Securing Networks with Cisco Routers and Switches v3.0 (SNRS)

Cisco Course v3.0 | Prepares you for Cisco Exam 642-504 SNRS

Course Description

Discover advanced concepts in IOS router and switch security in this course that starts where IINS v1.0, core training for the CCNA Security Associate certification, stops. In SNRS v3.0, a component in the Cisco Certified Security Professional certification, you will take your IOS router and switch security skills to the professional level.

You'll cover switch topics, including advanced Layer 2 security and Identity-Based Networking Services (IBNS) based on IEEE 802.1x, and you'll cover router topics, including network platform security, VPN, firewall, and IPS. Learn how to secure a router's control plane, data plane, and management plane. You will spend a large portion of the class covering advanced VPN topics, including using digital certificates for VPN authentication, GRE over IPsec, Dynamic Virtual Trunk Interfaces, Dynamic Multipoint VPN (DMVPN), Group Encryption Transport VPN (GET VPN), remote access IPsec VPN with the Easy VPN Server, Cisco VPN Client and Easy VPN Remote (hardware client), and SSL VPN. Examine both the newer Zone-Based Policy Firewall (ZFW) as well as the traditional Context-Based Access Control (now referred to as IOS Classic Firewall). You'll cover advanced IPS topics as well, including event action overrides, event action filters, signature tuning, and custom signature creation.

Following classroom instruction, you will receive 5 e-Lab credits for post-class lab practice, allowing you to hone your skills using the same hands-on lab equipment you used in the classroom

Course Objectives

In this course students will learn:

• Layer 2 Security: Attack methods and techniques to mitigate the attacks
• Identity Based Networking Services: 802.1x authentication and authorization with Cisco switches
• Network Foundation Protection: Secure an IOS router's control plane, management plane, and data plane
• VPN Connectivity:
• IPsec overview
• Site-to-site IPsec VPN using public key infrastructure and digital certificates for authentication
• Virtual tunnel interfaces
• GRE over IPsec
• High-availability VPN options
• Dynamic Multipoint VPN
• Group Encryption Transport VPN
• Cisco IOS SSL VPN (WebVPN)
• Easy VPN Server, Remote, and Client for Remote Access IPsec VPN
• Protect your network with Cisco IOS Classic Firewall and Cisco IOS Zone-Based Policy Firewall
• Defend against threats on your network using IOS Intrusion Prevention Systems

Intended Audience

Internetwork professionals who want to ensure security of their network using IOS devices that are already common in their network Internetwork professionals who seek Cisco Certified Security Professional (CCSP) certification.

Prerequisites

• ICND1 - Interconnecting Cisco Network Devices 1
• ICND2 - Interconnecting Cisco Network Devices 2
• IINS - Implementing Cisco IOS Network Security

Course Outline

1. Network Platform Security with Switches
• Configuring Advanced Layer 2 Security
• Introducing Cisco IBNS
• Implementing Basic 802.1x Authentication
• Configuring Advanced 802.1x Authentication and Authorization
2. Network Platform Security with Routers
• Examining the Cisco Network Foundation Protection Strategy
• Securing the Control Plane
• Securing the Management Plane
• Securing the Data Plane
3. Secure Site-to-Site Communications
• Examining VPN and IPsec Fundamentals
• Implementing IPsec VPNs with PKI
• Implementing GRE over IPsec
• Configuring High-Availability VPNs and VTI
• Implementing DMVPN
• Implementing GET VPN
4. Secure Remote Access Communications
• Implementing Cisco IOS Remote Access using Cisco Easy VPN
• Examining a Cisco IOS SSL VPN
5. Threat Control and Containment
• Configuring NAT and PAT
• Configuring a Cisco IOS Classic Firewall
• Configuring a Cisco IOS Zone-Based Policy Firewall
• Configuring Cisco IOS IPS

Course Labs

The enhanced SNRS v3.0 hands-on labs are beyond what you'll find in a standard Cisco SNRS v3.0 course, providing more realistic and robust scenarios. The root of our enhancements lies in the topology that we provide. The standard Cisco SNRS v3.0 labs provide a very simple topology based on the ICND topology that includes a single switch and a single router per pod with two PC instances - a setup that works well for covering associate-level routing and switching concepts. The motivation for Cisco's topology is compatibility with their standard IINS and ICND topologies.

More appropriate for professional-level security training, our SNRS v3.0 topology combines our standard FSA topology with a router supplement. Each SNRS v3.0 pod has four routers, two switches, and ten PC instances. The topology provides a main site with an internal network with multiple subnets and a DMZ for public services, along with two remote site networks and a simulated Internet. PC systems are strategically placed in the topology, and services such as DNS, SMTP, FTP and HTTP are configured realistically.

• Lab 1: Advanced Layer 2 Security
• Lab 2: Layer 2 AAA with 802.1x
• Lab 3: Cisco Network Foundation Protection
• Lab 4: Site-To-Site VPN with PKI
• Lab 5: IPsec Redundancy using GRE
• Lab 6: DMVPN
• Lab 7: GET VPN
• Lab 8: Cisco Easy VPN
• Lab 9: IOS SSL VPN
• Lab 10: IOS Classic Firewall
• Lab 11: IOS Zone-Based Policy Firewall
• Lab 12: IOS IPS