Security Threats VPNs and IPSec AAA and Security Servers PIX and IOS Router Firewalls. Intrusion Detection Systems



Similar documents
Cisco Certified Security Professional (CCSP) 50 Cragwood Rd, Suite 350 South Plainfield, NJ 07080

ACADEMIA LOCAL CISCO UCV-MARACAY CONTENIDO DE CURSO CURRICULUM CCNA. SEGURIDAD SEGURIDAD EN REDES. NIVEL I. VERSION 2.0

Securing Cisco Network Devices (SND)

CISCO IOS NETWORK SECURITY (IINS)

Securing Networks with PIX and ASA

Cisco Certified Security Professional (CCSP)

TABLE OF CONTENTS NETWORK SECURITY 1...1

TABLE OF CONTENTS NETWORK SECURITY 2...1

How To Understand And Understand Cisco Security Specialist (For A Non-Profit)

Implementing Secured Converged Wide Area Networks (ISCW) Version 1.0

NEW YORK INSTITUTE OF TECHNOLOGY School of Engineering and Technology Department of Computer Science Old Westbury Campus

Implementing Cisco IOS Network Security v2.0 (IINS)

SNRS. Securing Networks with Cisco Routers and Switches. Length 5 days. Format Lecture/lab

IINS Implementing Cisco Network Security 3.0 (IINS)

Securing Networks with Cisco Routers and Switches 1.0 (SECURE)

ACADEMIA LOCAL CISCO UCV-MARACAY CONTENIDO DE CURSO CURRICULUM CCNA. SEGURIDAD CCNA SECURITY. VERSION 1.0

Asheville-Buncombe Technical Community College Department of Networking Technology. Course Outline

Implementing Cisco IOS Network Security

CCNA Security 2.0 Scope and Sequence

FIREWALLS & CBAC. philip.heimer@hh.se

Cisco Certified Network Expert (CCNE)

Classic IOS Firewall using CBACs Cisco and/or its affiliates. All rights reserved. 1

Högskolan i Halmstad Sektionen för Informationsvetenskap, Data- Och Elektroteknik (IDÉ) Ola Lundh. Name (in block letters) :

CCNA Security v1.0 Scope and Sequence

Industrial Network Security for SCADA, Automation, Process Control and PLC Systems. Contents. 1 An Introduction to Industrial Network Security 1

CCNA Security. IINS v2.0 Implementing Cisco IOS Network Security ( )

Tim Bovles WILEY. Wiley Publishing, Inc.

CCNP: Implementing Secure Converged Wide-area Networks

Cisco ASA, PIX, and FWSM Firewall Handbook

The IINS acronym to this exam will remain but the title will change slightly, removing IOS from the title, making the new title

Implementing Core Cisco ASA Security (SASAC)

Cisco CCNP Implementing Secure Converged Wide Area Networks (ISCW)

Configuring the Cisco Secure PIX Firewall with a Single Intern

Introduction of Intrusion Detection Systems

Table of Contents. Introduction

(d-5273) CCIE Security v3.0 Written Exam Topics

- Introduction to PIX/ASA Firewalls -

REDCENTRIC MANAGED FIREWALL SERVICE DEFINITION

Foreword Introduction Product Overview Introduction to Network Security Firewall Technologies Network Firewalls Packet-Filtering Techniques

A Model Design of Network Security for Private and Public Data Transmission

CCNA Security v1.0 Scope and Sequence

SSECMGT: CManaging Enterprise Security with Cisco Security Manager v4.x

How To Pass A Credit Course At Florida State College At Jacksonville

Implementing Cisco Intrusion Prevention System 7.0 (IPS)

Ficha técnica de curso Código: IFCAD111

The Cisco IOS Firewall feature set is supported on the following platforms: Cisco 2600 series Cisco 3600 series

Scenario: Remote-Access VPN Configuration

Securing Networks with Cisco Routers and Switches ( )

Recommended IP Telephony Architecture

Cisco PIX vs. Checkpoint Firewall

Firewall Introduction Several Types of Firewall. Cisco PIX Firewall

INTRODUCTION TO FIREWALL SECURITY

Cisco Firewall Technology

Lab Configure and Test Advanced Protocol Handling on the Cisco PIX Security Appliance

Managing Enterprise Security with Cisco Security Manager

Case Study for Layer 3 Authentication and Encryption

Implementing Cisco Secure AccessSolutions Exam

Latest IT Exam Questions & Answers

Network Security 1 Module 4 Trust and Identity Technology

Cisco Which VPN Solution is Right for You?

