CCSP

Main Menu
HOME TRAINING Cyber Forensics EnCase I EnCase II EnCase III Cisco Associate Level CCNA CCNA Security CCNA Voice CCNA Wireless CCDA Professional Level CCNP New CCDP CCIP CCNP CCSP CCVP Expert Level CCIE Routing & Switching CCIE Security CCIE Voice CCIE Service Provider CCDE Juniper JUNOS Routing M-Series & T-Series JNCIA-M JNCIS-M Enterprise Routing JNCIA-ER JNCIS-ER JUNOS Security Enterprise Switching JNCIA-EX E-Seires JNCIA-E JNCIS-E Firewall/VPN JNCIA-FWV JNCIS-FWV IDP JNCIA-IDP SSL VPN JNCIA-SSL JNCIS-SSL DX Application WX Application UAC Microsoft MCP MCSA 2003 MCSE 2003 MCITP Server Admin MCITP Enterprise Admin Checkpoint CCSA CCSE Nokia Checkpoint (IPSO) Nortel Checkpoint (NSF) IT Management ITILv3 CISA CISSP EC-Council CEH ENSA CHFI EDRP CompTIA A+ Network+ Security+ Wireless (Planet3) CWNA CWTS CWSP CWNP Certification Package Routing Switching Firewall Prevention System Voice Hacking Virtualization VMware Workstation VMware ESX Videos CONSULTING Assist Services Network Design Implementation Services Network Security Penetration Testing IT Security Audit Network Operations BOOTCAMP Juniper Bootcamp Cisco Bootcamp CCNP Bootcamp CCSP Bootcamp CCVP Bootcamp Checkpoint NMAP Microsoft ITILv3 Bootcamp COMPANY INFO Company Trainer Profile Work Culture Leadership Infrastructure CAREER Working With Junisys Hot Jobs CONTACT US FORUM LAB Rack Rental Online LAB

Main Menu

Live Chat

Login Form
Username Password Remember Me Forgot your password? Forgot your username? Create an account

Student Talk

Student Talk

NEWS

CCSP

Securing Networks with Cisco Routers and Switches v1.0 (40hrs)

The Securing Networks with Cisco Routers and Switches (SNRS) course focuses on providing the network specialists with the knowledge and skills needed to secure Cisco IOS router and switch-based networks. Learners will be able to secure the network environment using the Cisco IOS features, including installing and configuring Cisco IOS Classic Firewall, Cisco IOS Zone-Based Policy Firewall, user group-based firewall, Cisco IOS intrusion prevention system (IPS), authentication proxy, implementing secure tunnels using IP Security (IPsec) technology, and implementing advanced switch security. This course also covers advanced virtual private network (VPN) technologies.

Objectives

Upon finishing this course, you will be able to:

* Implement Layer 2 security features on a network using Cisco IOS commands
* Implement Cisco Network Foundation Protection on Cisco IOS routers
* Design, install, configure, and troubleshoot site-to-site VPNs using Cisco Integrated Services routers
* Design, install, configure, and troubleshoot remote-access communications using Cisco IOS security features
* Install, configure, and troubleshoot URL filtering, NAT and PAT, Cisco IOS Classic Firewall, Cisco IOS Zone-Based Policy Firewall, and Cisco IOS IPS on a Cisco Integrated Services router

Importance

The course is highly recommended to all network engineers and designers involved in designing, implementing and operating security solutions based on Cisco IOS security features.

Audience

The primary audience for this course comprises network administrators, designers as well as network and systems engineers involved in designing and operating security solutions based on Cisco IOS. The secondary audience for this course includes network, program and project managers.

