Ficha técnica de curso Código: IFCAD111

Transcription

1 Curso de: Objetivos: Managing Cisco Network Security: Building Rock-Solid Networks Dar a conocer la filosofía CISCO desde el punto de vista de la seguridad y como construir una red solidad. Como hacer filtrado del trafico tanto de entrada como de salida, y todo lo referente a cortafuegos y redes privadas virtuales. Destinado a: Todos los que tienen conocimiento sobre Redes y los que desea conocer bien como tener una red segura para evitar problemas de seguridad. Modalidad: presencial Plazas: 15 Documentación: En formato pdf. Requisitos: Tutorías: Acreditación: A aportar: 2 horas semanales Certificación acreditativa Revisión Página 1 de 8

2 Contenido del Curso: Chapter 1 to IP Network Security Protecting Your Site Typical Site Scenario Host Security Network Security Availability Integrity Confidentiality Access Control Authentication Authorization Accounting Network Communication in TCP/IP Application Layer Transport Layer TCP TCP Connection UDP internet Layer IP ICMP ARP Network Layer Security in TCP/IP Cryptography Symmetric Cryptography Asymmetric Cryptography Hash Function Public Key Certificates Contents Application Layer Security Pretty Good Privacy (PGP) Secure HyperText Transport Protocol (S-HTTP) Transport Layer Security Secure Sockets Layer (SSL) and Transport Layer Security (TLS) Secure Shell (SSH) Filtering Network Layer Security IP Security Protocols (IPSec) Filtering (Access Control Lists) Data Link Layer Security Authentication Terminal Access Controller Access Control System Plus (TACACS+) Remote Access Dial-In User Service (RADIUS) Kerberos Cisco IP Security Hardware and Software Cisco Secure PIX Firewall Cisco Secure Integrated Software Cisco Secure Integrated VPN Software Cisco Secure VPN Client Cisco Secure Access Control Server Cisco Secure Scanner Cisco Secure Intrusion Detection System Cisco Secure Policy Manager Cisco Secure Consulting Services Revisión Página 2 de 8

3 Chapter 2 Traffic Filtering on the Cisco IOS Access Lists Access List Operation Types of Access Lists Standard IP Access Lists Source Address and Wildcard Mask Keywords any and host Keyword log Applying an Access List Extended IP Access Lists Keywords permit or deny Protocol Source Address and Wildcard-Mask Contents Destination Address and Wildcard Mask Source and Destination Port Number Established Named Access Lists Editing Access Lists Problems with Access Lists Lock-and-Key Access Lists Reflexive Access Lists Building Reflexive Access Lists Applying Reflexive Access Lists Reflexive Access List Example Context-based Access Control The Control-based Access Control Process Configuring Control-based Access Control Inspection Rules Applying the Inspection Rule Configuring Port to Application Mapping Configuring PAM Protecting a Private Network Protecting a Network Connected to the Internet Protecting Server Access Using Lock-and-Key Protecting Public Servers Connected to the Internet Chapter 3 Network Address Translation (NAT) NAT Overview Overview of NAT Devices Address Realm NAT Transparent Address Assignment Transparent Routing Public, Global, and External Networks Private and Local Networks Application Level Gateway NAT Architectures Traditional or Outbound NAT Network Address Port Translation (NAPT) Static NAT Twice NAT Guidelines for Deploying NAT and NAPT Configuring NAT on Cisco IOS Configuration Commands Verification Commands Configuring NAT between a Private Network and Internet Configuring NAT in a Network with DMZ Considerations on NAT and NAPT IP Address Information in Data Bundled Session Applications Revisión Página 3 de 8

4 Peer-to-Peer Applications IP Fragmentation with NAPT En Route Applications Requiring Retention of Address Mapping IPSec and IKE Chapter 4 Cisco PIX Firewall Overview of the Security Features Differences Between IOS 4.x and 5.x Initial Configuration Installing the PIX Software Basic Configuration Installing the IOS over TFTP Command Line Interface IP Configuration IP Address Configuring NAT and NAPT Security Policy Configuration Security Strategies Deny Everything That Is Not Explicitly Permitted Allow Everything That Is Not Explicitly Denied Identify the Resources to Protect Demilitarized Zone (DMZ) Identify the Security Services to Implement Authentication and Authorization Access Control Confidentiality URL, ActiveX, and Java Filtering Implementing the Network Security Policy Authentication Configuration in PIX Access Control Configuration in PIX Securing Resources URL, ActiveX, and Java Filtering PIX Configuration Examples Protecting a Private Network Protecting a Network Connected to the Internet Protecting Server Access Using Authentication Protecting Public Servers Connected to the Internet Securing and Maintaining the PIX System Journaling Securing the PIX Chapter 5 Virtual Private Networks What Is a VPN? Overview of the Different VPN Technologies The Peer Model The Overlay Model Link Layer VPNs Network Layer VPNs Transport and Application Layer VPNs Layer 2 Transport Protocol (L2TP) Configuring Cisco L2TP LAC Configuration Example LNS Configuration Example IPSec IPSec Architecture Security Association Anti-Replay Feature Security Policy Database Revisión Página 4 de 8

