Cisco Security Curriculum-Course outlines

7/28/2019 Cisco Security Curriculum-Course outlines

1/92

CISCO SYSTEMS, INC.

Security CurriculumCourse Outline

10/13/2009

Created by Davie Chia ([email protected]), CCSP program manager


2/92

2 Security Curriculum Course Outline 2009 Cisco Systems, Inc.

CONTENT:

IINS (CCNA Security) page 3

SNRS (CCSPcore) page 22

IPS (CCSPcore) page 36

SNAF (CCSPcore) page 48

SNAA (CCSPelective) page 58

MARS (CCSPelective) page 71

CANAC (CCSPelective) page 81


3/92

2008 Cisco Systems, Inc. Course Administration Guide 3

IINS Course Outline Overview

Implementing Cisco IOS Network Security (IINS) v1.0 is an instructor-led course presented byCisco training partners to their end-user customers. This five-day course focuses on thenecessity of a comprehensive security policy and how it affects the posture of the network.Learners will be able to perform basic tasks to secure a small branch type office network usingCisco IOS security features available through web-based GUIs (Cisco Router and SecurityDevice Manager [SDM]) and the command-line interface (CLI) on the Cisco routers and switches.

Course ObjectivesUpon completing this course, the learner will be able to meet these overall objectives:

Develop a comprehensive network security policy to counter threats against informationsecurity

Configure routers on the network perimeter with Cisco IOS Software security features

Configure firewall features including ACLs and Cisco IOS zone-based firewalls to perform basic security operations on a network

Configure site-to-site VPNs using Cisco IOS features

Configure IPS on Cisco network routers

Configure LAN devices to control access, resist attacks, shield other network devices and systems, and protect the integrity and confidentiality of network traffic

High-Level Course OutlineThis subtopic provides an overview of how the course is organized. The course contains theseseven components:

Introduction to Network Security Principles

Perimeter Security

Network Security Using Cisco IOS Firewalls

Site-to-Site VPNs

Network Security Using Cisco IOS IPS LAN, SAN, Voice, and Endpoint Security Overview


4/92


Detailed Course Outl ine

Module 1: Introduct ion to Network Security Princip les

Upon completing this module, the learner will be able to develop a comprehensive network security policy to counter threats against information security.

Lesson 1: Examining Network Security Fundamentals

This lesson describes the core principles that are part of a secure network. Upon completingthis lesson, the learner will be able to meet these objectives:

Describe how sophisticated attack tools and open networks generate an increased need for network security and dynamic security policies

Describe the three primary objectives of security

Describe the different classifications of data that are used by the private sector and the public sector

Describe the three primary types of security controls

Describe some of the factors that are involved in responding to a security breach

Identify key laws and codes of ethics that are binding to INFOSEC professionals

The lesson includes these topics:

The Need for Network Security

Network Security Objectives

Data Classification

Security Controls

Response to a Security Breach Laws and Ethics

Lesson 2: Examining Network Attack Methodologies

This lesson describes various attack methods and how to plan a defense in depth to help protectyour network from these attacks. Upon completing this lesson, the learner will be able to meetthese objectives:

Describe network adversaries, motivations, and classes of attack

Describe how hackers work so that you have a better appreciation of the threats they pose

Describe the concept of defense in depth

Describe how attackers use IP spoofing to launch various types of attacks

Describe several attack methods that attackers use to compromise confidentiality

Describe several attack methods that attackers use to compromise integrity

Describe several attack methods that attackers use to compromise availability

Describe some best practices that can help defend your network against hackers


5/92



Adversaries, Motivations, and Classes of Attack

How Hackers Think

The Principles of Defense in Depth

IP Spoofing Attacks

Confidentiality Attacks

Integrity Attacks

Availability Attacks

Best Practices to Defeat Network Attacks

The lesson includes this activity:

Lab 1-1: Embedding a Secret Message Using Steganography

Lesson 3: Examining Operations Security

This lesson describes the principles behind operations security and how correct practicesincrease security, including security testing, a secure life cycle, and business continuity

planning. Upon completing this lesson, the learner will be able to meet these objectives:

Describe the SDLC and how you use it to design a Secure Network Lifecycle management process

Identify key operations security principles

Explain various network security testing techniques and tools

Explain the principles of disaster recovery and business continuity planning and giveexamples of how they are practiced


Secure Network Lifecycle Management Principles of Operations Security

Network Security Testing

Disaster Recovery and Business Continuity Planning

The lesson includes these activities:

Lab 1-2: Scanning a Computer System Using Testing Tools

Lab 1-3: Scanning a Network Using Testing Tools

Lesson 4: Understanding and Developing a Comprehensive Network Security PolicyThis lesson describes how increasing network security threats demand comprehensive network security policies, and describes the main activities in each phase of a secure network lifecycle.Upon completing this lesson, the learner will be able to meet these objectives:

Describe the essential functions and goals of a security policy and how to use them tocreate a security policy

Identify commonly used policy documents and standards, and explain the differences between these standards and procedures


6/92


Identify the various roles that are played within an enterprise for the development and maintenance of a security policy

Describe the role that risk management plays in the development of a security policy

Describe the system-level security principles that should be considered throughout thelifecycle of a secure network

Describe how training and other awareness techniques can help to increase theeffectiveness of a security policy


Security Policy Overview

Policies, Standards, and Procedures

Roles and Responsibilities

Risk Management

Principles of Secure Network Design

Security Awareness

Lesson 5: Bui lding Cisco Self-Defending NetworksThis lesson describes how to implement the Cisco Self-Defending Network strategy byenhancing the existing network infrastructure with Cisco technologies, products, and solutions.Upon completing this lesson, the learner will be able to meet these objectives:

Describe how changing threats and challenges demand a new approach to network security

Describe the components of the Cisco Self-Defending Network strategy

Describe the positioning and benefits of the Cisco integrated security portfolio


Changing Threats and Challenges

Building a Cisco Self-Defending Network

Cisco Integrated Security Portfolio


7/92


Module 2: Perimeter Security

Upon completing this module, the learner will be able to configure routers on the network perimeter with Cisco IOS Software security features.

Lesson 1: Securing Ad ministrative Access to Cisco Routers

This lesson defines how to secure the physical installation of and administrative access to Ciscorouters based on different network requirements using the CLI. Upon completing this lesson,the learner will be able to meet these objectives:

Describe the security features of the Cisco IOS Software on Cisco routers

Describe the security features of the Cisco Integrated Services Routers

Configure passwords and login failure rates using the CLI to secure administrative accessto Cisco routers

Configure multiple privilege levels using the CLI to secure administrative access to Ciscorouters

Configure role-based CLI access to create views

Configure the Cisco IOS resilient configuration feature using the CLI to secure the CiscoIOS image and configuration file

Configure virtual login connection security using the CLI

Configure a banner message using the CLI to secure administrative access to Cisco routers


Cisco IOS Security Features

Introducing the Cisco Integrated Services Router Family

Configuring Secure Administrative Access

Setting Multiple Privilege Levels

Configuring Role-Based CLI Access

Securing the Cisco IOS Image and Configuration Files

Configuring Enhanced Support for Virtual Logins

Configuring Banner Messages


Lab 2-1: Securing Administrative Access to Cisco Routers

Lesson 2: Introducing Cisco SDM

This lesson describes the features and wizards of Cisco SDM, and describes how to launch and navigate Cisco SDM. Upon completing this lesson, the learner will be able to meet theseobjectives:

Describe the key features, concepts, and purpose of Cisco SDM

Set up a router to run Cisco SDM and Cisco SDM Express

Launch Cisco SDM Express to configure a new router

Launch Cisco SDM


8/92


Navigate Cisco SDM

Describe the common wizards available in Cisco SDM


Cisco SDM Overview

Supporting Cisco SDM and Cisco SDM Express

Launching Cisco SDM Express

Launching Cisco SDM

Navigating the Cisco SDM Interface

Cisco SDM Wizards

Lesson 3: Configuring AAA on a Cisco Router Using the Local Database

This lesson defines how to configure a Cisco router to perform authentication, authorization,and accounting (AAA) authentication with a local database using Cisco SDM. Uponcompleting this lesson, the learner will be able to meet these objectives:

Describe the functions and importance of AAA

Describe the different ways to implement AAA services on Cisco routers

Describe the steps to authenticate user access to a Cisco router using a local database

