The CCNA Security Certification is the next step after the CCNA R&S to enhance your associate level skill set in network security. It prepares you for entry-level security career opportunities to meet the growing demand of network for network security professionals.
Cisco Certified Network Associate Security (CCNA Security) validates associate-level knowledge and skills required to secure Cisco networks. With a CCNA Security certification, a network professional demonstrates the skills required to develop a security infrastructure, recognize threats and vulnerabilities to networks, and mitigate security threats.
Course Outline
- Module 1 : Common Security Threats
- Describe common security threats
- Common threats to the physical installation
- Mitigation methods for common network attacks
- Email-based threats
- Web-based attacks
- Mitigation methods for Worm, Virus, and Trojan Horse attacks
- Phases of a secure network lifecycle
- Security needs of a typical enterprise with a comprehensive security policy
- Mobile/remote security
- DLP
- Module 2 : Authentication, Authorization & Accounting (AAA)
- What is AAA?
- TACAS+ vs. RADIUS
- TACAS+ and RADIUS Configuration
- Authentication Configuration
- AAA Login
- Using AAA for Privileged EXEC Mode and PPP
- Accounting
- Authorization
- Configuring AAA with SDM
- Configuring AAA with CLI router and Switches
- Configuring AAA with ASA
- Module 3 : Layer 2 Security
- 3.1 Describe Layer 2 security using Cisco switches
- STP attacks
- ARP spoofing
- MAC spoofing
- CAM overflows
- CDP/LLDP
- 3.2 Describe VLAN security
- Voice VLAN
- PVLAN
- VLAN hopping
- Native VLAN
- 3.3 Implement VLANs and trunking
- VLAN definition
- Grouping functions into VLANs
- Considering traffic source to destination paths
- Trunking
- Native VLAN
- VLAN Trunking Protocols
- Inter-VLAN Routing
- Private-vlan
- 3.4 Configuring Port-Security
- Preventing CAM Overflow Attacks with Port Security
- Port Security
- Configuring Port Security
- Misconfiguring Port Security
- Aging Time for Secure Addresses
- Sticky Addresses
- Configuring MAC Table Event Notification
- Dot1x Port-Based Authentication
- 3.5 Implement spanning tree
- Potential issues with redundant switch topologies
- STP operations
- Resolving issues with STP - RootGuard , BpduGuard, Bpdufilter
- 3.6 Basic L2 Security Features
- Cisco Password
- Cisco Lightweight Extensible Authentication Protocol (LEAP)
- Extensible Authentiaction Protocol-Flexible Authentication via Secure Tunneling (EAP-FAST)
- Local SPAN Configuration
- Remote SPAN Configuration
- VACL
- PACL
- Module 4 : Layer 3 Security
- 4.1 Basic Security
- Configuring Enable Password
- Privileged Level Password vs. Privleged Level Secret
- Encrypting Passwords
- Creating and Testing Minimum Length Password Policy
- Telnet and SSH
- exec-timeout Command
- 4.2 Access-list Control - ACL
- IPv4
- IPv6
- Object groups
- ACL operations
- Types of ACLs (dynamic, reflexive, time-based ACLs)
- ACL wild card masking
- Standard ACLs
- Extended ACLs
- Named ACLs
- VLSM
- 4.3 Network Time Protocol (NTP)
- Configuring NTP Master Time Source
- Configuring Peering with NTP Peers Command
- Creating Banners
- Different Types of Network Attacks
- 4.4 Attacks
- Denial of Services (DoS) Attack and SYN Flooding Attack
- TCP Intercept Defense
- ICMP (Ping) Sweep, Port Scan and Port Sweep
- Smurf Attacks
- IP Spoofing
- IP Source Routing
- Packet Sniffers and Queries
- Password Attacks
- Salami Attack
- Other Network Attacks Types - Trust Exploitation
- Superviews - Role-Based CLI Views
- AutoSecure
- One-Step Lockdown.
- Security Audit
- Module 5 : Describe Intrusion Prevention System (IPS) deployment considerations
- SPAN
- IPS product portfolio
- Placement
- Caveats
- 5.2 Describe IPS technologies
- Attack responses
- Monitoring options
- Syslog
- SDEE
- Signature engines
- Signatures
- Global correlation and SIO
- Network-based
- Host-based
- 5.3 Configure Cisco IOS IPS using CCP
- Module 6 : Firewalls
- 6.1 Describe operational strengths and weaknesses of the different firewall technologies
- Proxy firewalls
- Packet and stateful packet
- Application firewall
- Personal firewall
- 6.2 Describe stateful firewalls
- Operations
- Function of the state table
- 6.3 Describe the types of NAT used in firewall technologies
- Static
- Dynamic
- PAT
- Translation (PAT)
- Functions of NAT, PAT, and NAT Overload
- Translating Inside Source addresses
- Overloading Inside global addresses
- 6.4 Implement zone based policy firewall using CCP
- Module 7 : VPN (Virtual Private Network)
- 7.1 Cryptography and Virtual Private Networks (VPNs)
- Symmetric
- Asymetric
- HMAC
- Message digest (VTP)
- PKI
- 7.2 Describe the building blocks of IPSec
- IKE
- ESP
- AH
- Tunnel mode
- Transport mode
- IPsec
- SSL
- 7.3 Implement an IOS IPSec site-to-site VPN with pre-shared key authentication
- 7.4 Implement SSL VPN using ASA device manager
- Module 8 : Introduction to Voice and SAN Security
- Voice Over IP Overview
- Gateways and Gatekeepers
- VoIP Protocols
- Typical VoIP Attacks and Precautions
- Introduction to Storage Area Networking (SAN)
- SAN Transport Technologies and Protocols
- SAN Security - LUNS and LUN Masking
- SAN Zones
- Virtual SANs (VSANs)
- FCAP and FCPAP
Twitter
Studied or Worked here? Share Your Review
Please do not post:
Thank you once again for doing your part to keep Edarabia the most trusted education source.