5 Authentication Header Encapsulating Security Payload Manual IPSec Internet Key Exchange Authentication Methods IKE and Certificate Authorities IPSec Limitations Network Performance Network Troubleshooting Interoperability with Firewalls and Network Address Translation Devices IPSec and Cisco Encryption Technology (CET) Configuring Cisco IPSec IPSec Manual Keying Configuration IPSec over GRE Tunnel Configuration Connecting IPSec Clients to Cisco IPSec Cisco Secure VPN Client Windows 2000 Linux FreeS/WAN BSD Kame Project Chapter 6 Cisco Authentication, Authorization, and Accounting Mechanisms AAA Overview AAA Benefits Cisco AAA Mechanisms Supported AAA Security Protocols RADIUS TACACS+ Kerberos RADIUS, TACACS+, or Kerberos Authentication Login Authentication Using AAA PPP Authentication Using AAA Enable Password Protection for Privileged EXEC Mode Authorization Configure Authorization TACACS+ Configuration Example Accounting Configuring Accounting Suppress Generation of Accounting Records for Null Username Sessions RADIUS Configuration Example Typical RAS Configuration Using AAA Typical Firewall Configuration Using AAA Authentication Proxy How the Authentication Proxy Works Comparison with the Lock-and Key Feature Benefits of Authentication Proxy Restrictions of Authentication Proxy Configuring Authentication Proxy Configuring the HTTP Server Configure Authentication Proxy Authentication Proxy Configuration Example Revisión Página 5 de 8

6 Chapter 7 Intrusion Detection What Is Intrusion Detection? Network Attacks and Intrusions Poor Network Perimeter/Device Security Network Sniffers Scanner Programs Network Topology Unattended Modems Poor Physical Security Application and Operating Software Weaknesses Software Bugs Web Server/Browser-based Attacks Getting Passwords Easy Ways in Cracking Programs Trojan Horse Attacks Virus or Worm Attacks Human Failure Poorly Configured Systems Information Leaks Malicious Users Weaknesses in the IP Suite of Protocols Layer 7 Attacks Layer 5 Attacks Layer 3 and 4 Attacks Network and Host-based Intrusion Detection Network IDS Host IDS What Can t IDSs Do? Deploying in a Network Sensor Placement Network Vulnerability Analysis Tools Cisco s Approach to Security Cisco Secure Scanner (NetSonar) Minimum System Specifications for Secure Scanner V2.0 Searching the Network for Vulnerabilities Viewing the Results Keeping the System Up-to-Date Cisco Secure Intrusion Detection System (NetRanger) What Is NetRanger? Before You Install Director and Sensor Setup General Operation nrconfigure Data Management Package (DMP) Cisco IOS Intrusion Detection System Configuring IOS IDS Features Associated Commands Cisco Secure Integrated Software (Firewall Feature Set) Chapter 8 Network Security Management PIX Firewall Manager PIX Firewall Manager Overview PIX Firewall Manager Benefits Supported PIX Firewall IOS Version Versus PIX Firewall Manager Version Installation Requirements for PIX Firewall Manager PIX Firewall Manager Features Using PIX Firewall Manager Configuration Installation Errors in PIX Firewall Manager A Configuration Example Revisión Página 6 de 8

7 CiscoWorks 2000 ACL Manager ACL Manager Overview ACL Manager Device and Software Support Installation Requirements for ACL Manager ACL Manager Features Using a Structure Access Control Lists Security Policy Increase Deployment Time for Access Control Lists Ensure Consistency of Access Control Lists Keep Track of Changes Made on the Network Troubleshooting and Error Recovery Basic Operation of ACL Manager Using ACL Manager Configuration An ACL Manager Configuration Example Cisco Secure Policy Manager Cisco Secure Policy Manager Overview The Benefits of Using Cisco Secure Policy Manager Installation Requirements for Cisco Secure Policy Manager Cisco Secure Policy Manager Features Cisco Firewall Management VPN and IPSec Security Management Security Policy Management Network Security Deployment Options Cisco Secure Policy Manager Device and Software Support Using Cisco Secure Policy Manager Configuration CSPM Configuration Example Cisco Secure ACS Cisco Secure ACS Overview Cisco Secure ACS Benefits Installation Requirements for Cisco Secure ACS Cisco Secure ACS Features Placing Cisco Secure ACS in Your Network Cisco Secure ACS Device and Software Support Using Cisco Secure ACS Configuration Cisco Secure ACS Configuration Example Chapter 9 Security Processes and Managing Cisco Security Fast Track What Is a Managing Cisco Security Fast Track? to Cisco Network Security Network Security Network Communications in TCP/IP Security in TCP/IP Traffic Filtering on the Cisco IOS Access Lists Standard and Extended Access Lists Reflexive Access Lists Context-based Access Control Network Address Translation (NAT) Private Addresses Network Address Translation Static NAT Traditional or Outbound NAT Network Address Port Translation (NAPT or PAT) Considerations Cisco PIX Firewall Security Policy Configuration Revisión Página 7 de 8

8 Securing and Maintaining the PIX Virtual Private Networks (VPNs) L2TP IPSec Network Troubleshooting Interoperability with Firewalls and Network Address Translation Devices Cisco Authentication, Authorization and Accounting Mechanisms Authentication Authorization Accounting Intrusion Detection What Is Intrusion Detection? Cisco Secure Scanner (NetSonar) Cisco Secure NetRanger Cisco Secure Intrusion Detection Software Network Security Management Cisco PIX Firewall Manager CiscoWorks 2000 ACL Manager Cisco Secure Policy Manager Cisco Secure Access Control Manager General Security Configuration Recommendations on Cisco Remote Login and Passwords Disable Unused Network Services Logging and Backups Traffic Filtering Physical Access Keeping Up-to-Date Revisión Página 8 de 8