Configure AAA using Cisco SDM to support using the local database

Troubleshoot AAA on a Cisco router using the debug aaa command


AAA Overview

Introduction to AAA for Cisco Routers

Using Local Services to Authenticate Router Access

Configuring Local Database Authentication Using AAA

Troubleshooting AAA on Cisco Routers


Lab 2-2: Configuring AAA on Cisco Routers to Use the Local Database

Lesson 4: Configuring AAA on a Cisco Router to Use Cisco Secure ACS

This lesson describes the operation of external AAA sources such as RADIUS and TACACS+servers and defines how to configure a Cisco router to use Cisco Secure Access Control Server (ACS) to perform AAA. Upon completing this lesson, the learner will be able to meet theseobjectives:

List the features and benefits of Cisco Secure ACS products and describe their function in anetwork security solution

Describe and compare the TACACS+ and RADIUS protocols

Install Cisco Secure ACS for Windows

Configure the Cisco Secure ACS server


9/92


Configure Cisco Routers to use TACACS+ as a AAA protocol using the CLI and CiscoSDM

Describe troubleshooting TACACS+ using debug commands from the CLI


Cisco Secure ACS Overview

TACACS+ and RADIUS Protocols

Installing Cisco Secure ACS for Windows

Configuring the Server

Configuring TACACS+ Support on a Cisco Router

Troubleshooting TACACS+


Lab 2-3: Configuring AAA on Cisco Routers to Use Cisco Secure ACS

Lesson 5: Implementing Secure Management and Report ingThis lesson defines how to securely implement the management and reporting features of syslog, Simple Network Management Protocol (SNMP), Secure Shell (SSH), and Network Time Protocol (NTP). Upon completing this lesson, the learner will be able to meet theseobjectives:

Describe the factors you must consider when planning the secure management and reporting configuration of network devices

Describe the architecture of secure management and reporting

Describe the key role that syslog plays in network security

Use Cisco SDM to monitor log messages

Describe the security features of SNMPv3

Configure an SSH daemon for secure management and reporting

Enable time features with Cisco SDM


Planning Considerations for Secure Management and Reporting

Secure Management and Reporting Architecture

Using Syslog Logging for Network Security

Using Logs to Monitor Network Security

Using SNMP

Configuring an SSH Daemon for Secure Management and Reporting

Enabling Time Features


Lab 2-4: Implementing Secure Management and Reporting


10/92


Lesson 6: Locking Down the Router

This lesson defines how to examine router configurations with the Security Audit feature of Cisco SDM and make the router and network more secure by using the one-step lockdownfeature in Cisco SDM or the command auto secure . Upon completing this lesson, the learner will be able to meet these objectives:

Describe the router services and interfaces that are vulnerable to network attacks

Explain the vulnerabilities posed by commonly configured router management services

Use the Cisco SDM Security Audit feature to determine and to fix router securityvulnerabilities

Use the Cisco SDM one-step lockdown feature or the CLI auto secure command to securea router

Explain the limitations of using the Cisco SDM one-step lockdown feature or the CLI autosecure command


Vulnerable Router Services and Interfaces

Management Service Vulnerabilities Performing a Security Audit

Locking Down a Cisco Router

Limitations and Cautions


Lab 2-5: Using Cisco SDM One-Step Lockdown and Security Audit


11/92


Module 3: Network Security Using Cisco IOS Firewalls

Upon completing this module, the learner will be able to configure firewall features includingaccess control lists (ACLs) and Cisco IOS zone-based policy firewalls to perform basic securityoperations on a network.

Lesson 1: Introducing Firewall Technologies

This lesson describes the operations of the different types of firewall technologies, and thefirewall technologies that are embedded in Cisco routers and Cisco security appliances. Uponcompleting this lesson, the learner will be able to meet these objectives:

Describe the role of firewalls in securing networks

Describe the role of firewalls in a layered defense strategy

Describe how a static packet filter allows or blocks data packets as they pass through anetwork interface

Describe how application layer or proxy firewalls control or monitor inbound and outbound traffic

Describe how dynamic or stateful inspection packet filtering improves network security

and performance Describe additional types of firewalls, including application inspection firewalls and

transparent firewalls

Describe the features of the Cisco IOS Firewall, Cisco PIX 500 Series Security Appliances,and Cisco ASA 5500 Series Adaptive Security Appliances

Develop an effective firewall policy that is based on firewall best practices


Firewall Fundamentals

Firewalls in a Layered Defense Strategy Static Packet Filtering Firewalls

Application Layer Gateways

Dynamic or Stateful Packet Filtering Firewalls

Other Types of Firewalls

Cisco Family of Firewalls

Developing an Effective Firewall Policy

Lesson 2: Creating Static Packet Filters Using ACLs

This lesson defines how to create static packet filters using ACLs. Upon completing this lesson,the learner will be able to meet these objectives:

Explain how ACLs are used to control access in networks

Define wildcard masks and explain how they are used by ACLs

Configure and apply ACLs to router interfaces using the CLI

Explain the caveats you must consider when creating ACLs


12/92


Configure standard and extended ACLs using Cisco SDM

Configure ACLs to protect common network services


ACL Fundamentals

ACL Wildcard Masking

Using ACLs to Control Traffic ACL Considerations

Configuring ACLs Using SDM

Using ACLs to Permit and Deny Network Services


Lab 3-1: Creating Static Packet Filters Using ACLs

Lesson 3: Configuring Cisco IOS Zone-Based Polic y Firewall

This lesson defines how to configure a Cisco IOS zone-based policy firewall on your network using the Cisco SDM wizard. Upon completing this lesson, the learner will be able to meetthese objectives:

Describe the principles of zone-based policy firewalls

Configure a zone-based policy firewall using Cisco SDM Basic Firewall wizard

Configure a zone-based policy firewall manually using Cisco SDM

Verify the zone-based policy firewall configuration using Cisco SDM and the CLI


Zone-Based Policy Firewall Overview Configuring Zone-Based Policy Firewalls Using the Basic Firewall Wizard

Manually Configuring Zone-Based Policy Firewalls Using Cisco SDM

Monitoring a Zone-Based Policy Firewall


Lab 3-2: Configuring a Cisco IOS Zone-Based Policy Firewall


13/92


Module 4: Site-to-Site VPNs

After completing this module, the learner will be able to configure site-to-site virtual privatenetworks (VPNs) using Cisco IOS features.

Lesson 1: Examining Cryptographic Services

This lesson describes how encryption, hashing, and digital signatures provide confidentiality,integrity, and nonrepudiation. Upon completing this lesson, the learner will be able to meetthese objectives:

Define cryptology, cryptanalysis, and encryption, and explain the symbiotic relationship between cryptanalysis and encryption

Explain the difference between, and the functionality of, symmetric and asymmetricencryption algorithms

Describe the differences between block and stream ciphers

Describe the basic forms of encryption, as well as their differences and their benefits

Explain the importance and function of cryptographic hashes

Explain the importance of key length, key creation, key distribution, key recovery, and keydestruction

Describe the basic functions, advantages, and disadvantages of SSL VPNs


Cryptology Overview

Symmetric and Asymmetric Encryption Algorithms

Block and Stream Ciphers

Encryption Algorithm Selection

Cryptographic Hashes Key Management

Introducing SSL VPNs

Lesson 2: Examining Symmetric Encryption

This lesson defines how to describe the methods, algorithms, and purposes of symmetricencryption. Upon completing this lesson, the learner will be able to meet these objectives:

Explain the generic functionality of symmetric encryption algorithms

Describe the features and functions of the DES algorithm

Describe the features and functions of the 3DES algorithm

Describe the features and functions of the AES algorithm

Describe the features and functions of the SEAL algorithm

Describe the features and functions of several algorithms written by Ron Rivest


14/92



Symmetric Encryption Overview

DES Features and Functions

3DES Features and Functions

AES Features and Functions

SEAL Features and Functions

Rivest Ciphers Features and Functions

Lesson 3: Examining Cryptographic Hashes and Digital Signatures

This lesson describes the use and purpose of hashes and digital signatures in providing integrityand nonrepudiation. Upon completing this lesson, the learner will be able to meet theseobjectives:

