from the IOS IPS process
- Use the new Cisco Configuration Professional tool to configure IPS
- Advanced IPS topics: event action overrides, event action filters, signature
tuning, and custom signature creation
Who Should Attend
- Internetwork professionals who want to ensure security of their network using
IOS devices
- Anyone seeking to learn the latest features in IOS 15.0 code to evaluate for
their production environments
- Internetwork professionals who seek CCNP Security certification
Course Outline
1. Network Foundation Controls
- Control, Data, and Management Planes
2. Advanced Switched Data Plane Security Controls
- Common Layer 2 Attacks
- PVLANs
- DHCP Attacks
- ARP Poisoning
- IP Source Guard
3. Cisco Identity-Based Network Services
- 802.1 Overview
- ACS Integration with 802.1x
- Cisco Secure Services Client
- EAP Overview
4. Basic 802.1x Features
- 802.1x Switch Configuration
- ACS and EAP-FAST Configuration
- CSSC as an 802.1x Supplicant
5. Advanced Routed Data Plane Security Controls
- Unicast Reverse Path Forwarding
- Flexible Packet Matching Configuration
- Flexible Netflow
6. Advanced Control Plane Security Controls
- Deploy Infrastructure ACLs
- Control Plane Policing
- Control Plane Protection
- Routing Protocol Authentication
- Routing Protocol Filtering
7. Advanced Management Plane Security Controls
- Configure IOS Software Management Access Controls
- Configure Role-Based Access Controls
- Configure SNMP in IOS
- Digitally Signed IOS Images
- CPU and Memory Thresholding
8. Cisco IOS Software Network Address Translation
- IOS Static NAT and PAT Configurations
- IOS Dynamic NAT and PAT Configurations
9. Basic Zone-Based Policy Firewalls
- Zone-Based Policy Firewalls Zone Pairs
- Configure Layer 3/4 Inter-Zone Access Policies
- Configure Layer 3/4 Intra-Zone Access Policies
- ZBPFW Inspection of Control Plane and Management Plane Traffic
- Tune ZBPFW Stateful Engine and Connection Settings
- Configure ZBPFW Transparent Mode and VRF Support
10. Advanced Zone-Based Policy Firewalls
- Configure Layer 7 Zone-Based Policy Firewalls
- Configure Zone-Based Policy Firewalls with User Policies
- Configure Zone-Based Policy Firewall URL Filtering
11. Cisco IOS Software IPS
- IOS IPS Signature Policies
- Tune Cisco IOS Software IPS Signature Policies
- IPS Signature Auto Update
- Select an IPS Monitoring Solution
12. Site-to-Site VPN Architectures and Technologies
13. VTI-Based Site-to-Site IPsec VPNs
- Virtual Tunnel Interfaces
- Pre-Shared Keys
- Static VTIs
- Dynamic VTIs
14. Scalable Authentication in Site-to-Site IPsec VPNs
- PKI Overview
- Configure the IOS Certificate Server
- IOS CA and PKI enrollment
15. DMVPNs
- Generic Routing Encapsulation (GRE)
- NHRP Client and Server
- DMVPN Hub and Spoke Configurations
- Verify Dynamic Routing in a DMVPN Environment
16. High Availability in Tunnel-Based IPsec VPNs
- IPsec High Availability Features
- Routing Protocols for HA
- Mitigating Failures in VTI Environments
- Mitigating Failures in a DMVPN Environment
17. Group Encrypted Transport (GET) VPN
- Configuring Key Servers
- Configuring Group Members
- High Availability
18. Remote Access VPN Architectures and Technologies
19. Remote Access Solutions Using SSL VPN
- SSL VPN Overview
- Configure SSL VPN Parameters
- Configure Client Authentication Policies
- Full VPN tunnels
- AnyConnect Client
- Clientless VPN Configuration
20. Remote Access Solutions Using EZVPN
- EzVPN with Dynamic VTIs
- Cisco IPsec VPN Client
- Configure Advanced EzVPN Functionality
- Configure PKI for EzVPN
Labs
Lab 0: Exclusive - Introduction to the Remote Lab System
Lab 1: Enhanced - Advanced L2 Security
- Port ACLs
- VACLs
- PVLAN Edge
- Proxy Router Attacks
- DHCP Snooping
- DAI
- IP Source Guard
Lab 2: Enhanced - Network Foundation Protection
- Routing Protocol Authentication (EIGRP & OSPF)
- SNMPv3
- Flexible Netflow
- uRPF
- Management Plane Protection
- Data Plane Protection
Lab 3: Enhanced - IOS Zone Based Firewalls
- Basic Zone Configuration
- Attack Mitigation
- URL Filtering
- HTTP Deep Packet Inspection
- Stateful Inspections
Lab 4: Enhanced - IOS IPS
- Loading Signature Definition Files
- Basic Configuration
- De-Obfuscation
- IPS Manager Express
- Signature Actions
Lab 5: Enhanced
|
Add to favorites
Email this page
|
On-Site Training
Seminar
