Network Training - Course Details

SECURE-SNCRS SECURE - Securing Networks with Cisco Routers and Switches

Network Training Course Description:
In this class, you will learn the industry best practices for securing your Cisco routers and switches. You will learn to secure switches, including advanced Layer 2 security and Identity-Based Networking Services (IBNS) based on IEEE 802.1X. You will cover network platform security, VPN, Firewall, and IPS, and you will learn to secure a router's control, plane, and management planes.
Network Training Course Duration:
5 DAYS
Network Training Course Target Audience:
Internetwork professionals who want to ensure security of their network using IOS devices,Anyone seeking to learn the latest features in IOS 15.0 code to evaluate for their production environments,Internetwork professionals who seek CCNP Security certification
Network Training Course Prerequisite:
NONE
Course Content:

  • 1. Network Foundation Controls

    • Control, Data, and Management Planes

  • 2. Advanced Switched Data Plane Security Controls

    • Common Layer 2 Attacks
    • PVLANs
    • DHCP Attacks
    • ARP Poisoning
    • IP Source Guard

  • 3. Cisco Identity-Based Network Services

    • 802.1 Overview
    • ACS Integration with 802.1X
    • Cisco Secure Services Client
    • EAP Overview

  • 4. Basic 802.1X Features

    • 802.1X Switch Configuration
    • ACS and EAP-FAST Configuration
    • CSSC as an 802.1X Supplicant

  • 5. Advanced Routed Data Plane Security Controls

    • Unicast Reverse Path Forwarding
    • Flexible Packet Matching Configuration
    • Flexible Netflow

  • 6. Advanced Control Plane Security Controls

    • Deploy Infrastructure ACLs
    • Control Plane Policing
    • Control Plane Protection
    • Routing Protocol Authentication
    • Routing Protocol Filtering

  • 7. Advanced Management Plane Security Controls

    • Configure IOS Software Management Access Controls
    • Configure Role-Based Access Controls
    • Configure SNMP in IOS
    • Digitally Signed IOS Images
    • CPU and Memory Thresholding

  • 8. Cisco IOS Software Network Address Translation

    • IOS Static NAT and PAT Configurations
    • IOS Dynamic NAT and PAT Configurations

  • 9. Basic Zone-Based Policy Firewalls

    • Zone-Based Policy Firewalls Zone Pairs
    • Configure Layer 3/4 Inter-Zone Access Policies
    • Configure Layer 3/4 Intra-Zone Access Policies
    • ZBPFW Inspection of Control Plane and Management Plane Traffic
    • Tune ZBPFW Stateful Engine and Connection Settings
    • Configure ZBPFW Transparent Mode and VRF Support

  • 10. Advanced Zone-Based Policy Firewalls

    • Configure Layer 7 Zone-Based Policy Firewalls
    • Configure Zone-Based Policy Firewalls with User Policies
    • Configure Zone-Based Policy Firewall URL Filtering

  • 11. Cisco IOS Software IPS

    • IOS IPS Signature Policies
    • Tune Cisco IOS Software IPS Signature Policies
    • IPS Signature Auto Update
    • Select an IPS Monitoring Solution

  • 12. Site-to-Site VPN Architectures and Technologies

    • Cryptographic Controls

  • 13. VTI-Based Site-to-Site IPsec VPNs

    • Virtual Tunnel Interfaces
    • Pre-Shared Keys
    • Static VTIs
    • Dynamic VTIs

  • 14. Scalable Authentication in Site-to-Site IPsec VPNs

    • PKI Overview
    • Configure the IOS Certificate Server
    • IOS CA and PKI enrollment

  • 15. DMVPNs

    • Generic Routing Encapsulation (GRE)
    • NHRP Client and Server
    • DMVPN Hub and Spoke Configurations
    • Verify Dynamic Routing in a DMVPN Environment