Prerequisite Knowledge

* Cisco Certified Network Associate (CCNA) certification
* Basic knowledge of Cisco IOS networking and security terms and concepts
* Basic knowledge of the Windows operating system

Course Outline

Network Platform Security with Switches

* Configure Advanced Layer 2 Security
* Introducing Cisco IBNS
* Implementing Basic 802.1x Authentication
* Configuring Advanced 802.1X Authentication and Authorization

Network Platform Security with Routers

* Examining the Cisco Network Foundation Protection Strategy
* Securing the Control Plane
* Securing the Management Plane
* Securing the Data Plane

Secure Site-to-Site Communications

* Examining VPN and IPsec Fundamentals
* Implementing IPsec VPNs with PKI
* Implementing GRE over IPsec
* Configuring High Availability VPNs and VTI
* Implementing DMVPN
* Implementing GET VPN

Secure Remote Access Communications

* Implementing Cisco IOS Remote Access Using Cisco Easy VPN
* Examining a Cisco IOS SSL VPN

Threat Control and Containment

* Configuring NAT and PAT
* Configuring a Cisco IOS Classic Firewall
* Configuring a Cisco IOS Zone-Based Policy Firewall
* Configuring Cisco IOS IPS

Securing Networks with ASA Fundamentals v1.0 (40hrs)

The Securing Networks with ASA Fundamentals (SNAF) course takes a task-oriented approach to teach the knowledge and skills needed to configure, maintain, and operate Cisco ASA 5500 Series Adaptive Security Appliances. The course explains the types of firewalls and continues with configuration steps for the ASA appliance. Configurations of filtering, AAA, advanced protocol handling, threat detection, VPNs and other security features are performed via Adaptive Security Device Manager (ASDM) rather than the CLI. The course covers important new ASA and PIX Security Appliance 8.0 features as well.

Note that Advanced ASA topics are covered in the Securing Networks with ASA Advanced (SNAA) course.

Objectives

Upon finishing this course, you will be able to:

* Explain the functions of the three types of firewalls used to secure computer networks
* Describe the technology and features of Cisco security appliances
* Given diagrams of networks protected by Cisco ASA and PIX security appliances, explain how each appliance protects network devices from attacks and why each is an appropriate choice for the example network

Importance

As part of the CCSP certification the course is of utmost importance to individuals seeking this certification.

Audience

The primary audience for this course comprises Cisco customers who implement and maintain Cisco ASA security appliances. Cisco channel partners who sell, implement, and maintain Cisco ASA security appliances and Cisco engineers who support the sale of Cisco ASA security appliances will benefit from the course as well.

Prerequisite Knowledge

* Cisco CCNA certification or the equivalent knowledge.
* Basic knowledge of the Microsoft Windows operating system.
* Familiarity with networking and security terms and concepts.

Course Outline

* Introducing Cisco Security Appliance Technology and Features
* Introducing the Cisco ASA and PIX Security Appliance Families
* Getting Started with Cisco Security Appliances
* Configuring a Security Appliance
* Configuring Translations and Connection Limits
* Using ACLs and Content Filtering
* Configuring Object Grouping
* Switching and Routing on Cisco Security Appliances
* Configuring AAA for Cut-Through Proxy
* Configuring the Cisco Modular Policy Framework
* Configuring Advanced Protocol Handling
* Configuring Threat Detection
* Configuring Site-to-Site VPNs Using Pre-Shared Keys
* Configuring Security Appliance Remote-Access VPNs
* Configuring the Cisco ASA Security Appliance for SSL VPN
* Configuring Transparent Firewall Mode
* Configuring Security Contexts
* Configuring Failover
* Managing the Security Appliance

Implementing Cisco Intrusion Prevention System v1.0 (40hrs)

The Implementing Cisco Intrusion Prevention Systems (IPS) course provides the knowledge and skills needed to design, install, configure, and maintain a Cisco IPS sensor and other Cisco IPS devices for small, medium, and enterprise networks. The course also describes the procedures for managing intrusion prevention system (IPS) alarms.

