CCNA Security - Implementing Network Security with IOS Devices

CCNA250 : 5-Day Instructor Led Workshop

Implementation, design and analysis of the Cisco IOS ‘Self-Defending Network”

(Cisco Courses: IINS and SNRS)

This comprehensive, extensively hands-on, 5-day Authorized Cisco course is designed to provide the Security Student (CCNA Security and/or CCSP Candidate), Technical CSO, Security Field Engineer, or Cisco Security Services Engineer, practical design, implementation and complete analysis of the practices and components that construct the Cisco IOS ‘Self-Defending Network” Solution. Experiencing the collective efforts of Cisco IOS devices, both Router and Switch-based security components, commissioned into a ‘live’ enterprise network, each student will become intrinsically aware of how the ‘complete’ IOS solution is used to shield today’s networks against the ever-changing landscape of threats and attacks. You will also learn to think like a hacker and be introduced to the many methods used to compromise networks. As an Interface Exclusive, you will execute these attacks on your own network and learn how to defend against them.

“The Cisco Self-Defending Network protects an organization by identifying, preventing, and adapting to threats from both internal and external sources.”
 
Your journey towards achieving the ultimate in network protection begins with in-depth coverage of a comprehensive security policy and how it affects the posture of the network. Learners will be able to begin with basic tasks to secure a small network using Cisco IOS security features available through web-based GUIs (Cisco Router and Security Device Manager [SDM]) and the command-line interface (CLI) on live Cisco routers and switches. No virtual labs! You will learn many of the techniques used by network attackers, and you will implement those techniques using live dedicated Cisco devices in our spacious classroom. Your journey continues with the implementation of extended security solutions, focusing on the deployment of more advanced Layer 2 security, identity Security and the features of the Cisco IOS firewall. This includes the ability to configure the following:

Cisco IOS classic firewall (formerly known as Context-Based Access Control [CBAC])
Cisco IOS Intrusion Prevention System (IPS)
Cisco IOS authentication proxy
Cisco IOS zone-based policy firewall
Application inspection and control

You will also learn to properly design and implement Secure tunnels using generic routing encapsulation (GRE) and IP Security (IPsec) technology, the Cisco Trust and Identity Management model to control network access and the Cisco Network Foundation Protection (NFP) model.
All discussions and exercises fixate on mastery of each technology based on its practical orientation within the ‘Big Picture’ and implementation using industry proven technique and ‘best practice’. The hands-on exercises, known as ‘Evolutions’ will test your ability to create solutions to security scenarios, implement each technology and troubleshoot efficiently within a dynamic network environment. All Evolutions within the CCNA250 follow the Interface HardHat™ framework, which focuses on the development of planning, execution and problem-solving skills critical in the real world. The HardHat™ framework is deliberately architected to mimic the most realistic and universal scenarios, forcing you to think through them and implement precise solutions based on a real scenario and stated objectives; step-by-step instructions do not exist for real-life and therefore do not exist in HardHat™.
 
Course Outline: *Interface Exclusive
  1. Introduction to Network Security Principles
    1. Examining Network Security Fundamentals
    2. Examining Network Attack Methodologies
    3. How to execute and defend against common and complex network Attacks*
    4. Examining Operations Security
    5. Understanding and Developing a Comprehensive Network Security Policy
    6. Building Cisco Self-Defending Networks
  2. Switch Security
    1. Layer 2 Security Basics
    2. Examining Layer 2 Attacks
    3. Configuring DHCP Snooping
    4. How to execute and defend against Layer 2 attacks*
    5. Mitigating Layer 2 Attacks
  3. Trust and Identity
    1. Implementing Identity Management
    2. Implementing Cisco IBNS
    3. How to execute and defend against identity and trust exploitation attacks*  
  4. Cisco Network Foundation Protection
    1. Introducing Cisco NFP
    2. Securing the Control Plane
    3. Securing the Management Plane
    4. Securing the Data Plane
    5. How to execute and defend against session hijack and man-in-the-middle attacks*
    6. How to execute and defend against Application-layer and other Access attacks*
  5. Secured Connectivity
    1. Introducing IPsec
    2. Examining Cisco IOS VPNs
    3. Implementing IPsec VPNs Using Pre-Shared Keys
    4. Implementing IPsec VPNs Using PKI
    5. Configuring GRE Tunnels
    6. Configuring DMVPN
    7. Configuring Cisco IOS SSL VPN (WebVPN)
    8. Configuring Easy VPN Remote Access
  6. Perimeter Security
    1. Securing Administrative Access to Cisco Routers
    2. Introducing Cisco SDM
    3. Configuring AAA on a Cisco Router Using the Local Database
    4. Configuring AAA on Cisco Routers to Use Cisco Secure ACS
    5. Implementing Secure Management and Reporting
    6. Locking Down the Router
  7. Adaptive Threat Defense
    1. Configuring Cisco IOS Firewall
    2. Configuring Cisco IOS Classic Firewall
    3. Configuring Cisco IOS Zoned-Based Policy Firewall
    4. Configuring Cisco IOS Firewall Authentication Proxy
    5. Configuring Cisco IOS IPS

