SECURE - Securing Networks with Cisco Routers and Switches (5745)
In this class, you will learn the industry best practices for securing your Cisco routers and switches. You will learn to secure switches, including advanced Layer 2 security and Identity-Based Networking Services (IBNS) based on IEEE 802.1X. You will cover network platform security, VPN, Firewall, and IPS, and you will learn to secure a router's control, plane, and management planes.
You will spend a large portion of the class on advanced VPN topics, including:
- Using digital certificates for VPN authentication
- GRE over IPsec
- Virtual Tunnel Interfaces
- Dynamic Multipoint VPN (DMVPN)
- Group Encryption Transport VPN (GET VPN)
- Remote access IPsec VPN with the Easy VPN Server
- Cisco VPN Client and Easy VPN Remote (hardware client)
- SSL VPN
A GCA Exclusive: Bonus Lab Credits
You'll receive five extra SECURE e-Lab credits (good for 30 days) to reviewa topic after class, refine your skills, or get in extra practice-whatever labactivities complete your training.
Skills Gained
- Advanced IOS security technologies for locking down routers and switches: 802.1X, COPP/COPr, and user-based authentication
- Various VPN technologies and their use in production environments: DMVPN, GRE, GRE w/ IPSEC, IPSEC, GET, Ez-VPN, and SSL
- IOS IPS exploration with IME and Cisco configuration professional
- Launch live attacks against the network using BackTrack4 and learn mitigation techniques
- Use Cisco IME software to monitor alerts from the IOS IPS process
- Use the new Cisco Configuration Professional tool to configure IPS
- Advanced IPS topics: event action overrides, event action filters, signature tuning, and custom signature creation
Who Can Benefit
- Internetwork professionals who want to ensure security of their network using IOS devices
- Anyone seeking to learn the latest features in IOS 15.0 code to evaluate for their production environments
- Internetwork professionals who seek CCNP Security certification
Syllabus
1. Network Foundation Controls
- Control, Data, and Management Planes
2. Advanced Switched Data Plane Security Controls
- Common Layer 2 Attacks
- PVLANs
- DHCP Attacks
- ARP Poisoning
- IP Source Guard
3. Cisco Identity-Based Network Services
- 802.1 Overview
- ACS Integration with 802.1X
- Cisco Secure Services Client
- EAP Overview
4. Basic 802.1X Features
- 802.1X Switch Configuration
- ACS and EAP-FAST Configuration
- CSSC as an 802.1X Supplicant
5. Advanced Routed Data Plane Security Controls
- Unicast Reverse Path Forwarding
- Flexible Packet Matching Configuration
- Flexible Netflow
6. Advanced Control Plane Security Controls
- Deploy Infrastructure ACLs
- Control Plane Policing
- Control Plane Protection
- Routing Protocol Authentication
- Routing Protocol Filtering
7. Advanced Management Plane Security Controls
- Configure IOS Software Management Access Controls
- Configure Role-Based Access Controls
- Configure SNMP in IOS
- Digitally Signed IOS Images
- CPU and Memory Thresholding
8. Cisco IOS Software Network Address Translation
- IOS Static NAT and PAT Configurations
- IOS Dynamic NAT and PAT Configurations
9. Basic Zone-Based Policy Firewalls
- Zone-Based Policy Firewalls Zone Pairs
- Configure Layer 3/4 Inter-Zone Access Policies
- Configure Layer 3/4 Intra-Zone Access Policies
- ZBPFW Inspection of Control Plane and Management Plane Traffic
- Tune ZBPFW Stateful Engine and Connection Settings
- Configure ZBPFW Transparent Mode and VRF Support
10. Advanced Zone-Based Policy Firewalls
- Configure Layer 7 Zone-Based Policy Firewalls
- Configure Zone-Based Policy Firewalls with User Policies
- Configure Zone-Based Policy Firewall URL Filtering
11. Cisco IOS Software IPS
- IOS IPS Signature Policies
- Tune Cisco IOS Software IPS Signature Policies
- IPS Signature Auto Update
- Select an IPS Monitoring Solution
12. Site-to-Site VPN Architectures and Technologies
- Cryptographic Controls
13. VTI-Based Site-to-Site IPsec VPNs
- Virtual Tunnel Interfaces
- Pre-Shared Keys
- Static VTIs
- Dynamic VTIs
14. Scalable Authentication in Site-to-Site IPsec VPNs
- PKI Overview
- Configure the IOS Certificate Server
- IOS CA and PKI enrollment
15. DMVPNs
- Generic Routing Encapsulation (GRE)
- NHRP Client and Server
- DMVPN Hub and Spoke Configurations
- Verify Dynamic Routing in a DMVPN Environment
16. High Availability in Tunnel-Based IPsec VPNs
- IPsec High Availability Features
- Routing Protocols for HA
- Mitigating Failures in VTI Environments
- Mitigating Failures in a DMVPN Environment
17. Group Encrypted Transport (GET) VPN
- Configuring Key Servers
- Configuring Group Members
- High Availability
18. Remote Access VPN Architectures and Technologies
- Cryptographic Controls
19. Remote Access Solutions Using SSL VPN
- SSL VPN Overview
- Configure SSL VPN Parameters
- Configure Client Authentication Policies
- Full VPN tunnels
- AnyConnect Client
- Clientless VPN Configuration
20. Remote Access Solutions Using EZVPN
- EzVPN with Dynamic VTIs
- Cisco IPsec VPN Client
- Configure Advanced EzVPN Functionality
- Configure PKI for EzVPN
