|
Module 1: Layer 2 Security
Lesson 1: Examining Company ABC Unsecured
- Company ABC Unsecured
- Attacks and Vulnerabilities
- Attacks on Company ABC
Lesson 2: Examining Layer 2 Attacks
- Types of Layer 2 Attacks
- CAM Table Overflow Attack
- Port Security
- Verifying Port Security
- VLAN Hopping Attacks
- STP Vulnerabilities
- MAC Spoofing: Man-in-the-Middle Attacks
- PVLAN Vulnerabilities
Lesson 3: Configuring DHCP Snooping
- DHCP Starvation and Spoofing Attacks
- Understanding DHCP Snooping
- Mitigating DHCP Attacks
- DHCP Snooping Configuration Guidelines
- Enabling and Configuring DHCP Snooping
- Verifying DHCP Snooping
Module 2: Trust and Identity
Lesson 1: Implementing Identity Management
- Cisco Secure ACS for Windows Overview
- Authentication, Authorization, and Accounting
- Authentication
- Authorization
- Accounting
- TACACS+
- RADIUS
- Configuring AAA to Work with External AAA Servers
- Cisco Secure ACS as a AAA Server
- Cisco Secure ACS for Microsoft Windows Architecture
- Administering Cisco Secure ACS
- Installing Cisco Secure ACS
- Creating an Installation
- Adding an Administrator
- Working in Cisco Secure ACS
- Network Access Profiles
- Configuring Cisco Secure ACS NAPs
- Creating a NAP
- Configuring Profile-Based Policies
- Troubleshooting Cisco Secure ACS
Lesson 2: Implementing Cisco IBNS
- Cisco IBNS Overview
- Port-Based Access Control
- IEEE 802.1x
- Selecting the Correct EAP
- 802.1x and Port Security
- 802.1x and VLAN Assignment
- 802.1x and Guest VLANs
- 802.1x and Restricted VLANs
- Configuring 802.1x
Module 3: Cisco Network Foundation Protection
Lesson 1: Introducing Cisco NFP
- Cisco NFP Overview
- Cisco IOS Tools for a Secure Infrastructure
Lesson 2: Securing the Control Plane
- Router Control Plane
- Tools for Securing the Control Plane
- Overview of CPPr
- CPPr Architecture
- Configuring CPPr
- Configuring a Port-Filter Policy
- Configuring a Queue-Threshold Policy
- Verifying CPPr
Lesson 3: Securing the Management Plane
- The Management Plane
- Tools for Securing the Management Plane
- Cisco MPP Feature
- Securing the Management Plane
- Verifying MPP
Lesson 4: Securing the Data Plane
- Data Plane Attacks
- Data Plane Protection
- Flexible Packet Matching
- Configuring FPM
- Verifying FPM
- Troubleshooting FPM
Module 4: Secured Connectivity
Lesson 1: Introducing IPsec
- IPsec Overview
- Authentication Header
- Encapsulating Security Payload
- Internet Key Exchange
- Internet Security Association and Key Management Protocol
- Other Protocols and Terminology
- IPsec Configuration Task List
Lesson 2: Examining Cisco IOS VPNs
- IPsec VPN Deployment Options
- Fully Meshed IPsec VPNs
- Hub-and-Spoke IPsec VPNs
- Characteristics
- Benefits
- Restrictions
- Dynamic Multipoint VPNs
- Cisco Easy VPN
- WebVPN
Lesson 3: Implementing IPsec VPNs Using Pre-Shared Keys
- Configuring IPsec
- Preparing for IPsec
- Planning the IKE Policy
- Planning the IPsec Policy
- Configuring ISAKMP
- Configure Pre-Shared Keys
- Configuring IPsec Policies
- Applying Crypto Maps to Interfaces
- Testing and Verifying IPsec
- Troubleshooting
Lesson 4: Implementing IPsec VPNs Using PKI
- Examining Cisco IOS PKI
- Digital Signatures
- Examining SCEP
- Configuring IPsec VPN Using Digital Certificates
- Testing and Verifying IPsec
Lesson 5: Configuring GRE Tunnels
- Examining GRE Tunnels
- Deploying GRE
- Configuring a GRE Tunnel
- Verifying GRE Tunnels
- Configuring GRE Tunnels and Encryption
Lesson 6: Configuring a DMVPN
- Dynamic Multipoint VPN
- DMVPN Configuration Tasks
- Configuring ISAKMP and IPsec
- IPsec Profiles
- Routing Protocols
- Configuring the Hub in a Spoke-to-Spoke DMVPN
- Configuring a Spoke for the Spoke-to-Spoke DMVPN
- Verifying DMVPN
Lesson 7: Configuring Cisco IOS SSL VPN (WebVPN)
- Overview of Cisco IOS SSL VPN (WebVPN)
- Clientless Access
- Thin-Client Access
- Tunnel Mode Access
- WebVPN Configuration Tasks
- AAA Configuration for WebVPN
- DNS Configuration for WebVPN
- Certificates and Trustpoints for WebVPN
- WebVPN Configuration
- Verifying WebVPN Functionality
- Troubleshooting WebVPN
Lesson 8: Configuring Easy VPN Remote Access
- Introduction to Cisco Easy VPN
- Configuring Cisco Easy VPN Server
- Configuring Cisco VPN Client v4.x
- Create New Client Connection Entries
Module 5: Adaptive Threat Defense
Lesson 1: Configuring Cisco IOS Firewall
- Firewalls
- Cisco IOS as a Firewall
- Cisco IOS Firewall Feature Set
- Cisco IOS Classic Firewall
- Cisco IOS Authentication Proxy
- Cisco IOS IPS
Lesson 2: Configuring Cisco IOS Classic Firewall
- Cisco IOS Classic Firewall
- Cisco IOS Classic Firewall Process
- Cisco IOS Classic Firewall Configuration Tasks
- Configuring IP ACLs for Cisco IOS Classic Firewall
- Defining Inspection Rules
- Example Configurations
- Granular Protocol Inspection
- Applying the Inspection Rule to an Interface
- Audit Trails and Logging
- Verifying Cisco IOS Classic Firewall
- Removing Cisco IOS Classic Firewall
Lesson 3: Configuring Cisco IOS Zoned-Based Policy Firewall
- Legacy Stateful Inspection
- Cisco IOS Zone-Based Policy Firewall Overview
- Zones
- Security Zone Firewall Policies
- Configuring a Cisco IOS Zoned-Based Policy Firewall
- Verifying Cisco IOS Zone-Based Policy Firewall
Lesson 4: Configuring Cisco IOS Firewall Authentication Proxy
- Cisco IOS Firewall Authentication Proxy
- AAA Server Configuration
- Cisco IOS Firewall Authentication Proxy Configuration
Lesson 5: Configuring Cisco IOS IPS
- Cisco IOS IPS
- Signature Micro-Engines
- Signatures and SDFs
- Deploying IOS IPS
- Cisco IOS Firewall IPS Configuration
- Configure Logging via Syslog or SDEE
- Upgrading to the Latest SDF
- Verifying IPS Configuration
Lesson 6: Examining Company ABC Secured
|
