Security Curriculum - Course outlines - The Cisco Learning Network
Transcript of Security Curriculum - Course outlines - The Cisco Learning Network
CISCO SYSTEMS, INC.
Security Curriculum Course Outline
10/13/2009
Created by Davie Chia ([email protected]), CCSP program manager
2 Security Curriculum Course Outline © 2009 Cisco Systems, Inc.
CONTENT: IINS (CCNA Security) – page 3 SNRS (CCSP‐core) – page 22 IPS (CCSP‐core) – page 36 SNAF (CCSP‐core) – page 48 SNAA (CCSP‐elective) – page 58 MARS (CCSP‐elective) – page 71 CANAC (CCSP‐elective) – page 81
© 2008 Cisco Systems, Inc. Course Administration Guide 3
IINS – Course Outline Overview
Implementing Cisco IOS Network Security (IINS) v1.0 is an instructor-led course presented by Cisco training partners to their end-user customers. This five-day course focuses on the necessity of a comprehensive security policy and how it affects the posture of the network. Learners will be able to perform basic tasks to secure a small branch type office network using Cisco IOS security features available through web-based GUIs (Cisco Router and Security Device Manager [SDM]) and the command-line interface (CLI) on the Cisco routers and switches.
Course Objectives Upon completing this course, the learner will be able to meet these overall objectives:
Develop a comprehensive network security policy to counter threats against information security
Configure routers on the network perimeter with Cisco IOS Software security features
Configure firewall features including ACLs and Cisco IOS zone-based firewalls to perform basic security operations on a network
Configure site-to-site VPNs using Cisco IOS features
Configure IPS on Cisco network routers
Configure LAN devices to control access, resist attacks, shield other network devices and systems, and protect the integrity and confidentiality of network traffic
High-Level Course Outline This subtopic provides an overview of how the course is organized. The course contains these seven components:
Introduction to Network Security Principles
Perimeter Security
Network Security Using Cisco IOS Firewalls
Site-to-Site VPNs
Network Security Using Cisco IOS IPS
LAN, SAN, Voice, and Endpoint Security Overview
4 Security Curriculum Course Outline © 2009 Cisco Systems, Inc.
Detailed Course Outline
Module 1: Introduction to Network Security Principles Upon completing this module, the learner will be able to develop a comprehensive network security policy to counter threats against information security.
Lesson 1: Examining Network Security Fundamentals This lesson describes the core principles that are part of a secure network. Upon completing this lesson, the learner will be able to meet these objectives:
Describe how sophisticated attack tools and open networks generate an increased need for network security and dynamic security policies
Describe the three primary objectives of security
Describe the different classifications of data that are used by the private sector and the public sector
Describe the three primary types of security controls
Describe some of the factors that are involved in responding to a security breach
Identify key laws and codes of ethics that are binding to INFOSEC professionals
The lesson includes these topics:
The Need for Network Security
Network Security Objectives
Data Classification
Security Controls
Response to a Security Breach
Laws and Ethics
Lesson 2: Examining Network Attack Methodologies This lesson describes various attack methods and how to plan a defense in depth to help protect your network from these attacks. Upon completing this lesson, the learner will be able to meet these objectives:
Describe network adversaries, motivations, and classes of attack
Describe how hackers work so that you have a better appreciation of the threats they pose
Describe the concept of defense in depth
Describe how attackers use IP spoofing to launch various types of attacks
Describe several attack methods that attackers use to compromise confidentiality
Describe several attack methods that attackers use to compromise integrity
Describe several attack methods that attackers use to compromise availability
Describe some best practices that can help defend your network against hackers
© 2008 Cisco Systems, Inc. Course Administration Guide 5
The lesson includes these topics:
Adversaries, Motivations, and Classes of Attack
How Hackers Think
The Principles of Defense in Depth
IP Spoofing Attacks
Confidentiality Attacks
Integrity Attacks
Availability Attacks
Best Practices to Defeat Network Attacks
The lesson includes this activity:
Lab 1-1: Embedding a Secret Message Using Steganography
Lesson 3: Examining Operations Security This lesson describes the principles behind operations security and how correct practices increase security, including security testing, a secure life cycle, and business continuity planning. Upon completing this lesson, the learner will be able to meet these objectives:
Describe the SDLC and how you use it to design a Secure Network Lifecycle management process
Identify key operations security principles
Explain various network security testing techniques and tools
Explain the principles of disaster recovery and business continuity planning and give examples of how they are practiced
The lesson includes these topics:
Secure Network Lifecycle Management
Principles of Operations Security
Network Security Testing
Disaster Recovery and Business Continuity Planning
The lesson includes these activities:
Lab 1-2: Scanning a Computer System Using Testing Tools
Lab 1-3: Scanning a Network Using Testing Tools
Lesson 4: Understanding and Developing a Comprehensive Network Security Policy This lesson describes how increasing network security threats demand comprehensive network security policies, and describes the main activities in each phase of a secure network lifecycle. Upon completing this lesson, the learner will be able to meet these objectives:
Describe the essential functions and goals of a security policy and how to use them to create a security policy
Identify commonly used policy documents and standards, and explain the differences between these standards and procedures
6 Security Curriculum Course Outline © 2009 Cisco Systems, Inc.
Identify the various roles that are played within an enterprise for the development and maintenance of a security policy
Describe the role that risk management plays in the development of a security policy
Describe the system-level security principles that should be considered throughout the lifecycle of a secure network
Describe how training and other awareness techniques can help to increase the effectiveness of a security policy
The lesson includes these topics:
Security Policy Overview
Policies, Standards, and Procedures
Roles and Responsibilities
Risk Management
Principles of Secure Network Design
Security Awareness
Lesson 5: Building Cisco Self-Defending Networks This lesson describes how to implement the Cisco Self-Defending Network strategy by enhancing the existing network infrastructure with Cisco technologies, products, and solutions. Upon completing this lesson, the learner will be able to meet these objectives:
Describe how changing threats and challenges demand a new approach to network security
Describe the components of the Cisco Self-Defending Network strategy
Describe the positioning and benefits of the Cisco integrated security portfolio
The lesson includes these topics:
Changing Threats and Challenges
Building a Cisco Self-Defending Network
Cisco Integrated Security Portfolio
© 2008 Cisco Systems, Inc. Course Administration Guide 7
Module 2: Perimeter Security Upon completing this module, the learner will be able to configure routers on the network perimeter with Cisco IOS Software security features.
Lesson 1: Securing Administrative Access to Cisco Routers This lesson defines how to secure the physical installation of and administrative access to Cisco routers based on different network requirements using the CLI. Upon completing this lesson, the learner will be able to meet these objectives:
Describe the security features of the Cisco IOS Software on Cisco routers
Describe the security features of the Cisco Integrated Services Routers
Configure passwords and login failure rates using the CLI to secure administrative access to Cisco routers
Configure multiple privilege levels using the CLI to secure administrative access to Cisco routers
Configure role-based CLI access to create views
Configure the Cisco IOS resilient configuration feature using the CLI to secure the Cisco IOS image and configuration file
Configure virtual login connection security using the CLI
Configure a banner message using the CLI to secure administrative access to Cisco routers
The lesson includes these topics:
Cisco IOS Security Features
Introducing the Cisco Integrated Services Router Family
Configuring Secure Administrative Access
Setting Multiple Privilege Levels
Configuring Role-Based CLI Access
Securing the Cisco IOS Image and Configuration Files
Configuring Enhanced Support for Virtual Logins
Configuring Banner Messages
The lesson includes this activity:
Lab 2-1: Securing Administrative Access to Cisco Routers
Lesson 2: Introducing Cisco SDM This lesson describes the features and wizards of Cisco SDM, and describes how to launch and navigate Cisco SDM. Upon completing this lesson, the learner will be able to meet these objectives:
Describe the key features, concepts, and purpose of Cisco SDM
Set up a router to run Cisco SDM and Cisco SDM Express
Launch Cisco SDM Express to configure a new router
Launch Cisco SDM
8 Security Curriculum Course Outline © 2009 Cisco Systems, Inc.
Navigate Cisco SDM
Describe the common wizards available in Cisco SDM
The lesson includes these topics:
Cisco SDM Overview
Supporting Cisco SDM and Cisco SDM Express
Launching Cisco SDM Express
Launching Cisco SDM
Navigating the Cisco SDM Interface
Cisco SDM Wizards
Lesson 3: Configuring AAA on a Cisco Router Using the Local Database This lesson defines how to configure a Cisco router to perform authentication, authorization, and accounting (AAA) authentication with a local database using Cisco SDM. Upon completing this lesson, the learner will be able to meet these objectives:
Describe the functions and importance of AAA
Describe the different ways to implement AAA services on Cisco routers
Describe the steps to authenticate user access to a Cisco router using a local database
Configure AAA using Cisco SDM to support using the local database
Troubleshoot AAA on a Cisco router using the debug aaa command
The lesson includes these topics:
AAA Overview
Introduction to AAA for Cisco Routers
Using Local Services to Authenticate Router Access
Configuring Local Database Authentication Using AAA
Troubleshooting AAA on Cisco Routers
The lesson includes this activity:
Lab 2-2: Configuring AAA on Cisco Routers to Use the Local Database
Lesson 4: Configuring AAA on a Cisco Router to Use Cisco Secure ACS This lesson describes the operation of external AAA sources such as RADIUS and TACACS+ servers and defines how to configure a Cisco router to use Cisco Secure Access Control Server (ACS) to perform AAA. Upon completing this lesson, the learner will be able to meet these objectives:
List the features and benefits of Cisco Secure ACS products and describe their function in a network security solution
Describe and compare the TACACS+ and RADIUS protocols
Install Cisco Secure ACS for Windows
Configure the Cisco Secure ACS server
© 2008 Cisco Systems, Inc. Course Administration Guide 9
Configure Cisco Routers to use TACACS+ as a AAA protocol using the CLI and Cisco SDM
Describe troubleshooting TACACS+ using debug commands from the CLI
The lesson includes these topics:
Cisco Secure ACS Overview
TACACS+ and RADIUS Protocols
Installing Cisco Secure ACS for Windows
Configuring the Server
Configuring TACACS+ Support on a Cisco Router
Troubleshooting TACACS+
The lesson includes this activity:
Lab 2-3: Configuring AAA on Cisco Routers to Use Cisco Secure ACS
Lesson 5: Implementing Secure Management and Reporting This lesson defines how to securely implement the management and reporting features of syslog, Simple Network Management Protocol (SNMP), Secure Shell (SSH), and Network Time Protocol (NTP). Upon completing this lesson, the learner will be able to meet these objectives:
Describe the factors you must consider when planning the secure management and reporting configuration of network devices
Describe the architecture of secure management and reporting
Describe the key role that syslog plays in network security
Use Cisco SDM to monitor log messages
Describe the security features of SNMPv3
Configure an SSH daemon for secure management and reporting
Enable time features with Cisco SDM
The lesson includes these topics:
Planning Considerations for Secure Management and Reporting
Secure Management and Reporting Architecture
Using Syslog Logging for Network Security
Using Logs to Monitor Network Security
Using SNMP
Configuring an SSH Daemon for Secure Management and Reporting
Enabling Time Features
The lesson includes this activity:
Lab 2-4: Implementing Secure Management and Reporting
10 Security Curriculum Course Outline © 2009 Cisco Systems, Inc.
Lesson 6: Locking Down the Router This lesson defines how to examine router configurations with the Security Audit feature of Cisco SDM and make the router and network more secure by using the one-step lockdown feature in Cisco SDM or the command auto secure. Upon completing this lesson, the learner will be able to meet these objectives:
Describe the router services and interfaces that are vulnerable to network attacks
Explain the vulnerabilities posed by commonly configured router management services
Use the Cisco SDM Security Audit feature to determine and to fix router security vulnerabilities
Use the Cisco SDM one-step lockdown feature or the CLI auto secure command to secure a router
Explain the limitations of using the Cisco SDM one-step lockdown feature or the CLI auto secure command
The lesson includes these topics:
Vulnerable Router Services and Interfaces
Management Service Vulnerabilities
Performing a Security Audit
Locking Down a Cisco Router
Limitations and Cautions
The lesson includes this activity:
Lab 2-5: Using Cisco SDM One-Step Lockdown and Security Audit
© 2008 Cisco Systems, Inc. Course Administration Guide 11
Module 3: Network Security Using Cisco IOS Firewalls Upon completing this module, the learner will be able to configure firewall features including access control lists (ACLs) and Cisco IOS zone-based policy firewalls to perform basic security operations on a network.
Lesson 1: Introducing Firewall Technologies This lesson describes the operations of the different types of firewall technologies, and the firewall technologies that are embedded in Cisco routers and Cisco security appliances. Upon completing this lesson, the learner will be able to meet these objectives:
Describe the role of firewalls in securing networks
Describe the role of firewalls in a layered defense strategy
Describe how a static packet filter allows or blocks data packets as they pass through a network interface
Describe how application layer or proxy firewalls control or monitor inbound and outbound traffic
Describe how dynamic or stateful inspection packet filtering improves network security and performance
Describe additional types of firewalls, including application inspection firewalls and transparent firewalls
Describe the features of the Cisco IOS Firewall, Cisco PIX 500 Series Security Appliances, and Cisco ASA 5500 Series Adaptive Security Appliances
Develop an effective firewall policy that is based on firewall best practices
The lesson includes these topics:
Firewall Fundamentals
Firewalls in a Layered Defense Strategy
Static Packet Filtering Firewalls
Application Layer Gateways
Dynamic or Stateful Packet Filtering Firewalls
Other Types of Firewalls
Cisco Family of Firewalls
Developing an Effective Firewall Policy
Lesson 2: Creating Static Packet Filters Using ACLs This lesson defines how to create static packet filters using ACLs. Upon completing this lesson, the learner will be able to meet these objectives:
Explain how ACLs are used to control access in networks
Define wildcard masks and explain how they are used by ACLs
Configure and apply ACLs to router interfaces using the CLI
Explain the caveats you must consider when creating ACLs
12 Security Curriculum Course Outline © 2009 Cisco Systems, Inc.
Configure standard and extended ACLs using Cisco SDM
Configure ACLs to protect common network services
The lesson includes these topics:
ACL Fundamentals
ACL Wildcard Masking
Using ACLs to Control Traffic
ACL Considerations
Configuring ACLs Using SDM
Using ACLs to Permit and Deny Network Services
The lesson includes this activity:
Lab 3-1: Creating Static Packet Filters Using ACLs
Lesson 3: Configuring Cisco IOS Zone-Based Policy Firewall This lesson defines how to configure a Cisco IOS zone-based policy firewall on your network using the Cisco SDM wizard. Upon completing this lesson, the learner will be able to meet these objectives:
Describe the principles of zone-based policy firewalls
Configure a zone-based policy firewall using Cisco SDM Basic Firewall wizard
Configure a zone-based policy firewall manually using Cisco SDM
Verify the zone-based policy firewall configuration using Cisco SDM and the CLI
The lesson includes these topics:
Zone-Based Policy Firewall Overview
Configuring Zone-Based Policy Firewalls Using the Basic Firewall Wizard
Manually Configuring Zone-Based Policy Firewalls Using Cisco SDM
Monitoring a Zone-Based Policy Firewall
The lesson includes this activity:
Lab 3-2: Configuring a Cisco IOS Zone-Based Policy Firewall
© 2008 Cisco Systems, Inc. Course Administration Guide 13
Module 4: Site-to-Site VPNs After completing this module, the learner will be able to configure site-to-site virtual private networks (VPNs) using Cisco IOS features.
