Implementing Secured Converged Wide Area Networks (ISCW) Version 1.0



Similar documents
CCNP: Implementing Secure Converged Wide-area Networks

Cisco CCNP Implementing Secure Converged Wide Area Networks (ISCW)

CISCO IOS NETWORK SECURITY (IINS)

Cisco Certified Security Professional (CCSP)

Securing Cisco Network Devices (SND)

How To Learn Cisco Cisco Ios And Cisco Vlan

"Charting the Course...

Cisco Certified Network Expert (CCNE)

IINS Implementing Cisco Network Security 3.0 (IINS)

ACADEMIA LOCAL CISCO UCV-MARACAY CONTENIDO DE CURSO CURRICULUM CCNA. SEGURIDAD CCNA SECURITY. VERSION 1.0

Asheville-Buncombe Technical Community College Department of Networking Technology. Course Outline

CCNA Security. IINS v2.0 Implementing Cisco IOS Network Security ( )

IMPLEMENTING CISCO IP ROUTING V2.0 (ROUTE)

Interconnecting Cisco Networking Devices, Part 2 Course ICND2 v2.0; 5 Days, Instructor-led

Implementing Cisco IOS Network Security v2.0 (IINS)

Implementing Cisco IOS Network Security

Interconnecting Cisco Network Devices 1 Course, Class Outline

INTERCONNECTING CISCO NETWORK DEVICES PART 1 V2.0 (ICND 1)

The IINS acronym to this exam will remain but the title will change slightly, removing IOS from the title, making the new title

CCNA Cisco Associate- Level Certifications

How To Pass A Credit Course At Florida State College At Jacksonville

Introduction about cisco company and its products (network devices) Tell about cisco offered courses and its salary benefits (ccna ccnp ccie )

Cisco Certified Network Associate Exam. Operation of IP Data Networks. LAN Switching Technologies. IP addressing (IPv4 / IPv6)

Cisco Networking Professional-6Months Project Based Training

Interconnecting Cisco Networking Devices: Accelerated (CCNAX) 2.0(80 Hs) 1-Interconnecting Cisco Networking Devices Part 1 (40 Hs)

INTERCONNECTING CISCO NETWORKING DEVICES PART 2 V2.0 (ICND 2)

Securing Networks with Cisco Routers and Switches 1.0 (SECURE)

SNRS. Securing Networks with Cisco Routers and Switches. Length 5 days. Format Lecture/lab

Interconnecting Cisco Networking Devices Part 2

Securing Networks with Cisco Routers and Switches ( )

Implementing Cisco MPLS

Interconnecting Cisco Networking Devices, Part 1 (ICND1) v3.0

Cisco Discovery 3: Introducing Routing and Switching in the Enterprise hours teaching time

TABLE OF CONTENTS NETWORK SECURITY 2...1

: Interconnecting Cisco Networking Devices Part 2 v2.0 (ICND2)

Securing Networks with PIX and ASA

ACADEMIA LOCAL CISCO UCV-MARACAY CONTENIDO DE CURSO CURRICULUM CCNA. SEGURIDAD SEGURIDAD EN REDES. NIVEL I. VERSION 2.0

Implementing Cisco IOS Network Security

Interconnecting Cisco Networking Devices, Part 2 **Part of CCNA Route/Switch**

Description: Objective: Upon completing this course, the learner will be able to meet these overall objectives:

Configure ISDN Backup and VPN Connection

COURSE AGENDA. Lessons - CCNA. CCNA & CCNP - Online Course Agenda. Lesson 1: Internetworking. Lesson 2: Fundamentals of Networking

Tim Bovles WILEY. Wiley Publishing, Inc.

Cisco Certified Network Associate - Design

CCNA Security v1.0 Scope and Sequence

Lab 4.4.8a Configure a Cisco GRE over IPSec Tunnel using SDM

IPv6 Fundamentals, Design, and Deployment

ISOM3380 Advanced Network Management. Spring Course Description

Cisco Which VPN Solution is Right for You?

: Interconnecting Cisco Networking Devices Part 2 v1.1

IMPLEMENTING CISCO MPLS V2.3 (MPLS)

Security Threats VPNs and IPSec AAA and Security Servers PIX and IOS Router Firewalls. Intrusion Detection Systems

: Interconnecting Cisco Networking Devices Part 1 v2.0 (ICND1)

Designing Cisco Network Service Architectures ARCH v2.1; 5 Days, Instructor-led

Note: This case study utilizes Packet Tracer. Please see the Chapter 5 Packet Tracer file located in Supplemental Materials.

Working knowledge of TCP/IP protocol Suite IPX/SPX protocols Suite, MCSE or CNE or experienced in supporting a LAN environment.