Explain the generic functionality of hash algorithms and the HMAC variant

Describe the features and functions of the MD5 algorithm

Describe the features and functions of the SHA-1 algorithm

Explain the generic functionality of digital signatures

Describe the features and functions of the DSS


Overview of Hash Algorithms and HMACs

MD5 Features and Functions

SHA-1 Features and Functions

Overview of Digital Signatures

DSS Features and Functions

Lesson 4: Examining As ymmetric Encryption and PKI

This lesson describes the use and purpose of asymmetric encryption and public keyinfrastructure (PKI). Upon completing this lesson, the learner will be able to meet theseobjectives:

Explain the generic functionality of asymmetric encryption algorithms

Describe the features and functions of the RSA algorithm

Describe the features and functions of the DH key exchange algorithm

Explain the principles behind a PKI

Explain the PKI standards

Explain the role of CAs and RAs in a PKI


Asymmetric Encryption Overview

RSA Features and Functions


15/92


DH Features and Functions

PKI Definitions and Algorithms

PKI Standards

Certificate Authorities

Lesson 5: Examining IPsec Fundamentals

This lesson describes the fundamental concepts, technologies, and terms that IP Security(IPsec) VPNs use. Upon completing this lesson, the learner will be able to meet theseobjectives:

Describe the purpose and types of VPNs, contrast SSL with IPsec VPNs, and define whereto use VPNs in a network

List the Cisco VPN product line and describe the security features of these products

Describe the IPsec protocol and its basic functions

Describe the advantages of IPsec VPNs compared with other types of VPNs

Describe the ESP protocols, the AH protocols, and the tunnel modes that IPsec uses

List and describe the IKE protocols


VPN Overview

Cisco VPN Product Family

Introducing IPsec

IPsec Advantages

IPsec Protocol Framework

IKE Protocol

Lesson 6: Building a Site-to-Site IPsec VPN

This lesson describes how to configure a site-to-site IPsec VPN. Upon completing this lesson,the learner will be able to meet these objectives:

Describe the five steps of IPsec operation

Describe the procedure to configure IPsec

Ensure that ACLs are compatible with IPsec

Describe and configure the IKE parameters using the CLI

Configure the IPsec transform sets using the CLI Configure the cryptographic ACL and other IPsec settings using the CLI

Configure and apply a cryptographic map to an interface using the CLI

Confirm the IPsec configuration


16/92



Site-to-Site IPsec VPN Operations

Configuring IPsec

Site-to-Site IPsec ConfigurationStep 1





Verifying the IPsec Configuration

Lesson 7: Configuring IPsec on a Site-to-Site VPN Using Cisco SDM

This lesson defines how to configure a site-to-site IPsec VPN with preshared keys (PSKs)authentication using Cisco SDM. Upon completing this lesson, the learner will be able to meetthese objectives:

Describe how to navigate the Cisco SDM site-to-site VPN Wizard interface

Describe the components that you configure when you use the Cisco SDM site-to-site VPNwizard

Configure the site-to-site VPN tunnel connections using the Cisco SDM wizards

Complete the site-to-site VPN configuration using Cisco SDM and verify the VPNconfiguration


Introducing the Cisco SDM VPN Wizard Interface

Site-to-Site VPN Components

Using the Cisco SDM Wizards to Configure Site-to-Site VPNs

Completing the Configuration


Lab 4-1: Configuring a Site-to-Site IPsec VPN


17/92


Module 5: Network Security Using Cisco IOS IPS

Upon completing this module, learners will be able to configure IPS on Cisco network routers.

Lesson 1: Introducing IPS Technologies

This lesson describes the underlying intrusion detection system (IDS) and intrusion preventionsystem (IPS) technology that is embedded in the Cisco host- and network-based IDS and IPSsolutions. Upon completing this lesson, the learner will be able to meet these objectives:

Describe the functions and operations of IDS and IPS systems

Describe the types of IDS and IPS systems

Describe IPS technologies, attack responses, and monitoring options such as syslog and SDEE

Describe host and network-based IDS and IPS monitoring

Explain the available Cisco IPS appliances

Explain how IDS and IPS signatures are used to detect malicious network traffic and describe different types of signatures

Describe signature micro-engines Describe the role of signature alarms in a Cisco IPS solution

Describe IPS policies and best practices


Introducing IDS and IPS

Types of IDS and IPS Systems

Intrusion Prevention Technologies

Host and Network IPS

Introducing Cisco IPS Appliances

Introducing Signatures

Examining Signature Micro-Engines

Introducing Signature Alarms

IPS Best Practices

Lesson 2: Conf igur ing Cisco IOS IPS Using Cisc o SDM

This lesson defines how to configure Cisco IOS IPS using Cisco SDM. Upon completing this

lesson, the learner will be able to meet these objectives: Describe the IPS features of Cisco IOS Software

Configure Cisco IOS IPS using Cisco SDM

Configure IPS signatures using Cisco SDM

Monitor a Cisco IOS IPS router using Cisco SDM and the CLI

Verify Cisco IOS IPS operations


18/92



Cisco IOS IPS Features

Configuring Cisco IOS IPS Using Cisco SDM

Configuring IPS Signatures

Monitoring IOS IPS

Verifying IPS Operation


Lab 5-1: Configuring Cisco IOS IPS


19/92


Module 6: LAN, SAN, Voice, and Endpoint Security Overview

You will be able to configure LAN devices to control access, resist attacks, shield other network devices and systems, and protect the integrity and confidentiality of network traffic.

Lesson 1: Examining Endpoint Security

This lesson describes the current endpoint protection methods, such as host intrusion protectionsystem (HIPS), integrity checkers, operating system protection, and the Cisco NAC Appliance.Upon completing this lesson, the learner will be able to meet these objectives:

Describe what endpoint security is and the fundamental principles that are involved in hostsecurity

Describe buffer overflows and the threat that they present

Describe the features of IronPort products and how they enhance and complement endpointsecurity

Describe the features of the Cisco NAC Appliance and how it enhances and complementsendpoint security

Describe the functions of Cisco Security Agent at a high level and describe how it provides

endpoint security Provide a list of basic host security principles


What Is Endpoint Security?

Buffer Overflows

IronPort

Cisco NAC Products

Cisco Security Agent

Endpoint Security Best Practices

Lesson 2: Examining SAN Security

This lesson defines how to describe the risks and countermeasures for storage area networks(SANs) security. Upon completing this lesson, the learner will be able to meet these objectives:

Describe a SAN and its benefits

Describe the basic principles of SANs

Explain various security strategies that can be used to compartmentalize data for security purposes


What Is a SAN?

SANs Fundamentals

SAN Security Scope


20/92


Lesson 3: Examining Voice Security

This lesson describes the risks and countermeasures to IP telephony. Upon completing thislesson, the learner will be able to meet these objectives:

Describe VoIP fundamentals

Describe security threats to VoIP networks

Define SPIT and describe how it poses a security threat against voice-enabled networks

Explain how fraud can cost VoIP customers considerable sums of money Describe various SIP vulnerabilities

Describe how to prevent hacking on VoIP networks


VoIP Fundamentals

Voice Security Threats

Spam over IP Telephony

Fraud

SIP Vulnerabilities

Defending Against VoIP Hacking

Lesson 4: Mitigating Layer 2 At tacks

This lesson defines how to mitigate Layer 2 attacks against network topologies and protocols.Upon completing this lesson, the learner will be able to meet these objectives:

Explain how basic switch operations makes networks vulnerable to attacks at Layer 2

Configure Cisco switches to mitigate VLAN attacks

Explain how to prevent STP manipulation Describe how an attacker can flood a switch by launching a CAM table overflow attack

Describe how a MAC spoofing attack can be launched and mitigated

Describe and configure port security as a key step in defending networks from Layer 2attacks

Describe some of the additional features available in Cisco switch security includingSPAN, RSPAN, and storm control

Describe Layer 2 best practices and explain how they mitigate attacks on specific areas of Layer 2 hardware and software components


21/92



Basic Switch Operation

Mitigating VLAN Attacks

Preventing STP Manipulation

CAM Table Overflow Attacks

MAC Address Spoofing Attacks

Using Port Security

Additional Switch Security Features

Layer 2 Best Practices


Lab 6-1: Using Cisco Catalyst Switch Security Features


22/92


SNRS - Course Outline

OverviewSecuring Networks with Cisco Routers and Switches (SNRS) v3.0 is an instructor-led course

presented by Cisco training partners to their end-user customers. This five-day course focuseson providing the network specialists with the knowledge and skills needed to secure Cisco IOS

router and switch-based networks. Learners will be able to secure the network environmentusing existing Cisco IOS features, including installing and configuring Cisco IOS ClassicFirewall, Cisco IOS Zone-Based Policy Firewall, user group-based firewall, Cisco IOSintrusion prevention system (IPS), authentication proxy, implementing secure tunnels using IPSecurity (IPsec) technology, and implementing advanced switch security. This course alsocovers advanced virtual private network (VPN) technologies.