Lesson 1: Examining Cryptographic Services This lesson describes how encryption, hashing, and digital signatures provide confidentiality, integrity, and nonrepudiation. Upon completing this lesson, the learner will be able to meet these objectives:
Define cryptology, cryptanalysis, and encryption, and explain the symbiotic relationship between cryptanalysis and encryption
Explain the difference between, and the functionality of, symmetric and asymmetric encryption algorithms
Describe the differences between block and stream ciphers
Describe the basic forms of encryption, as well as their differences and their benefits
Explain the importance and function of cryptographic hashes
Explain the importance of key length, key creation, key distribution, key recovery, and key destruction
Describe the basic functions, advantages, and disadvantages of SSL VPNs
The lesson includes these topics:
Cryptology Overview
Symmetric and Asymmetric Encryption Algorithms
Block and Stream Ciphers
Encryption Algorithm Selection
Cryptographic Hashes
Key Management
Introducing SSL VPNs
Lesson 2: Examining Symmetric Encryption This lesson defines how to describe the methods, algorithms, and purposes of symmetric encryption. Upon completing this lesson, the learner will be able to meet these objectives:
Explain the generic functionality of symmetric encryption algorithms
Describe the features and functions of the DES algorithm
Describe the features and functions of the 3DES algorithm
Describe the features and functions of the AES algorithm
Describe the features and functions of the SEAL algorithm
Describe the features and functions of several algorithms written by Ron Rivest
14 Security Curriculum Course Outline © 2009 Cisco Systems, Inc.
The lesson includes these topics:
Symmetric Encryption Overview
DES Features and Functions
3DES Features and Functions
AES Features and Functions
SEAL Features and Functions
Rivest Ciphers Features and Functions
Lesson 3: Examining Cryptographic Hashes and Digital Signatures This lesson describes the use and purpose of hashes and digital signatures in providing integrity and nonrepudiation. Upon completing this lesson, the learner will be able to meet these objectives:
Explain the generic functionality of hash algorithms and the HMAC variant
Describe the features and functions of the MD5 algorithm
Describe the features and functions of the SHA-1 algorithm
Explain the generic functionality of digital signatures
Describe the features and functions of the DSS
The lesson includes these topics:
Overview of Hash Algorithms and HMACs
MD5 Features and Functions
SHA-1 Features and Functions
Overview of Digital Signatures
DSS Features and Functions
Lesson 4: Examining Asymmetric Encryption and PKI This lesson describes the use and purpose of asymmetric encryption and public key infrastructure (PKI). Upon completing this lesson, the learner will be able to meet these objectives:
Explain the generic functionality of asymmetric encryption algorithms
Describe the features and functions of the RSA algorithm
Describe the features and functions of the DH key exchange algorithm
Explain the principles behind a PKI
Explain the PKI standards
Explain the role of CAs and RAs in a PKI
The lesson includes these topics:
Asymmetric Encryption Overview
RSA Features and Functions
© 2008 Cisco Systems, Inc. Course Administration Guide 15
DH Features and Functions
PKI Definitions and Algorithms
PKI Standards
Certificate Authorities
Lesson 5: Examining IPsec Fundamentals This lesson describes the fundamental concepts, technologies, and terms that IP Security (IPsec) VPNs use. Upon completing this lesson, the learner will be able to meet these objectives:
Describe the purpose and types of VPNs, contrast SSL with IPsec VPNs, and define where to use VPNs in a network
List the Cisco VPN product line and describe the security features of these products
Describe the IPsec protocol and its basic functions
Describe the advantages of IPsec VPNs compared with other types of VPNs
Describe the ESP protocols, the AH protocols, and the tunnel modes that IPsec uses
List and describe the IKE protocols
The lesson includes these topics:
VPN Overview
Cisco VPN Product Family
Introducing IPsec
IPsec Advantages
IPsec Protocol Framework
IKE Protocol
Lesson 6: Building a Site-to-Site IPsec VPN This lesson describes how to configure a site-to-site IPsec VPN. Upon completing this lesson, the learner will be able to meet these objectives:
Describe the five steps of IPsec operation
Describe the procedure to configure IPsec
Ensure that ACLs are compatible with IPsec
Describe and configure the IKE parameters using the CLI
Configure the IPsec transform sets using the CLI
Configure the cryptographic ACL and other IPsec settings using the CLI
Configure and apply a cryptographic map to an interface using the CLI
Confirm the IPsec configuration
16 Security Curriculum Course Outline © 2009 Cisco Systems, Inc.
The lesson includes these topics:
Site-to-Site IPsec VPN Operations
Configuring IPsec
Site-to-Site IPsec Configuration—Step 1
Site-to-Site IPsec Configuration—Step 2
Site-to-Site IPsec Configuration—Step 3
Site-to-Site IPsec Configuration—Step 4
Site-to-Site IPsec Configuration—Step 5
Verifying the IPsec Configuration
Lesson 7: Configuring IPsec on a Site-to-Site VPN Using Cisco SDM This lesson defines how to configure a site-to-site IPsec VPN with preshared keys (PSKs) authentication using Cisco SDM. Upon completing this lesson, the learner will be able to meet these objectives:
Describe how to navigate the Cisco SDM site-to-site VPN Wizard interface
Describe the components that you configure when you use the Cisco SDM site-to-site VPN wizard
Configure the site-to-site VPN tunnel connections using the Cisco SDM wizards
Complete the site-to-site VPN configuration using Cisco SDM and verify the VPN configuration
The lesson includes these topics:
Introducing the Cisco SDM VPN Wizard Interface
Site-to-Site VPN Components
Using the Cisco SDM Wizards to Configure Site-to-Site VPNs
Completing the Configuration
The lesson includes this activity:
Lab 4-1: Configuring a Site-to-Site IPsec VPN
© 2008 Cisco Systems, Inc. Course Administration Guide 17
Module 5: Network Security Using Cisco IOS IPS Upon completing this module, learners will be able to configure IPS on Cisco network routers.
Lesson 1: Introducing IPS Technologies This lesson describes the underlying intrusion detection system (IDS) and intrusion prevention system (IPS) technology that is embedded in the Cisco host- and network-based IDS and IPS solutions. Upon completing this lesson, the learner will be able to meet these objectives:
Describe the functions and operations of IDS and IPS systems
Describe the types of IDS and IPS systems
Describe IPS technologies, attack responses, and monitoring options such as syslog and SDEE
Describe host and network-based IDS and IPS monitoring
Explain the available Cisco IPS appliances
Explain how IDS and IPS signatures are used to detect malicious network traffic and describe different types of signatures
Describe signature micro-engines
Describe the role of signature alarms in a Cisco IPS solution
Describe IPS policies and best practices
The lesson includes these topics:
Introducing IDS and IPS
Types of IDS and IPS Systems
Intrusion Prevention Technologies
Host and Network IPS
Introducing Cisco IPS Appliances
Introducing Signatures
Examining Signature Micro-Engines
Introducing Signature Alarms
IPS Best Practices
Lesson 2: Configuring Cisco IOS IPS Using Cisco SDM This lesson defines how to configure Cisco IOS IPS using Cisco SDM. Upon completing this lesson, the learner will be able to meet these objectives:
Describe the IPS features of Cisco IOS Software
Configure Cisco IOS IPS using Cisco SDM
Configure IPS signatures using Cisco SDM
Monitor a Cisco IOS IPS router using Cisco SDM and the CLI
Verify Cisco IOS IPS operations
18 Security Curriculum Course Outline © 2009 Cisco Systems, Inc.
The lesson includes these topics:
Cisco IOS IPS Features
Configuring Cisco IOS IPS Using Cisco SDM
Configuring IPS Signatures
Monitoring IOS IPS
Verifying IPS Operation
The lesson includes this activity:
Lab 5-1: Configuring Cisco IOS IPS
© 2008 Cisco Systems, Inc. Course Administration Guide 19
Module 6: LAN, SAN, Voice, and Endpoint Security Overview You will be able to configure LAN devices to control access, resist attacks, shield other network devices and systems, and protect the integrity and confidentiality of network traffic.
Lesson 1: Examining Endpoint Security This lesson describes the current endpoint protection methods, such as host intrusion protection system (HIPS), integrity checkers, operating system protection, and the Cisco NAC Appliance. Upon completing this lesson, the learner will be able to meet these objectives:
Describe what endpoint security is and the fundamental principles that are involved in host security
Describe buffer overflows and the threat that they present
Describe the features of IronPort products and how they enhance and complement endpoint security
Describe the features of the Cisco NAC Appliance and how it enhances and complements endpoint security
Describe the functions of Cisco Security Agent at a high level and describe how it provides endpoint security
Provide a list of basic host security principles
The lesson includes these topics:
What Is Endpoint Security?
Buffer Overflows
IronPort
Cisco NAC Products
Cisco Security Agent
Endpoint Security Best Practices
Lesson 2: Examining SAN Security This lesson defines how to describe the risks and countermeasures for storage area networks (SANs) security. Upon completing this lesson, the learner will be able to meet these objectives:
Describe a SAN and its benefits
Describe the basic principles of SANs
Explain various security strategies that can be used to compartmentalize data for security purposes
The lesson includes these topics:
What Is a SAN?
SANs Fundamentals
SAN Security Scope
20 Security Curriculum Course Outline © 2009 Cisco Systems, Inc.
Lesson 3: Examining Voice Security This lesson describes the risks and countermeasures to IP telephony. Upon completing this lesson, the learner will be able to meet these objectives:
Describe VoIP fundamentals
Describe security threats to VoIP networks
Define SPIT and describe how it poses a security threat against voice-enabled networks
Explain how fraud can cost VoIP customers considerable sums of money
Describe various SIP vulnerabilities
Describe how to prevent hacking on VoIP networks
The lesson includes these topics:
VoIP Fundamentals
Voice Security Threats
Spam over IP Telephony
Fraud
SIP Vulnerabilities
Defending Against VoIP Hacking
Lesson 4: Mitigating Layer 2 Attacks This lesson defines how to mitigate Layer 2 attacks against network topologies and protocols. Upon completing this lesson, the learner will be able to meet these objectives:
Explain how basic switch operations makes networks vulnerable to attacks at Layer 2 Configure Cisco switches to mitigate VLAN attacks Explain how to prevent STP manipulation Describe how an attacker can flood a switch by launching a CAM table overflow attack Describe how a MAC spoofing attack can be launched and mitigated Describe and configure port security as a key step in defending networks from Layer 2
attacks Describe some of the additional features available in Cisco switch security including
SPAN, RSPAN, and storm control Describe Layer 2 best practices and explain how they mitigate attacks on specific areas of
Layer 2 hardware and software components
© 2008 Cisco Systems, Inc. Course Administration Guide 21
The lesson includes these topics:
Basic Switch Operation
Mitigating VLAN Attacks
Preventing STP Manipulation
CAM Table Overflow Attacks
MAC Address Spoofing Attacks
Using Port Security
Additional Switch Security Features
Layer 2 Best Practices
The lesson includes this activity:
Lab 6-1: Using Cisco Catalyst Switch Security Features
22 Security Curriculum Course Outline © 2009 Cisco Systems, Inc.
SNRS - Course Outline
Overview Securing Networks with Cisco Routers and Switches (SNRS) v3.0 is an instructor-led course presented by Cisco training partners to their end-user customers. This five-day course focuses on providing the network specialists with the knowledge and skills needed to secure Cisco IOS router and switch-based networks. Learners will be able to secure the network environment using existing Cisco IOS features, including installing and configuring Cisco IOS Classic Firewall, Cisco IOS Zone-Based Policy Firewall, user group-based firewall, Cisco IOS intrusion prevention system (IPS), authentication proxy, implementing secure tunnels using IP Security (IPsec) technology, and implementing advanced switch security. This course also covers advanced virtual private network (VPN) technologies.
Course Objectives Upon completing this course, the learner will be able to meet these overall objectives:
Implement Layer 2 security features on a network using Cisco IOS commands
Implement Cisco Network Foundation Protection on Cisco IOS routers
Design, install, configure, and troubleshoot site-to-site VPNs using Cisco Integrated Services routers
Design, install, configure, and troubleshoot remote-access communications using Cisco IOS security features
Install, configure, and troubleshoot URL filtering, NAT and PAT, Cisco IOS Classic Firewall, Cisco IOS Zone-Based Policy Firewall, and Cisco IOS IPS on a Cisco Integrated Services router
© 2008 Cisco Systems, Inc. Course Administration Guide 23
High-Level Course Outline This subtopic provides an overview of how the course is organized. The course contains these components:
Course Introduction
Network Platform Security with Switches
Network Platform Security with Routers
Secure Site-to-Site Communications
Secure Remote Access Communications
Threat Control and Containment
Detailed Course Outline Module 1: Network Platform Security with Switches
Upon completing this module, the learner will be able to implement Layer 2 security features on a network using Cisco IOS commands.
Lesson 1: Configuring Advanced Layer 2 Security
This lesson describes how to implement some of the advanced security features of Cisco IOS switches. Upon completing this lesson, the learner will be able to meet these objectives:
Describe and configure the different types of ACLs available on switches
Explain how to use PVLANs to partition the Layer 2 broadcast domain of a VLAN into subdomains to improve scalability and security
Mitigate DHCP attacks using the Cisco DHCP snooping feature
Mitigate ARP spoofing using DAI
Configure IP Source Guard to provide source IP address filtering on a Layer 2 port to prevent a malicious host from impersonating a legitimate host
Describe Layer 2 best practices
The lesson includes these topics:
Examining Switch ACLs
Understanding PVLANs
Mitigating DHCP Server Attacks
Mitigating ARP Spoofing Using DAI
Examining IP Source Guard
Layer 2 Best Practices
The lesson includes this activity:
Lab 1-1: Configure Advanced Layer 2 Security
24 Security Curriculum Course Outline © 2009 Cisco Systems, Inc.
Lesson 2: Introducing Cisco IBNS
This lesson describes the Cisco Identity Based Networking Services (IBNS) model and explains how IEEE 802.1X helps to control network access. Upon completing this lesson, the learner will be able to meet these objectives:
Explain how Cisco IBNS improves the security of physical and logical access to LANs with the capabilities defined in 802.1X
Describe the 802.1X standard and 802.1X components
Examine Cisco Secure Services Client Version 5.0 and its enterprise management tools
Explain the processes used in 802.1X
Explain the different EAP types that are available for an 802.1X implementation
Explain how various logs, such as ACS logs and Cisco Security MARS logs, can be used to examine 802.1X events
The lesson includes these topics:
Cisco IBNS Overview
802.1X Components
Cisco Secure Services Client Version 5.0
802.1X Operations
EAP Types
Reporting and Monitoring Cisco IBNS
Lesson 3: Implementing Basic 802.1X Authentication
This lesson describes how to configure basic IEEE 802.1X port-based authentication using Cisco Secure Access Control Server (ACS) and a Cisco Catalyst 2960 Series Switch from the command-line interface (CLI). Upon completing this lesson, the learner will be able to meet these objectives:
Describe the functions and features of Cisco Secure ACS for Windows Server
Configure simple 802.1X authentication using the Windows supplicant
Explain the different 802.1X host modes
Configure 802.1X timers
Use show and debug commands to verify and test 802.1X operation
The lesson includes these topics:
Cisco Secure ACS for Windows Overview
Configuring 802.1X Authentication
802.1X Host Modes
Configuring 802.1X Timers
Verify 802.1X Operation
The lesson includes this activity:
Lab 1-2: Configure Basic 802.1X Authentication
© 2008 Cisco Systems, Inc. Course Administration Guide 25
Lesson 4: Configuring Advanced 802.1X Authentication and Authorization
This lesson describes how to configure advanced 802.1X port-based authentication and authorization on a Cisco Catalyst 2960 Series Switch using the command-line interface (CLI). Upon completing this lesson, the learner will be able to meet these objectives:
Describe methods you can use to support devices that do not support 802.1X
Configure guest VLANs to support hosts that do not have a supplicant
Configure restricted VLANs to support hosts that have a supplicant but fail to authenticate
Configure MAC authentication bypass for hosts that have known MAC addresses but do not have an 802.1X supplicant
Configure inaccessible authentication bypass to support an unavailable RADIUS server
Explain how to configure web authentication
Configure 802.1X dynamic VLAN assignment
Use show commands to verify the MAC authentication bypass and inaccessible authentication bypass operation
Explain several special situations that can occur with 802.1X deployments
The lesson includes these topics:
Authenticating Without 802.1X
Guest VLANs
Restricted VLANs
MAC Authentication Bypass
Inaccessible Authentication Bypass
Web Authentication Proxy
802.1X Dynamic VLAN Assignments
Testing and Verifying 802.1X
Special Situations with 802.1X
The lesson includes these activities:
Lab 1-3: Configure Advanced 802.1X Authentication
Lab 1-4: Configure 802.1X VLAN Assignments
Module 2: Network Platform Security with Routers Upon completing this module, the learner will be able to implement Cisco Network Foundation Protection on Cisco IOS routers.