SonicOS 5.9 / / 6.2 Log Events Reference Guide with Enhanced Logging

Cisco Router and Security Device Manager (SDM)

CCNA Security 2.0 Scope and Sequence

CCT vs. CCENT Skill Set Comparison

CCNA Security 1.1 Instructional Resource

Course Contents CCNP (CISco certified network professional)

Lab Organizing CCENT Objectives by OSI Layer

Network Access Security. Lesson 10

Network Simulator Lab Study Plan

Cisco Certified Security Professional (CCSP) 50 Cragwood Rd, Suite 350 South Plainfield, NJ 07080

VPN_2: Deploying Cisco ASA VPN Solutions

CCNA Security v1.0 Scope and Sequence

Cisco Certified Network Professional (CCNP Routing & Switching)

SSECMGT: CManaging Enterprise Security with Cisco Security Manager v4.x

Welcome to Todd Lammle s CCNA Bootcamp

Network System Design Lesson Objectives

Introduction of Quidway SecPath 1000 Security Gateway

EDA Training Programs. Catalog of Course Descriptions

JOB READY ASSESSMENT BLUEPRINT COMPUTER NETWORKING FUNDAMENTALS - PILOT. Test Code: 4514 Version: 01

Cisco Certified Network Associate (CCNA) 120 Hours / 12 Months / Self-Paced WIA Fee: $

CCIE Security Written Exam ( ) version 4.0

Cisco 12 CCNA Certification

Building VPNs. Nam-Kee Tan. With IPSec and MPLS. McGraw-Hill CCIE #4307 S&

IMPLEMENTING CISCO SWITCHED NETWORKS V2.0 (SWITCH)

Designing for Cisco Internetwork Solutions

(d-5273) CCIE Security v3.0 Written Exam Topics

Implementing Cisco Secure AccessSolutions Exam

Objectives. Background. Required Resources. CCNA Security

Computer Network Engineering

TABLE OF CONTENTS NETWORK SECURITY 1...1

IOS NAT Load Balancing for Two ISP Connections

SSVP SIP School VoIP Professional Certification

CCNP2 - Implementing Secure Converged Wide-area Networks v5.0

Cisco ASA, PIX, and FWSM Firewall Handbook

CCNA. Course Fee: 8500 INR (Lab Access, Software s, Books, Tool Kits & Tax Included) Course Duration: 5 Days

Managing Enterprise Security with Cisco Security Manager

Cisco Certified Network Professional - Routing & Switching

WAN Failover Scenarios Using Digi Wireless WAN Routers

Configuration Professional: Site to Site IPsec VPN Between Two IOS Routers Configuration Example

50 Cragwood Rd, Suite 350 South Plainfield, NJ Victoria Commons, 613 Hope Rd Building #5, Eatontown, NJ 07724

Secure Network Foundation 1.1 Design Guide for Single Site Deployments

Cisco ASA. Administrators

Transcription:

COURSE OVERVIEW Implementing Secure Converged Wide Area Networks (ISCW) v1.0 is an advanced instructor-led course that introduces techniques and features that enable or enhance WAN and remote access solutions. This five-day course focuses on using one or more of the available WAN connection technologies for remote access between enterprise sites. This course includes cable modems and DSL with Network Address Translation (NAT), Multiprotocol Label Switching (MPLS) virtual private networks (VPNs), and network security using VPNs with IPsec encryption and Internet Key Exchange (IKE) keys. Successful graduates will be able to secure the network environment using existing Cisco IOS security features, and configure the three primary components of the Cisco IOS Firewall feature set (firewall, intrusion prevention system [IPS], and authentication, authorization, and accounting [AAA]). This task-oriented course teaches the knowledge and skills needed to secure Cisco IOS router networks using features and commands in Cisco IOS software, and using a router configuration application. This course is part of the recommended learning path for learners seeking the Cisco CCNP. AUDIENCE The primary audience for this course is as follows: Candidates for Cisco CCNP, CCDP, and CCIP certifications Candidates for Cisco CCIE Routing and Switching and CCIE Communications and Services certifications Network administrators and technicians who are responsible for implementing and troubleshooting complex routed network environments Customers or channel resellers who are experienced with Cisco products or who have a broad knowledge of the internetworking industry Network technicians who are experienced with Cisco products and services Network administrators who are responsible for implementing and managing medium-to-large business networks Senior network support staff who perform a help-desk role in a medium- or enterprise-sized company that has internal network supportescalation staff Network support staff who design, implement, and troubleshoot Layer 3 connectivity issues OBJECTIVES After completing this course the student should be able to: Explain the Cisco hierarchical network model as it pertains to the WAN Describe and implement teleworker configuration and access Implement and verify frame mode MPLS Describe and configure a site-to-site IPSEC VPN Describe and configure Cisco EZVPN Explain the strategies used to mitigate network attacks Describe and configure Cisco device hardening Describe and configure IOS firewall features PREREQUISITES To fully benefit from this course, learners should have the following prerequisite skills and knowledge: Completion of the Introduction to Cisco Networking Technologies (INTRO) and the Interconnecting Cisco Network Devices (ICND) courses, or Cisco CCNA certification Ability to complete the initial configuration of a Cisco switch Ability to create basic interswitch connections Ability to complete the initial configuration of a Cisco router Basic knowledge of routing (static, default router, default gateway, and basic NAT and PAT)