Objectives

Upon finishing this course, you will be able to:

* Explain how the Cisco IPS protects network devices from attacks
* Install and configure the basic settings on a Cisco IPS 4200 Series Sensor
* Use the Cisco IDM to configure built-in signatures to meet the requirements of a given security policy
* Configure some of the more advanced features of the Cisco IPS product line
* Initialize and install into your environment the rest of the Cisco IPS family of products
* Use the CLI and the Cisco IDM to obtain system information, and configure the Cisco IPS sensor to allow an SNMP NMS to monitor the Cisco IPS sensor

Importance

The IPS course is a prerequisite for all students involved in planning, designing, deploying and operating firewall systems that include Cisco Intrusion Prevention solutions.

Audience

The primary audience for this course comprises network designers and network security administrators.

The secondary audience for this course includes network administrators, network engineers and systems engineers.

Prerequisite Knowledge

CCNA certification or the equivalent knowledge (optional)

* Basic knowledge of the Windows operating system
* Familiarity with the networking and security terms and concepts

Course Outline

Intrusion Prevention Overview

* Explaining Intrusion Prevention
* Examining Cisco IPS Products
* Examining Cisco IPS Sensor Software Solutions
* Examining Evasive Techniques

Installation of a Cisco IPS 4200 Series Sensor

* Installing a Cisco IPS Sensor Using the CLI
* Using the Cisco IDM
* Configuring Basic Sensor Settings

Cisco IPS Signatures

* Configuring Cisco IPS Signatures and Alerts
* Examining the Signature Engines
* Customizing Signatures

Advanced Cisco IPS Configuration

* Performing Advanced Tuning of Cisco IPS Sensors
* Monitoring and Managing Alarms
* Configuring a Virtual Sensor
* Configuring Advanced Features
* Configuring Blocking

Additional Cisco IPS Devices

* Installing the Cisco Catalyst 6500 Series IDSM-2
* Initializing the Cisco ASA AIP-SSM

Cisco IPS Sensor Maintenance

* Maintaining Cisco IPS Sensors
* Managing Cisco IPS Sensors

Securing Networks with ASA Advanced v1.0 (40hrs)

The Securing Networks with ASA Advanced (SNAA) course teaches how to configure advanced features of the Cisco security appliance ASA 5500 such as: dual-ISP support, VLANs, policy NAT, Cisco Secure Desktop, passing of the multicast traffic and EIGRP, VPNs (Easy VPN, SSL VPN, AnyConnect VPN), Layer 7 class maps and policy maps, initializing the AIP-SSM and CSC-SSM. The course also utilizes the graphical user interface instead of the command line interface for explanation and discussions of configuring the ASA. The SNAA course takes a task-oriented approach to teaching the skills to deploy, configure, and administer the Cisco ASA using a fictional company's deployment of an ASA which is based on real world scenarios.

Objectives

Upon finishing this course, you will be able to:

* Configure policy NAT based on traffic type
* Describe the Layer 7 Modular Policy Framework for the security appliance and how it is configured
* Describe the Layer 7 advanced protocol handling capabilities of Modular Policy Framework and how it is configured
* Identify the steps needed to configure the security appliance to segment traffic with VLANs
* Identify the steps need to configure the security appliance for dynamic routing
* Explain the components and functionality of IPsec, and explain what digital certificates are and how they are used
* Identify the steps needed to configure the security appliance to establish LAN-to-LAN tunnels with the digital certificate
* Identify the necessary steps to configure the IPsec VPN client using digital certificates
* Identify the necessary steps to configure the security appliance for remote access using digital certificates
* Explain the advanced remote access features of the security appliance
* Determine the necessary configuration for the ASA 5505 Adaptive Security Appliance to be a VPN hardware client
* Identify the steps to configure QoS for VPN traffic
* List the steps needed to configure the WebVPN functionality of the security appliance
* Identify the basic Clientless SSL VPN features of the security appliance
* Configure full network access SSL VPNs using the Cisco AnyConnect VPN Client
* List the features and functionality of the Cisco Secure Desktop
* Configure Cisco Secure Desktop and DAP for SSL VPN connections on the security appliance
* Identify and list the characteristics of the service modules for the security appliance
* Identify the steps needed to configure, inspect, and filter traffic with the Cisco CSC-SSM
* Identify the steps needed to configure the security appliance to identify, alert, and defend against attacks

Audience

The primary audience for this course comprises Cisco customers who implement and maintain Cisco ASA security appliances. Cisco channel partners who sell, implement, and maintain Cisco ASA security appliances and Cisco engineers who support the sale of Cisco ASA security appliances will benefit from the course as well.