Scenario: IPsec Remote-Access VPN Configuration

P and FTP Proxy caching Using a Cisco Cache Engine 550 an

How To Monitor Cisco Secure Pix Firewall Using Ipsec And Snmp Through A Pix Tunnel

Lab Configure IOS Firewall IDS

Network Security Pod Version 2.0

Managing Enterprise Security with Cisco Security Manager

Firewalls. Chapter 3

"Charting the Course...

Cisco Secure PIX Firewall Series

Security. AAA Identity Management. Premdeep Banga, CCIE # Cisco Press. Vivek Santuka, CCIE # Brandon J. Carroll, CCIE #23837

Network Security 2. Module 2 Configure Network Intrusion Detection and Prevention

How To Learn Cisco Cisco Ios And Cisco Vlan

Computer Network Engineering

Lab Configure a PIX Firewall VPN

NETASQ MIGRATING FROM V8 TO V9

Cisco PIX Firewall and VPN Configuration Guide. Version 6.3

Exams (2)...30 % A: Final Exam...20 % B: Quiz/HW/Lab/DB Assignments...50 % C: % D: Total...

Associate in Science Degree in Computer Network Systems Engineering

Appendix A: Configuring Firewalls for a VPN Server Running Windows Server 2003

Implementing Cisco IOS Network Security

CCIE Security Written Exam ( ) version 4.0

Security Technology: Firewalls and VPNs

Cisco ASA. Administrators

Using a Firewall General Configuration Guide

Comparing Dedicated and Integrated Firewall Performance

Evaluating the Cisco ASA Adaptive Security Appliance VPN Subsystem Architecture

PIX/ASA 7.x with Syslog Configuration Example

How To Set Up A Cisco Safesa Firewall And Security System

Network Security. Tampere Seminar 23rd October Overview Switch Security Firewalls Conclusion

Cisco Secure PIX Firewall with Two Routers Configuration Example

Deploying Cisco ASA VPN Solutions

Firewalls (IPTABLES)

VPN_2: Deploying Cisco ASA VPN Solutions

Cisco Certified Network Associate (CCNA) 120 Hours / 12 Months / Self-Paced WIA Fee: $

Product Summary RADIUS Servers

Transcription:

Course Overview Security Threats VPNs and IPSec AAA and Security Servers PIX and IOS Router s IPSec 3002 IKE 515 CA s Intrusion Detection Systems 4210 VPNs Routers 2 The security threats section will cover a general overview of security threats. The following information will be covered here: Types of security threats and attacks: o Reconnaissance o DoS (denial of service) o Access Cisco Security Wheel AVVID The VPNs and IPSec section will cover the following information: Technology Overview of VPN and IPSec VPN3000 Concentrator Series Overview Cisco VPN 3000 Concentrators - IPSec with Pre-Shared Keys and Digital Certificates Cisco VPN 3002 Hardware Client Cisco Secure VPN Client Cisco IOS - IPSec with Pre-Shared Keys and Certificate Authority PIX - IPSec with Pre-Shared Keys and Certificate Authority