Basic knowledge of concepts linked to routing protocols (classful versus classless routing protocol, single area OSPF, RIP, EIGRP, administrative distance, and interoperations) Basic knowledge of standard WAN technologies (Frame Relay, PPP, and HDLC) Fundamental security knowledge, including the presence of hackers, viruses, and other security threats Fundamental knowledge of IP addressing, including the format of IPv4 addresses, the concept of subnetting, VLSM and CIDR, and static and default routing Basic knowledge of standard and extended ACLs Ability to use client utilities including Telnet, IPCONFIG, Trace Route, Ping, FTP, TFTP, and HyperTerminal or other terminal emulation programs Basic IOS familiarity, including accessing the CLI on a Cisco device and specifically implementing the debug and show commands COURSE OUTLINE Module 1: Network Connectivity Requirements o Lesson 1: Describing Network Requirements IIN and Cisco SONA Framework Cisco Network Models Remote Connection Requirements in a Converged Network Module 2: Teleworker Connectivity o Lesson 1: Describing Topologies for Facilitating Remote Connections Remote Connection Topologies The Challenge of Connecting the Teleworker o Lesson 2: Describing Cable Technology Cable Technology Terms Cable System Components Cable Features Digital Signals over RF Channels Data over Cable Cable Technology: Putting It All Together Provisioning a Cable Modem o Lesson 3: Describing DSL Technology DSL Features DSL Types DSL Limitations ADSL ADSL and POTS Coexistence ADSL Channels and Encoding Data over ADSL: PPPoE Data over ADSL: PPPoA o Lesson 4: Configuring the CPE as the PPPoE or PPPoA Client Configuration of a Cisco Router as the PPPoE Client Configuration of PPPoE in a VPDN Group Configuration of a PPPoE Client Configuration of the PPPoE DSL Dialer Interface Configuration of PAT Configuring DHCP to Scale DSL Configuration of a Static Default Route Verifying a PPPoE Configuration o Lesson 5: Verifying Broadband ADSL Configurations Layer Troubleshooting Layer 1 Issues Administratively Down State for an ATM Interface Correct DSL Operating Mode? Layer 2 Issues Data Received from the ISP Proper PPP Negotiation Module 3: Frame Mode MPLS Implementation o Lesson 1: Introducing MPLS Networks The MPLS Conceptual Model Router Switching Mechanisms MPLS Architecture MPLS Labels Label Switch Routers LSR Component Architecture

o Lesson 2: Assigning MPLS Labels to Packets Label Allocation in a Frame Mode MPLS Environment Label Distribution and Advertisement Populating the LFIB Table Packet Propagation Across an MPLS Network Penultimate Hop Popping o Lesson 3: Implementing Frame Mode MPLS The Procedure to Configure MPLS Configuring IP CEF Configuring MPLS on a Frame Mode Interface Configuring the MTU Size in Label Switching o Lesson 4: Describing MPLS VPN Technology Defining MPLS VPN MPLS VPN Architecture Propagation of Routing Information Across the P-Network End-to-End Routing Information Flow MPLS VPNs and Packet Forwarding Module 4: IPsec VPNs o Lesson 1: Understanding IPsec Components and IPsec VPN Features IPsec Overview Internet Key Exchange IKE: Other Functions ESP and AH Message Authentication and Integrity Check Symmetric vs. Asymmetric Encryption Algorithms PKI Environment o Lesson 2: Implementing Site-to-Site IPsec VPN Operations Site-to-Site IPsec VPN Operations Configuring IPsec Site-to-Site IPsec Configuration: Phase 1 Site-to-Site IPsec Configuration: Phase 2 Site-to-Site IPsec Configuration: Apply VPN Configuration Site-to-Site IPsec Configuration: Interface ACL o Lesson 3: Configuring IPsec Site-to-Site VPN Introducing the SDM VPN Wizard Interface Site-to-Site VPN Components Launching the Site-to-Site VPN Wizard Connection Settings Defining What Traffic to Protect o Lesson 4: Configuring GRE Tunnels over IPsec Generic Routing Encapsulation Introducing Secure GRE Tunnels Configuring GRE over IPsec Site-to-Site Tunnel Backup GRE Tunnel Information VPN Authentication Information Routing Information o Lesson 5: Configuring High-Availability Options High Availability for IOS IPsec VPNs IPsec Backup Peer Hot Standby Routing Protocol IPsec Stateful Failover Backing Up a WAN Connection with an IPsec VPN o Lesson 6: Configuring Cisco Easy VPN and Easy VPN Server Introducing Cisco Easy VPN Describe Easy VPN Server and Easy VPN Remote Cisco Easy VPN Server Configuration Tasks Configuring Easy VPN Server Group Policy Configuration Location User Authentication Local Group Policies o Lesson 7: Implementing the Cisco VPN Client Cisco VPN Client Configuration Tasks Use the Cisco VPN Client to Establish an RA VPN Connection and Verify the Connection Status