Prerequisite Knowledge

Cisco CCNA certification or the equivalent knowledge

* Basic knowledge of the Microsoft Windows operating system
* Familiarity with networking and security terms and concepts

Course Outline

Advanced NAT

* Applying NAT 0 and Policy NAT

Advanced Protocol Handling

* Applying the Cisco Modular Policy Framework
* Handling Advanced Protocols

Dynamic Routing and Switching

* Switching with VLANs
* Routing with Dynamic Protocols

IPsec VPNs

* Understanding IPsec and Digital Certificates
* Implementing Site-to-Site VPNs with Digital Certificates
* Configuring the Cisco VPN Client
* Implementing Remote-Access VPNs with Digital Certificates
* Configuring Advanced Remote-Access Features and Policy
* Configuring the ASA 5505 as a Cisco Easy VPN Hardware Client
* Configuring QoS for IPsec VPNs

SSL VPNs

* Understanding SSL VPN Technology
* Configuring Clientless SSL VPNs
* Configuring Full Network Access SSL VPNs
* Cisco Secure Desktop
* Securing the Desktop with Cisco Secure Desktop and DAP

Security Services Modules

* Examining the Cisco SSMs
* CSC-SSM: Getting Started
* AIP-SSM: Getting Started

Implementing Cisco NAC Appliance v1.0 (40hrs)

The Implementing Cisco NAC Appliance (CANAC) course provides learners with the skills and knowledge needed to implement the Cisco Network Admission Control (NAC) Appliance solution as a part of a Cisco Self-Defending Network (SDN) security strategy. The course teaches the features of the NAC solution that can automatically detect, isolate, and clean infected or vulnerable devices attempting to access the network. The solution recognizes users, their devices and roles; evaluates the security posture of the endpoint and scans for vulnerabilities; and enforces policy in the network.

Objectives

Upon finishing this course, you will be able to:

* Explain how a Cisco NAC Appliance deployment scenario will meet or exceed network security requirements
* Configure the common elements of a Cisco NAC Appliance solution
* Configure the Cisco NAC Appliance in-band and out-of-band implementation options
* Implement a highly available Cisco NAC Appliance solution to mitigate network threats and facilitate network access for those users that meet corporate security requirements
* Maintain a highly available Cisco NAC Appliance deployment in medium and enterprise network environments

Importance

This course is highly recommended to all network security administrators responsible for deploying and maintaining the NAC Appliance (Cisco Clean Access) solution.

Audience

The primary audience comprises Network Administrators and Network Engineers. The secondary audience involves Network Designers, Network Managers and System Engineers.

Prerequisite Knowledge

Basic knowledge of the Microsoft Windows operating system

* Familiarity with networking and security terminology and concepts
* Fundamental knowledge of implementing network security or any VPN and Security certification from the Specialist certifications
* BCMSN or working knowledge of VLANs
* SNRS or working knowledge of digital certificates
* BSCI or working knowledge of HSRP

Course Outline

Cisco NAC Endpoint Security Solutions

* Introducing Cisco Self-Defending Networks
* Introducing Cisco NAC Appliance
* Introducing In-Band and Out-of-Band Deployment Options

Cisco NAC Appliance Common Elements Configuration

* Configuring User Roles
* Configuring External Authentication
* Configuring DHCP on the Cisco NAS

