Overview Network security has become more important than ever because of the need to deal with the increased number of network threats from worms and easy-to-use distributed denial of service (DDoS) tools. Today, companies can no longer afford to deal with network security in a reactionary mode due to the potential for severe financial and intellectual loss. For that reason, companies are investing in the security of their networks to provide a safe environment for their employees and customers. The Building Enhanced Cisco Security Networks Boot Camp teaches the students how to create a network security policy, an often overlooked but vital part of any network security deployment, as well as deploy several emerging security technologies. In practical labs, students will build a dynamic multipoint VPN (DMVPN), set up High Availability for IPSec (IPSec-HA), identify the Path MTU of a nested IPSec tunnel, configure a site-to-site IPSec VPN for split tunneling, secure network management, configure VMS 2.2 for IDS management, and set up Identity-Based Network Services (IBNS) for a wireless environment. To test the students' understanding of the course materials, the final phase of the class will be a network attack in which various tools will be used to attempt to gain access to their networks.
Pre-Requisites
- Cisco IOS routers, routing fundamentals, and IP addressing knowledge covered in the Interconnecting Cisco Networking Devices (ICND) course, or equivalent experience; preferred knowledge source is CCNA certification (required)
- Managing Cisco Network Security (MCNS) 3.0 or equivalent experience with Cisco IOS-based security products (recommended)
- Cisco Secure PIX Firewall Advanced (CSPFA) 3.1 or equivalent experience with the configuration of Cisco Secure PIX firewalls (recommended)
- Cisco Secure Intrusion Detection System (CSIDS) 3.0 or equivalent experience configuring Cisco Secure IDS products (recommended)
Next Course Dates
Dates available on request. Please contact us
More Information
Individuals who design security networks based on Cisco security products, who implement end-to-end Cisco security services, who deploy networks using Cisco security services.
- Given a network topology and network assessment from Cisco AS, develop and document a comprehensive security policy that fulfills all requirements of the network assessment.
- Given the security policy developed at the beginning of the class and a set of threat management criteria, document a threat response procedure that fulfills the requirements of the threat management criteria.
- Given a remote office network, configure a site-to-site IPSec VPN to the corporate core network.
- Introduction
- Developing a Network Security Policy
- Configuring Site-to-Site IPSec VPNs with Split Tunneling
- Understanding Fragmentation, Path MTU Discovery, and Recursive Routing
- Deploying IPSec-High Availability (IPSec-HA)
- Implementing Dynamic Multipoint VPN (DMVPN)
- Deploying Identity-Based Networking Services (IBNS) for a Wireless Network
- Securing Cisco Network Management
- Configuring VMS 2.2 for IDS Management
- Common Network Attack Mitigation
Lab Outline
- Developing a Network Security Policy
- Create a Threat Response Procedure for the Network Security Policy
- Configure Cisco IOS for Site-to-Site VPN using IPSec
- Configure a Remote Office for Secure Split Tunneling
- Identify Path MTU for an Established Site-to-Site IPSec VPN
- Configure Stateless High Availability Between IPSec Routers
- Configure Connectivity to a Stateful High Availability IPSec Redundant Pair
- Configure a NHRP Spoke Router to Participate in a DMVPN
- Configure Cisco IOS for SSH
- Configure SNMP v2 and SNMP ACLs
- Configure a Wireless Network for 802.1X Using Cisco Secure ACS
- Configure Cisco Secure PIX Firewall, Cisco IOS, Cisco Secure IDS, and Cisco VMS 2.2 to Mitigate and Respond to Network Threats
- Cisco Secure Virtual Private Networks (CSVPN) 3.1 or equivalent experience configuring Cisco Secure VPN products (recommended)
- Aironet Wireless LAN Fundamentals (AWLF) 3.0 or equivalent experience configuring Cisco wireless products (recommended)