Lesson 1: Examining the Cisco Network Foundation Protection Strategy
This lesson describes the Cisco Network Foundation Protection strategy. Upon completing this lesson, the learner will be able to meet these objectives:
Describe Cisco Network Foundation Protection in general
Describe the features and benefits of Cisco Network Foundation Protection
Describe the Cisco AutoSecure feature of Cisco routers
26 Security Curriculum Course Outline © 2009 Cisco Systems, Inc.
List the platforms that support Cisco Network Foundation Protection
The lesson includes these topics:
Cisco Network Foundation Protection Overview
Cisco Network Foundation Protection Services and Benefits
Cisco AutoSecure
Supported Platforms
Lesson 2: Securing the Control Plane
This lesson describes tools that are used to secure the control plane of a Cisco router. Upon completing this lesson, the learner will be able to meet these objectives:
Describe the control plane of a router
Describe the basic function and benefits of CPPr
Explain the benefit of routing protocol authentication and how to configure routers
Describe CPU and memory threshold notifications
The lesson includes these topics:
The Control Plane
Control Plane Protection
Routing Protocol Protection
CPU and Memory Thresholding
Lesson 3: Securing the Management Plane
This lesson describes how to protect the management plane of Cisco devices. Upon completing this lesson, the learner will be able to meet these objectives:
Describe the management plane and configure common secure management protocols
Configure HTTPS
Describe and configure the Role-Based CLI Access feature
Describe and configure the Cisco MPP feature
Describe and configure SNMPv3
The lesson includes these topics:
The Management Plane
Secure Management Services
Role-Based Access Control
Cisco IOS MPP
SNMP v3 Architecture
Lesson 4: Securing the Data Plane
© 2008 Cisco Systems, Inc. Course Administration Guide 27
This lesson describes tools that are used to protect the data plane of a Cisco router. Upon completing this lesson, the learner will be able to meet these objectives:
Describe the data plane, data plane attacks, and the effects these attacks have on network devices
Explain NetFlow and how to configure it
Describe and configure uRPF
Describe and configure Cisco IOS FPM
The lesson includes these topics:
The Data Plane
NetFlow
Configuring uRPF
Cisco IOS FPM
The lesson includes this activity:
Lab 2-1: Configure the Cisco Network Foundation Protection Strategy
Module 3: Secure Site-to-Site Communications Upon completing this module, the learner will be able to design, install, configure, and troubleshoot site-to-site VPNs using Cisco Integrated Services Routers.
Lesson 1: Examining VPN and IPsec Fundamentals
This lesson describes basic characteristics and protocols used in IPsec configurations and describe the various types of VPNs available using Cisco IOS Software, including IPsec, Dynamic Multipoint Virtual Private Network (DMVPN), Group Encrypted Transport VPN (GET VPN), Cisco Easy VPN, and Cisco IOS Secure Sockets Layer (SSL) VPN. Upon completing this lesson, the learner will be able to meet these objectives:
Describe the basic functionality and protocols involved with IPsec VPNs
Describe different types of site-to-site VPNs, including fully-meshed, hub-and-spoke, IPsec, Cisco Easy VPN with VTI, GRE over IPsec, DMVPN, and GET VPN
Describe Cisco Easy VPN and Cisco IOS SSL VPNs
Explain the VPN design guide that is available in Cisco SDM
Configure global VPN router settings in Cisco SDM
The lesson includes these topics:
IPsec Overview
Site-to-Site VPNs
Cisco Easy VPN and Cisco IOS SSL VPNs
VPN Design Guide
Global VPN Settings
Lesson 2: Implementing IPsec VPNs with PKI
28 Security Curriculum Course Outline © 2009 Cisco Systems, Inc.
This lesson describes how to configure a Cisco IOS certificate authority (CA) and an IPsec site-to-site VPN using digital certificates. Upon completing this lesson, the learner will be able to meet these objectives:
Describe Cisco IOS PKI support
Describe the use of CAs and RAs
Describe how SCEP manages the certificate lifecycle
Describe and configure the Cisco IOS CA Server
Configure CA interoperability on a Cisco router using Cisco SDM
Configure a PKI-based IPsec site-to-site VPN on a router using Cisco SDM
Troubleshoot CA interoperability using the CLI
Test and verify IPsec configurations using the CLI
The lesson includes these topics:
Cisco IOS PKI Overview
Certificate Authorities
Examining SCEP
Cisco IOS CA Server
Configuring CA support
Configuring a PKI-Based IPsec Site-to-Site VPN
Testing and Verifying CA Support
Testing and Verifying IPsec
The lesson includes this activity:
Lab 3-1: Configure A Site-To Site VPN Using Certificates
Lesson 3: Implementing GRE over IPsec
This lesson describes how to configure Generic Routing Encapsulation (GRE)-over-IPsec tunnels. Upon completing this lesson, the learner will be able to meet these objectives:
Describe GRE tunnels
Configure a GRE tunnel
Configure a GRE tunnel with IPsec encryption using Cisco SDM and verify the resulting CLI configurations
Generate mirror configurations
Verify GRE-over-IPsec operations using the CLI
The lesson includes these topics:
Examining GRE Tunnels
Configuring a GRE Tunnel
Configuring a GRE-Over-IPsec Tunnel
Generate a Mirror Configuration
© 2008 Cisco Systems, Inc. Course Administration Guide 29
Testing and Verifying GRE Over IPsec
The lesson includes this activity:
Lab 3-2: Configure a GRE over IPsec Tunnel
Lesson 4: Configuring High-Availability VPNs and VTI
This lesson describes how to configure high-availability VPN technologies. Upon completing this lesson, the learner will be able to meet these objectives:
Describe high availability for IPsec VPNs
Explain how to achieve high availability with IPsec VPNs using redundant peers and how to configure it
Describe HSRP, the role it plays in high availability, and how to configure it
Describe Cisco IOS stateful failover and how to configure it
Explain how to back up WAN links using VPNs
Describe the benefit of using static or dynamic VTI and how to configure VTIs for site-to-site IPsec VPNs
The lesson includes these topics:
High Availability for Cisco IOS IPsec VPNs
IPsec Backup Peer
Hot Standby Router Protocol
IPsec Stateful Failover
Backing Up a WAN Connection with an IPsec VPN
Static and Dynamic VTIs
Lesson 5: Implementing DMVPN
This lesson describes how to configure a DMVPN. Upon completing this lesson, the learner will be able to meet these objectives:
Describe the overall requirements, features, operation, and high availability design for DMVPN
Describe how dynamic routing protocols operate over DMVPN
Configure a DMVPN hub using the Cisco SDM DMVPN hub wizard
Configure a DMVPN spoke using the Cisco SDM DMVPN spoke wizard
Edit DMVPN settings in Cisco SDM
Verify DMVPN connectivity
The lesson includes these topics:
Dynamic Multipoint VPN
Dynamic Routing Protocols over DMVPN
Configuring a DMVPN Hub
30 Security Curriculum Course Outline © 2009 Cisco Systems, Inc.
Configuring a DMVPN Spoke
Editing DMVPN Settings
Verifying DMVPN
The lesson includes this activity:
Lab 3-3: Configure a DMVPN Spoke Using Cisco SDM
Lesson 6: Implementing GET VPN
This lesson describes how to configure GET VPNs. Upon completing this lesson, the learner will be able to meet these objectives:
Describe problems that are encountered scaling tunnel-based VPNs
Describe GET VPN
Describe how dynamic routing protocols work over GET VPN
Describe the security measures that are built into the GET VPN solution
Describe GET VPN operations
Configure the GET VPN key server
Configure GET VPN group members
Verify GET VPN settings and operation
The lesson includes these topics:
VPN Limitations
GET VPN Overview
GET VPN Architecture
GET VPN Security
GET VPN Operations
Configuring GET VPN Key Servers
Configuring GET VPN Group Members
Verifying GET VPN Settings
The lesson includes this activity:
Lab 3-4: Configure GET VPN Using CLI
Module 4: Secure Remote Access Communications Upon completing this module, the learner will be able to design, install, configure, and troubleshoot remote-access communications using Cisco IOS security features.
Lesson 1: Implementing Cisco IOS Remote Access Using Cisco Easy VPN
This lesson describes how to configure Cisco Easy VPN for remote access. Upon completing this lesson, the learner will be able to meet these objectives:
© 2008 Cisco Systems, Inc. Course Administration Guide 31
Describe the role of each component of Cisco Easy VPN including Cisco Easy VPN Remote and Cisco Easy VPN Server
Explain how to configure the Cisco VPN Client
Explain how to configure a Cisco Easy VPN Remote using Cisco SDM
Explain how to configure a Cisco Easy VPN Server using Cisco SDM
Verify the Cisco Easy VPN configuration
The lesson includes these topics:
Introduction to Cisco Easy VPN
Configuring the Cisco VPN Client
Configuring Cisco Easy VPN Remote
Configuring Cisco Easy VPN Server
Verify the Cisco Easy VPN Configuration
The lesson includes these activities:
Lab 4-1: Configure Cisco Easy VPN Remote
Lab 4-2: Configure Cisco Easy VPN Server
Lesson 2: Examining a Cisco IOS SSL VPN
This lesson describes how to configure a Cisco IOS SSL VPN and verify its operation using Cisco Router and Security Device Manager (SDM). Upon completing this lesson, the learner will be able to meet these objectives:
Describe the Cisco IOS SSL VPN feature, including clientless mode, thin-client mode, full-tunnel client mode, and Cisco Secure Desktop
Describe the different client packages for the Cisco IOS SSL VPN
Configure the prerequisites for Cisco IOS SSL VPN
Configure Cisco IOS SSL VPN
Edit Cisco IOS SSL VPN configurations
Monitor and verify Cisco IOS SSL VPN
32 Security Curriculum Course Outline © 2009 Cisco Systems, Inc.
The lesson includes these topics:
Overview of Cisco IOS SSL VPN
Client Software
Configuring Cisco IOS SSL VPN Prerequistes
Cisco IOS SSL VPN Configuration
Editing Cisco IOS SSL VPNs
Verifying SSL VPN Functionality
The lesson includes this activity:
Lab 4-3: Configure a Cisco IOS SSL VPN
Module 5: Threat Control and Containment Upon completing this module, the learner will be able to install, configure, and troubleshoot URL filtering, NAT and PAT, Cisco IOS Classic Firewall, Cisco IOS Zone-Based Policy Firewall, and Cisco IOS IPS on a Cisco Integrated Services Router.
Lesson 1: Configuring NAT and PAT
This lesson describes how to configure inside and outside static and dynamic NAT and PAT as well as port forwarding. Upon completing this lesson, the learner will be able to meet these objectives:
Describe static and dynamic NAT and PAT
Configure PAT using the Cisco SDM NAT Basic wizard
Configure NAT and PAT using the Cisco SDM NAT Advanced wizard
Verify NAT and PAT configuration using the CLI
Troubleshoot a NAT configuration to resolve issues
The lesson includes these topics:
Network Address Translation Overview
Configuring PAT Using the Basic NAT Wizard
Configuring NAT and PAT Using the Advanced NAT Wizard
Verifying NAT and PAT
Troubleshooting NAT and PAT
Lesson 2: Configuring a Cisco IOS Classic Firewall
This lesson describes how to configure a Cisco IOS Classic Firewall using Cisco SDM. Upon completing this lesson, the learner will be able to meet these objectives:
Describe the features and benefits of a Cisco IOS Classic Firewall
Use the Cisco SDM Basic Firewall wizard to configure a Cisco IOS Classic Firewall
Use the Cisco SDM Advanced Firewall wizard to configure a Cisco IOS Classic Firewall
Edit a basic or advanced firewall configuration, including global settings
© 2008 Cisco Systems, Inc. Course Administration Guide 33
Verify a Cisco IOS Firewall configuration using the CLI
The lesson includes these topics:
Cisco IOS Classic Firewall Overview
Basic Firewall Wizard
Advanced Firewall Wizard
Editing Firewall Rules
Verifying Firewall Configuration
The lesson includes this activity:
Lab 5-1: Configure Cisco IOS Classic Firewall on a Cisco Router
Lesson 3: Configuring a Cisco IOS Zoned-Based Policy Firewall
This lesson describes how to configure a Cisco IOS Zone-Based Policy Firewall on a Cisco Integrated Services Router. Upon completing this lesson, the learner will be able to meet these objectives:
Describe the general features of a Cisco IOS Zone-Based Policy Firewall
Configure Cisco IOS Zone-Based Policy Firewall using the Cisco SDM Advanced Firewall wizard
Edit the Cisco IOS Zone-Based Policy Firewall
Create zone-based policies without the Cisco SDM wizard
Verify the Cisco IOS Zone-Based Policy Firewall configuration using the CLI and Cisco SDM
The lesson includes these topics:
Cisco IOS Zone-Based Policy Firewall Overview
Advanced Firewall Wizard
Editing Cisco IOS Zone-Based Policy Firewall
Configuring Zone-Based Policies
Verifying the Cisco IOS Zone-Based Policy Firewall Configuration
The lesson includes this activity:
Lab 5-2: Configure Cisco IOS Zone-Based Policy Firewall with URL Filtering
Lesson 4: Configuring Cisco IOS IPS
This lesson describes how to configure a Cisco IOS IPS Software Version 5.x signature support, Risk Rating (Signature Event Action Processing [SEAP]), tuning, and custom signatures. Upon completing this lesson, the learner will be able to meet these objectives:
Describe the features, functions, limitations, and applications of Cisco IOS IPS
Describe the different IPS management products
Describe SDF and built-in signature operation
34 Security Curriculum Course Outline © 2009 Cisco Systems, Inc.
Migrate from Cisco IOS IPS Version 4.x to Cisco IOS IPS Version 5.x
Configure Cisco IOS IPS using 5.x signatures
Configure Auto Signature Update
Configure SEAP, including Risk Ratings, Events Action Overrides, and Events Action Filters
Perform a basic configuration of Cisco IOS IPS
Tune more advanced signature settings
Create custom signatures
Use show, debug, and clear commands to test and verify Cisco IOS IPS configurations
Explain various scenarios and deployment options
© 2008 Cisco Systems, Inc. Course Administration Guide 35
The lesson includes these topics:
Cisco IOS IPS Overview
IPS Management Products
SDF and Built-In Signature Overview
Migrating from Cisco IOS IPS Version 4 to Version 5
Configuring Cisco IOS IPS Using 5.x Signatures
Auto Update
Signature Event Action Processing
Configuring, Disabling, and Excluding Signatures
Signature Tuning
Custom Signatures
Verifying Cisco IOS IPS Configuration
IPS Case Studies
The lesson includes this activity:
Lab 5-3: Configure a Cisco IOS IPS on a Cisco Router
36 Security Curriculum Course Outline © 2009 Cisco Systems, Inc.
IPS - Course Outline
Overview Implementing Cisco Intrusion Prevention Systems (IPS) v6.0 provides the knowledge and skills needed to design, install, configure, and maintain a Cisco IPS sensor for small, medium, and enterprise networks. The course also describes the procedures for managing intrusion prevention system (IPS) alarms.