  • 16. High Availability in Tunnel-Based IPsec VPNs

    • IPsec High Availability Features
    • Routing Protocols for HA
    • Mitigating Failures in VTI Environments
    • Mitigating Failures in a DMVPN Environment

  • 17. Group Encrypted Transport (GET) VPN

    • Configuring Key Servers
    • Configuring Group Members
    • High Availability

  • 18. Remote Access VPN Architectures and Technologies

  • 19. Remote Access Solutions Using SSL VPN

    • SSL VPN Overview
    • Configure SSL VPN Parameters
    • Configure Client Authentication Policies
    • Full VPN tunnels
    • AnyConnect Client
    • Clientless VPN Configuration

  • 20. Remote Access Solutions Using EZVPN

    • EzVPN with Dynamic VTIs
    • Cisco IPsec VPN Client
    • Configure Advanced EzVPN Functionality
    • Configure PKI for EzVPN

  • Lab 0: Exclusive - Introduction to the Remote Lab System

    • Remote Labs Familiarity

  • Lab 1: Enhanced - Advanced L2 Security

    • Port ACLs
    • VACLs
    • PVLAN Edge
    • Proxy Router Attacks
    • DHCP Snooping
    • DAI
    • IP Source Guard

  • Lab 2: Enhanced - Network Foundation Protection

    • Routing Protocol Authentication (EIGRP & OSPF)
    • SNMPv3
    • Flexible Netflow
    • uRPF
    • Management Plane Protection
    • Data Plane Protection

  • Lab 3: Enhanced - IOS Zone Based Firewalls

    • Basic Zone Configuration
    • Attack Mitigation
    • URL Filtering
    • HTTP Deep Packet Inspection
    • Stateful Inspections

  • Lab 4: Enhanced - IOS IPS

    • Loading Signature Definition Files
    • Basic Configuration
    • De-Obfuscation
    • IPS Manager Express
    • Signature Actions

  • Lab 5: Enhanced - Site-to-Site VPN using PKI and VTIs

    • Using VTIs
    • IOS CA
    • Enrollments
    • VPN Configuration

  • Lab 6: Enhanced - DMVPN

    • Hub Site Configuration
    • Spoke Site One Configuration
    • Spoke Site Two Configuration
    • Routing Configuration
    • Test and Verify DMVPN Connectivity

  • Lab 7: Enhanced - GET VPNs

    • OSPF Configuration
    • NAT Configuration
    • Key Server Configuration
    • Group Memeber Configuration
    • Configuring other GMs

  • Lab 8: Enhanced - EzVPN

    • EZ-VPN Server Wizard in CCP
    • Ez-VPN Software Based Client
    • Ez-VPN Hardware Based Client
    • Interactive Authentication for Hardware Clients
    • Network Extension Mode

  • Additional Hands-On Labs Available as an Appendix to the Lab Guide

  • Lab A-1: Exclusive - AAA with 802.1X Security

    • RADIUS Configuration
    • Restricted VLANs
    • Guest VLANs
    • CSSC
    • Dynamic VLAN Assignment

  • Lab A-2: Exclusive - SSL Based VPNs

    • Configure Clientless SSL VPN Access
    • Configure and Test Port Forwarding
    • Configure and Test Full Tunnel AnyConnect SSL VPN
    • Configure and Test Cisco Secure Desktop

  • Lab A-3: IOS Best Practices

    • Work with the BOGON List
    • Securing the IOS with AutoSecure
    • Investigating an Attack
    • Beyond What the Auditors Expect

  • Lab A-4: Site-to-Site VPN Using VTIs and PKI

    • Configure an IOS PKI Server
    • Assign an SSL Trustpoint in CCP
    • Enroll the IOS-FW with the CA Server via CCP
    • Configure the IOS-FW for VPN via CCP
    • Enroll the Site1-Rtr with the CA via the CLI
    • Configure the Site1-Rtr for VPN via the CLI
    • Test and Verify the VPN