Course Objectives

Upon completing this course, the learner will be able to meet these overall objectives:

Implement Layer 2 security features on a network using Cisco IOS commands

Implement Cisco Network Foundation Protection on Cisco IOS routers Design, install, configure, and troubleshoot site-to-site VPNs using Cisco Integrated

Services routers

Design, install, configure, and troubleshoot remote-access communications using CiscoIOS security features

Install, configure, and troubleshoot URL filtering, NAT and PAT, Cisco IOS ClassicFirewall, Cisco IOS Zone-Based Policy Firewall, and Cisco IOS IPS on a Cisco Integrated Services router


23/92


High-Level Course Outline

This subtopic provides an overview of how the course is organized. The course contains thesecomponents:

Course Introduction

Network Platform Security with Switches

Network Platform Security with Routers

Secure Site-to-Site Communications

Secure Remote Access Communications

Threat Control and Containment

Detailed Course Outl ine

Module 1: Network Platform Security with Switches

Upon completing this module, the learner will be able to implement Layer 2 security featureson a network using Cisco IOS commands.

Lesson 1: Configurin g Advanced Layer 2 Security

This lesson describes how to implement some of the advanced security features of Cisco IOSswitches. Upon completing this lesson, the learner will be able to meet these objectives:

Describe and configure the different types of ACLs available on switches

Explain how to use PVLANs to partition the Layer 2 broadcast domain of a VLAN intosubdomains to improve scalability and security

Mitigate DHCP attacks using the Cisco DHCP snooping feature

Mitigate ARP spoofing using DAI

Configure IP Source Guard to provide source IP address filtering on a Layer 2 port to prevent a malicious host from impersonating a legitimate host

Describe Layer 2 best practices


Examining Switch ACLs

Understanding PVLANs

Mitigating DHCP Server Attacks

Mitigating ARP Spoofing Using DAI

Examining IP Source Guard

Layer 2 Best Practices


Lab 1-1: Configure Advanced Layer 2 Security


24/92


Lesson 2: Introduci ng Cisco IBNS

This lesson describes the Cisco Identity Based Networking Services (IBNS) model and explains how IEEE 802.1X helps to control network access. Upon completing this lesson, thelearner will be able to meet these objectives:

Explain how Cisco IBNS improves the security of physical and logical access to LANswith the capabilities defined in 802.1X

Describe the 802.1X standard and 802.1X components

Examine Cisco Secure Services Client Version 5.0 and its enterprise management tools

Explain the processes used in 802.1X

Explain the different EAP types that are available for an 802.1X implementation

Explain how various logs, such as ACS logs and Cisco Security MARS logs, can be used toexamine 802.1X events


Cisco IBNS Overview

802.1X Components

Cisco Secure Services Client Version 5.0

802.1X Operations

EAP Types

Reporting and Monitoring Cisco IBNS

Lesson 3: Implementing Basic 802.1X Authentication

This lesson describes how to configure basic IEEE 802.1X port-based authentication usingCisco Secure Access Control Server (ACS) and a Cisco Catalyst 2960 Series Switch from thecommand-line interface (CLI). Upon completing this lesson, the learner will be able to meet

these objectives: Describe the functions and features of Cisco Secure ACS for Windows Server

Configure simple 802.1X authentication using the Windows supplicant

Explain the different 802.1X host modes

Configure 802.1X timers

Use show and debug commands to verify and test 802.1X operation


Cisco Secure ACS for Windows Overview

Configuring 802.1X Authentication

802.1X Host Modes

Configuring 802.1X Timers

Verify 802.1X Operation


Lab 1-2: Configure Basic 802.1X Authentication


25/92


Lesson 4: Configu ring A dvanced 802.1X Authentication and Au thorization

This lesson describes how to configure advanced 802.1X port-based authentication and authorization on a Cisco Catalyst 2960 Series Switch using the command-line interface (CLI).Upon completing this lesson, the learner will be able to meet these objectives:

Describe methods you can use to support devices that do not support 802.1X

Configure guest VLANs to support hosts that do not have a supplicant

Configure restricted VLANs to support hosts that have a supplicant but fail to authenticate

Configure MAC authentication bypass for hosts that have known MAC addresses but donot have an 802.1X supplicant

Configure inaccessible authentication bypass to support an unavailable RADIUS server

Explain how to configure web authentication

Configure 802.1X dynamic VLAN assignment

Use show commands to verify the MAC authentication bypass and inaccessibleauthentication bypass operation

Explain several special situations that can occur with 802.1X deployments


Authenticating Without 802.1X

Guest VLANs

Restricted VLANs

MAC Authentication Bypass

Inaccessible Authentication Bypass

Web Authentication Proxy

802.1X Dynamic VLAN Assignments

Testing and Verifying 802.1X

Special Situations with 802.1X


Lab 1-3: Configure Advanced 802.1X Authentication

Lab 1-4: Configure 802.1X VLAN Assignments

Module 2: Network Platform Security w ith Routers

Upon completing this module, the learner will be able to implement Cisco Network FoundationProtection on Cisco IOS routers.

Lesson 1: Examining t he Cisco Network Foundation Protection Strategy

This lesson describes the Cisco Network Foundation Protection strategy. Upon completing thislesson, the learner will be able to meet these objectives:

Describe Cisco Network Foundation Protection in general

Describe the features and benefits of Cisco Network Foundation Protection

Describe the Cisco AutoSecure feature of Cisco routers


26/92


List the platforms that support Cisco Network Foundation Protection


Cisco Network Foundation Protection Overview

Cisco Network Foundation Protection Services and Benefits

Cisco AutoSecure

Supported Platforms

Lesson 2: Securing the Control Plane

This lesson describes tools that are used to secure the control plane of a Cisco router. Uponcompleting this lesson, the learner will be able to meet these objectives:

Describe the control plane of a router

Describe the basic function and benefits of CPPr

Explain the benefit of routing protocol authentication and how to configure routers

Describe CPU and memory threshold notifications


The Control Plane

Control Plane Protection

Routing Protocol Protection

CPU and Memory Thresholding

Lesson 3: Securing the Management Plane

This lesson describes how to protect the management plane of Cisco devices. Upon completingthis lesson, the learner will be able to meet these objectives:

Describe the management plane and configure common secure management protocols

Configure HTTPS

Describe and configure the Role-Based CLI Access feature

Describe and configure the Cisco MPP feature

Describe and configure SNMPv3


The Management Plane

Secure Management Services

Role-Based Access Control

Cisco IOS MPP

SNMP v3 Architecture

Lesson 4: Securing the Data Plane


27/92


This lesson describes tools that are used to protect the data plane of a Cisco router. Uponcompleting this lesson, the learner will be able to meet these objectives:

Describe the data plane, data plane attacks, and the effects these attacks have on network devices

Explain NetFlow and how to configure it

Describe and configure uRPF

Describe and configure Cisco IOS FPM


The Data Plane

NetFlow

Configuring uRPF

Cisco IOS FPM


Lab 2-1: Configure the Cisco Network Foundation Protection Strategy

Module 3: Secure Site-to-Site Communic ations

Upon completing this module, the learner will be able to design, install, configure, and troubleshoot site-to-site VPNs using Cisco Integrated Services Routers.