Course Objectives Upon completing this course, the learner will be able to meet these overall objectives:
Explain how the Cisco IPS protects network devices from attacks
Install and configure the basic settings on a Cisco IPS 4200 Series Sensor
Use the Cisco IDM to configure built-in signatures to meet the requirements of a given security policy
Configure some of the more advanced features of the Cisco IPS product line
Initialize and install into your environment the rest of the Cisco IPS family of products
Use the CLI and the Cisco IDM to obtain system information, and configure the Cisco IPS sensor to allow an SNMP NMS to monitor the Cisco IPS sensor
High-Level Course Outline This subtopic provides an overview of how the course is organized. The course contains these components:
Course Introduction
Intrusion Prevention Overview
Installation of a Cisco IPS 4200 Series Sensor
Cisco IPS Signatures
Advanced Cisco IPS Configuration
Additional Cisco IPS Devices
Cisco IPS Sensor Maintenance
© 2008 Cisco Systems, Inc. Course Administration Guide 37
Detailed Course Outline This in-depth outline of the course structure lists each module, lesson, and topic.
Module 1: Intrusion Prevention Overview This module explains how the Cisco IPS protects network devices from attacks.
Lesson 1: Explaining Intrusion Prevention This lesson describes how to discuss intrusion detection and intrusion prevention along with related terms and concepts. Upon completing this lesson, the learner will be able to meet these objectives:
Explain the difference between intrusion detection and intrusion prevention
Describe the similarities and differences among the various intrusion detection technologies
Explain the terminology used in intrusion prevention and detection
Explain the difference between promiscuous and inline intrusion protection
Describe the new features included in the Cisco IPS Sensor Software Version 6.0
The lesson includes these topics:
Intrusion Detection vs. Intrusion Prevention
Intrusion Prevention Technologies
Intrusion Prevention Terminology
Promiscuous and Inline Modes
Features of Cisco IPS Sensor Software Version 6.0
Lesson 2: Examining Cisco IPS Products This lesson describes the Cisco IPS solutions and explains how Cisco IPS protects network devices from attacks. Upon completing this lesson, the learner will be able to meet these objectives:
Explain the various models available in the Cisco family of IPS sensors
Describe network IPS and list its features and limitations
Describe host IPS and list its features and limitations
Explain the considerations necessary for selection, placement, and deployment of a network IPS
Describe the Cisco Self-Defending Network and how the Cisco IPS products fit in to that structure
The lesson includes these topics:
Cisco Network Sensors
Network IPS
Host-Based IPS
38 Security Curriculum Course Outline © 2009 Cisco Systems, Inc.
Sensor Deployment
Cisco Self-Defending Network
Lesson 3: Examining Cisco IPS Sensor Software Solutions This lesson describes the Cisco monitoring solutions and suggests how to utilize them. Upon completing this lesson, the learner will be able to meet these objectives:
Describe the Cisco IPS Sensor Software architecture
List the Cisco IPS management products for single device management
List the Cisco IPS management products that you can use for the enterprise
The lesson includes these topics:
Cisco IPS Sensor Software Architecture
Cisco IPS Element Management Products
Cisco IPS Enterprise Management Products
Lesson 4: Examining Evasive Techniques This lesson describes major evasion techniques in order to justify several intrusion prevention system (IPS) features. Upon completing this lesson, the learner will be able to meet these objectives:
Explain what an evasive technique is and provide examples of evasive techniques
Explain how attackers use string match attacks to avoid detection by intrusion detection and intrusion prevention products
Explain how attackers use fragmentation attacks to avoid detection by intrusion detection and intrusion prevention products
Explain how attackers use session attacks to avoid detection by intrusion detection and intrusion prevention products
Explain how attackers use insertion attacks to avoid detection by intrusion detection and intrusion prevention products
Explain how attackers use evasion attacks to avoid detection by intrusion detection and intrusion prevention products
Explain how attackers use TTL-based attacks to avoid detection by intrusion detection and intrusion prevention products
Explain how attackers use encryption-based attacks to avoid detection by intrusion detection and intrusion prevention products
Explain how attackers use resource exhaustion attacks to avoid detection by intrusion detection and intrusion prevention products
The lesson includes these topics:
Evasive Techniques
String Match Attacks
Fragmentation Attacks
© 2008 Cisco Systems, Inc. Course Administration Guide 39
Session Attacks
Insertion Attacks
Evasion Attacks
TTL-Based Attacks
Encryption-Based Attacks
Resource Exhaustion Attacks
Module 2: Installation of a Cisco IPS 4200 Series Sensor This module describes how to install and configure the basic settings on a Cisco IPS 4200 Series Sensor.
Lesson 1: Installing a Cisco IPS Sensor Using the CLI This lesson describes how to install and initialize a Cisco IPS sensor appliance in the network using the command-line interface (CLI). Upon completing this lesson, the learner will be able to meet these objectives:
Explain the CLI of the Cisco IPS sensor
Gain management access and initialize a sensor
Explain some of the administrative tasks that are done from the CLI
Explain some of the additional commands that are available from the CLI
The lesson includes these topics:
Introducing the CLI
Initializing the Sensor
Performing Administrative Tasks
Additional Administrative Commands
Lesson 2: Using the Cisco IDM This lesson describes how to use the Cisco IPS Device Manager (IDM) to launch, navigate, manage, and monitor a Cisco IPS device. Upon completing this lesson, the learner will be able to meet these objectives:
Explain the features, benefits, and system requirements of the Cisco IDM
Log into and navigate the Cisco IDM
Configure SSH
Reboot and shutdown a Cisco IPS
The lesson includes these topics:
Introducing the Cisco IDM
Getting Started with the Cisco IDM
How to Configure SSH
How to Reboot and Shut Down the Sensor
40 Security Curriculum Course Outline © 2009 Cisco Systems, Inc.
Lesson 3: Configuring Basic Sensor Settings This lesson describes how to use the Cisco IDM to configure basic sensor settings. Upon completing this lesson, the learner will be able to meet these objectives:
Configure hosts that are authorized to administer the sensor
Configure the time settings of a Cisco IPS sensor
Configure certificates of a Cisco IPS sensor
Configure user accounts
Describe the different roles that a sensor interface can play
Configure the interfaces of a Cisco IPS sensor in promiscuous and inline mode
Describe and configure software and hardware bypass
Explain how to view events from the Cisco IDM
The lesson includes these topics:
How to Configure Allowed Hosts
How to Set the Time
How to Configure Certificates
How to Configure User Accounts
Defining Interface Roles
How to Configure the Interfaces
How to Configure Software and Hardware Bypass Mode
Viewing Events in the Cisco IDM
The lesson includes these activities:
Lab 2-1: Install and Configure an IPS Sensor from the CLI
Lab 2-2: Use the Cisco IDM to Perform a Basic Sensor Configuration
Module 3: Cisco IPS Signatures This module describes how to use the Cisco IDM to configure built-in signatures to meet the requirements of a given security policy.
Lesson 1: Configuring Cisco IPS Signatures and Alerts This lesson describes how to use the Cisco IDM to configure built-in signatures to meet the requirements of a given security policy. Upon completing this lesson, the learner will be able to meet these objectives:
Describe the different types, features, and actions of signatures
Locate information about specific signatures and describe the Cisco Intrusion Prevention Alert Center
Enable, disable, and assign actions to signatures
Configure additional settings for denying and blocking actions
© 2008 Cisco Systems, Inc. Course Administration Guide 41
The lesson includes these topics:
Cisco IPS Signatures
How to Locate Signature Information
How to Configure Basic Signatures
Special Considerations for Signature Actions
Lesson 2: Examining the Signature Engines This lesson describes the functions of signature engines and their parameters. Upon completing this lesson, the learner will be able to meet these objectives:
Describe the different signature engines used by the sensor
Describe the configuration parameters common to all signature engines
Describe the ATOMIC signature engines
Describe the FLOOD signature engines
Describe the SERVICE signature engines, including the new TNS and SMB advanced signature engines
Describe the STRING signature engines
Describe the SWEEP signature engines
Describe the TROJAN signature engines
Describe the TRAFFIC signature engines
Describe the AIC signature engines
Describe the STATE signature engine
Describe the META signature engine
Describe the NORMALIZER engine
The lesson includes these topics:
Introducing Cisco IPS Signature Engines
Common Signature Engine Parameters
ATOMIC Signature Engines
FLOOD Signature Engines
SERVICE Signature Engines
STRING Signature Engines
SWEEP Signature Engines
TROJAN Signature Engines
TRAFFIC Signature Engines
AIC Signature Engines
STATE Signature Engine
META Signature Engine
NORMALIZER Engine
42 Security Curriculum Course Outline © 2009 Cisco Systems, Inc.
Lesson 3: Customizing Signatures This lesson describes how to use the Cisco IDM to tune and customize signatures to meet the requirements of a given security policy. Upon completing this lesson, the learner will be able to meet these objectives:
Explain the need to tune signatures
Tune and create signatures to accomplish noise reduction
Tune and create signatures to accomplish false positive reduction
Tune and create signatures to accomplish false negative reduction
Tune and create signatures to focus a Cisco IPS sensor on the environment
Describe examples of different signature tuning scenarios
Design and create custom signatures
Describe examples of creating custom signatures
The lesson includes these topics:
Tuning Signatures
Noise Reduction
False Positive Reduction
False Negative Reduction
Focusing Cisco IPS Sensors
Customizing Built-in Signatures
How to Create Custom Signatures
Custom Signature Scenarios
The lesson includes these activities:
Lab 3-1: Working with Signatures and Alerts
Lab 3-2: Customizing Signatures
Module 4: Advanced Cisco IPS Configuration This module describes how to configure some of the more advanced features of the Cisco IPS product line.
Lesson 1: Performing Advanced Tuning of Cisco IPS Sensors This lesson describes how to use the Cisco IDM to tune a Cisco IPS sensor to work optimally in the network. Upon completing this lesson, the learner will be able to meet these objectives:
Explain how to tune the sensor to avoid evasive techniques and provide network-specific intrusion prevention
Explain the logging capabilities of the sensor, how to configure logging, and the performance ramifications of logging
Describe the concept of IP fragment and TCP stream reassembly
Define and configure event variables
Explain and configure TVRs
© 2008 Cisco Systems, Inc. Course Administration Guide 43
Describe and configure event action overrides
Describe and configure event action filters
Describe the risk rating system and the values that it uses to calculate the risk rating number
Introduce and configure the general settings for event action rules
The lesson includes these topics:
Sensor Configuration
IP Logging
Reassembly Options
How to Define Event Variables
Target Value Rating
Event Action Overrides
Event Action Filters
Risk Rating System
General Settings of Event Action Rules
The lesson includes this activity:
Lab 4-1: Tune a Cisco IPS Sensor Using the Cisco IDM
Lesson 2: Monitoring and Managing Alarms This lesson describes how to use additional monitoring tools to maximize alarm management efficiency. Upon completing this lesson, the learner will be able to meet these objectives:
Explain the Cisco IEV, its features, benefits, and specifications
Explain the installation procedure for Cisco IEV
Add devices to the Cisco IEV
Use Cisco IEV to view events
Explain the Cisco Security Management Suite, its features, benefits, and specifications
Explain the external product interface, its benefits, and specifications
Explain how a Cisco Security Agent installation can be integrated into a Cisco IPS sensor installation using Cisco Security Monitor
Explain the Cisco ICS
The lesson includes these topics:
Cisco IEV Overview
Installing Cisco IEV
Configuring Cisco IEV
Viewing Events
Cisco Security Management Suite Overview
44 Security Curriculum Course Outline © 2009 Cisco Systems, Inc.
External Product Interface
Integrating Cisco Security Agent into an IPS Installation
Cisco ICS
The lesson includes this activity:
Lab 4-2: Monitor and Manage Alarms
Lesson 3: Configuring a Virtual Sensor This lesson describes how to explain the virtual sensor, its settings, and advantages. Upon completing this lesson, the learner will be able to meet these objectives:
Explain the principles behind virtual sensors
Prepare for creating virtual sensors by creating inline pairs, signature polices, event action rules, and anomaly detection policies
Create a virtual sensor by giving it a name and assigning interfaces
The lesson includes these topics:
Virtual Sensor Overview
Preparing for Virtual Sensors
Creating Virtual Sensors
The lesson includes this activity:
Lab 4-3: Configure a Virtual Sensor (Optional)
Lesson 4: Configuring Advanced Features This lesson describes how to explain and configure some of the new advanced features of the Cisco IPS Sensor Software. Upon completing this lesson, the learner will be able to meet these objectives:
Explain the principles behind anomaly detection
Explain the components used by anomaly detection
Configure anomaly detection
Monitor and troubleshoot problems with anomaly detection
Explain the principles behind POSFP
Explain the different methods available to identify operating systems
Explain the available configuration options for POSFP
Examine the results of POSFP
The lesson includes these topics:
Anomaly Detection Overview
Anomaly Detection Components
© 2008 Cisco Systems, Inc. Course Administration Guide 45
Configuring Anomaly Detection
Monitoring Anomaly Detection
POSFP Overview
Operating System Identification
Configuring POSFP
Monitoring POSFP
The lesson includes this activity:
Lab 4-4: Configure Anomaly Detection and POSFP
Lesson 5: Configuring Blocking This lesson describes how to explain blocking concepts and use Cisco IDM to configure blocking for a given scenario. Upon completing this lesson, the learner will be able to meet these objectives:
Explain the principles behind blocking
Describe the things that should be taken into account before applying ACLs
Explain how to configure a sensor to perform automatic blocking
Explain how to configure a sensor to perform manual blocking
Explain how to configure a master blocking scenario
The lesson includes these topics:
Blocking Overview
ACL Considerations
How to Configure Automatic Blocking
How to Configure Manual Blocking
How to Configure a Master Blocking Scenario
Module 5: Additional Cisco IPS Devices This module describes how to initialize and install into your environment the rest of the Cisco IPS family of products.
