CCNA Security course covers security policy and how it works in the real-time, how to analyze and mitigate attacks affects in the network.
This course also covers basic tasks to secure a small branch type office network using Cisco IOS security features available through web-based GUIs (Cisco Router and Security Device Manager [SDM]) and the command-line interface (CLI) on the Cisco routers and switches.

The following enhanced objectives in the IINS:

• Self-signed certificate management in IOS routers
• Spoof mitigation with Unicast reverse path forwarding
• Route table protection with route authentication
• Ethical hacking
• NAT coverage
• GRE over IPsec, which provides a VPN solution that is compatible with ZBF

Objectives:

• Develop a comprehensive network security policy to counter threats against information security
• Configure routers with Cisco IOS Software security features, including management and reporting functions
• Configure a Cisco IOS zone-based firewall (ZBF) to perform basic security operations on a network
• Configure site-to-site VPNs using Cisco IOS features
• Configure IPS on Cisco network routers
• Configure security features on IOS switches to mitigate various Layer 2 attacks
• Configure Network Address Translation (NAT) to allow connectivity from the internal network to the external network
• How a network can be compromised using freely available tools
• Implement line passwords, and enable passwords and secrets
• Examine Authentication, Authorization, and Accounting (AAA) concepts and features using the local database
• Run an SDM security audit and analyze the results
• Configure packet filtering on the Perimeter Router
• Define a virtual tunnel interface Using GRE with IPsec

Who Can Take This Course

• Network designers
• Network and security administrators
• Network, systems, and security engineers
• Network and security managers

Pre-requisites

• ICND1 and ICND2 or CCNA Boot Camp
• Working knowledge of the Windows operating system

Course Content

1. Exclusive - NAT and PAT

• Basics of NAT and PAT
• Configuring NAT and PAT
• Maintaining NAT and PAT
• Advanced Concepts

2. Introduction to Network Security Principles

• Network Security Fundamentals
• Network Attack Methodologies
• Operations Security
• Security Policy
• Building Cisco Self-Defending Networks
• Cryptographic Services
• Symmetric Encryption
• Cryptographic Hashes and Digital Signatures
• Asymmetric Encryption and PKI

3. Perimeter Security

• Securing Administrative Access to Cisco Routers
• Cisco SDM
• Configuring AAA on a Cisco Router Using the Local Database
• Configuring AAA on a Cisco Router to Use Cisco Secure ACS
• Implementing Secure Management and Reporting
• Locking Down the Router

4. Network Security Using Cisco IOS Firewalls

• Firewall Technologies
• Creating Static Packet Filters Using ACLs
• Configuring Cisco IOS Zone-Based Policy Firewall

5. Site-to-Site VPNs

• IPsec Fundamentals
• Building a Site-to-Site IPsec VPN
• Configuring IPsec on a Site-to-Site VPN Using Cisco SDM
• IPsec over GRE

6. Network Security Using Cisco IOS IPS

• IPS Technologies
• Configuring Cisco IOS IPS Using Cisco SDM

7. LAN, SAN, Voice, and Endpoint Security Overview

• Endpoint Security
• SAN Security
• Voice Security
• Mitigating Layer 2 Attacks

Certifications and Follow-On Courses

This course is part of the following programs or tracks:

• CCNA Security

Exams

• 640-553 IINS

Follow-On Courses

• SECURE - Securing Networks with Cisco Routers and Switches
• FIREWALL - Deploying Cisco ASA Firewall Solutions
• VPN - Deploying Cisco ASA VPN Solutions
• IPS - Implementing Cisco Intrusion Prevention System

Course Schedules