Lesson 1: Examining VPN and IPsec Fundamentals

This lesson describes basic characteristics and protocols used in IPsec configurations and describe the various types of VPNs available using Cisco IOS Software, including IPsec,Dynamic Multipoint Virtual Private Network (DMVPN), Group Encrypted Transport VPN(GET VPN), Cisco Easy VPN, and Cisco IOS Secure Sockets Layer (SSL) VPN. Uponcompleting this lesson, the learner will be able to meet these objectives:

Describe the basic functionality and protocols involved with IPsec VPNs

Describe different types of site-to-site VPNs, including fully-meshed, hub-and-spoke,IPsec, Cisco Easy VPN with VTI, GRE over IPsec, DMVPN, and GET VPN

Describe Cisco Easy VPN and Cisco IOS SSL VPNs

Explain the VPN design guide that is available in Cisco SDM

Configure global VPN router settings in Cisco SDM


IPsec Overview

Site-to-Site VPNs

Cisco Easy VPN and Cisco IOS SSL VPNs

VPN Design Guide

Global VPN Settings

Lesson 2: Implementing IPsec VPNs with PKI


28/92


This lesson describes how to configure a Cisco IOS certificate authority (CA) and an IPsec site-to-site VPN using digital certificates. Upon completing this lesson, the learner will be able tomeet these objectives:

Describe Cisco IOS PKI support

Describe the use of CAs and RAs

Describe how SCEP manages the certificate lifecycle

Describe and configure the Cisco IOS CA Server

Configure CA interoperability on a Cisco router using Cisco SDM

Configure a PKI-based IPsec site-to-site VPN on a router using Cisco SDM

Troubleshoot CA interoperability using the CLI

Test and verify IPsec configurations using the CLI


Cisco IOS PKI Overview

Certificate Authorities

Examining SCEP Cisco IOS CA Server

Configuring CA support

Configuring a PKI-Based IPsec Site-to-Site VPN

Testing and Verifying CA Support

Testing and Verifying IPsec


Lab 3-1: Configure A Site-To Site VPN Using Certificates

Lesson 3: Implementing GRE over IPsec

This lesson describes how to configure Generic Routing Encapsulation (GRE)-over-IPsectunnels. Upon completing this lesson, the learner will be able to meet these objectives:

Describe GRE tunnels

Configure a GRE tunnel

Configure a GRE tunnel with IPsec encryption using Cisco SDM and verify the resultingCLI configurations

Generate mirror configurations

Verify GRE-over-IPsec operations using the CLI


Examining GRE Tunnels

Configuring a GRE Tunnel

Configuring a GRE-Over-IPsec Tunnel

Generate a Mirror Configuration


29/92


Testing and Verifying GRE Over IPsec


Lab 3-2: Configure a GRE over IPsec Tunnel

Lesson 4: Configuring High-Availability VPNs and VTI

This lesson describes how to configure high-availability VPN technologies. Upon completingthis lesson, the learner will be able to meet these objectives:

Describe high availability for IPsec VPNs

Explain how to achieve high availability with IPsec VPNs using redundant peers and howto configure it

Describe HSRP, the role it plays in high availability, and how to configure it

Describe Cisco IOS stateful failover and how to configure it

Explain how to back up WAN links using VPNs

Describe the benefit of using static or dynamic VTI and how to configure VTIs for site-to-

site IPsec VPNs


High Availability for Cisco IOS IPsec VPNs

IPsec Backup Peer

Hot Standby Router Protocol

IPsec Stateful Failover

Backing Up a WAN Connection with an IPsec VPN

Static and Dynamic VTIs

Lesson 5: Implementing DMVPN

This lesson describes how to configure a DMVPN. Upon completing this lesson, the learner will be able to meet these objectives:

Describe the overall requirements, features, operation, and high availability design for DMVPN

Describe how dynamic routing protocols operate over DMVPN

Configure a DMVPN hub using the Cisco SDM DMVPN hub wizard

Configure a DMVPN spoke using the Cisco SDM DMVPN spoke wizard

Edit DMVPN settings in Cisco SDM

Verify DMVPN connectivity


Dynamic Multipoint VPN

Dynamic Routing Protocols over DMVPN

Configuring a DMVPN Hub


30/92


Configuring a DMVPN Spoke

Editing DMVPN Settings

Verifying DMVPN


Lab 3-3: Configure a DMVPN Spoke Using Cisco SDM

Lesson 6: Implementing GET VPN

This lesson describes how to configure GET VPNs. Upon completing this lesson, the learner will be able to meet these objectives:

Describe problems that are encountered scaling tunnel-based VPNs

Describe GET VPN

Describe how dynamic routing protocols work over GET VPN

Describe the security measures that are built into the GET VPN solution

Describe GET VPN operations

Configure the GET VPN key server

Configure GET VPN group members

Verify GET VPN settings and operation


VPN Limitations

GET VPN Overview

GET VPN Architecture

GET VPN Security

GET VPN Operations

Configuring GET VPN Key Servers

Configuring GET VPN Group Members

Verifying GET VPN Settings


Lab 3-4: Configure GET VPN Using CLI

Module 4: Secure Remote Access Communications

Upon completing this module, the learner will be able to design, install, configure, and troubleshoot remote-access communications using Cisco IOS security features.

Lesson 1: Implementing Cisco IOS Remote Access Using Cisco Easy VPN

This lesson describes how to configure Cisco Easy VPN for remote access. Upon completingthis lesson, the learner will be able to meet these objectives:


31/92


Describe the role of each component of Cisco Easy VPN including Cisco Easy VPNRemote and Cisco Easy VPN Server

Explain how to configure the Cisco VPN Client

Explain how to configure a Cisco Easy VPN Remote using Cisco SDM

Explain how to configure a Cisco Easy VPN Server using Cisco SDM

Verify the Cisco Easy VPN configuration


Introduction to Cisco Easy VPN

Configuring the Cisco VPN Client

Configuring Cisco Easy VPN Remote

Configuring Cisco Easy VPN Server

Verify the Cisco Easy VPN Configuration


Lab 4-1: Configure Cisco Easy VPN Remote Lab 4-2: Configure Cisco Easy VPN Server

Lesson 2: Examining a Cisco IOS SSL VPN

This lesson describes how to configure a Cisco IOS SSL VPN and verify its operation usingCisco Router and Security Device Manager (SDM). Upon completing this lesson, the learner will be able to meet these objectives:

Describe the Cisco IOS SSL VPN feature, including clientless mode, thin-client mode, full-tunnel client mode, and Cisco Secure Desktop

Describe the different client packages for the Cisco IOS SSL VPN

Configure the prerequisites for Cisco IOS SSL VPN

Configure Cisco IOS SSL VPN

Edit Cisco IOS SSL VPN configurations

Monitor and verify Cisco IOS SSL VPN


32/92



Overview of Cisco IOS SSL VPN

Client Software

Configuring Cisco IOS SSL VPN Prerequistes

Cisco IOS SSL VPN Configuration

Editing Cisco IOS SSL VPNs

Verifying SSL VPN Functionality


Lab 4-3: Configure a Cisco IOS SSL VPN

Module 5: Threat Contro l and Containment

Upon completing this module, the learner will be able to install, configure, and troubleshootURL filtering, NAT and PAT, Cisco IOS Classic Firewall, Cisco IOS Zone-Based PolicyFirewall, and Cisco IOS IPS on a Cisco Integrated Services Router.

Lesson 1: Configuri ng NAT and PAT

This lesson describes how to configure inside and outside static and dynamic NAT and PAT aswell as port forwarding. Upon completing this lesson, the learner will be able to meet theseobjectives:

Describe static and dynamic NAT and PAT

Configure PAT using the Cisco SDM NAT Basic wizard

Configure NAT and PAT using the Cisco SDM NAT Advanced wizard

Verify NAT and PAT configuration using the CLI

Troubleshoot a NAT configuration to resolve issues


Network Address Translation Overview

Configuring PAT Using the Basic NAT Wizard

Configuring NAT and PAT Using the Advanced NAT Wizard

Verifying NAT and PAT

Troubleshooting NAT and PAT

Lesson 2: Configuring a Cisco IOS Classic Firewall

This lesson describes how to configure a Cisco IOS Classic Firewall using Cisco SDM. Uponcompleting this lesson, the learner will be able to meet these objectives:

Describe the features and benefits of a Cisco IOS Classic Firewall

Use the Cisco SDM Basic Firewall wizard to configure a Cisco IOS Classic Firewall

Use the Cisco SDM Advanced Firewall wizard to configure a Cisco IOS Classic Firewall