Lesson 1: Installing the Cisco Catalyst 6500 Series IDSM-2 This lesson describes how to explain the basics of how to install the Cisco Catalyst 6500 Series Intrusion Detection System Services Module 2 (IDSM-2) in a Cisco Catalyst 6500 Series Switch and initialize it. Upon completing this lesson, the learner will be able to meet these objectives:
Describe the Cisco Catalyst 6500 Series IDSM-2
Install the Cisco Catalyst 6500 Series IDSM-2
Configure the Cisco Catalyst 6500 Series IDSM-2 interfaces
Monitor the Cisco Catalyst 6500 Series IDSM-2
46 Security Curriculum Course Outline © 2009 Cisco Systems, Inc.
Perform Cisco Catalyst 6500 Series IDSM-2 maintenance
The lesson includes these topics:
Cisco Catalyst 6500 Series IDSM-2 Overview
Installing the Cisco Catalyst 6500 Series IDSM-2
Configuring Cisco Catalyst 6500 Series IDSM-2 Interfaces
Monitoring the Cisco Catalyst 6500 Series IDSM-2
Maintaining the Cisco Catalyst 6500 Series IDSM-2
Lesson 2: Initializing the Cisco ASA AIP-SSM This lesson describes how to initialize a Cisco Adaptive Security Appliance Advanced Inspection and Prevention Security Services Module (ASA AIP-SSM). Upon completing this lesson, the learner will be able to meet these objectives:
Describe the Cisco ASA AIP-SSM
Upload the IPS image to the Cisco ASA AIP-SSM
Perform the initial configuration of the Cisco ASA AIP-SSM using Cisco ASDM
Configure an IPS security policy using Cisco ASDM
The lesson includes these topics:
Cisco ASA AIP-SSM Overview
Loading the Cisco ASA AIP-SSM
Initial Cisco ASA AIP-SSM Configuration Using Cisco ASDM
Configuring an IPS Security Policy
Module 6: Cisco IPS Sensor Maintenance This module describes how to use the CLI and the Cisco IDM to obtain system information, and how to configure the Cisco IPS sensor to allow a Simple Network Management Protocol (SNMP) network management system (NMS) to monitor the Cisco IPS sensor.
Lesson 1: Maintaining Cisco IPS Sensors This lesson describes how to install and recover the Cisco IPS Sensor Software and perform service pack and signature updates. Upon completing this lesson, the learner will be able to meet these objectives:
Describe the Cisco IPS sensor licenses and how to install them
Perform a Cisco IPS sensor upgrade or recovery
Install service pack and signature updates
Perform a password recovery on a Cisco IPS sensor
Restore a Cisco IPS sensor to its default configuration
The lesson includes these topics:
© 2008 Cisco Systems, Inc. Course Administration Guide 47
Understanding Cisco IPS Licensing
How to Upgrade and Recover Sensor Images
How to Install Service Packs and Signature Updates
Password Recovery
How to Restore a Cisco IPS Sensor
Lesson 2: Managing Cisco IPS Sensors This lesson describes how to use the CLI and the Cisco IDM to verify sensor configuration. Upon completing this lesson, the learner will be able to meet these objectives:
Explain the various CLI commands used for sensor monitoring
Describe the Cisco IDM as a tool to perform sensor monitoring
Describe Cisco Security Manager as a tool to perform sensor monitoring
Describe SNMP as a tool to perform sensor monitoring
The lesson includes these topics:
Using the CLI to Monitor the Sensor
Using the Cisco IDM to Monitor the Sensor
Monitoring Using Cisco Security Manager
Monitoring Using SNMP
The lesson includes this activity:
Lab 6-1: Maintain Sensors and Verify System Configuration
48 Security Curriculum Course Outline © 2009 Cisco Systems, Inc.
SNAF - Course Outline
Overview Securing Networks with ASA Fundamentals (SNAF) v1.0 is a five-day, instructor-led, lab-intensive course, which will be delivered by Cisco Learning Partners. This task-oriented course teaches the knowledge and skills needed to configure, maintain, and operate Cisco ASA 5500 Series Adaptive Security Appliances.
Course Objectives Upon completing this course, the learner will be able to meet these overall objectives:
Explain the functions of the three types of firewalls used to secure computer networks
Describe the technology and features of Cisco security appliances
Given diagrams of networks protected by Cisco ASA and PIX security appliances, explain how each appliance protects network devices from attacks and why each is an appropriate choice for the example network
High-Level Course Outline This section provides an overview of how the course is organized. The course contains these components:
Introducing Cisco Security Appliance Technology and Features
Introducing the Cisco ASA and PIX Security Appliance Families
Getting Started with Cisco Security Appliances
Configuring a Security Appliance
Configuring Translations and Connection Limits
Using ACLs and Content Filtering
Configuring Object Grouping
Switching and Routing on Cisco Security Appliances
Configuring AAA for Cut-Through Proxy
Configuring the Cisco Modular Policy Framework
Configuring Advanced Protocol Handling
Configuring Threat Detection
Configuring Site-to-Site VPNs Using Pre-Shared Keys
Configuring Security Appliance Remote-Access VPNs
Configuring the Cisco ASA for SSL VPN
Configuring Transparent Firewall Mode
Configuring Security Contexts
© 2008 Cisco Systems, Inc. Course Administration Guide 49
Configuring Failover
Managing the Security Appliance
Lab Guide
Detailed Course Outline This in-depth outline of the course structure lists each lesson and topic.
Lesson 1: Introducing Cisco Security Appliance Technology and Features This lesson introduces the general functionality provided by firewalls and security appliances. Upon completing this lesson, the learner will be able to meet these objectives:
Explain the functions of the three types of firewalls that are used to secure modern computer networks
Discuss the technology and features of Cisco security appliances
The lesson includes these topics:
Firewalls
Security Appliance Essentials
There is no lab for this lesson.
Lesson 2: Introducing the Cisco ASA and PIX Security Appliance Families This lesson introduces Cisco ASA 5500 Series Adaptive Security Appliances and Cisco PIX 500 Series Security Appliances. Upon completing this lesson, the learner will be able to meet these objectives:
Identify the Cisco ASA and PIX security appliance models
Explain the Cisco ASA security appliance licensing options
The lesson includes these topics:
Models and Features of Cisco Security Appliances
Cisco ASA Security Appliance Licensing
There is no lab for this lesson.
Lesson 3: Getting Started with Cisco Security Appliances This lesson describes how to configure the security appliance for basic network connectivity. Upon completing this lesson, the learner will be able to meet these objectives:
Explain the four access modes
Describe the security appliance file management system
Discuss security appliance security levels
Describe Cisco ASDM requirements and capabilities
Use the CLI to configure and verify basic network settings, and prepare the security appliance for configuration via Cisco ASDM
50 Security Curriculum Course Outline © 2009 Cisco Systems, Inc.
Verify security appliance configuration and licensing via Cisco ASDM
The lesson includes these topics:
User Interface
File Management
Security Appliance Security Levels
Cisco ASDM Essentials and Operating Requirements
Preparing to Use Cisco ASDM
Navigating Cisco ASDM Windows
The lesson includes this activity:
Lab 3-1: Prepare to Use Cisco ASDM to Configure the Security Appliance
Lesson 4: Configuring a Security Appliance This lesson describes how to configure a security appliance for basic network connectivity. Upon completing this lesson, the learner will be able to meet these objectives:
Configure a security appliance for basic network connectivity
Verify the initial configuration
Set the clock and synchronize the time on a security appliance
Configure a security appliance to send syslog messages to a syslog server
The lesson includes these topics:
Basic Security Appliance Configuration
Examining Security Appliance Status
Time Setting and NTP Support
Syslog Configuration
The lesson includes this activity:
Lab 4-1: Configure the Security Appliance with Cisco ASDM
Lesson 5: Configuring Translations and Connection Limits This lesson describes how to perform Network Address Translation (NAT) on a security appliance. Upon completing this lesson, the learner will be able to meet these objectives:
Describe how the TCP and UDP protocols function within the security appliance
Describe how static and dynamic translations function
Configure dynamic address translation
Configure static address translation
Set connection limits
© 2008 Cisco Systems, Inc. Course Administration Guide 51
The lesson includes these topics:
Transport Protocols
Understanding NAT
Understanding PAT
Static Translations
TCP SYN Cookies and Connection Limits
Connections and Translations
The lesson includes this activity:
Lab 5-1: Configure Translations
Lesson 6: Using ACLs and Content Filtering This lesson describes how to configure security appliance access control. Upon completing this lesson, the learner will be able to meet these objectives:
Configure and explain the basic function of ACLs
Configure and explain additional functions of ACLs
Configure active code filtering (Microsoft ActiveX and Java applets)
Configure the security appliance for URL filtering
Use the Packet Tracer for troubleshooting
The lesson includes these topics:
ACL Configuration
Malicious Active Code Filtering
URL Filtering
Packet Tracer
The lesson includes this activity:
Lab 6-1: Configure ACLs
Lesson 7: Configuring Object Grouping This lesson describes how to configure the object grouping feature of Cisco security appliances. Upon completing this lesson, the learner will be able to meet these objectives:
Describe the object grouping feature of the security appliance and its advantages
Configure object groups and use them in ACLs
The lesson includes these topics:
Essentials of Object Grouping
Configuring and Using Object Groups
52 Security Curriculum Course Outline © 2009 Cisco Systems, Inc.
The lesson includes this activity:
Lab 7-1: Configure Object Groups
Lesson 8: Switching and Routing on Cisco Security Appliances This lesson describes how to configure the switching and routing functionality that a security appliance provides. Upon completing this lesson, the learner will be able to meet these objectives:
Configure logical interfaces and VLANs
Configure static routes and static route tracking
Describe the dynamic routing capabilities of Cisco security appliances and configure passive RIP routing
The lesson includes these topics:
VLAN Capabilities
Static Routing
Dynamic Routing
There is no lab for this lesson.
Lesson 9: Configuring AAA for Cut-Through Proxy This lesson describes how to define, configure, and monitor AAA in Cisco security appliances. Upon completing this lesson, the learner will be able to meet these objectives:
Define AAA functions
Configure the local user database
Install and configure Cisco Secure ACS
Define and configure cut-through proxy authentication
Define and configure user authorization using downloadable ACLs
Define and configure the accounting component
The lesson includes these topics:
Introduction to AAA
Configuring the Local User Database
Installation of Cisco Secure ACS for Windows 2000
Cut-Through Proxy Authentication Configuration
Authentication Prompts and Timeouts
Authorization Configuration
Accounting Configuration
The lesson includes this activity:
Lab 9-1: Configure AAA on the Security Appliance Using Cisco Secure ACS for Windows
© 2008 Cisco Systems, Inc. Course Administration Guide 53
Lesson 10: Configuring the Cisco Modular Policy Framework This lesson describes how to describe and configure a security appliance modular policy. Upon completing this lesson, the learner will be able to meet these objectives:
Explain the Cisco Modular Policy Framework feature for security appliances
Describe the functionality of class maps
Describe the functionality of policy maps
Describe the functionality of service policies
Use Cisco ASDM to configure a service policy rule
The lesson includes these topics:
Modular Policy Framework Overview
Class Map Overview
Policy Map Overview
Configuring Modular Policies with Cisco ASDM
Configuring a Policy for Management Traffic
Displaying Modular Policy Framework Components
There is no lab for this lesson.
Lesson 11: Configuring Advanced Protocol Handling This lesson describes how to configure security appliance advanced protocol handling. Upon completing this lesson, the learner will be able to meet these objectives:
Describe the need for advanced protocol handling
Describe how the security appliance implements inspection of common network applications
Describe the issues with multimedia applications and how the security appliance supports multimedia call control and audio sessions
The lesson includes these topics:
Advanced Protocol Handling
Protocol Application Inspection
Multimedia Support
The lesson includes this activity:
Lab 11-1: Configure Advanced Protocol Inspection on the Security Appliance
54 Security Curriculum Course Outline © 2009 Cisco Systems, Inc.
Lesson 12: Configuring Threat Detection This lesson describes how to use the threat detection capabilities of the security appliance to better defend the network. Upon completing this lesson, the learner will be able to meet these objectives:
Describe threat detection and threat statistics
Configure basic threat detection
Configure scanning threat detection
Configure and view threat detection statistics
The lesson includes these topics:
Threat Detection Overview
Basic Threat Detection
Scanning Threat Detection
Configuring and Viewing Threat Detection Statistics
The lesson includes this activity:
Lab 12-1: Configure Threat Detection on the Security Appliance
Lesson 13: Configuring Site-to-Site VPNs Using Pre-Shared Keys This lesson describes how to configure Cisco security appliances for VPN connectivity. Upon completing this lesson, the learner will be able to meet these objectives:
Describe how security appliances enable a secure VPN
Perform the tasks necessary to configure security appliance IPsec support
Identify the commands to configure security appliance IPsec support
Configure a VPN between security appliances
The lesson includes these topics:
Secure VPNs
How IPsec Works
Preparing to Configure an IPsec VPN
Configuring a Site-to-Site VPN Using Pre-Shared Keys
Modifying the Site-to-Site VPN Configuration
Test and Verify VPN Configuration
The lesson includes this activity:
Lab 13-1: Configure Security Appliance Site-to-Site VPN
© 2008 Cisco Systems, Inc. Course Administration Guide 55
Lesson 14: Configuring Security Appliance Remote-Access VPNs This lesson describes how to configure security appliances for secure remote access. Upon completing this lesson, the learner will be able to meet these objectives:
Describe Cisco Easy VPN
Describe the Cisco VPN Client
Configure an IPsec Remote-Access VPN
Configure users and groups
The lesson includes these topics:
Introduction to Cisco Easy VPN
Overview of Cisco VPN Client
Configuring Remote-Access VPNs
Configuring Users and Groups
The lesson includes this activity:
Lab 14-1: Configure a Secure VPN Using IPsec Between a Security Appliance and a Cisco VPN Client
Lesson 15: Configuring the Cisco ASA Security Appliance for SSL VPN This lesson describes how to configure Cisco ASA security appliances to support the SSL VPN feature set. Upon completing this lesson, the learner will be able to meet these objectives:
Describe SSL VPN and its purpose
Use the SSL VPN Wizard to configure a basic Clientless SSL VPN connection
Verify SSL VPN operations
The lesson includes these topics:
SSL VPN Overview
Using the SSL VPN Wizard to Configure Clientless SSL VPN
Verifying Clientless SSL VPN Operations
The lesson includes this activity:
Lab 15-1: Configure the Security Appliance to Provide Secure Clientless SSL VPN Connectivity
Lesson 16: Configuring Transparent Firewall Mode This lesson describes how to configure Cisco security appliances to run in transparent firewall mode. Upon completing this lesson, the learner will be able to meet these objectives:
Explain the purpose of transparent firewall mode
Explain how data traverses a security appliance in transparent mode
56 Security Curriculum Course Outline © 2009 Cisco Systems, Inc.
Enable transparent firewall mode
Monitor and maintain transparent firewall mode
The lesson includes these topics:
Transparent Firewall Mode Overview
Traversing a Security Appliance in Transparent Mode
Configuring Transparent Firewall Mode
Monitoring and Maintaining Transparent Firewall Mode
The lesson includes this activity:
Lab 16-1: Configure Security Appliance Transparent Firewall
Lesson 17: Configuring Security Contexts This lesson describes how to configure the security appliance to support multiple contexts. Upon completing this lesson, the learner will be able to meet these objectives:
Explain the purpose of security contexts
Enable and disable multiple context mode
Configure a security context
Allocate resources to security contexts
Manage a security context
The lesson includes these topics:
Security Context Overview
Enabling Multiple Context Mode
Configuring Security Contexts
Managing Security Contexts
There is no lab for this lesson.
