CCIE Security

Main Menu
HOME TRAINING Cyber Forensics EnCase I EnCase II EnCase III Cisco Associate Level CCNA CCNA Security CCNA Voice CCNA Wireless CCDA Professional Level CCNP New CCDP CCIP CCNP CCSP CCVP Expert Level CCIE Routing & Switching CCIE Security CCIE Voice CCIE Service Provider CCDE Juniper JUNOS Routing M-Series & T-Series JNCIA-M JNCIS-M Enterprise Routing JNCIA-ER JNCIS-ER JUNOS Security Enterprise Switching JNCIA-EX E-Seires JNCIA-E JNCIS-E Firewall/VPN JNCIA-FWV JNCIS-FWV IDP JNCIA-IDP SSL VPN JNCIA-SSL JNCIS-SSL DX Application WX Application UAC Microsoft MCP MCSA 2003 MCSE 2003 MCITP Server Admin MCITP Enterprise Admin Checkpoint CCSA CCSE Nokia Checkpoint (IPSO) Nortel Checkpoint (NSF) IT Management ITILv3 CISA CISSP EC-Council CEH ENSA CHFI EDRP CompTIA A+ Network+ Security+ Wireless (Planet3) CWNA CWTS CWSP CWNP Certification Package Routing Switching Firewall Prevention System Voice Hacking Virtualization VMware Workstation VMware ESX Videos CONSULTING Assist Services Network Design Implementation Services Network Security Penetration Testing IT Security Audit Network Operations BOOTCAMP Juniper Bootcamp Cisco Bootcamp CCNP Bootcamp CCSP Bootcamp CCVP Bootcamp Checkpoint NMAP Microsoft ITILv3 Bootcamp COMPANY INFO Company Trainer Profile Work Culture Leadership Infrastructure CAREER Working With Junisys Hot Jobs CONTACT US FORUM LAB Rack Rental Online LAB

Main Menu

Live Chat

Login Form
Username Password Remember Me Forgot your password? Forgot your username? Create an account

Student Talk

Student Talk

NEWS

CCIE Security

Written Exam (120hrs)

General Networking

Networking Basics
OSI Layers
TCP/IP Protocols
Switching (VTP, VLANs, Spanning Tree, Trunking, etc.)
Routing Protocols (RIP, EIGRP, OSPF, and BGP)
IP Multicast

Security Protocols, Ciphers and Hash Algorithms

RADIUS
TACACS+
Ciphers RSA, DSS, RC4
Message Digest 5 (MD5)
Secure Hash Algorithm (SHA)
EAP PEAP TKIP TLS
Data Encryption Standard (DES)
Triple DES (3DES)
Advanced Encryption Standard (AES)
IP Security (IPSec)
Authentication Header (AH)
Encapsulating Security Payload (ESP)
Internet Key Exchange (IKE)
Certificate Enrollment Protocol (CEP)
Transport Layer Security (TLS)
Secure Socket Layer (SSL)
Point to Point Tunneling Protocol (PPTP)
Layer 2 Tunneling Protocol (L2TP)
Generic Route Encapsulation (GRE)
Secure Shell (SSH)
Pretty Good Privacy (PGP)

Application Protocols

Hypertext Transfer Protocol (HTTP)
Simple Mail Transfer Protocol (SMTP)
File Transfer Protocol (FTP)
Domain Name System (DNS)
Trivial File Transfer Protocol (TFTP)
Network Time Protocol (NTP)
Lightweight Directory Access Protocol (LDAP)
Syslog

Security Technologies

Packet Filtering
Content Filtering
URL Filtering
Authentication Technologies
Authorization technologies
Proxy Authentication
Public Key Infrastructure (PKI)
IPSec VPN
SSL VPN
Network Intrusion Prevention Systems
Host Intrusion Prevention Systems
Event Correlation
Adaptive Threat Defense (ATD)
Network Admission Control (NAC)
802.1x
Endpoint Security
Network Address Translation

Cisco Security Appliances and Applications

Cisco Secure PIX Firewall
Cisco Intrusion Prevention System (IPS)
Cisco VPN 3000 Series Concentrators
Cisco EzVPN Software and Hardware Clients
Cisco Adaptive Security Appliance (ASA) Firewall
Cisco Security Monitoring, Analysis and Response System (MARS)
Cisco IOS Firewall
Cisco IOS Intrusion Prevention System
Cisco IOS IPSec VPN
Cisco IOS Trust and Identity
Cisco Secure ACS for Windows
Cisco Secure ACS Solution Engine
Cisco Traffic Anomaly Detectors
Cisco Guard DDoS Mitigation Appliance
Cisco Catalyst 6500 Series Security Modules (FWSM, IDSM, VPNSM, WebVPN, SSL modules)
Cisco Traffic Anomaly Detector Module & Cisco Guard Service Module

Cisco Security Management

Cisco Adaptive Security Device Manager (ASDM)
Cisco Router & Security Device Manager (SDM)
Cisco Security Manager (CSM)

Cisco Security General

IOS Specifics
Routing and Switching Security Features: IP & MAC Spoofing, MAC Address Controls, Port Security, DHCP Snoop, DNS Spoof.
NetFlow
Layer 2 Security Features
Layer 3 Security Features
Wireless Security
IPv6 Security