Edit a basic or advanced firewall configuration, including global settings


33/92


Verify a Cisco IOS Firewall configuration using the CLI


Cisco IOS Classic Firewall Overview

Basic Firewall Wizard

Advanced Firewall Wizard

Editing Firewall Rules

Verifying Firewall Configuration


Lab 5-1: Configure Cisco IOS Classic Firewall on a Cisco Router

Lesson 3: Configuring a Cisco IOS Zoned-Based Policy Firewall

This lesson describes how to configure a Cisco IOS Zone-Based Policy Firewall on a CiscoIntegrated Services Router. Upon completing this lesson, the learner will be able to meet theseobjectives:

Describe the general features of a Cisco IOS Zone-Based Policy Firewall

Configure Cisco IOS Zone-Based Policy Firewall using the Cisco SDM Advanced Firewallwizard

Edit the Cisco IOS Zone-Based Policy Firewall

Create zone-based policies without the Cisco SDM wizard

Verify the Cisco IOS Zone-Based Policy Firewall configuration using the CLI and CiscoSDM


Cisco IOS Zone-Based Policy Firewall Overview Advanced Firewall Wizard

Editing Cisco IOS Zone-Based Policy Firewall

Configuring Zone-Based Policies

Verifying the Cisco IOS Zone-Based Policy Firewall Configuration


Lab 5-2: Configure Cisco IOS Zone-Based Policy Firewall with URL Filtering

Lesson 4: Configuring Cisco IOS IPS

This lesson describes how to configure a Cisco IOS IPS Software Version 5.x signaturesupport, Risk Rating (Signature Event Action Processing [SEAP]), tuning, and customsignatures. Upon completing this lesson, the learner will be able to meet these objectives:

Describe the features, functions, limitations, and applications of Cisco IOS IPS

Describe the different IPS management products

Describe SDF and built-in signature operation


34/92


Migrate from Cisco IOS IPS Version 4.x to Cisco IOS IPS Version 5.x

Configure Cisco IOS IPS using 5.x signatures

Configure Auto Signature Update

Configure SEAP, including Risk Ratings, Events Action Overrides, and Events ActionFilters

Perform a basic configuration of Cisco IOS IPS

Tune more advanced signature settings Create custom signatures

Use show , debug , and clear commands to test and verify Cisco IOS IPS configurations

Explain various scenarios and deployment options


35/92



Cisco IOS IPS Overview

IPS Management Products

SDF and Built-In Signature Overview

Migrating from Cisco IOS IPS Version 4 to Version 5

Configuring Cisco IOS IPS Using 5.x Signatures

Auto Update

Signature Event Action Processing

Configuring, Disabling, and Excluding Signatures

Signature Tuning

Custom Signatures

Verifying Cisco IOS IPS Configuration

IPS Case Studies


Lab 5-3: Configure a Cisco IOS IPS on a Cisco Router


36/92


IPS - Course Outline

Overview Implementing Cisco Intrusion Prevention Systems (IPS) v6.0 provides the knowledge and skillsneeded to design, install, configure, and maintain a Cisco IPS sensor for small, medium, and enterprise networks. The course also describes the procedures for managing intrusion

prevention system (IPS) alarms.


Explain how the Cisco IPS protects network devices from attacks

Install and configure the basic settings on a Cisco IPS 4200 Series Sensor

Use the Cisco IDM to configure built-in signatures to meet the requirements of a givensecurity policy

Configure some of the more advanced features of the Cisco IPS product line Initialize and install into your environment the rest of the Cisco IPS family of products

Use the CLI and the Cisco IDM to obtain system information, and configure the Cisco IPSsensor to allow an SNMP NMS to monitor the Cisco IPS sensor

High-Level Course OutlineThis subtopic provides an overview of how the course is organized. The course contains thesecomponents:

Course Introduction

Intrusion Prevention Overview

Installation of a Cisco IPS 4200 Series Sensor

Cisco IPS Signatures

Advanced Cisco IPS Configuration

Additional Cisco IPS Devices

Cisco IPS Sensor Maintenance


37/92


Detailed Course OutlineThis in-depth outline of the course structure lists each module, lesson, and topic.

Module 1: Intrusion Prevention OverviewThis module explains how the Cisco IPS protects network devices from attacks.

Lesson 1: Explaining Intrusion Prevention

This lesson describes how to discuss intrusion detection and intrusion prevention along withrelated terms and concepts. Upon completing this lesson, the learner will be able to meet theseobjectives:

Explain the difference between intrusion detection and intrusion prevention

Describe the similarities and differences among the various intrusion detection technologies

Explain the terminology used in intrusion prevention and detection

Explain the difference between promiscuous and inline intrusion protection

Describe the new features included in the Cisco IPS Sensor Software Version 6.0


Intrusion Detection vs. Intrusion Prevention

Intrusion Prevention Technologies

Intrusion Prevention Terminology

Promiscuous and Inline Modes

Features of Cisco IPS Sensor Software Version 6.0

Lesson 2: Examining Cisco IPS ProductsThis lesson describes the Cisco IPS solutions and explains how Cisco IPS protects network devices from attacks. Upon completing this lesson, the learner will be able to meet theseobjectives:

Explain the various models available in the Cisco family of IPS sensors

Describe network IPS and list its features and limitations

Describe host IPS and list its features and limitations

Explain the considerations necessary for selection, placement, and deployment of anetwork IPS

Describe the Cisco Self-Defending Network and how the Cisco IPS products fit in to thatstructure


Cisco Network Sensors

Network IPS

Host-Based IPS


38/92


Sensor Deployment

Cisco Self-Defending Network

Lesson 3: Examining Cisco IPS Sensor Software Solutions

This lesson describes the Cisco monitoring solutions and suggests how to utilize them. Uponcompleting this lesson, the learner will be able to meet these objectives:

Describe the Cisco IPS Sensor Software architecture List the Cisco IPS management products for single device management

List the Cisco IPS management products that you can use for the enterprise


Cisco IPS Sensor Software Architecture

Cisco IPS Element Management Products

Cisco IPS Enterprise Management Products

Lesson 4: Examining Evasive Techniques

This lesson describes major evasion techniques in order to justify several intrusion preventionsystem (IPS) features. Upon completing this lesson, the learner will be able to meet theseobjectives:

Explain what an evasive technique is and provide examples of evasive techniques

Explain how attackers use string match attacks to avoid detection by intrusion detectionand intrusion prevention products

Explain how attackers use fragmentation attacks to avoid detection by intrusion detectionand intrusion prevention products

Explain how attackers use session attacks to avoid detection by intrusion detection and intrusion prevention products

Explain how attackers use insertion attacks to avoid detection by intrusion detection and intrusion prevention products

Explain how attackers use evasion attacks to avoid detection by intrusion detection and intrusion prevention products

Explain how attackers use TTL-based attacks to avoid detection by intrusion detection and intrusion prevention products

Explain how attackers use encryption-based attacks to avoid detection by intrusiondetection and intrusion prevention products

Explain how attackers use resource exhaustion attacks to avoid detection by intrusiondetection and intrusion prevention products


Evasive Techniques

String Match Attacks

Fragmentation Attacks


39/92


Session Attacks

Insertion Attacks

Evasion Attacks

TTL-Based Attacks

Encryption-Based Attacks

Resource Exhaustion Attacks

Module 2: Installation of a Cisco IPS 4200 Series Sensor

This module describes how to install and configure the basic settings on a Cisco IPS 4200Series Sensor.