The AAA and security section will cover the following information Overview of AAA Security Cisco Secure ACS and TACACS+ Installation Cisco Secure ACS and TACACS+ Configuration The PIX and IOS router firewall section will cover the following information: IOS Extended Access Control Lists IOS Named Access Control Lists IOS Timed Access Control Lists IOS Reflexive Access Control Lists Scaling Cisco IOS IPSec Networks PIX Hardware Overview PIX Configuration NAT, PAT and conduits Understanding and configuring the Access Control List Outbound Filters Web Content Filtering ICMP and UDP control Advanced Protocol Issues and Attacks Managing PIX s SNMP, Logging, Passwords, Upgrades PIX Device Manger Configure AAA on the PIX PIX stateful failover The Intrusion Detection Systems (IDS) section will cover the following material: Cisco Secure Policy Manager to manage and configure sensors Hardware Sensor for IDs CSPM Alarms and Signatures Configuring Sensors and IDS for detection, response and reporting IP Blocking Catalyst 6000 Switch and IDS for multiple VLANs IDs architectures Events and Alarms Develop and implement customized intrusion detection signatures

CSS1 Certification Prerequisite: CCNA MCNS Managing Cisco Network Security Exam: 640-442 Time limit: 60 minutes Passing score: 673 CSVPN Cisco Secure Virtual Private Networks Exam: 9E0-570 Time limit: 60 minutes Passing score: 708 CSPFA Cisco Secure PIX Advance Exam: 9E0-571 Questions: 63 Time limit: 75 Passing score: 751/800 IDSPM Intrusion Detection System Policy Manager Exam: 9E0-572 Time limit: 75 minutes Passing score: 820 3 Cisco has published objectives for each exam on their web site (www.cisco.com). The following information, found on Cisco s web site, is a brief overview of the objectives for each test: MCNS Evaluating Network Security Threats Configuring the NAS for AAA Security Configuring CiscoSecure ACS and TACACS+ Configuring PIX Basics Configuring Access Through the PIX Configuring Multiple Interfaces and AAA on the PIX Configuring Advanced PIX Features Configuring a Cisco Perimeter Router Configuring Cisco Secure Integrated Software Understanding Cisco IOS IPSec Support Configuring Cisco IOS IPSec Scaling Cisco IOS IPSec Networks Configuring the Cisco Secure VPN Client CSVPN Overview of VPN and IPSec Technologies VPN3000 Concentrator Series Hardware Overview Cisco VPN3000 Concentrator for Remote Access Using Pre-Shared Keys Cisco Secure VPN 3000 for Remote Access Using Digital Certificates Cisco Secure VPN 3000 Remote Access Networks Configure the Cisco Secure VPN Client Cisco IOS IPSec for Pre-Shared Keys -to- Cisco IOS IPSec Certificate Authority Support -to- PIX for IPSec Pre-Shared Keys -to- PIX Certificate Authority Support -to- Scale Cisco Router and PIX VPNs

IDSPM Describe the Adaptive Security Algorithm (ASA) and security levels Describe basic commands for the PIX (Access Configuration Through the PIX ) Describe nat and global Describe static and conduit Configure multiple interfaces Define Authentication, Authorization, and Accounting Describe the differences between Authentication, Authorization, and Accounting Describe how users authenticate to the PIX Describe how Cut-Through Proxy technology works Name the AAA protocols supported by PIX Install and configure Cisco Secure ACS for Windows NT Configure AAA on the PIX Understand and configure the Access Control List (ACL) Configure Active Code Filtering (Active X and Java applets) Configure WebSENSE for URL filtering with the PIX Describe the need for advanced protocol handling Describe how the PIX handles FTP, RSH, and SQL *Net traffic Configure FTP, RSH, and SQL *Net Fixup protocols Describe the issues with multimedia applications Describe how the PIX handles RTSP and H.323 multimedia protocols Configure RTSP and H.323 protocols Name, describe, and configure the attack guards in the PIX Describe the primary, secondary, active, and standby PIX Describe how failover works Describe how configuration replication works Define failover and stateful failover Configure the PIX for stateful failover Identify the failover interface tests Define Cisco Secure Integrated Software Define Cisco IOS Define Context-Based Access Control Configure CBAC Describe how users authenticate to a CSIS router Describe how authentication proxy technology works Configure AAA on a CSIS router Identify how the PIX enables a secure VPN Identify the tasks to configure PIX IPSec support Identify the commands to configure PIX IPSec support Configure a VPN between PIX s Install and configure the CSPM and the CSIDS Sensor in multiple network configurations Use CSPM to centrally manage and configure multiple Sensors Configure the CSIDS Sensor to detect, respond to, and report intrusion activity Use CSPM to translate intrusion data into intuitive and effective graphical displays Use the CSIDS NSDB to view signature and network security vulnerability information. Develop and implement customized intrusion detection signatures. Configure the CSIDS Sensor in device management mode to interface with a Cisco IOS router to stop network attack Configure the Cisco Secure IDSM for the Catalyst 6000 family of switches to perform intrusion detection in multiple VLANs. Understand the CSIDS architecture and the relationship between configuration files and tokens