Security Solutions

Network Attack Mitigation
Virus and Worms Outbreaks
Theft of Information
DoS/DDoS Attacks
Web Server & Web Application Security

Security General

Policies - Security Policy Best Practices
Information Security Standards (ISO 17799, ISO 27001, BS7799)
Standards Bodies
Common RFCs (e.g. RFC1918, RFC2827, RFC2401)
BCP 38
Attacks, Vulnerabilities and Common Exploits - recon, scan, priv escalation, penetration, cleanup, backdoor
Security Audit & Validation
Risk Assessment
Change Management Process
Incident Response Framework
Computer Security Forensics

Lab Exam (100hrs)

Implement secure networks using Cisco ASA Firewalls

Perform basic firewall Initialization
Configure device management
Configure address translation (nat, global, static)
Configure ACLs
Configure IP routing
Configure object groups
Configure VLANs
Configure filtering
Configure failover
Configure Layer 2 Transparent Firewall
Configure security contexts (virtual firewall)
Configure Modular Policy Framework
Configure Application-Aware Inspection
Configure high availability solutions
Configure QoS policies

Implement secure networks using Cisco IOS Firewalls

Configure CBAC
Configure Zone-Based Firewall
Configure Audit
Configure Auth Proxy
Configure PAM
Configure access control
Configure performance tuning
Configure advanced IOS Firewall features

Implement secure networks using Cisco VPN solutions

Configure IPsec LAN-to-LAN (IOS/ASA)
Configure SSL VPN (IOS/ASA)
Configure Dynamic Multipoint VPN (DMVPN)
Configure Group Encrypted Transport (GET) VPN
Configure Easy VPN (IOS/ASA)
Configure CA (PKI)
Configure Remote Access VPN
Configure Cisco Unity Client
Configure Clientless WebVPN
Configure AnyConnect VPN
Configure XAuth, Split-Tunnel, RRI, NAT-T
Configure High Availability
Configure QoS for VPN
Configure GRE, mGRE
Configure L2TP
Configure advanced Cisco VPN features

Configure Cisco IPS to mitigate network threats

Configure IPS 4200 Series Sensor Appliance
Initialize the Sensor Appliance
Configure Sensor Appliance management
Configure virtual Sensors on the Sensor Appliance
Configure security policies
Configure promiscuous and inline monitoring on the Sensor Appliance
Configure and tune signatures on the Sensor Appliance
Configure custom signatures on the Sensor Appliance
Configure blocking on the Sensor Appliance
Configure TCP resets on the Sensor Appliance
Configure rate limiting on the Sensor Appliance
Configure signature engines on the Sensor Appliance
Use IDM to configure the Sensor Appliance
Configure event action on the Sensor Appliance
Configure event monitoring on the Sensor Appliance
Configure advanced features on the Sensor Appliance
Configure and tune Cisco IOS IPS
Configure SPAN & RSPAN on Cisco switches

Implement Identity Management

Configure RADIUS and TACACS+ security protocols
Configure LDAP
Configure Cisco Secure ACS
Configure certificate-based authentication
Configure proxy authentication
Configure 802.1x
Configure advanced identity management features
Configure Cisco NAC Framework

Implement Control Plane and Management Plane Security

Implement routing plane security features (protocol authentication, route filtering)
Configure Control Plane Policing
Configure CP protection and management protection
Configure broadcast control and switchport security
Configure additional CPU protection mechanisms (options drop, logging interval)
Disable unnecessary services
Control device access (Telnet, HTTP, SSH, Privilege levels)
Configure SNMP, Syslog, AAA, NTP
Configure service authentication (FTP, Telnet, HTTP, other)
Configure RADIUS and TACACS+ security protocols
Configure device management and security

Configure Advanced Security

Configure mitigation techniques to respond to network attacks
Configure packet marking techniques
Implement security RFCs (RFC1918/3330, RFC2827/3704)
Configure Black Hole and Sink Hole solutions
Configure RTBH filtering (Remote Triggered Black Hole)
Configure Traffic Filtering using Access-Lists
Configure IOS NAT
Configure TCP Intercept
Configure uRPF
Configure CAR
Configure NBAR
Configure NetFlow
Configure Anti-Spoofing solutions
Configure Policing
Capture and utilize packet captures
Configure Transit Traffic Control and Congestion Management
Configure Cisco Catalyst advanced security features

Identify and Mitigate Network Attacks

Identify and protect against fragmentation attacks
Identify and protect against malicious IP option usage
Identify and protect against network reconnaissance attacks
Identify and protect against IP spoofing attacks
Identify and protect against MAC spoofing attacks
Identify and protect against ARP spoofing attacks
Identify and protect against Denial of Service (DoS) attacks
Identify and protect against Distributed Denial of Service (DDoS) attacks
Identify and protect against Man-in-the-Middle (MiM) attacks
Identify and protect against port redirection attacks
Identify and protect against DHCP attacks
Identify and protect against DNS attacks
Identify and protect against Smurf attacks
Identify and protect against SYN attacks
Identify and protect against MAC Flooding attacks
Identify and protect against VLAN hopping attacks
Identify and protect against various Layer2 and Layer3 attacks