Asheville-Buncombe Technical Community College Department of Networking Technology. Course Outline

Transcription

1 Course Number: SEC 150 Course Title: Security Concepts Hours: 2 Lab Hours: 2 Credit Hours: 3 Course Description: This course provides an overview of current technologies used to provide secure transport of information across networks. Topics include data integrity through encryption, Virtual Private Networks, SSL, SSH, and IPSec. Upon completion, students should be able to implement secure data transmission technologies. This is a Cisco Networking Academy course. Prerequisites: SEC 110, NET 110 or NET 125 Corequisites: None Course Content Objectives: Upon successful completion of this course students will be able to: Describe the security threats facing modern network infrastructures Secure network device access Implement AAA on network devices Mitigate threats to networks using ACLs Implement secure network management and reporting Mitigate common Layer 2 attacks Implement firewall features Implement IPS features Implement site-to-site IPSec VPNs Administer effective security policies General Education Objectives: 1) Communicate effectively in speaking, writing, reading and/or listening. 2) Locate, evaluate, and use information to analyze problems and make logical decisions. 3) Apply math skills to make calculations related to distance, time, and conversion. 4) Demonstrate basic competency in computer technology. 5) Demonstrate the ability to succeed as a self-directed learner. 6) Apply critical thinking skills to analyze implementation and troubleshooting situations. 1 of 8

2 Methods of : Asheville-Buncombe Technical Community College Course Specific Objective Describe the security threats facing modern network infrastructures Secure network device access Implement AAA on network devices Mitigate threats to networks using ACLs Implement secure network management and reporting Associated Learning Activity Methods of (Direct) Methods of (Indirect) General Education Reinforcement 1, 2, 4, 5 1, 2, 4, 5, 6 1, 2, 4, 5, 6 2 of 8

3 Mitigate common Layer 2 attacks Implement firewall features Implement firewall features Implement site-tosite IPSec VPNs Administer effective security policies Topical Outline: 1. Modern Network Security Threats 1.1. Fundamental Principles of a Secure Network 3 of 8

4 Evolution of Network Security Drivers for Network Security Network Security Organizations Domains of Network Security Network Security Policies 1.2. Worms, Viruses and Trojan Horses Viruses Worms Trojan Horses Mitigating Viruses, Worms, and Trojan Horses 1.3. Attack Methodologies Reconnaissance Attacks Access Attacks Denial of Service Attacks Mitigating Network Attacks 2. Securing Network Devices 2.1. Securing Device Access and Files Securing the Edge Router Configuring Secure Administrative Access Configuring Enhanced Security for Virtual Logins Configure SSH 2.2. Privilege Levels and Role-Based CLI Configuring Privilege Levels Configuring Role-Based CLI Access 2.3. Monitoring Devices Securing the Device Image and Configuration Files Secure Management and Reporting Using Syslog for Network Security Using SNMP for Network Security Using NTP 2.4. Using Automated Features Performing a Security Audit Locking Down a Router Using AutoSecure Locking Down a Router Using SDM 3. Authentication, Authorization and Accounting 3.1. Purpose of AAA AAA Overview AAA Characteristics 3.2. Configuring Local AAA Configuring Local AAA Authentication with CLI Configuring Local AAA Authentication with SDM Troubleshooting Local AAA Authentication 3.3. Configure Server-Based AAA Server-Based AAA Characteristics Server-Based AAA Communication Protocols Cisco Secure ACS 4 of 8

5 Configuring Cisco Secure ACS Configuring Cisco Secure ACS Users and s 3.4. Server-Based AAA Authentication Configuring Server-Based AAA Authentication with CLI Configuring Server-Based AAA Authentication with SDM Troubleshooting Server-Based AAA Authentication 3.5. Configuring Server-Based AAA Authorization and Accounting Configuring Server-Based AAA Authorization Configuring Server-Based AAA Accounting 4. Implementing Firewall Technologies 4.1. Access Control Lists Configuring Standard and Extended IP ACLs with CLI Using Standard and Extended IP ACLs Topology and Flow for Access Control Lists Configuring Standard and Extended ACLs with SDM Configuring TCP Established and Reflexive ACLs Configuring Dynamic ACLs Configuring Time-Based ACLs Troubleshooting Complex ACL Implementations Mitigating Attacks with ACLs 4.2. Firewall Technologies Securing Networks with Firewalls Types of Firewalls Firewalls in Network Design 4.3. Context-Based Access Control CBAC Characteristics CBAC Operation Configuring CBAC Troubleshooting CBAC 4.4. Zone-Based Policy Firewall Zone-Based Policy Firewall Characteristics Zone-Based Policy Firewall Operation Configuring a Zone-Based Policy Firewall with CLI Configuring Zone-Based Policy Firewall with Manual SDM Configuring Zone-Based Policy Firewall with SDM Wizard Troubleshooting Zone-Based Policy Firewall 5. Implementing Intrusion Prevention 5.1. IPS Technologies IDS and IPS Characteristics Host-Based IPS Implementations Network-Based IPS Implementations 5.2. IPS Signatures IPS Signature Characteristics IPS Signature Alarms Tuning IPS Signature Alarms IPS Signature Actions 5 of 8

