CIT 2251-002 CCNA Security

INSTRUCTOR
Joanne Wagner
Professor
CCAI, CCNA, CCNA Security, CCNP, CCSP
Computer and Internetworking Technologies CIT!
"pen Campus Center "CC###$%
Phone& '$()*+,-,'*,
.-/ail& wagner0o1cod2edu
"ffice 3ours&
Tuesday)Thursday 4&(( a2m2 to #&(( p2m2
COURSE INFORMATION
5i6ision& Computer and Internetworking Technologies CIT!
Course Name& Networking 7asics
Code& CIT-,,8#-((#
.6enings& Thusday)Thursday
Time& '&$( p2m2 to #(&,( p2m2
9oom& IC,:
DESCRIPTION
Pro6ides the knowledge and hands-on skills re;uired to install, trou%leshoot, and monitor Cisco
security network de6ices2 Students who complete this course will %e prepared to sit for the Cisco
Certified Networking Associate CCNA! Security Certification e<am which is a stepping stone
for 0o% roles such as network security specialist and network security administrator2 CCNA
Security certification is a prere;uisite for %ecoming a Cisco Certified Security Professional
CCSP!2
PREPARATION FOR
The '+(-88$ Implementing Cisco I"S Network Security IINS! e<am is associated with the
CCNA Security certification2 This e<am tests a candidate=s knowledge of securing Cisco routers
and switches and their associated networks2 It leads to 6alidated skills for installation,
trou%leshooting, and monitoring of network de6ices to maintain integrity, confidentiality and
a6aila%ility of data and de6ices and de6elops competency in the technologies that Cisco uses in
its security infrastructure2
PREREQUISITE
CIT##,+ with a grade of >C> or %etter, or CCNA Certification or Consent of Instructor
TEXT AND LAB MANUAL
CCNA Security Course 7ooklet, ?ersion #2( %y Cisco Networking Academy@ IS7N-#(&
#84A#$,+4' pu%lished date of 4)#8),((*!
CCNA Security Ba% /anual %y Cisco Networking Academy@ IS7N-#(& #84A#$,+*+
CCNA Security Cisco Academy "n-Bine Curriculum you will get access on the first e6ening of
class!
Topical Outline:
#2 Cnderstanding network security concepts
D2 Security operations and planning@ risk management
D2 Network security information processing@
D2 Network security education and training
,2 5e6eloping a secure network
D2 Security planning@ e6aluation@ training@ and measures2
D2 5e6eloped and re6iew network security policies
D2 9oles and responsi%ilities
$2 5efending the perimeter
D2 Pu%lic 6s2 pri6ate
+2 Configuring Authentication, authoriEation, and accounting AAA!
82 Securing the router
'2 Constructing a secure infrastructure
A2 Implementing endpoint security
42 Pro6iding Storage-Area Network SAN! security
*2 Securing 6oice solutions
#(2 Csing Cisco I"S firewalls to defend the network
##2 .<tending security and a6aila%ility with cryptography and ?irtual Pri6ate Networks ?PNs!
