Securing Cisco Network Devices (SND)

5-day entry level course

Course Description

In this 5-day, entry-level network security course, you'll learn basic concepts such as network security policies, network attack methods, and threat mitigation techniques, along with the Cisco security product portfolio.

You will examine the most important security technologies, including hardening Cisco IOS routers and switches against attack, Layer 2 security, stateful firewalling, Intrusion Prevention Systems (IPS), and Virtual Private Networks (VPNs).

SND 2.0 prepares you for the 642-552 SND exam as well. Professionals who pass the SND exam and the CCNA exam are awarded both the Cisco Information Security Specialist certification and the CNSS 4011 InfoSec Professional certification.

Exam 642-552 SND is required for the Cisco Certified Security Professional certification and for several Cisco Qualified Specialist certifications, including: Cisco Firewall Specialist, Cisco IPS Specialist, and Cisco VPN Specialist.

Course Objectives

• Importance of security policies to the implementation of secure networks
• Recognize threats and vulnerabilities to networks and implement basic mitigation measures
• Products that form the basis of the Cisco security portfolio
• Various common security vulnerabilities and network attack methodologies
• Mitigation of common security vulnerabilities
• Hands-on experience with tools used by network attackers, including:
  • Port scanning
  • Port forwarding
  • Buffer overflow
  • ARP cache poisoning
• Hands-on experience with the security features of Cisco IOS Routers, including:
  • Security Device Manager
  • Securing the router itself
  • Authentication and authorization
  • SSH and HTTPS
  • Access control lists
  • Stateful firewalling
  • IOS Intrusion Prevention System
  • Site-to-Site VPN
  • Remote-Access VPN
• Hands-on experience with the security features of Cisco IOS Switches, including:
  • Port Security
  • Private VLAN Edge
  • DHCP Snooping
  • Dynamic ARP Inspection
• Discussion of specialized security devices and systems including PIX Firewalls, Adaptive Security Appliances, the 4215 IPS Sensor family, Cisco
• Security Agent, and the 3000 VPN Concentrator series.

Intended Audience

Network professionals who need to understand basic security concepts, require the basic knowledge and skills needed to deploy Cisco security, and are seeking CCSP certification, Cisco Qualified Specialist Certifications in Firewall, VPN, or IPS, or Cisco Information Security Specialist certification

Prerequisites

Student prerequisites are an understanding of the following topics:

• TCP/IP protocol
• HTTP and SSL protocols
• N-tier application architecture
• Server load-balancing

Course Outline

1. Appendix A:
2. Introduction to Network Security Policies
3. Securing the Perimeter
4. Securing LAN and WAN Devices
5. Cisco IOS Firewall Configuration
6. Securing Networks with Cisco IOS IPS
7. Building IPsec VPNs

Course Labs

• Lab 1: Remote Lab Environment
• Lab 2: Network Address Translation
• Lab 3: Ethical Hacking
• Lab 4: Securing Administrative Access
• Lab 5: AAA with the Local Database
• Lab 6: SDM Security Audit
• Lab 7: Exclusive - Secure Management
• Lab 8: Catalyst Security Features
• Lab 9: Access Control Lists\
• Lab 10: IOS Stateful Firewall
• Lab 11: IOS Intrusion Prevention Systems
• Lab 12: Site-to-Site VPN
• Lab 13: Remote-Access VPN