Cisco NAC Appliance Implementation

* Implementing Cisco NAC Appliance In-Band Deployment
* Implementing the Microsoft Windows SSO Feature on the Cisco NAC Appliance
* Implementing the Cisco VPN SSO Feature on the Cisco NAC Appliance
* Implementing Cisco NAC Appliance Out-of-Band Deployment
* Managing Switches

Cisco NAC Appliance Implementation Options

* Implementing Cisco NAC Appliance on a Network
* Implementing Network Scanning
* Configuring the Cisco NAM to Implement the Cisco NAA on User Devices
* Configuring Cisco NAM High Availability
* Configuring Cisco NAS High Availability

Cisco NAC Appliance Monitoring and Administration

* Monitoring a Cisco NAC Appliance Deployment
* Administering the Cisco NAM

Lab Setup

Implementing Cisco Security Monitoring, Analysis, and Response System v1.0 (40hrs)

The Implementing Monitoring, Analysis, and Response System (MARS) course extends the portfolio of learning solutions addressing security management products for the Cisco Self-Defending Network initiative. The Cisco Security MARS product offers a family of high-performance, scalable appliances for threat management, monitoring, and mitigation, enabling customers to make more effective use of network and security devices. The students will learn the components of the MARS system, identify the processes of security management and configure various features of the product - including reporting, rules and templates. The activities in the course enable the learners to use, monitor, troubleshoot and optimize the MARS product.

Objectives

Upon finishing this course, you will be able to:

* Describe a Cisco Security MARS solution and its role in Cisco Threat-Defense System management
* Describe the software components of Cisco Security MARS architectural design
* Configure the network reporting devices to work with the Cisco Security MARS appliance
* Describe the key concepts involved in using network reporting and mitigation devices with the Cisco Security MARS appliance
* Use the Summary page to view the security status of your network
* Describe and configure a rule that detects interesting patterns of network activity and other anomalous network behavior
* Describe the process of generating queries and reports in a Cisco Security MARS appliance
* Describe the process of incident investigation on a Cisco Security MARS appliance
* Configure user-defined log parser templates on the Cisco Security MARS appliance
* Integrate Cisco Security Manager and Cisco Security MARS
* Perform system maintenance tasks on the Cisco Security MARS appliance
* Identify common issues about Cisco Security MARS
* Describe the features and functions of the Cisco Security MARS Global Controller
* Summarize the key functionalities of Cisco Security MARS technologies at work

Importance

The course is highly recommended to network security engineers and network managers responsible to manage the security of the network using the MARS solution.

Audience

Engineers who support sales of Cisco security product solutions

* Cisco channel partners who sell, implement, and maintain secure networks
* Cisco customers who implement and maintain secure networks

Prerequisite Knowledge

Certified as a Cisco CCSP or the equivalent knowledge - at least passage of the Securing Cisco IOS Networks (SECUR) exam (642-501) or the Securing Networks with Cisco Routers and Switches (SNRS) exam (642-502) or both

* At least six months of practical experience configuring Cisco routers and security products
* Familiarity with implementing network security policies and these networking components and concepts:
* Perimeter security system components: Perimeter router, firewall, intrusion prevention system (IPS), virtual private network (VPN), and demilitarized zone (DMZ) host
* Servers: Syslog servers, web servers, and FTP servers
* Protocols: Syslog, Simple Network Management Protocol (SNMP), Secure Shell (SSH), FTP, and Telnet

Course Outline

* Introducing Cisco Security Monitoring, Analysis, and Response System
* Understanding the System Architecture
* Configuring a Cisco Security MARS Appliance
* Adding Reporting and Mitigation Devices
* Viewing the Summary Page
* Managing Rules
* Understanding Queries and Reports
* Investigating and Mitigating Incidents
* Working with User-Defined Log Parser Templates
* Integrating with Cisco Security Manager
* Managing and Administering the System
* Troubleshooting and Optimizing Cisco Security MARS
* Using the Cisco Security MARS Global Controller
* Course Review