About Us   |   Delivery Methods  |   Photo Gallery   |   Enquiry
Home | Courses | Cisco | SECURE

SECURE - Securing Networks with Cisco Routers and Switches

  • Description
  • What you Will Learn
  • Who needs to Attend & Pre-requisite
  • Course Outline
  • Schedule

Course Description

In this class, you will learn the industry best practices for securing your Cisco routers and switches. You will learn to secure switches, including advanced Layer 2 security and Identity-Based Networking Services (IBNS) based on IEEE 802.1x. You will cover network platform security, VPN, Firewall, and IPS, and you will learn to secure a router's control, plane, and management planes.

You will spend a large portion of the class on advanced VPN topics, including:

* Using digital certificates for VPN authentication

* GRE over IPsec

* Virtual Tunnel Interfaces

* Dynamic Multipoint VPN (DMVPN)

* Group Encryption Transport VPN (GET VPN)

* Remote access IPsec VPN with the Easy VPN Server

* Cisco VPN Client and Easy VPN Remote (hardware client)

* SSL VPN

Duration
5days
Cost
S$4,300

What You'll Learn

  • Advanced IOS security technologies for locking down routers and switches: 802.1x, COPP/COPr, and user-based authentication
  • Various VPN technologies and their use in production environments: DMVPN, GRE, GRE w/ IPSEC, IPSEC, GET, Ez-VPN, and SSL
  • IOS IPS exploration with IME and Cisco configuration professional
  • Launch live attacks against the network using BackTrack4 and learn mitigation techniques
  • Use Cisco IME software to monitor alerts from the IOS IPS process
  • Use the new Cisco Configuration Professional tool to configure IPS
  • Advanced IPS topics: event action overrides, event action filters, signature tuning, and custom signature creation

Who Needs to Attend

  • Internetwork professionals who want to ensure security of their network using IOS devices
  • Anyone seeking to learn the latest features in IOS 15.0 code to evaluate for their production environments
  • Internetwork professionals who seek CCNP Security certification

Pre-requisites

IINS - Implementing Cisco IOS Network Security

Course Outline

1. Network Foundation Controls

  • Control, Data, and Management Planes

2. Advanced Switched Data Plane Security Controls

  • Common Layer 2 Attacks
  • PVLANs
  • DHCP Attacks
  • ARP Poisoning
  • IP Source Guard

3. Cisco Identity-Based Network Services

  • 802.1 Overview
  • ACS Integration with 802.1x
  • Cisco Secure Services Client
  • EAP Overview

4. Basic 802.1x Features

  • 802.1x Switch Configuration
  • ACS and EAP-FAST Configuration
  • CSSC as an 802.1x Supplicant

5. Advanced Routed Data Plane Security Controls

  • Unicast Reverse Path Forwarding
  • Flexible Packet Matching Configuration
  • Flexible Netflow

6. Advanced Control Plane Security Controls

  • Deploy Infrastructure ACLs
  • Control Plane Policing
  • Control Plane Protection
  • Routing Protocol Authentication
  • Routing Protocol Filtering

7. Advanced Management Plane Security Controls

  • Configure IOS Software Management Access Controls
  • Configure Role-Based Access Controls
  • Configure SNMP in IOS
  • Digitally Signed IOS Images
  • CPU and Memory Thresholding

8. Cisco IOS Software Network Address Translation

  • IOS Static NAT and PAT Configurations
  • IOS Dynamic NAT and PAT Configurations

9. Basic Zone-Based Policy Firewalls

  • Zone-Based Policy Firewalls Zone Pairs
  • Configure Layer 3/4 Inter-Zone Access Policies
  • Configure Layer 3/4 Intra-Zone Access Policies
  • ZBPFW Inspection of Control Plane and Management Plane Traffic
  • Tune ZBPFW Stateful Engine and Connection Settings
  • Configure ZBPFW Transparent Mode and VRF Support

10. Advanced Zone-Based Policy Firewalls

  • Configure Layer 7 Zone-Based Policy Firewalls
  • Configure Zone-Based Policy Firewalls with User Policies
  • Configure Zone-Based Policy Firewall URL Filtering

11. Cisco IOS Software IPS

  • IOS IPS Signature Policies
  • Tune Cisco IOS Software IPS Signature Policies
  • IPS Signature Auto Update
  • Select an IPS Monitoring Solution

12. Site-to-Site VPN Architectures and Technologies

  • Cryptographic Controls

13. VTI-Based Site-to-Site IPsec VPNs

  • Virtual Tunnel Interfaces
  • Pre-Shared Keys
  • Static VTIs
  • Dynamic VTIs

14. Scalable Authentication in Site-to-Site IPsec VPNs

  • PKI Overview
  • Configure the IOS Certificate Server
  • IOS CA and PKI enrollment

15. DMVPNs

  • Generic Routing Encapsulation (GRE)
  • NHRP Client and Server
  • DMVPN Hub and Spoke Configurations
  • Verify Dynamic Routing in a DMVPN Environment

16. High Availability in Tunnel-Based IPsec VPNs

  • IPsec High Availability Features
  • Routing Protocols for HA
  • Mitigating Failures in VTI Environments
  • Mitigating Failures in a DMVPN Environment

17. Group Encrypted Transport (GET) VPN

  • Configuring Key Servers
  • Configuring Group Members
  • High Availability

18. Remote Access VPN Architectures and Technologies

  • Cryptographic Controls

19. Remote Access Solutions Using SSL VPN

  • SSL VPN Overview
  • Configure SSL VPN Parameters
  • Configure Client Authentication Policies
  • Full VPN tunnels
  • AnyConnect Client
  • Clientless VPN Configuration

20. Remote Access Solutions Using EZVPN

  • EzVPN with Dynamic VTIs
  • Cisco IPsec VPN Client
  • Configure Advanced EzVPN Functionality
  • Configure PKI for EzVPN

SECURE - Securing Networks with Cisco Routers and Switches

Start DateEnd DateCourse FeeCourse Code
Monday, Feburary 20, 2012Friday, Feburary 24, 2012S$4300SECURE
Monday, April 16, 2012Friday, April 20, 2012S$4300SECURE
Monday, June 18, 2012Friday, June 21, 2012S$4300SECURE
Monday, August 6, 2012Friday, August 10, 2012S$4300SECURE
Monday, September 3, 2012Friday, September 7, 2012S$4300SECURE
Monday, October 1, 2012Friday, October 5, 2012S$4300SECURE
Monday, November 5, 2012Friday, November 9 , 2012S$4300SECURE
Monday, December 3, 2012Friday, December 7, 2012S$4300SECURE
    
  
  

Take a Tour