Advanced Security for Field Engineers (ASFE)

Powerful 5-Day Hands on Course

Course Description

This course is designed exclusively for Cisco Channel Partners and Account Managers and prepares you for the Cisco Advanced Security Field Specialist exam (642-567 ASFE). Achieving Cisco Advanced Security Field Specialist certification demonstrates that you have the hands-on knowledge and skills necessary to install, configure, operate, and troubleshoot Network Admission Control (NAC) and Cisco Security Monitoring Analysis and Response System (CS-MARS). By applying operational knowledge of NAC and CS-MARS, the Cisco Advanced Security Field Specialist has the skills and knowledge needed to effectively identify, manage, and counter threats to secure networks.

This ASFE course covers claims and evidence identified for the new Cisco Advanced Security FE Specialization. Emerging network security threats, such as viruses, worms, and spyware, continue to plague customers and drain organizations of money, productivity, and opportunity. Cisco's Self-Defending Network solutions can dramatically improve the ability of the network to automatically identify, prevent, and adapt to security threats. In this course, you will learn how three innovative technologies from Cisco can secure your network.

Course Objectives

After completing this course the student should be able to:

• Introduce Cisco NAC components and posture validation process flow
• Procedures required to configure and administer Cisco Secure ACS for Cisco NAC
• Commands required to configure and administer a Cisco router for use as a Cisco NAC Network Access Device
• Commands required to configure and administer a Cisco switch for use as a Cisco NAC Network Access Device
• Processes required to configure and administer Cisco NAC agents
• CANAC solution and various CCA deployment options
• Configure User Roles, external authentication, and DHCP for CANAC deployments
• Implement Cisco Clean Access Out-of-Band deployment
• Manage switches and routers for CANAC deployments
• CANAC implementation options: In-Band deployment, CCA on Network, Network Scanning, and CCA on user devices
• Use CANAC Manager to monitor operational information for CCA deployment, including information on user activity, syslog events, and network configuration changes
• Use Administration Module of the CANAC Manager to configure internal administration settings, such as its interface addresses, DNS servers, and other network information
• MARS solution, features, and functions
• Given MARS software and hardware appliance, cover the basic physical installation process
• Add reporting devices into MARS appliance
• Configure security devices to generate interesting events that constitute an attack scenario and have MARS collect the interesting events for incident investigation
• Attack mitigation and false positive confirmation in context to MARS appliance
• Configure appliance to perform incident investigation and attack mitigation
• Create, view, and save a long-duration query and reports on the MARS appliance
• Configure the MARS appliance to send an alert
• Configure a rule (or rules) that detect interesting patterns of network activity and other anomalous network behavior
• Use management features in the MARS appliance to assign event, addressing, service, and user information
• Configure hardware maintenance chores such as viewing audit trail, data archiving, hot swapping hard drives, and upgrading software on MARS appliance
• Provide overview of MARS Global Controller

Intended Audience

Cisco Channel Partner and Account Managers who are preparing for their Cisco Routing and Switching Field Specialist exam.

Prerequisites

Student prerequisites are an understanding of the following topics:

• Cisco Certified Network Associate (CCNA)

Course Outline

1. Implementing Cisco NAC
   • Understanding Cisco NAC
   • Configuring Cisco Secure ACS for Cisco NAC
   • Configuring Cisco Routers for NAC
   • Configuring Cisco Switches for NAC
   • Configuring Cisco NAC Agents
2. Implementing CANAC
   • Introducing Cisco Clean Access
   • Introducing Cisco Clean Access Deployment Options
   • Configuring User Roles
   • Configuring External Authentication
   • Configuring DHCP
   • Implementing Cisco Clean Access Out-of-Band Deployment
   • Implementing Cisco Clean Access In-Band Deployment
   • Managing Switches and Routers
   • Implementing Cisco Clean Access on a Network
   • Implementing Network Scanning
   • Configuring the Cisco CAM to Implement Clean Access Agent on User Devices
   • Monitoring Cisco Clean Access Deployment
   • Administering Cisco Clean Access Manager
3. MARS Introduction and Installation
   • Cisco Security Monitoring, Analysis and Response System Overview
   • Adding Cisco Security and Network Devices into MARS Appliance
   • Adding Non-Cisco Security and Network Devices into MARS Appliance
   • Network Summary
   • Incident Investigation
   • Create Queries and Reports
   • Sending Notifications
   • MARS Rules
   • MARS Management
   • MARS System Maintenance
   • MARS Global Controller Overview

Course Labs

• Lab 1: Configuring Cisco Secure ACS for Cisco NAC
• Lab 2: Configure a Cisco Router as a NAD
• Lab 3: Verify Clientless Hosts
• Caution Lab 4: Manually Install Cisco Trust Agent
• Lab 5: Configure a Cisco Switch as a NAD
• Lab 6: Configuring a Trend Micro Policy Server
• Lab 7: Prepare the Cisco CAM to Support Web-based Administration Console Configuration
• Lab 8: Configure User Roles
• Lab 9: Adding a Cisco CAS to the Cisco CAM
• Lab 10: Configure SNMP, Switch, and Port Profiles
• Lab 11: Configure Network Scanning
• Lab 12: Configure Cisco Clean Access Agent
• Lab 13: Install the MARS Appliance
• Lab 14: Adding Reporting Devices into MARS appliance
• Lab 15: Generating Summary Reports
• Lab 16: Incident Investigation
• Lab 17: Creating Custom Reports
• Lab 18: Creating Rules