Lesson 18: Configuring Failover This lesson describes how to implement and configure failover in a network. Upon completing this lesson, the learner will be able to meet these objectives:
Describe the difference between hardware and stateful failover
Describe the difference between active/standby and active/active failover
Define the security appliance failover hardware requirements
Describe how active/standby failover works
Explain the security appliance roles of primary, secondary, active, and standby
Describe how active/active failover works
Configure active/standby LAN-based failover
© 2008 Cisco Systems, Inc. Course Administration Guide 57
Configure active/active failover
Enable the stateful failover option for maximum availability
Describe and use remote command execution
The lesson includes these topics:
Understanding Failover
Configuring Redundant Interfaces
Active/Standby LAN-Based Failover Configuration
Active/Active Failover Configuration
Remote Command Execution
The lesson includes these activities:
Lab 18-1: Configure LAN-Based Active/Standby Failover
Lab 18-2: Configure LAN-Based Active/Active Failover
Lesson 19: Managing the Security Appliance This lesson describes how to secure and upgrade system access to the security appliance and recover from problems. Upon completing this lesson, the learner will be able to meet these objectives:
Configure Telnet access to the security appliance
Configure SSH access to the security appliance
Configure command authorization
Recover security appliance passwords using general password recovery procedures
Use TFTP to install and upgrade the software image on the security appliance
The lesson includes these topics:
Managing System Access
Configuring Command Authorization
Managing Configurations
Managing Images and Activation Keys
The lesson includes this activity:
Lab 19-1: Manage the Security Appliance
58 Security Curriculum Course Outline © 2009 Cisco Systems, Inc.
SNAA - Course Outline
Overview Securing Networks with Cisco ASA Advanced (SNAA) v1.0 is a five-day, instructor-led, lab-intensive course, which will be delivered by Cisco Learning Partners. This task-oriented course teaches the knowledge and skills needed for advanced configuration, maintenance, and operation of the Cisco ASA 5500 Series Adaptive Security Appliances.
Course Objectives Upon completing this course, the learner will be able to meet these overall objectives:
Configure policy NAT based on traffic type
Describe the Layer 7 Modular Policy Framework for the security appliance and how it is configured
Describe the Layer 7 advanced protocol handling capabilities of Modular Policy Framework and how it is configured
Identify the steps needed to configure the security appliance to segment traffic with VLANs
Identify the steps need to configure the security appliance for dynamic routing
Explain the components and functionality of IPsec, and explain what digital certificates are and how they are used
Identify the steps needed to configure the security appliance to establish LAN-to-LAN tunnels with the digital certificate
Identify the necessary steps to configure the IPsec VPN client using digital certificates
Identify the necessary steps to configure the security appliance for remote access using digital certificates
Explain the advanced remote access features of the security appliance
Determine the necessary configuration for the ASA 5505 Adaptive Security Appliance to be a VPN hardware client
Identify the steps to configure QoS for VPN traffic
List the steps needed to configure the WebVPN functionality of the security appliance
Identify the basic Clientless SSL VPN features of the security appliance
Configure full network access SSL VPNs using the Cisco AnyConnect VPN Client
List the features and functionality of the Cisco Secure Desktop
Configure Cisco Secure Desktop and DAP for SSL VPN connections on the security appliance
Identify and list the characteristics of the service modules for the security appliance
Identify the steps needed to configure, inspect, and filter traffic with the Cisco CSC-SSM
© 2008 Cisco Systems, Inc. Course Administration Guide 59
Identify the steps needed to configure the security appliance to identify, alert, and defend against attacks
High-Level Course Outline This section provides an overview of how the course is organized. The course contains these components:
Advanced NAT
Advanced Protocol Handling
Dynamic Routing and Switching
IPsec VPNs
SSL VPNs
Security Services Modules
Appendix: Handling Multimedia Protocols
Appendix: Using Cisco ASA Multicast
Lab Guide
Detailed Course Outline This in-depth outline of the course structure lists each lesson and topic.
Module 1: Advanced NAT Explain how the Cisco ASA security appliance performs NAT, the order of NAT matching, and policy-based NAT with the use of ACLs.
Lesson 1: Applying NAT 0 and Policy NAT This lesson defines how to describe how to configure NAT based on traffic type and the appropriate policy. Upon completing this lesson, the learner will be able to meet these objectives:
Describe how to configure ACLs for the security appliance
Describe the function of NAT and how to implement basic NAT
Describe NAT 0 function and the steps necessary to implement NAT 0
Describe policy NAT and the steps necessary to implement policy NAT
Explain how to verify and troubleshoot NAT configuration and operation
The lesson includes these topics:
ACLs
NAT
Translation Behavior
NAT Exemption
Policy NAT
Verify and Troubleshoot
60 Security Curriculum Course Outline © 2009 Cisco Systems, Inc.
The lesson includes this activity:
Lab 1-1: Implementing Advanced NAT
Module 2: Advanced Protocol Handling Describe Cisco Modular Policy Framework for the security appliance and how it is configured as it applies to Layer 7 application inspection.
Lesson 1: Applying the Cisco Modular Policy Framework This lesson explains how to describe and configure a Layer 7 modular policy. Upon completing this lesson, the learner will be able to meet these objectives:
Describe the Cisco Modular Policy Framework capabilities of the security appliance
Configure a modular policy on the security appliance using Cisco ASDM
Create a Layer 7 class map
Create a regular expression class map
Create a Layer 7 policy map
Describe the commands used to verify a Cisco Modular Policy Framework configuration
The lesson includes these topics:
Cisco Modular Policy Framework Overview
Configuring the Cisco Modular Policy Framework
Configuring a Layer 7 Class Map
Configuring a Regular Expression Class Map
Configuring a Layer 7 Policy Map
Verifying the Cisco Modular Policy Framework Configuration
The lesson includes no activities.
Lesson 2: Handling Advanced Protocols
This lesson explains how to configure and troubleshoot inspection of several common network protocols. Upon completing this lesson, the learner will be able to meet these objectives:
Describe the protocol inspection capabilities of the Cisco ASA security appliance
Explain how to configure FTP inspection
Explain how to configure HTTP inspection
Explain how to configure IM inspection
Explain how to configure ESMTP inspection
Explain how to configure DNS inspection
Explain how to configure ICMP inspection
Use show commands to verify that protocol inspection is configured
Use debug commands to verify that protocol inspection is working properly
© 2008 Cisco Systems, Inc. Course Administration Guide 61
The lesson includes these topics:
Protocol Inspection Overview
FTP Inspection
HTTP Inspection
IM Inspection
ESMTP Inspection
DNS Inspection
ICMP Inspection
Protocol Inspection Verification
The lesson includes this activity:
Lab 2-1: Configuring Advanced Protocol Inspection
Module 3: Dynamic Routing and Switching Explain the dynamic routing and switching functionalities of the Cisco ASA security appliance.
Lesson 1: Switching with VLANs This lesson defines how to describe and configure the switching functionality that the security appliance provides. Upon completing this lesson, the learner will be able to meet these objectives:
Describe the VLAN capabilities of the security appliance
Explain the steps necessary to configure VLANs on the security appliance
Explain the steps necessary to configure interfaces on the Cisco ASA 5505 Adaptive Security Appliance
Use show commands to verify VLAN operations
The lesson includes these topics:
Cisco ASA VLAN Operations
VLAN Configuration
VLAN Configuration on the Cisco ASA 5505
VLAN Verification
The lesson includes no activities.
Lesson 2: Routing with Dynamic Protocols This lesson explains how to identify the steps needed to configure the security appliance for dynamic routing. Upon completing this lesson, the learner will be able to meet these objectives:
Describe the differences between the dynamic and static routing capabilities of the security appliance
Configure the security appliance for active RIP routing
Configure the security appliance for OSPF routing
62 Security Curriculum Course Outline © 2009 Cisco Systems, Inc.
Configure the security appliance for EIGRP routing
Configure the security appliance for route redistribution
Use show and debug commands to verify routing configuration and that the routing configuration is working properly
The lesson includes these topics:
Dynamic and Static Routing
RIP
OSPF
EIGRP
Redistribution
Verification and Troubleshooting
The lesson includes this activity:
Lab 3-1: Dynamic Routing with EIGRP and OSPF
Module 4: IPsec VPNs
Explain the IP Security (IPsec) virtual private network (VPN) features and capabilities of the security appliance.
Lesson 1: Understanding IPsec and Digital Certificates This lesson defines how to explain the components and the functionality of IPsec and explains what digital certificates are and how they are used. Upon completing this lesson, the learner will be able to meet these objectives:
Describe IPsec and the components that define IPsec
Describe how IPsec works
Describe how digital certificates and Public-Key cryptography work
Describe the scalability that is achieved by using certificates
Describe the purpose of CRLs and the protocols used for CRLs
Describe key pairs and trustpoints
The lesson includes these topics:
What is IPsec?
IPsec Operation
Digital Certificates and Public-Key Cryptography
Certificates and Scalability
Certificate Enrollment Process
Validating the Certificate
Certificate Revocation Lists
Security Appliance Certificate Enrollment Support
© 2008 Cisco Systems, Inc. Course Administration Guide 63
Key Pairs and Trustpoints
The lesson includes no activities.
Lesson 2: Implementing Site-to-Site VPNs with Digital Certificates This lesson defines how to configure the security appliance to establish site-to-site tunnels using digital certificates. Upon completing this lesson, the learner will be able to meet these objectives:
Describe the components of site-to-site VPNs
Explain the steps necessary to configure the Cisco ASA security appliance to use digital certificates
Define interesting traffic with ACLs
List the steps needed to configure an ISAKMP policy for site-to-site VPNs
List the steps necessary to define IPsec transform set
Explain the steps needed to configure a site-to-site VPN using digital certificates
Configure a crypto map for site-to-site VPNs
Configure the Cisco ASA security appliance for hub-and-spoke site-to-site connections
Configure site-to-site redundancy
Use show commands to verify the configuration of site-to-site VPNs
Use debug commands to verify that the configuration of site-to-site VPNs is working properly
The lesson includes these topics:
Site-to-Site VPNs
Configuring CA Certificates
Site-to-Site IPsec Connection Profiles
Modifying Certificate to Connection Mapping
Hub and Spoke
Site-to-Site Redundancy
Verifying Site-to-Site VPNs
Troubleshooting Site-to-Site VPNs
The lesson includes this activity:
Lab 4-1: Site-to-Site with Digital Certificates
Lesson 3: Configuring the Cisco VPN Client This lesson defines how to configure the Cisco VPN Client by using digital certificates for authentication. Upon completing this lesson, the learner will be able to meet these objectives:
Describe the key features and benefits of the Cisco VPN Client
Describe the steps necessary to install the Cisco VPN Client
64 Security Curriculum Course Outline © 2009 Cisco Systems, Inc.
Describe the steps needed to configure and install digital certificates on the Cisco VPN Client
List the connection entry configuration options available on the Cisco VPN Client
List the advanced configuration options available on the Cisco VPN Client
Describe the setting and options that would verify and troubleshoot the Cisco VPN Client configuration
The lesson includes these topics:
Cisco VPN Client
Cisco VPN Client Installation
Digital Certificates with Cisco VPN Client
Connection Entry
Advanced Options
Verify and Troubleshoot Client Configuration
The lesson includes no activities.
Lesson 4: Implementing Remote-Access VPNs with Digital Certificates This lesson defines how to configure the security appliance for remote access using digital certificates. Upon completing this lesson, the learner will be able to meet these objectives:
Describe the components of remote-access VPNs
Describe the general tasks for configuring a Cisco ASA security appliance to support Cisco Easy VPN Remote client access
Configure the Cisco ASA security appliance to use digital certificates manually
Define an address pool for remote-access VPN connections
Explain the user policy inheritance that is determined by the Cisco ASA security appliance
Configure an IPsec connection profile to support digital certificates
Configure a certificate to connection policy to map the identity certificate to the proper connection profile
Use Cisco ASDM graphs and show commands to verify the operation of remote-access VPNs
Use logging and debug commands to troubleshoot remote-access VPNs
The lesson includes these topics:
Remote-Access VPNs
Configuring a Cisco ASA for Remote Access
Installing Cisco ASA Certificates
Defining a Remote-Access Address Pool
User Policy Attribute Inheritance
Configuring an IPsec Connection Profile
© 2008 Cisco Systems, Inc. Course Administration Guide 65
Configuring the Certificate to Connection Profile Policy
Verifying Remote-Access VPNs
Troubleshooting Remote-Access VPNs
The lesson includes this activity:
Lab 4-2: Remote Access with Digital Certificates
Lesson 5: Configuring Advanced Remote-Access Features and Policy This lesson defines how to explain these remote-access features and configure the Cisco ASA security appliance to use them. Upon completing this lesson, the learner will be able to meet these objectives:
Use Cisco ASDM to configure advanced policy features of load balancing
Use Cisco ASDM to configure reverse route injection for VPN connections
Use Cisco ASDM to configure a backup server for the VPN connections
Use Cisco ASDM to configure intra-interface VPN traffic forwarding on the Cisco ASA security appliance
Use Cisco ASDM to configure NAT transparency for VPN connection behind a NAT device
Use Cisco ASDM to configure IPsec over TCP for VPN connection behind a NAT device
Use Cisco ASDM to configure certificate group mapping for IPsec connections using certificates
Use Cisco ASDM to configure client updates for VPN software and hardware clients
Use Cisco ASDM to configure the tunnel policy for personal firewalls and split tunneling
The lesson includes these topics:
Load Balancing
Reverse Route Injection
Backup Servers
Intra-Interface VPN Traffic
NAT Transparency
Client Update
Split Tunneling
Personal Firewalls
The lesson includes no activities.
66 Security Curriculum Course Outline © 2009 Cisco Systems, Inc.
Lesson 6: Configuring the ASA 5505 as a Cisco Easy VPN Hardware Client This lesson defines how to configure security appliances for secure remote access. Upon completing this lesson, the learner will be able to meet these objectives:
Describe Cisco Easy VPN and its two components
Describe how group policy is determined on the VPN hardware client
Configure the ASA 5505 Adaptive Security Appliance as a Cisco Easy VPN Remote
The lesson includes these topics:
Introduction to Cisco Easy VPN
Cisco Easy VPN Server Policy
Cisco Easy VPN Hardware Client
The lesson includes this activity:
Lab 4-3: Cisco ASA 5505 Easy VPN Hardware Client
Lesson 7: Configuring QoS for IPsec VPNs This lesson defines how to identify the steps to configure QoS for VPN tunnel traffic. Upon completing this lesson, the learner will be able to meet these objectives:
Describe the QoS features of the Cisco ASA 5500 Series Adaptive Security Appliance
Configure QoS on the Cisco ASA 5500 Series Adaptive Security Appliance for VPN tunnel traffic
Verify the QoS for VPN tunnel traffic configuration of the Cisco ASA 5500 Series Adaptive Security Appliance
The lesson includes these topics:
QoS Overview
Cisco ASA QoS
Configuring QoS for VPNs
Verifying QoS
The lesson includes no activities.
© 2008 Cisco Systems, Inc. Course Administration Guide 67
Module 5: SSL VPNs Explain the Secure Sockets Layer (SSL) VPN features and capabilities of the security appliance.
Lesson 1: Understanding SSL VPN Technology This lesson defines how to describe SSL, its use in SSL VPNs, and how it can be deployed in an enterprise network. Upon completing this lesson, the learner will be able to meet these objectives:
Describe the characteristics of SSL
Describe SSL VPN components
Describe Cisco Secure Desktop
The lesson includes these topics:
SSL Overview
Clientless SSL VPN
Cisco Secure Desktop
The lesson includes no activities.