 

Lab Evolution Topics:   Interface Exclusive*
Configure Layer 2 Security
Configure DHCP Snooping
Configure Cisco Secure ACS as a AAA Server
Configure 802.1x Port-Based Authentication
Configure Cisco NFP
Configure a Site-to-Site VPN Using Pre-Shared Keys
Configure a Site-to-Site VPN Using PKI
Configure a GRE Tunnel to a Remote Site
Configure a DMVPN
Configure a Cisco IOS SSL VPN (WebVPN)
Configure Cisco Easy VPN Remote Access
Configure Cisco IOS Classic Firewall
Configure Cisco IOS Application Policy Firewall
Configure a Cisco IOS Zone-Based Policy Firewall
Configure Cisco IOS Firewall Authentication Proxy on a Cisco Router
Configure a Cisco Router with Cisco IOS IPS
Execute Network Attacks against the live network and learn how to Mitigate these threats:
*Scanning, Footprinting, Enumeration, Unauthorized Access, Escalation, Session Hijack, Man-in-the-middle, Data Forgery and fabrication, SQL Injections, Shell shovels, Trust Exploitation and much more.*
Each student will be outfitted with a complete set of attack tools and management software to execute and track the attacks and the mitigation.
 
Prerequisites:
To fully benefit from this course, it is recommended that you have the following prerequisite skills and knowledge:
  • Skills and knowledge equivalent to those learned in Interconnecting Cisco Networking Devices Part 1 (ICND1) and Interconnecting Cisco Networking Devices Part 2 (ICND2) or Attendance of the Interface CCNA220 course.
  • Working knowledge of the Windows operating system
  • Working knowledge of Cisco IOS networking and concepts
 
Live! Hardware:
·         You will gain invaluable experience operating on a wide range of Cisco hardware; from Cisco ISRs, several models of Catalyst switches, 2960 to 6500, ASA5500s with AIP-SSM, IPS 4200 sensors, Cisco Secure MARS Appliances and multiple host systems running CSA, CTA and CSM. All of the gear mentioned is in the room with you for you to build yourself, and each pod of 2-3 students has a full complement of the stated gear. There is ‘no such thing’ as using a remote lab at Interface.
 
 
Additional Course Logistics:
 
Course runs from 8:30am to 6:00pm daily, Monday – Friday
 (Arrive early on Monday for Class Registration)
Expect to clear your schedule for the week and focus on the class. It is not uncommon for students to stay even past 6:00pm to get additional lab time. 
 
You will be provided the following courseware:
Authorized Cisco IINS and SNRS courseware
Interface CCNA Security Solutions Manual
Interface CCNA Security Lab Evolutions Manual, Associated Diagrams, Tools DVDs
Course Completion Certificate for Cisco IINS and Cisco SNRS
 
You will be operating in a ‘live’ dynamic, hands-on networking environment with tons of live Cisco gear and all of the tools you need to be successful; come prepared to have a great experience and challenge yourself to learn.
 
 
Exams: (if applicable)
 
640-553 IINS – Implementing IOS Network Security
Achieves CCNA Security Certification with CCNA in good standing – Also Counts as one Requirement towards CCSP Certification of 4 required
 
642-503 SNRS – Securing Networks with Cisco Routers and Switches – Counts as second (2) Requirement towards CCSP Certification of 4 required