6 Managing and Monitoring IPS 5.3. Implementing IPS Configuring Cisco IOS IPS with CLI Configuring Cisco IOS IPS with SDM Modifying Cisco IOS IPS Signatures 5.4. Verify and Monitor IPS Verifying Cisco IOS IPS Monitoring Cisco IOS IPS 6. Securing the Local Area Network 6.1. Endpoint Security Introducing Endpoint Security Endpoint Security with IronPort Endpoint Security with Network Admission Control Endpoint Security with Cisco Security Agent 6.2. Layer 2 Security Considerations Introducing Layer 2 Security MAC Address Spoofing Attacks MAC Address Table Overflow Attacks STP Manipulation Attacks LAN Storm Attack VLAN Attacks 6.3. Configuring Layer 2 Security Configuring Port Security Verifying Port Security Configuring BPDU Guard and Root Guard Configuring Storm Control Configuring VLAN Trunk Security Configuring Cisco Switched Port Analyzer Configuring Cisco Remote Switched Port Analyzer Recommended Practices for Layer Wireless, VoIP and SAN Security Considerations Enterprise Advanced Technology Security Considerations Wireless Security Considerations Wireless Security Solutions VoIP Security Considerations VoIP Security Solutions SAN Security Considerations SAN Security Solutions 7. Cryptography 7.1. Cryptographic Services Securing Communications Cryptography Cryptanalysis Cryptology 7.2. Basic Integrity and Authenticity Cryptographic Hashes 6 of 8

7 Integrity with MD5 and SHA Authenticity with HMAC Key Management 7.3. Confidentiality Encryption Data Encryption Standard DES Advanced Encryption Standard Alternate Encryption Algorithms Diffie-Hellman Key Exchange 7.4. Public Key Cryptography Symmetric Versus Asymmetric Encryption Digital Signatures Rivest, Shamir, and Alderman Public Key Infrastructure PKI Standards Certificate Authorities Digital Certificates and CAs 8. Implementing Virtual Private Networks 8.1. VPNs VPN Overview VPN Topologies VPN Solutions 8.2. GRE VPNs Configuring a Site-to-Site GRE Tunnel 8.3. IPSec VPN Components and Operation Introducing IPsec IPsec Security Protocols Internet Key Exchange 8.4. Implementing Site-to-Site IPSec VPNs with CLI Configuring a Site-to-Site IPsec VPN Configure Compatible ACLs Configure IKE Configure the Transform Sets Configure the Crypto ACLs Task 5 - Apply the Crypto Map Verify and Troubleshoot the IPsec Configuration 8.5. Implementing Site-to-Site IPsec VPNs with SDM Configuring IPsec Using SDM VPN Wizard - Quick Setup VPN Wizard - Step-by-Step Setup Verifying, Monitoring, and Troubleshooting VPNs 8.6. Implementing a Remote Access VPN The Changing Corporate Landscape Introducing Remote-Access VPNs SSL VPNs 7 of 8

8 Cisco Easy VPN Configure a VPN Server with SDM Connect with a VPN Client 9. Managing a Secure Network 9.1. Principles of Secure Network Design Ensuring a Network is Secure Threat Identification and Risk Analysis Risk Management and Risk Avoidance 9.2. Self-Defending Network Cisco Self-Defending Network Solutions for the Cisco SDN Cisco Integrated Security Portfolio 9.3. Operations Security Introducing Operations Security Principles of Operations Security 9.4. Network Security Testing Introducing Network Security Testing Network Security Testing Tools 9.5. Business Continuity Planning and Disaster Recovery Continuity Planning Disruptions and Backups 9.6. System Development Life Cycle Introducing the SDLC Phases of the SDLC 9.7. Developing a Comprehensive Security Policy Security Policy Overview Structure of a Security Policy Standards, Guidelines, and Procedures Roles and Responsibilities Security Awareness and Training Laws and Ethics Responding to a Security Breach Prepared By: Lewis R. Lightner, Jr. Revision Date: 2/25/2011 Dean Vice President 8 of 8