Lesson 2: Configuring Clientless SSL VPNs This lesson defines how to describe and configure a Cisco ASA security appliance for Clientless SSL VPN connections from remote users. Upon completing this lesson, the learner will be able to meet these objectives:
Configure Clientless SSL VPN
Configure Clientless SSL VPNs to use port forwarding
Configure additional features for Clientless SSL VPNs
Configure smart tunnels for non-plug-in supported applications
Use debug and show commands to verify Clientless SSL VPN configuration
The lesson includes these topics:
Configuring Clientless SSL VPN
Verifying Clientless SSL VPN Operation
Configuring Port-Forwarding SSL VPN
Verifying Port-Forwarding SSL VPN
Configuring Additional SSL VPN Features
Troubleshooting Clientless and Port-Forwarding SSL VPNs
The lesson includes this activity:
Lab 5-1: Clientless SSL VPNs
68 Security Curriculum Course Outline © 2009 Cisco Systems, Inc.
Lesson 3: Configuring Full Network Access SSL VPNs This lesson defines how to describe and configure the Cisco ASA security appliance for Full Network Access SSL VPN using the Cisco AnyConnect VPN Client. Upon completing this lesson, the learner will be able to meet these objectives:
Describe the features of the Cisco AnyConnect VPN Client
Describe the different installation methods available for the Cisco AnyConnect VPN Client
Configure DTLS for the Cisco AnyConnect VPN Client
Configure the advanced features of the Cisco AnyConnect VPN Client
Configure Certificate-Based Authentication for the Cisco AnyConnect VPN Client
Verify Cisco AnyConnect VPN Client operation
Troubleshoot Cisco AnyConnect VPN Client operation
The lesson includes these topics:
Cisco Full Network Access SSL VPN Overview Configuring Cisco AnyConnect SSL VPN
Verifying Cisco AnyConnect VPN Operation
Configuring Advanced Features for the Cisco AnyConnect VPN Client
Configuring Certificate-Based Authentication for the Cisco AnyConnect SSL VPN
Troubleshooting Cisco AnyConnect VPN Client Operation
The lesson includes this activity:
Lab 5-2: SSL VPNs with the Cisco AnyConnect Client
Lesson 4: Cisco Secure Desktop This lesson defines how to describe the features available for Cisco Secure Desktop, how Cisco Secure Desktop interacts with other Cisco clients, and what steps are required to install the Cisco Secure Desktop image. Upon completing this lesson, the learner will be able to meet these objectives:
Describe the functionality of Cisco Secure Desktop
Describe the interoperability of the Cisco AnyConnect VPN Client
Install or upgrade the Cisco Secure Desktop image
List the steps necessary to install Cisco Secure Desktop
The lesson includes these topics:
Cisco Secure Desktop Overview
Cisco Secure Desktop Interoperability
Preparing the Cisco ASA for Cisco Secure Desktop
The lesson includes no activities.
© 2008 Cisco Systems, Inc. Course Administration Guide 69
Lesson 5: Securing the Desktop with Cisco Secure Desktop and DAP This lesson defines how to configure Cisco Secure Desktop and configure Dynamic Access Policies (DAP) for SSL VPN client and clientless connections. Upon completing this lesson, the learner will be able to meet these objectives:
Describe the Cisco Secure Desktop Workflow for SSL VPN client and clientless connections
Configure Cisco Secure Desktop for SSL VPN client and clientless connections
Configure Advanced Endpoint Assessment for SSL VPN client and clientless connections
Configure DAP for SSL VPN client and clientless connections
The lesson includes these topics:
Cisco Secure Desktop Workflow
Prelogin Assessment
Secure Session
Cache Cleaner
Host Emulation and Keystroke Logger Detection
Host Scan
Dynamic Access Policy
DAP Testing
The lesson includes this activity:
Lab 5-3: Cisco Secure Desktop and Dynamic Access Policy
Module 6: Security Services Modules Explain the features and capabilities of the security services modules of the security appliance.
Lesson 1: Examining the Cisco SSMs This lesson defines how to identify and list the characteristics of the services modules for the Cisco ASA security appliance. Upon completing this lesson, the learner will be able to meet these objectives:
Identify the hardware characteristics of the Cisco SSM
Explain the business needs for deploying a Cisco SSM
List the security functions of the different types of application SSMs
The lesson includes these topics:
Business Challenges
Cisco SSMs
CSC-SSM
AIP-SSM
AIP-SSM or CSC-SSM
70 Security Curriculum Course Outline © 2009 Cisco Systems, Inc.
The lesson includes no activities.
Lesson 2: CSC-SSM: Getting Started This lesson defines how to describe how to configure the Cisco Content Security and Control Security Services Module (CSC-SSM). Upon completing this lesson, the learner will be able to meet these objectives:
Describe the how to initialize the CSC-SSM
Load the CSC-SSM with the new operating system from the CLI
Initialize and activate the CSC-SSM from the CLI
Configure the CSC-SSM to scan, using the CSC Setup Wizard from Cisco ASDM
The lesson includes these topics:
CSC-SSM Overview
CSC-SSM Software Loading
Initial CLI Cisco CSC Configuration
Initially Configuring the CSC-SSM with the Cisco ASDM CSC Setup Wizard
The lesson includes no activities.
Lesson 3: AIP-SSM: Getting Started This lesson defines how to initialize a Cisco Adaptive Security Appliance Advanced Inspection and Prevent Security Services Module (AIP-SSM). Upon completing this lesson, the learner will be able to meet these objectives:
Explain how the Cisco SSM modules operate within the Cisco ASA security appliance
Upload the Cisco IPS image to the AIP-SSM
Perform the initial configuration of the AIP-SSM
Configure a Cisco IPS security policy using Cisco ASDM
The lesson includes these topics:
AIP-SSM Overview
AIP-SSM Software Loading
Initial Cisco IPS ASDM Configuration
Configure a Cisco IPS Security Policy
The lesson includes this activity:
Lab 6-1: Initializing AIP-SSM
© 2008 Cisco Systems, Inc. Course Administration Guide 71
MARS - Course Management
Overview
Welcome to Implementing Cisco Security Monitoring, Analysis, and Response System (MARS) v3.0. Cisco Security MARS extends the portfolio of security management products for the Cisco Self-Defending Network initiative. Cisco Security MARS offers a family of high-performance, scalable appliances for threat management, monitoring, and mitigation, enabling customers to make more effective use of network and security devices.
Cisco Security MARS combines network intelligence, context correlation, vector analysis, anomaly detection, hotspot identification, and automated mitigation capabilities. The result is a system that helps customers to readily and accurately identify, manage, and eliminate network attacks and maintain network security compliance.
The purpose of this Course Administration Guide is to provide Cisco Learning Partners with information so that they can better administer the course content and labs.
Course Objectives Upon completing this course, the learner will be able to meet these overall objectives:
Describe a Cisco Security MARS solution and its role in Cisco Threat-Defense System management
Describe the software components of Cisco Security MARS architectural design
Configure the network reporting devices to work with the Cisco Security MARS appliance
Describe the key concepts involved in using network reporting and mitigation devices with the Cisco Security MARS appliance
Use the Summary page to view the security status of your network
Describe and configure a rule that detects interesting patterns of network activity and other anomalous network behavior
72 Security Curriculum Course Outline © 2009 Cisco Systems, Inc.
Describe the process of generating queries and reports in a Cisco Security MARS appliance
Describe the process of incident investigation on a Cisco Security MARS appliance
Configure user-defined log parser templates on the Cisco Security MARS appliance
Integrate Cisco Security Manager and Cisco Security MARS
Perform system maintenance tasks on the Cisco Security MARS appliance
Identify common issues about Cisco Security MARS
Describe the features and functions of the Cisco Security MARS Global Controller
Summarize the key functionalities of Cisco Security MARS technologies at work
© 2008 Cisco Systems, Inc. Course Administration Guide 73
Detailed Course Outline This in-depth outline of the course structure lists each lesson and topic.
Course Introduction The Course Introduction provides learners with the course objectives and prerequisite learner skills and knowledge. The Course Introduction presents the course flow diagram and the icons that are used in the course illustrations and figures. This course component also describes the curriculum for this course, providing learners with the information that they need to make decisions regarding their specific learning path.
Overview: Cisco Security Monitoring, Analysis and Response System (Cisco Security MARS) v3.0 is an update to Cisco Security Monitoring, Analysis and Response System (Cisco Security MARS) v2.0, an existing four-day instructor-led course on using Cisco Security MARS Software Versions 4.3.1 and 5.3.1. The lab setup and activities are based on the newer version of the virtual software VM-MARS 4.3.4 and VM-CSM 3.2. Upon completion of this course, the learner will have the skills and knowledge to implement the Cisco Security MARS solution into a network. Learners will learn Cisco Security MARS tasks such as quick install; adding security and network devices; creating rules, reports and queries; incident investigation; and performing system maintenance. Learners will install, configure, and administer Cisco Security MARS to protect a network.
Learner Skills and Knowledge: Here are the required learner skills and knowledge:
— Cisco CCSP certified or equivalent knowledge
— Passage of the Securing Cisco IOS Networks (SECUR) exam (642-501), the Securing Networks with Cisco Routers and Switches (SNRS) exam (642-502), or both
— At least six months of practical experience configuring Cisco routers and security products
— Familiarity with implementing network security policies and these networking components and concepts:
Perimeter security system components: perimeter router, firewall, intrusion prevention system (IPS), virtual private network (VPN), and demilitarized zone (DMZ) host
Servers: Cisco Security Manager; syslog; authentication, authorization, and accounting (AAA); Cisco Secure Access Control Server (Cisco Secure ACS); and FTP
Protocols: syslog, Simple Network Management Protocol (SNMP), Secure Shell (SSH), FTP, and Telnet
74 Security Curriculum Course Outline © 2009 Cisco Systems, Inc.
Lesson 1: Introducing Cisco Security Monitoring, Analysis, and Response System Lesson objective: Describe a Cisco Security MARS solution and its role in Cisco Threat-Defense System management. This ability includes being able to meet these objectives:
Describe effective security monitoring and management concepts
Describe Cisco Self-Defending Network
Describe a Cisco Security MARS solution
Provide an overview of Cisco Security MARS terminology
Describe Cisco Security MARS technologies
The lesson includes these topics:
Effective Security Monitoring and Management
Cisco Self-Defending Network and the Role of Cisco Security MARS
Cisco Security MARS
Cisco Security MARS Terminology
Cisco Security MARS Technologies
Cisco Security MARS User Interface
Cisco Security MARS Product Portfolio
Lesson 2: Understanding the System Architecture Lesson objective: Describe the software components of Cisco Security MARS architectural design. This ability includes being able to meet these objectives:
Provide an overview of Cisco Security MARS software components.
Describe STM process flow and the corresponding architectural components of Cisco Security MARS in detail.
The lesson includes these topics:
Cisco Security MARS Software Components
Cisco Security MARS Process Flow Details
© 2008 Cisco Systems, Inc. Course Administration Guide 75
Lesson 3: Configuring a Cisco Security MARS Appliance Lesson objective: Configure the network reporting devices to work with the Cisco Security MARS appliance. This ability includes being able to meet these objectives:
Provide an overview of the initial Cisco Security MARS configuration
Provide brief overviews of each of the six tasks involved in configuring the appliance
Describe guidelines for deploying a Cisco Security MARS appliance
The lesson includes these topics:
Initial Cisco Configuration Overview
Scenario: Configuration Tasks
Deployment Planning Guidelines
The lesson includes these activities:
Pre-Lab Activity: Accessing the Remote Lab
Lab 3: Accessing the Cisco Security MARS Appliance
Lesson 4: Adding Reporting and Mitigation Devices Lesson objective: Describe the key concepts involved in using network reporting and mitigation devices with the Cisco Security MARS appliance. This ability includes being able to meet these objectives:
Provide an overview of the reporting and mitigation devices that can be used with the Cisco Security MARS appliance
Describe different methods of providing Cisco Security MARS with the data that is required to study the activities on the network
Provide an overview of integrating Cisco Security MARS with third-party applications
The lesson includes these topics:
Overview of Reporting and Mitigation Devices
Scenario: Adding a Cisco Reporting Device and Enabling NetFlow
Data-Enabling Features of Cisco Security MARS
Integrating Cisco Security MARS with Third-Party Applications
The lesson includes these activities:
Lab 4-1: Adding Reporting Devices and Enabling NetFlow
Lab 4-2: Configuring the Syslog Forwarding Feature
76 Security Curriculum Course Outline © 2009 Cisco Systems, Inc.
Lesson 5: Viewing the Summary Page Lesson objective: Use the Summary page to view the security status of your network. This ability includes being able to meet these objectives:
Describe the Summary page on a the Cisco Security MARS appliance
Describe the Dashboard tab on the Cisco Security MARS Summary page
Describe the Network Status tab of the Cisco Security MARS Summary page
Describe the My Reports tab of the Cisco Security MARS Summary page
The lesson includes these topics:
Summary Page Overview
Dashboard
Network Status
My Reports
Scenario: Getting Information from the Summary Page
The lesson includes these activities:
Lab 5: Generating Summary Reports
Lesson 6: Managing Rules Lesson objective: Describe and configure a rule (or rules) that detects interesting patterns of network activity and other anomalous network behavior. This ability includes being able to meet these objectives:
Provide an overview of rules in Cisco Security MARS
Describe and configure system and user inspection rules
Describe and configure drop rules
Provide an overview of rule and report groups
The lesson includes these topics:
Rules Overview
Working with System and User Inspection Rules
Working with Drop Rules
Rule Groups Overview
The lesson includes these activities:
Lab 6-1: Configuring Cisco Security MARS Event Types
Lab 6-2: Configuring an Inspection Rule
© 2008 Cisco Systems, Inc. Course Administration Guide 77
Lesson 7: Understanding Queries and Reports Lesson objective: describe the process of generating queries and reports in a Cisco Security MARS appliance. This ability includes being able to meet these objectives:
Provide an overview of the Query page and demonstrate how to generate a query
Provide an overview of the Reports page and demonstrate how to create scheduled report
The lesson includes these topics:
Query Page
Scenario: Configuring a Query
Reports Page
Scenario: Configuring a System Report
The lesson includes these activities:
Lab 7: Performing a Query and Creating a Custom Report
Lesson 8: Investigating and Mitigating Incidents Lesson objective: Describe the process of incident investigation on a Cisco Security MARS appliance. This ability includes being able to meet these objectives:
Provide an overview of incidents
Describe the Incidents submenu and incident investigation process
Describe the role of Cisco Security MARS in a network
Describe false positive terminology and the key elements of the False Positives page
Describe the Case Management feature of Cisco Security MARS
Describe how to configure a case to track an incident
Describe the prerequisites and the process of sending notifications
Discuss the case study on preventing the W32 Blaster worm
The lesson includes these topics:
Incidents Overview
Incidents
Scenario: Role of Cisco Security MARS in Your Network
False Positives
Case Management
Scenario: Configuring a Case to Track an Incident
Configuring Notifications
Case Study: Preventing the W32 Blaster Worm
The lesson includes these activities:
Lab 8: Performing Incident Investigation and Mitigation
78 Security Curriculum Course Outline © 2009 Cisco Systems, Inc.
Lesson 9: Working with User-Defined Log Parser Templates Lesson objective: Describe and configure user-defined log parser templates on the Cisco Security MARS appliance. This ability includes being able to meet these objectives:
Describe user-defined log parser templates
Describe how to configure a custom parser
The lesson includes these topics:
Overview of User-Defined Log Parser Templates
Scenario: Configuring a Customer Parser
The lesson includes these activities:
Lab 9: Configuring the Custom Parser
Lesson 10: Integrating with Cisco Security Manager Lesson objective: Integrate Cisco Security Manager and Cisco Security MARS. This ability includes being able to meet these objectives:
Describe Cisco Security Manager and Cisco Security MARS integration
Demonstrate how to add a Cisco Security Manager server to a Cisco Security MARS appliance and then invoke Cisco Security Manager Policy Table Lookup from Cisco Security MARS
The lesson includes these topics:
Overview of Cisco Security Manager Policy Table Lookup
Scenario: Invoking Cisco Security Manager Policy Table Lookup from Cisco Security MARS
The lesson includes these activities:
Lab 10: Performing Cisco Security Manager Policy Lookup
Reference At this point in the class, it is recommended that the instructor run the IPS-CSM-MARS.zip file to demonstrate the IPS-CSM-MARS integration feature. The demonstration file is included in the instructor CD.