The following information is a general breakdown of the course schedule. Please note that the time values given for the coverage of the material may change some sections might be short, and some sections might be longer. However, all the necessary material will be covered in order to complete the tests which are scheduled on the following dates: First week: Monday Topic1: Network Security and the Cisco PIX Topic2: Cisco PIX Technology Topic3: Identify the Cisco PIX Topic4: Basic Configuration of the PIX Topic5: PIX Translations Topic6: Configuring Multiple Interfaces Configuring additional interfaces First week: Tuesday Topic7: DHCP Support Topic8: Configuring Syslog Syslog messages Topic9: Access Control Configuration and Content Filtering Topic10: Advanced Protocol Handling Advanced protocols Topic12: AAA Configuration on Cisco PIX Topic13: Failover First week: Wednesday Topic14: -to-site VPN Configuration Topic15: System Maintenance Topic16: Cisco PIX Device Manager Topic17: The Cisco IOS Context-Based Access Control Configuration Topic18: The Cisco IOS Authentication Proxy Configuration First week: Friday First week: Thursday PIX Exam (Morning 8:00 till 1:00 pm) Topic 1: Evaluating Network Security Threats Topic 2 : Configuring the NAS for AAA Security Topic 3: Configuring CiscoSecure ACS and TACACS+ First week: Saturday Topic 4 : Configuring PIX Basics Topic 5: Configuring Access Through the PIX Topic 6: Configuring Multiple Interfaces and AAA on the PIX Topic 7 : Configuring Advanced PIX Features Topic 8: Configuring a Cisco Perimeter Router First week: Sunday MCNS Exam (Morning 8:00 till 1:00 pm) Topic1. Course Introduction Topic2. Network Security and Cisco IDS Topic3. Intrusion Detection and the CIDS Environment Second week: Tuesday Topic10. IP Blocking Configuration Lab: Configuring IP Blocking Topic11. Catalyst 6000 IDS Module Configuration Topic12. Cisco Intrusion Detection System Architecture Topic13. Event Notification and Alarm Reporting Second week: Thursday Topic 9: Configuring Cisco Secure Integrated Software Topic 10: Understanding Cisco IOS IPSec Support Topic 11: Configuring Cisco IOS IPSec Topic 12: Scaling Cisco IOS IPSec Networks Topic 13: Configuring the Cisco Secure VPN Client Second week: Monday Topic4. CSPM Installation Topic5. Sensor Installation Topic6. Alarm Management Topic7. CIDS Signatures Topic8. Sensor Configuration Topic9. Signature and Intrusion Detection Configuration Second week: Wednesday Exam IDSPM (Morning 9 till 1 pm) Topic 1 : Overview of VPN and IPSec Technologies Topic 2 : Cisco VPN 3000 Concentrator Overview Topic 3 : Configure Cisco VPN 3000 for Remote Access using Pre-shared Keys Second week: Friday Topic 4 : Configure Cisco VPN 3000 for Remote Access using Digital Certificates Topic 5 : Monitor and Administer Cisco VPN 3000 Remote Access Networks Topic 6 : Configure Cisco IOS IPSec for Pre-shared Keys -to- Topic 7 : Configure Cisco IOS IPSec Certificate Authority Support -to- Topic 8 : Configure the PIX for IPSec Pre-Shared Keys -to- Topic 9: Configure PIX Certificate Authority Support -to- Topic 10: Scaling Cisco Router and PIX VPNs CSVPN Exam (after 2:00 pm)