Lesson 1: Inst alling a Cisco IPS Sensor Using the CLI

This lesson describes how to install and initialize a Cisco IPS sensor appliance in the network using the command-line interface (CLI). Upon completing this lesson, the learner will be ableto meet these objectives:

Explain the CLI of the Cisco IPS sensor

Gain management access and initialize a sensor

Explain some of the administrative tasks that are done from the CLI

Explain some of the additional commands that are available from the CLI


Introducing the CLI

Initializing the Sensor

Performing Administrative Tasks

Additional Administrative Commands

Lesson 2: Using the Cisco IDM

This lesson describes how to use the Cisco IPS Device Manager (IDM) to launch, navigate,manage, and monitor a Cisco IPS device. Upon completing this lesson, the learner will be ableto meet these objectives:

Explain the features, benefits, and system requirements of the Cisco IDM

Log into and navigate the Cisco IDM

Configure SSH

Reboot and shutdown a Cisco IPS


Introducing the Cisco IDM

Getting Started with the Cisco IDM

How to Configure SSH

How to Reboot and Shut Down the Sensor


40/92


Lesson 3: Configuring Basic Sensor Settings

This lesson describes how to use the Cisco IDM to configure basic sensor settings. Uponcompleting this lesson, the learner will be able to meet these objectives:

Configure hosts that are authorized to administer the sensor

Configure the time settings of a Cisco IPS sensor

Configure certificates of a Cisco IPS sensor

Configure user accounts Describe the different roles that a sensor interface can play

Configure the interfaces of a Cisco IPS sensor in promiscuous and inline mode

Describe and configure software and hardware bypass

Explain how to view events from the Cisco IDM


How to Configure Allowed Hosts

How to Set the Time

How to Configure Certificates

How to Configure User Accounts

Defining Interface Roles

How to Configure the Interfaces

How to Configure Software and Hardware Bypass Mode

Viewing Events in the Cisco IDM


Lab 2-1: Install and Configure an IPS Sensor from the CLI Lab 2-2: Use the Cisco IDM to Perform a Basic Sensor Configuration

Module 3: Cisco IPS Signatures

This module describes how to use the Cisco IDM to configure built-in signatures to meet therequirements of a given security policy.

Lesson 1: Configuring Cisco IPS Signatures and Alerts

This lesson describes how to use the Cisco IDM to configure built-in signatures to meet therequirements of a given security policy. Upon completing this lesson, the learner will be able tomeet these objectives:

Describe the different types, features, and actions of signatures

Locate information about specific signatures and describe the Cisco Intrusion PreventionAlert Center

Enable, disable, and assign actions to signatures

Configure additional settings for denying and blocking actions


41/92



Cisco IPS Signatures

How to Locate Signature Information

How to Configure Basic Signatures

Special Considerations for Signature Actions

Lesson 2: Examining the Signature EnginesThis lesson describes the functions of signature engines and their parameters. Upon completingthis lesson, the learner will be able to meet these objectives:

Describe the different signature engines used by the sensor

Describe the configuration parameters common to all signature engines

Describe the ATOMIC signature engines

Describe the FLOOD signature engines

Describe the SERVICE signature engines, including the new TNS and SMB advanced signature engines

Describe the STRING signature engines

Describe the SWEEP signature engines

Describe the TROJAN signature engines

Describe the TRAFFIC signature engines

Describe the AIC signature engines

Describe the STATE signature engine

Describe the META signature engine

Describe the NORMALIZER engine


Introducing Cisco IPS Signature Engines

Common Signature Engine Parameters

ATOMIC Signature Engines

FLOOD Signature Engines

SERVICE Signature Engines

STRING Signature Engines

SWEEP Signature Engines TROJAN Signature Engines

TRAFFIC Signature Engines

AIC Signature Engines

STATE Signature Engine

META Signature Engine

NORMALIZER Engine


42/92


Lesson 3: Customizing Signatures

This lesson describes how to use the Cisco IDM to tune and customize signatures to meet therequirements of a given security policy. Upon completing this lesson, the learner will be able tomeet these objectives:

Explain the need to tune signatures

Tune and create signatures to accomplish noise reduction

Tune and create signatures to accomplish false positive reduction

Tune and create signatures to accomplish false negative reduction

Tune and create signatures to focus a Cisco IPS sensor on the environment

Describe examples of different signature tuning scenarios

Design and create custom signatures

Describe examples of creating custom signatures


Tuning Signatures

Noise Reduction False Positive Reduction

False Negative Reduction

Focusing Cisco IPS Sensors

Customizing Built-in Signatures

How to Create Custom Signatures

Custom Signature Scenarios


Lab 3-1: Working with Signatures and Alerts

Lab 3-2: Customizing Signatures

Module 4: Advanced Cisco IPS Configuration

This module describes how to configure some of the more advanced features of the Cisco IPS product line.

Lesson 1: Performing Advanced Tuning of Cisco IPS Sensors

This lesson describes how to use the Cisco IDM to tune a Cisco IPS sensor to work optimally

in the network. Upon completing this lesson, the learner will be able to meet these objectives: Explain how to tune the sensor to avoid evasive techniques and provide network-specific

intrusion prevention

Explain the logging capabilities of the sensor, how to configure logging, and the performance ramifications of logging

Describe the concept of IP fragment and TCP stream reassembly

Define and configure event variables

Explain and configure TVRs


43/92


Describe and configure event action overrides

Describe and configure event action filters

Describe the risk rating system and the values that it uses to calculate the risk ratingnumber

Introduce and configure the general settings for event action rules


Sensor Configuration

IP Logging

Reassembly Options

How to Define Event Variables

Target Value Rating

Event Action Overrides

Event Action Filters

Risk Rating System

General Settings of Event Action Rules


Lab 4-1: Tune a Cisco IPS Sensor Using the Cisco IDM

Lesson 2: Monitoring and Managing Alarms

This lesson describes how to use additional monitoring tools to maximize alarm managementefficiency. Upon completing this lesson, the learner will be able to meet these objectives:

Explain the Cisco IEV, its features, benefits, and specifications

Explain the installation procedure for Cisco IEV

Add devices to the Cisco IEV

Use Cisco IEV to view events

Explain the Cisco Security Management Suite, its features, benefits, and specifications

Explain the external product interface, its benefits, and specifications

Explain how a Cisco Security Agent installation can be integrated into a Cisco IPS sensor installation using Cisco Security Monitor

Explain the Cisco ICS


Cisco IEV Overview

Installing Cisco IEV

Configuring Cisco IEV

Viewing Events

Cisco Security Management Suite Overview


44/92


External Product Interface

Integrating Cisco Security Agent into an IPS Installation

Cisco ICS


Lab 4-2: Monitor and Manage Alarms

Lesson 3: Configurin g a Virtual Sensor

This lesson describes how to explain the virtual sensor, its settings, and advantages. Uponcompleting this lesson, the learner will be able to meet these objectives:

Explain the principles behind virtual sensors

Prepare for creating virtual sensors by creating inline pairs, signature polices, event actionrules, and anomaly detection policies

Create a virtual sensor by giving it a name and assigning interfaces

The lesson includes these topics: Virtual Sensor Overview

Preparing for Virtual Sensors

Creating Virtual Sensors


Lab 4-3: Configure a Virtual Sensor (Optional)

Lesson 4: Configuring Advanced Features

This lesson describes how to explain and configure some of the new advanced features of theCisco IPS Sensor Software. Upon completing this lesson, the learner will be able to meet theseobjectives:

Explain the principles behind anomaly detection

Explain the components used by anomaly detection

Configure anomaly detection

Monitor and troubleshoot problems with anomaly detection

Explain the principles behind POSFP

Explain the different methods available to identify operating systems

Explain the available configuration options for POSFP

Examine the results of POSFP


Anomaly Detection Overview

Anomaly Detection Components


45/92


Configuring Anomaly Detection

Monitoring Anomaly Detection

POSFP Overview

Operating System Identification

Configuring POSFP

Monitoring POSFP


Lab 4-4: Configure Anomaly Detection and POSFP

Lesson 5: Configuring Blockin g

This lesson describes how to explain blocking concepts and use Cisco IDM to configure blocking for a given scenario. Upon completing this lesson, the learner will be able to meetthese objectives:

Explain the principles behind blocking

Describe the things that should be taken into account before applying ACLs Explain how to configure a sensor to perform automatic blocking

Explain how to configure a sensor to perform manual blocking

Explain how to configure a master blocking scenario


Blocking Overview

ACL Considerations

How to Configure Automatic Blocking

How to Configure Manual Blocking

How to Configure a Master Blocking Scenario

Module 5: Additional Cisco IPS Devices

This module describes how to initialize and install into your environment the rest of the CiscoIPS family of products.