#,2 Implementing digital signatures
#$2 .<ploring Pu%lic :ey Infrastructure P:I! and asymmetric encryption
#+2 7uilding a site-to-site Internet Protocol Security IPSec! ?PN solution
COURSE OBJECTIVES
Describe the security threats facing modern network infrastructures
Describe network security policies
Describe and list mitigation methods for common network attacks
Describe and list mitigation methods for Worm, Virus, and Trojan Horse attacks
Describe the Cisco Self Defending etwork architecture
Secure Cisco routers
Secure Cisco routers using the SD! Security "udit feature
#se the $ne%Step &ockdown feature in SD! to secure a Cisco router
Secure administrati'e access to Cisco routers by setting strong encryption passwords, e(ec
timeout, login failure rate and using )$S login enhancements
Secure administrati'e access to Cisco routers by configuring multiple pri'ilege le'els
Secure administrati'e access to Cisco routers by configuring role based C&)
Secure the Cisco )$S image and configuration file
)mplement "uthentication, "uthori*ation, and "ccounting +""", on Cisco routers using Cisco Secure
"ccess Control Ser'er +"CS,
-(plain the functions and importance of """
Describe the features of T"C"CS. and /"D)#S """ protocols
Configure """ authentication
Configure """ authori*ation
Configure """ accounting
!itigate threats to Cisco routers and networks using "C&s
-(plain the functionality of standard, e(tended, and named )0 "C&s used by routers to filter
packets
Configure and 'erify )0 "C&s to mitigate gi'en threats +filter )0 traffic destined for Telnet,
S!0, and DDoS attacks, in a network using C&)
Configure )0 "C&s to pre'ent )0 address spoofing using C&)
Discuss the ca'eats to be considered when building "C&s
)mplement secure network management and reporting
#se C&) and SD! to configure SSH on Cisco routers to enable secured management access
#se C&) and SD! to configure Cisco routers to send Syslog messages to a Syslog ser'er
!itigate common &ayer 1 attacks
Describe how to pre'ent &ayer 1 attacks by configuring basic Catalyst switch security features
)mplement the Cisco )$S firewall feature set using Secure De'ice !anager +SD!,
Describe the operational strengths and weaknesses of the different firewall technologies
-(plain stateful firewall operations and the function of the state table
)mplement 2one 3ased 4irewall using SD!
)mplement the Cisco )$S )ntrusion 0re'ention System +)0S, feature set using SD!
Define network based 's5 host based intrusion detection and pre'ention
-(plain )0S technologies, attack responses, and monitoring options
-nable and 'erify Cisco )$S )0S operations using SD!
)mplement site%to%site Virtual 0ri'ate etworks +V0s, on Cisco /outers using SD!
-(plain the different methods used in cryptography
-(plain )nternet 6ey -(change +)6-, protocol functionality and phases
Describe the building blocks of )0Sec and the security functions it pro'ides
Configure and 'erify an )0Sec site%to%site V0 with pre%shared key authentication using SD!
!anaging a Secure etwork
TOPICAL OUTLINE
!odern etwork Security Threats
Securing etwork De'ices
"uthentication, "uthori*ation, and "ccounting
)mplementing 4irewall Technologies
)mplementing )ntrusion 0re'ention
Securing the &ocal "rea etwork
Cryptographic Systems
)mplementing Virtual 0ri'ate etworks
!anaging a Secure etwork
ET!ODS OF EVALUATION
Point 5istri%ution
$n%&ine 7ui**es +889,
&abs:Skills 4inal +889,
$n%&ine 4inal +889,
Accumulated Points)Frade
;<%=<< > "
?<%?; > 3
@<%@; > C
A<%A; > D
B; and below > 4
o )ncompletes gi'en in this course
CLASS POLIC"
COD Stu#e$t C%#e %& C%$#uct'(#&
ADDITIONAL COURSE INFORATION
Cisco site for on%line curriculum, labs, and testsC httpC::cisco5netacad5net
3log SiteC httpC::www5joannewagnersblog5blogspot5com
)EE*L" SC!EDULE
0rior to Coming to Class, readC
o Chapter = !odern etwork Security Threats5ppt
Week =C =<:=; D =<:1=
o Chapter 1 Securing etwork De'ices5ppt
Week 1C =<:1A D =<:1?
o Chapter 8 """5ppt
Week 8C ==:1 D ==:E
o Chapter E )mplementing 4irewall Technologies5ppt
Week EC ==:; D ==:==
o Chapter B )ntrustion 0re'ention System5ppt
Week BC ==:=A D ==:=?
o Chapter A Securing the &ocal "rea etwork5ppt
Week AC ==:8< D =1:1
o Chapter @ Cryptographic Systems5ppt
o Chapter ? )mplementing Virtual 0ri'ate etworks5ppt
Week @C =1:@ D =1:;
o Chapter ; !anaging a Secure etwork5ppt
Week ?C =1:=E D =1:=A
o Skills 4inal
$n%&ine 4inal