Module 5: Cisco Device Hardening o Lesson 1: Cisco Self-Defending Network Types of Network Attacks Reconnaissance Attacks and Mitigation Access Attacks and Mitigation DoS Attacks and Mitigation Worm, Virus, and Trojan Horse Attacks and Mitigation Application Layer Attacks and Mitigation Management Protocols and Vulnerabilities Determining Vulnerabilities and Threats o Lesson 2: Disabling Unused Cisco Router Network Services and Interfaces Vulnerable Router Services and Interfaces Locking Down Routers with AutoSecure AutoSecure Process Overview Locking Down Routers with the SDM o Lesson 3: Securing Cisco Router Installations and Administrative Access Configuring Router Passwords Setting a Login Failure Rate Setting Timeouts Setting Multiple Privilege Levels Configuring Banner Messages Configuring Role-Based CLI Secure Configuration Files o Lesson 4: Mitigating Threats and Attacks with Access Lists Cisco ACLs Applying ACLs to Router Interfaces Using Traffic Filtering with ACLs Filtering Network Traffic to Mitigate Threats Mitigating DDoS with ACLs Combining Access Functions Caveats o Lesson 5: Securing Management and Reporting Features Secure Management and Reporting Planning Considerations Secure Management and Reporting Architecture Configuring an SSH Server for Secure Management and Reporting Using Syslog Logging for Network Security Configuring Syslog Logging SNMP Version 3 Configuring an SNMP Managed Node Configuring NTP Client Configuring NTP Server o Lesson 6: Configuring AAA on Cisco Routers Introduction to AAA Router Access Modes AAA Protocols: RADIUS and TACACS+ Configure AAA Login Authentication on Cisco Routers Using CLI Configure AAA Login Authentication on Cisco Routers Troubleshoot AAA Login Authentication on Cisco Routers AAA Authorization Commands AAA Accounting Commands Module 6: Cisco IOS Threat Defense Features o Lesson 1: Introducing the Cisco IOS Firewall Layered Defense Strategy Firewall Technologies Stateful Firewall Operation Introducing the Cisco IOS Firewall Feature Set Cisco IOS Firewall Functions Cisco IOS Firewall Process o Lesson 2: Implementing Cisco IOS Firewalls Configuring Cisco IOS Firewall from the CLI Basic and Advanced Firewall Wizards Configuring a Basic Firewall Configuring Interfaces on an Advanced Firewall Configuring a DMZ on an Advanced Firewall Advanced Firewall Security Configuration Complete the Configuration Viewing Firewall Activity o Lesson 3: Introducing Cisco IOS IPS Introducing Cisco IOS IDS and IPS Types of IDS and IPS Systems IDS and IPS Signatures Cisco IOS IPS Alarms

o Lesson 4: Configuring Cisco IOS IPS Configuring Cisco IOS IPS Cisco IOS IPS SDM Tasks Selecting Interfaces and Configuring SDF Locations Viewing the IPS Policy Summary and Delivering the Configuration to the Router Configuring IPS Policies and Global Settings Viewing SDEE Messages Tuning Signatures Lab Outline Lab 2-1: E-Lab: Configuring DSL Lab 3-1: Configuring Frame Mode MPLS Lab 4-1: Configuring Site-to-Site IPsec VPNs Lab 4-2: Configuring GRE Tunnels over IPsec Lab 4-3: Configuring IPsec VPN to Back Up a WAN Connection Lab 4-4: Configuring Cisco Easy VPN Server Lab 5-1: Securing Cisco Routers Lab 5-2: Securing Cisco Router Management Lab 5-3: Configuring AAA Login Authentication and Exec Authorization on Cisco Routers Lab 6-1: Configuring a Cisco IOS Firewall Lab 6-2: Configuring Cisco IOS IPS Lab 6-3: Troubleshooting Security