header
headerhomeService AreasCourse CatalogTraining SchedulesEnrollAbout UsCareers
   

 

Defending Complex Core Networks From Attacks (DCCNA)

Powerful 5 Day Course

Course Description

This hands-on course will help experienced engineers who support large complex networks, whether service provider, ISP or large enterprise to respond to the ongoing challenges of security and infrastructure protection. It will show engineers how to recognize when they are under attack as well as how to effectively react to such attacks.

Students will learn how to use Cisco Systems® capabilities and industry-available tools to classify and react to attacks as well as methods for collaborating with peers and vendors. Through this lab-intensive training, students will have the opportunity to implement a security structure that allows them to proactively defend their network and respond more quickly to ever-changing attacks.

Each student will partner with another peer during the bootcamp to own and defend their own workgroup, consisting of Cisco® routers and switches and associated industry tools. Each of these workgroups simulates a service provider infrastructure that includes an ISP, sinkholes, and peering modules.

 

Course Objectives

Upon completion of this course, students will be able to complete the following tasks:

  • Describe how the service provider infrastructure is attacked
  • Explain how basic protocols are attacked
  • Describe packet inspection and filtering
  • Identify the characteristics and capabilities of secure routing
  • Explain the role of advanced filtering and hardware support in service provider security
  • Apply basic surveillance methods to identify attacks
  • Apply advanced surveillance methods to identify attacks
  • Describe basic traceback and backscatter traceback techniques
  • Divert traffic to sinkholes, using multiple routing techniques
  • React to attacks by applying special routing and remote triggering techniques
  • Apply classification, inspection, and filtering techniques to anomaly analysis
  • Explain the role of peering modules in service provider security
  • Describe routing protocol vulnerabilities
  • Explain the security applications of Border Gateway Protocol (BGP) in the point of presence (POP)
  • Apply analytical advanced traceback techniques to react to attacks
  • Detect and react to worms
  • Detect and mitigate distributed-denial-of-service (DDoS) attacks

Course Audience

This course is intended for service provider (including ISP) network operators and security engineers who perform the following tasks:

  • Establish a security structure
  • Monitor for and recognize when they are under attack
  • Effectively respond to attacks

 

Prerequisites

Before attending this course, students must have the following:

  • Detailed knowledge of classless interdomain routing (CIDR) IP addressing
  • Detailed knowledge of BGP configuration, as provided by the Cisco Advanced Services Building Core Networks with OSPF, BGP, and MPLS Bootcamp
  • CCNA® level or equivalent industry experience recommended, CCNP® level or equivalent experience preferred

 

Network Topology

Network Topology

 

Course Outline & Labs

Course Outline
Lab Outline

Key Concepts in Service Provider Security: Preparation

  • Attacking Service Provider Infrastructure
  • Attacking Basic Protocols
  • Introduction to Packet Inspection and Filtering
  • Addresses, Routes, and Service Provider Security
  • Advanced Filters and Hardware Support

Service Provider Security Identification

  • Basic Surveillance
  • Advanced Surveillance Tools
  • Basic Traceback and Backscatter
  • Introduction to Sinkholes
  • Special Routing and Remote Triggering

Classification

  • Classification Inspection and Filtering
  • New Peering Concepts
  • Routing Protocol Vulnerabilities
  • BGP in the POP

Traceback and Reaction

  • Advanced Traceback
  • Worm Detection
  • Reaction to Worms
  • DDoS and Botnet Detection and Mitigation

Key Concepts in Service Provider Security: Preparation

  • Familiarization and Basic Baselining
  • Watch an Attack
  • Survey the Damage
  • Verify Operational Validity of Source Addresses
  • Basic Infrastructure Filtering
  • Scaling Packet Inspection in the Preparation Phase

Service Provider Security Identification

  • Identification Phase Basic Inspection and Enabling Cisco IOS® Software Data Sources
  • Surveillance Tools
  • Backscatter
  • Sinkholes
  • Remote Triggering

Classification

  • Basic Inter-Autonomous System Attacks
  • Attacking and Protecting Routing Protocols
  • POPs, BGP, and Service Provider Security

Traceback and Reaction

  • Characterization of an Exploit
  • Sensor Correlation and Worm Detection
  • Mitigating Worm Effects


TOP

 

 
 

Course Description

Course Objectives

Intended Audience

Prerequisites

Network Topology

Course Outline & Labs

 

 
 

 

    
 
Course Catalog Training Schedules Enroll Training Locations Cancellation Policy Contact Us Related Links Site Map
Service Areas Careers About Us Customer Quotes News & Events
 

CCIP, CCIE, CCDA, CCDP, CCNP, CCNA, VLANDirector, TrafficDirector, CiscoWorks 2000, ONS 15454 Secure PIX Firewal, Secure Virtual Private Networks, Cisco, Cisco Systems, Cisco Systems Logo, Catalyst, EtherChannel, IOS and LightStream are registered trademarks of Cisco Systems, Inc. or its affiliates in the US and certain other countries.