Lesson 1: Installin g th e Cisco Catalyst 6500 Series IDSM-2

This lesson describes how to explain the basics of how to install the Cisco Catalyst 6500 SeriesIntrusion Detection System Services Module 2 (IDSM-2) in a Cisco Catalyst 6500 SeriesSwitch and initialize it. Upon completing this lesson, the learner will be able to meet theseobjectives:

Describe the Cisco Catalyst 6500 Series IDSM-2

Install the Cisco Catalyst 6500 Series IDSM-2

Configure the Cisco Catalyst 6500 Series IDSM-2 interfaces

Monitor the Cisco Catalyst 6500 Series IDSM-2


46/92


Perform Cisco Catalyst 6500 Series IDSM-2 maintenance


Cisco Catalyst 6500 Series IDSM-2 Overview

Installing the Cisco Catalyst 6500 Series IDSM-2

Configuring Cisco Catalyst 6500 Series IDSM-2 Interfaces

Monitoring the Cisco Catalyst 6500 Series IDSM-2 Maintaining the Cisco Catalyst 6500 Series IDSM-2

Lesson 2: Initializing the Cisco ASA AIP-SSM

This lesson describes how to initialize a Cisco Adaptive Security Appliance Advanced Inspection and Prevention Security Services Module (ASA AIP-SSM). Upon completing thislesson, the learner will be able to meet these objectives:

Describe the Cisco ASA AIP-SSM

Upload the IPS image to the Cisco ASA AIP-SSM

Perform the initial configuration of the Cisco ASA AIP-SSM using Cisco ASDM

Configure an IPS security policy using Cisco ASDM


Cisco ASA AIP-SSM Overview

Loading the Cisco ASA AIP-SSM

Initial Cisco ASA AIP-SSM Configuration Using Cisco ASDM

Configuring an IPS Security Policy

Module 6: Cisco IPS Sensor Maintenance

This module describes how to use the CLI and the Cisco IDM to obtain system information,and how to configure the Cisco IPS sensor to allow a Simple Network Management Protocol(SNMP) network management system (NMS) to monitor the Cisco IPS sensor.

Lesson 1: Maintaining Cisco IPS Sensor s

This lesson describes how to install and recover the Cisco IPS Sensor Software and performservice pack and signature updates. Upon completing this lesson, the learner will be able tomeet these objectives:

Describe the Cisco IPS sensor licenses and how to install them Perform a Cisco IPS sensor upgrade or recovery

Install service pack and signature updates

Perform a password recovery on a Cisco IPS sensor

Restore a Cisco IPS sensor to its default configuration



47/92


Understanding Cisco IPS Licensing

How to Upgrade and Recover Sensor Images

How to Install Service Packs and Signature Updates

Password Recovery

How to Restore a Cisco IPS Sensor

Lesson 2: Managing Cisco IPS SensorsThis lesson describes how to use the CLI and the Cisco IDM to verify sensor configuration.Upon completing this lesson, the learner will be able to meet these objectives:

Explain the various CLI commands used for sensor monitoring

Describe the Cisco IDM as a tool to perform sensor monitoring

Describe Cisco Security Manager as a tool to perform sensor monitoring

Describe SNMP as a tool to perform sensor monitoring


Using the CLI to Monitor the Sensor

Using the Cisco IDM to Monitor the Sensor

Monitoring Using Cisco Security Manager

Monitoring Using SNMP


Lab 6-1: Maintain Sensors and Verify System Configuration


48/92


SNAF - Course Outline

OverviewSecuring Networks with ASA Fundamentals (SNAF) v1.0 is a five-day, instructor-led, lab-intensive course, which will be delivered by Cisco Learning Partners. This task-oriented courseteaches the knowledge and skills needed to configure, maintain, and operate Cisco ASA 5500Series Adaptive Security Appliances.


Explain the functions of the three types of firewalls used to secure computer networks

Describe the technology and features of Cisco security appliances

Given diagrams of networks protected by Cisco ASA and PIX security appliances, explainhow each appliance protects network devices from attacks and why each is an appropriatechoice for the example network

High-Level Course OutlineThis section provides an overview of how the course is organized. The course contains thesecomponents:

Introducing Cisco Security Appliance Technology and Features

Introducing the Cisco ASA and PIX Security Appliance Families

Getting Started with Cisco Security Appliances

Configuring a Security Appliance

Configuring Translations and Connection Limits

Using ACLs and Content Filtering

Configuring Object Grouping

Switching and Routing on Cisco Security Appliances

Configuring AAA for Cut-Through Proxy

Configuring the Cisco Modular Policy Framework

Configuring Advanced Protocol Handling

Configuring Threat Detection

Configuring Site-to-Site VPNs Using Pre-Shared Keys

Configuring Security Appliance Remote-Access VPNs

Configuring the Cisco ASA for SSL VPN

Configuring Transparent Firewall Mode

Configuring Security Contexts


49/92


Configuring Failover

Managing the Security Appliance

Lab Guide

Detailed Course OutlineThis in-depth outline of the course structure lists each lesson and topic.

Lesson 1: Introducin g Cisco Security Appliance Technology and Features

This lesson introduces the general functionality provided by firewalls and security appliances.Upon completing this lesson, the learner will be able to meet these objectives:

Explain the functions of the three types of firewalls that are used to secure moderncomputer networks

Discuss the technology and features of Cisco security appliances


Firewalls

Security Appliance Essentials

There is no lab for this lesson.

Lesson 2: Introducing the Cisco ASA and PIX Secur it y App li ance Famil ies

This lesson introduces Cisco ASA 5500 Series Adaptive Security Appliances and Cisco PIX500 Series Security Appliances. Upon completing this lesson, the learner will be able to meetthese objectives:

Identify the Cisco ASA and PIX security appliance models

Explain the Cisco ASA security appliance licensing options


Models and Features of Cisco Security Appliances

Cisco ASA Security Appliance Licensing

There is no lab for this lesson.

Lesson 3: Getting Started wi th Cisco Security Appliances

This lesson describes how to configure the security appliance for basic network connectivity.Upon completing this lesson, the learner will be able to meet these objectives:

Explain the four access modes

Describe the security appliance file management system

Discuss security appliance security levels

Describe Cisco ASDM requirements and capabilities

Use the CLI to configure and verify basic network settings, and prepare the securityappliance for configuration via Cisco ASDM


50/92


Verify security appliance configuration and licensing via Cisco ASDM


User Interface

File Management

Security Appliance Security Levels

Cisco ASDM Essentials and Operating Requirements Preparing to Use Cisco ASDM

Navigating Cisco ASDM Windows


Lab 3-1: Prepare to Use Cisco ASDM to Configure the Security Appliance

Lesson 4: Configuring a Security Appliance

This lesson describes how to configure a security appliance for basic network connectivity.

Upon completing this lesson, the learner will be able to meet these objectives: Configure a security appliance for basic network connectivity

Verify the initial configuration

Set the clock and synchronize the time on a security appliance

Configure a security appliance to send syslog messages to a syslog server


Basic Security Appliance Configuration

Examining Security Appliance Status

Time Setting and NTP Support

Syslog Configuration


Lab 4-1: Configure the Security Appliance with Cisco ASDM

Lesson 5: Configuring Translations and Connection L imits

This lesson describes how to perform Network Address Translation (NAT) on a securityappliance. Upon completing this lesson, the learner will be able to meet these objectives:

Describe how the TCP and UDP protocols function within the security appliance

Describe how static and dynamic translations function

Configure dynamic address translation

Configure static address translation

Set connection limits


51/92



Transport Protocols

Understanding NAT

Understanding PAT

Static Translations

TCP SYN Cookies and Connection Limits

Connections and Translations


Lab 5-1: Configure Translations

Lesson 6: Using ACLs and Content Filtering

This lesson describes how to configure security appliance access control. Upon completing thislesson, the learner will be able to meet these objectives:

Configure and explain the basic function of ACLs

Configure and explain additional functions of ACLs

Configure active code filtering (Microsoft ActiveX and Java applets)

Configure the security appliance for URL filtering

Use the Packet Tracer for troubleshooting


ACL Configuration

Malicious Active Code Filtering

URL Filtering

Packet Tracer


Lab 6-1: Configure ACLs

Lesson 7: Configuring Object Grouping

This lesson describes how to configure the object grouping feature of Cisco security appliances.Upon completing this lesson, the learner will be able to meet these objectives:

Describe the object grouping feature of the security appliance and its advantages

Configure object groups and use them in ACLs


Essentials of Object Grouping

Configuring and Using Object Groups


52/92



Lab 7-1: Configure Object Groups

Lesson 8: Switching and Routing on Cisco Security Appliances

This lesson describes how to co

Cisco Security Curriculum-Course outlines

Documents

Transcript of Cisco Security Curriculum-Course outlines