Services
Convergent Communications, Inc. - A Cisco Systems Learning Partner
Business/Enterprise Solutions Certification Packages
Cisco AS Courses
E-Learning About CCI
Consulting Home Page
Courses Schedules & Pricing Registration Contact Us
Product Training
Deploy Assure
BUILDING ENHANCED SECURITY NETWORKS


Course Description

Course Objectives

Course Audience

Prerequisites

Course Outline & Labs

AES COURSES INDEX

 Building Enhanced Cisco Security Networks Boot Camp

Course Description

Network security has become increasingly important because of the increased number of network threats from worms and easy-to-use distributed-denial-of-service (DDoS) tools. Because companies can suffer substantial financial and intellectual losses, they must be proactive in their approach to network security threats and events, and they are investing in network security products to provide a safe environment for their employees and customers.

The Building Enhanced Cisco Security Networks Boot Camp teaches students how to create a network security policy, an often overlooked but vital part of any network security deployment, as well as deploy several emerging security technologies. In practical labs, students will build a dynamic multipoint VPN (DMVPN), set up High Availability for IPSec (IPSec-HA), configure Cisco® VPN concentrators and Cisco PIX® firewalls for remote access management, modify a site-to-site VPN for split tunneling, secure network management, and set up Identity-Based Network Services (IBNS) for a wireless environment.

To test the students' understanding of the course materials, the final phase of the class will be a network attack in which various tools will be used to attempt to gain access to their networks.

TOP
Course Objectives

Course Objectives are as follows:

  • Given a network topology and network assessment from Cisco Advanced Services, develop and document a comprehensive security policy that fulfills all requirements of the network assessment.
  • Given a remote office network and an edge router, configure split tunneling to send unencrypted traffic to the Internet so that users can display a Web page outside of the IPSec tunnel.
  • Given a VPN software client and core student pod, configure the Cisco VPN concentrator and Cisco PIX firewall to provide secure Web browsing for the remote office by securing the VPN tunnel as it exits the core student pod network.
  • Given a VPN software client, a Cisco PIX 515E Firewall, and a Cisco VPN 3005 Concentrator, configure the VPN concentrator to manage hosts by creating IP pools and use the PIX 515E Firewall to successfully allow local student pod access and deny remote student pod access based on documented security policy.
  • Given a core student pod and an edge VPN router, configure the router to be a Next Hop Routing Protocol (NHRP) client router by having it register with the NHRP hub in the core network.
  • Given an NHRP client router, successfully connect to the peer pod client routers through the DMVPN network.
  • Given a remote office and a redundant pair of Cisco 2600 Series multi service routers, configure the routers for High Availability IPSec and verify using the failover sequence and reverse route injection.
  • Given a remote office and a redundant pair of Cisco VPN 3005 concentrators, configure the VPN concentrators for a High Availability cluster and verify using the failover sequence.
  • Given a core student pod, configure the Simple Network Management Protocol (SNMP) routers for Secure Shell (SSH) Protocol and log in using the SSH client on the student PC.
  • Given a core student pod, configure the SNMP routers for SNMP View and SNMP ACL and verify using SNMP walk and log keywords.
  • Given a core student pod, configure the SNMP routers for SNMP version 3 using the SNMP server and v3 keywords and verify using the SNMP walk and log keywords.
  • Given a core student pod, configure Cisco Secure ACS for RADIUS authentication and Certificate Authority (CA) server query. Verify with a successful login.
  • Given a remote office, configure the Cisco Wireless Application Protocol (WAP) for 802.1X port-based authentication and verify with a successful RADIUS login to a student pod Cisco Secure ACS server, and by obtaining a certificate from the core CA server.
  • Given the security policy developed at the beginning of the class and a set of threat management criteria, document a threat response procedure that fulfills the requirements of the threat management criteria.
  • Given a core student network, configure Cisco Secure Intrusion Detection System to respond to active internal and external network threats by reporting threats and making corresponding configuration changes.
  • Given a core student network, configure a Cisco PIX Firewall to respond to active internal and external network threats by reporting threats and making corresponding configuration changes.
  • Given a core student network, configure Cisco routers to respond to active internal and external network threats by reporting threats and making corresponding configuration changes.

TOP

Course Audience

This course is intended for the following audiences:

  • Design security networks based on Cisco security products
    Implement end-to-end Cisco security services.
  • Deploy networks using Cisco security services.

TOP
Prerequisites

Course prerequisites are as follows:

  • Cisco IOS® router, routing fundamentals, and IP addressing knowledge covered in the Interconnecting Cisco Networking Devices (ICND) course, or equivalent experience preferred; CCNA® certification required.
  • Managing Cisco Network Security 3.0 or equivalent experience with security products based on Cisco IOS Software (recommended)
  • Cisco Secure PIX Firewall Advanced 3.1 or equivalent experience with the configuration of Cisco PIX firewalls (recommended)
  • Cisco Secure Intrusion Detection System 3.0 or equivalent experience configuring Cisco Secure IDS products (recommended)
  • Cisco Secure Virtual Private Networks 3.1 or equivalent experience configuring Cisco Secure VPN products (recommended)
  • Cisco Aironet® Wireless LAN Fundamentals 3.0 or equivalent experience configuring Cisco wireless products (recommended)

TOP

Network Topology

Network Topology

Course Outline - 5 Days

  1. Introduction
  2. Detailed security policy creation
  3. IPSec overview
  4. Configuring split tunneling
  5. Implementing DMVPN
  6. Deploying IPSec-High Availability (IPSec-HA)
  7. Configuring Cisco Secure VPN concentrators and Cisco Secure PIX firewalls for user management
  8. Securing Cisco network management
  9. Deploying IBNS for a wireless network
  10. Active network attacks

Course Labs

  1. Developing a network security policy
  2. Configure Cisco IOS Software for site-to-site VPN using IPSec
  3. Configure a remote office for split tunneling
  4. Configure a hub site to provide secure Internet access to remote users
  5. Configure an NHRP router to participate in a DMVPN
  6. Configure high availability between IPSec routers
  7. Configure Cisco Secure VPN concentrators for a redundant cluster
  8. Configure Cisco Secure VPN concentrators and Cisco Secure PIX firewalls for user management
  9. Configure Cisco IOS Software for SSH
  10. Configure SNMP v3 and SNMP access control lists (ACLs)
  11. Configure Cisco Secure ACS for CA integration
  12. Configure a wireless network for 802.1X using Cisco Secure ACS
  13. Create a threat response procedure for the network security policy
  14. Configure Cisco PIX Firewall, Cisco Secure IDS, and Cisco context-based access control to respond to network threats



TOP


301-565-0138 : info@ccitraning.net

Courses | Schedule | Registration | Contact Us | Homepage | Related Links
Business/Enterprise Solutions | E-Learning | Consulting | Certification Packages | CISCO AES Courses | About Us

© Convergent Communications, Inc.