Lesson 11: Managing and Administering the System Lesson objective: Perform system maintenance tasks on the Cisco Security MARS appliance. This ability includes being able to meet these objectives:
Describe the event, addressing, service, and user management tasks that can be performed in Cisco Security MARS
Provide an overview of the Cisco Security MARS appliance system maintenance tasks
Describe how Cisco Security MARS can discover the new signatures on IPS devices
Describe the software upgrade process in Cisco Security MARS appliance
Describe the caveats and process of migrating data from a 4.3.x to 5.3.x Cisco Security MARS appliance
© 2008 Cisco Systems, Inc. Course Administration Guide 79
The lesson includes these topics:
Management Overview
Overview of System Maintenance Tasks
IPS Signature Dynamic Update Settings
Upgrading the Cisco Security MARS Appliance Software
Migrating Data from Cisco Security MARS 4.3.x to 5.3.x
The lesson includes these activities:
Lab 11-1: Reviewing the CLI and Upgrading the Device Version
Lab 11-2: Configuring IPS Auto Signature Download
Lab 11-3: Configuring AAA RADIUS Authentication and Working with the Account Locking and Session Timeout Menu
Lab 11-4: Retrieving Raw Messages
Lesson 12: Troubleshooting and Optimizing Cisco Security MARS Lesson objective: Identify common issues about the Cisco Security MARS. This ability includes being able to meet these objectives:
Describe common hardware issues with the Cisco Security MARS appliance
Describes common configuration issues with the Cisco Security MARS appliance
Discuss communications issues between a Global Controller and the Local Controllers it manages
Describes the parameters to consider when sizing the Cisco Security MARS deployment
Provide general recommendations for tuning Cisco Security MARS appliances
Provide general recommendations for securing Cisco Security MARS appliances
The lesson includes these topics:
Hardware Installation Issues
Device Configuration Issues
Global Controller-to-Local Controller Communications
Sizing Cisco Security MARS Deployment
Tuning Cisco Security MARS
Securing Cisco Security MARS
80 Security Curriculum Course Outline © 2009 Cisco Systems, Inc.
Lesson 13: Using the Cisco Security MARS Global Controller Lesson objective: Describe the features and functions of the Cisco Security MARS Global Controller. This ability includes being able to meet these objectives:
Provide an overview of the Cisco Security MARS Global Controller and its functions and architecture
Describe the procedure to set up and perform the initial configuration on the Cisco Security MARS Global Controller
Describe the user interface and Summary page of the Cisco Security MARS Global Controller
Describe incident investigation on the Cisco Security MARS Global Controller
Describes the Query and Reports tab options of the Cisco Security MARS Global Controller
Describe how to configure rules on the Cisco Security MARS Global Controller that are propagated down to the Cisco Security MARS Local Controller
Describe the steps to configure the administration and management features of the Cisco Security MARS Global Controller
Describe the system maintenance tasks for the Cisco Security MARS Global Controller
The lesson includes these topics:
Cisco Security MARS Global Controller Overview
Configuring the Cisco Security MARS Global Controller
Summary Tab
Incidents Tab
Queries and Reports
Rules Tab
Management Tab
System Maintenance Tab
Lesson 14: Course Review: Cisco Security MARS at Work Lesson objective: Summarize the key functionalities of Cisco Security MARS technologies at work. This ability includes being able to meet these objectives:
Describe how the Cisco Security MARS appliance is providing STM functionality, given a scenario
The lesson includes these topics:
Cisco Security MARS At Work
© 2008 Cisco Systems, Inc. Course Administration Guide 81
CANAC - Course Outline
Overview The Cisco Self-Defending Network (SDN) strategy addresses the need for Network Admission Control (NAC). The Cisco NAC Appliance is an easily deployed software NAC solution that can automatically detect, isolate, and clean infected or vulnerable devices that attempt to access your network. The Implementing Cisco NAC Appliance (CANAC) v2.1 course provides learners with the skills and knowledge needed to implement the Cisco NAC Appliance solution as a part of a Cisco SDN security strategy.
Course Objectives Upon completing this course, the learner will be able to meet these overall objectives:
Given client network security requirements, explain how a Cisco NAC Appliance deployment scenario will meet or exceed network security requirements
Configure the common elements of a Cisco NAC Appliance solution
Configure the Cisco NAC Appliance in-band and out-of-band implementation options
Implement a highly available Cisco NAC Appliance solution to mitigate network threats and facilitate network access for those users that meet corporate security requirements
Maintain a highly available Cisco NAC Appliance deployment in medium and enterprise network environments
High-Level Course Outline This subtopic provides an overview of how the course is organized. The course contains these components:
Course Introduction
Cisco NAC Endpoint Security Solutions
Cisco NAC Appliance Common Elements Configuration
Cisco NAC Appliance Implementation
Cisco NAC Appliance Implementation Options
Cisco NAC Appliance Monitoring and Administration
82 Security Curriculum Course Outline © 2009 Cisco Systems, Inc.
Detailed Course Outline This in-depth outline of the course structure lists each module, lesson, and topic.
Module 1: Cisco NAC Endpoint Security Solutions Given a client's network security requirements, explain how a Cisco NAC Appliance deployment scenario will meet or exceed network security requirements.
Lesson 1: Introducing Cisco Self-Defending Networks This lesson defines how the Cisco SDN strategy can meet network security requirements. Upon completing this lesson, the learner will be able to meet these objectives:
Describe the key factors that are causing changes to network security
Describe the role of each of the three components of the Cisco host-protection strategy
Describe the Cisco SDN strategy
Describe Cisco NAC products
The lesson includes these topics:
Changing Landscape of Security
Cisco Host-Protection Strategy
The Cisco SDN Initiative
Cisco NAC Products
Lesson 2: Introducing Cisco NAC Appliance This lesson defines how to describe the Cisco NAC Appliance solution. Upon completing this lesson, the learner will be able to meet these objectives:
Summarize how the Cisco NAC Appliance solution controls and secures networks
Describe the components of a Cisco NAC Appliance solution
Describe the supported platforms for a Cisco NAC Appliance solution
Explain how Cisco NAC Appliance enforces compliance for remote and local users
Summarize how to configure a Cisco NAC Appliance solution
Navigate through the Cisco NAC Appliance web-based GUI
The lesson includes these topics:
Cisco NAC Appliance Solution
Cisco NAC Appliance Components
Cisco NAC Appliance Platforms
Cisco NAC Appliance Local and Remote Compliance Scenarios
Cisco NAC Appliance Configuration Overview
Cisco NAC Appliance User Interface
© 2008 Cisco Systems, Inc. Course Administration Guide 83
This lesson includes this activity:
Preparing the Cisco NAM to Support Web-Based Administration Console Configuration
Lesson 3: Introducing In-Band and Out-of-Band Deployment Options This lesson defines how to deploy Cisco NAC Appliance to protect against specified threats. Upon completing this lesson, the learner will be able to meet these objectives:
Describe the Cisco NAS deployment options
Describe the in-band and out-of-band deployment options
Describe the key features of a Cisco NAC Appliance out-of-band deployment
Describe the key features of a Cisco NAC Appliance in-band deployment
Describe the Cisco NAS operating modes for an in-band and out-of-band deployment
The lesson includes these topics:
Cisco NAS Deployment Options
In-Band and Out-of-band Deployment Options
Cisco NAC Appliance Out-of-Band Deployment
Cisco NAC Appliance In-Band Deployment
Cisco NAS Operating Modes
Module 2: Cisco NAC Appliance Common Elements Configuration Configure the common elements of a Cisco NAC Appliance solution.
Lesson 1: Configuring User Roles This lesson defines how to configure user roles in the Cisco NAC Appliance solution for a customer network scenario using the Cisco NAC Appliance Manager (Cisco NAM). Upon completing this lesson, the learner will be able to meet these objectives:
Describe user roles in Cisco NAC Appliance
Describe how to manage user roles
Explain traffic control policies for user roles
Describe how to configure traffic control policies for a user role
Describe how to create a local user account
Describe how to configure user session timeouts for user roles
Describe how to configure guest access for visitors or temporary users in a Cisco NAC Appliance network
The lesson includes these topics:
What Is a User Role?
Managing User Roles
Defining Traffic Policies for User Roles
Configuring Traffic Policies for User Roles
84 Security Curriculum Course Outline © 2009 Cisco Systems, Inc.
Creating Local User Accounts
Configuring User Session Timeouts
Configuring Guest Access
This lesson includes this activity:
Configuring User Roles
Lesson 2: Configuring External Authentication This lesson defines how to configure external authentication for users in a network using the Cisco NAM. Upon completing this lesson, the learner will be able to meet these objectives:
Describe how to configure the Cisco NAM to use external authentication providers
Describe how to map users to user roles when configuring external authentication
Describe how to test user authentication for configured external authentication providers
Describe how to configure RADIUS accounting for users in a Cisco NAC Appliance network
The lesson includes these topics:
Configuring External Authentication Providers
Mapping Users to User Roles
Testing User Authentication
Configuring RADIUS Accounting for Users
Lesson 3: Configuring DHCP on the Cisco NAS This lesson defines how to configure the Cisco NAS for a DHCP-enabled network. Upon completing this lesson, the learner will be able to meet these objectives:
Describe Cisco NAS modes of operation for a DHCP-enabled network
Describe how to enable the Cisco NAS DHCP module
Describe how to configure the Cisco NAS to provide DHCP services
Describe how to manage generated subnets on the Cisco NAS
Describe how to configure the Cisco NAS to provide reserved IP addresses
Describe how to configure user-specified DHCP options on the Cisco NAS
The lesson includes these topics:
Cisco NAS DHCP Modes
Enabling the DHCP Module
Configuring IP Ranges
Working with Subnets
Reserving IP Addresses
Configuring User-Specified DHCP Options
© 2008 Cisco Systems, Inc. Course Administration Guide 85
Module 3: Cisco NAC Appliance Implementation Configure the Cisco NAC Appliance in-band and out-of-band implementation options.
Lesson 1: Implementing Cisco NAC Appliance In-Band Deployment This lesson defines how to deploy the Cisco NAC Appliance in-band solution for Layer 2 and Layer 3 network environments. Upon completing this lesson, the learner will be able to meet these objectives:
Describe the Cisco NAC Appliance in-band process flow
Describe central and edge in-band deployment configurations for Cisco NAC Appliance
Describe how to configure the Cisco NAS for in-band deployment
Describe how to add the Cisco NAS to the Cisco NAM managed domain for in-band deployment
Describe how to use the Cisco NAM to configure the trusted and untrusted interfaces of the Cisco NAS
Describe how to add managed subnets on the Cisco NAS
Describe how to configure Cisco NAS VLAN settings
The lesson includes these topics:
In-Band Process Flow
In-Band Deployment Configurations
Configuring the Cisco NAS for In-Band Deployment
Adding the Cisco NAS to the Managed Domain
Configuring the Cisco NAS Interfaces
Adding Managed Subnets
Configuring Cisco NAS VLAN Settings
This lesson includes this activity:
Adding an In-Band Virtual Gateway Cisco NAS to the Cisco NAM
Lesson 2: Implementing the Microsoft Windows SSO Feature on the Cisco NAC Appliance This lesson defines how to configure the Cisco NAC Appliance Server (Cisco NAS) to support the NAC Appliance Microsoft Windows single sign-on (SSO) with Active Directory feature for client and server machines to meet customer remote access requirements. Upon completing this lesson, the learner will be able to meet these objectives:
Describe how Cisco NAC Appliance uses Windows SSO to ensure increased security
Summarize the process used by Microsoft Windows to exchange Kerberos tickets with the Cisco NAS
Describe how a Cisco NAS communicates with a Microsoft Windows Active Directory server
Describe the steps that are used to configure Active Directory SSO for the Cisco NAM, Cisco NAS, and Microsoft Windows Active Directory Server
86 Security Curriculum Course Outline © 2009 Cisco Systems, Inc.
The lesson includes these topics:
Cisco NAC Appliance SSO for Microsoft Windows
Kerberos Ticket Exchange
Communicating Between Cisco NAS and a Microsoft Windows Active Directory Server
Configuring Active Directory SSO for the Cisco NAM, Cisco NAS, and Microsoft Windows Active Directory Server
This lesson includes this activity:
Configuring the Microsoft Windows Active Directory SSO Feature on the Cisco NAC Appliance
Lesson 3: Implementing the Cisco VPN SSO Feature on the Cisco NAC Appliance This lesson defines how to use the Cisco NAC Appliance web-based administration console to configure the Cisco NAS to support Cisco VPN SSO devices. Upon completing this lesson, the learner will be able to meet these objectives:
Describe the Cisco NAC Appliance VPN SSO support for Cisco VPN concentrators and Cisco Adaptive Security Appliances (ASAs)
Explain how the SSO improves the use of VPN services with the Cisco NAC Appliance solution
Describe how to configure the Cisco NAC Appliance for Cisco VPN SSO device integration
The lesson includes these topics:
Introducing Cisco NAC Appliance VPN SSO
Introducing VPN SSO Support
Configuring Cisco NAC Appliance for VPN Concentrator or ASA Integration
This lesson includes this activity:
Configuring the Cisco VPN SSO Feature on the Cisco NAC Appliance
Lesson 4: Implementing Cisco NAC Appliance Out-of-Band Deployment This lesson defines how to deploy a Cisco NAC Appliance out-of-band solution for VLAN-based quarantine. Upon completing this lesson, the learner will be able to meet these objectives:
Describe the Cisco NAC Appliance out-of-band process flow
Describe the considerations for implementing the Cisco NAC Appliance out-of-band for central- and edge-deployment scenarios
Describe how to add an out-of-band Cisco NAS to the Cisco NAM
Describe how to implement the Cisco NAC Appliance out-of-band deployment for the different Cisco NAS operating modes
The lesson includes these topics:
© 2008 Cisco Systems, Inc. Course Administration Guide 87
Out-of-Band Process Flow
Out-of-Band Deployment Considerations
Adding an Out-of-Band Cisco NAS to the Cisco NAM
Implementing Cisco NAS Out-of-Band Operating Modes
This lesson includes this activity:
Adding an Out-of-Band Virtual Gateway Cisco NAS to an HA Cisco NAC Appliance Deployment
Note For the purposes of learning continuity, this lesson activity can be completed after the lab activity Configuring an HA In-Band VPN Cisco NAC Appliance Solution.
Lesson 5: Managing Switches This lesson defines how to configure the Cisco NAM to manage switches for out-of-band deployment scenarios. Upon completing this lesson, the learner will be able to meet these objectives:
Describe how to implement switch management for Cisco NAC Appliance out-of-band deployment
Describe how to set up switches so that they can be used with Cisco NAC Appliance out-of-band deployment
Describe how to configure group profiles on the Cisco NAM for out-of-band deployment
Describe how to configure switch profiles on the Cisco NAM for out-of-band deployment
Describe how to configure port profiles on the Cisco NAM for out-of-band deployment
Describe how to configure the SNMP receiver on the Cisco NAM for out-of-band deployment
Describe how to add switches to the Cisco NAM managed domain for out-of-band deployment
Describe how to configure switch ports to use the Cisco NAM port profiles for out-of-band deployment
Describe how to manage the switch configuration settings for out-of-band deployment
The lesson includes these topics:
Implementing Switch Management
Configuring the Network for Out-of-Band Deployment
Configuring Group Profiles
Configuring Switch Profiles
Configuring Port Profiles
Configuring the SNMP Receiver
Adding Switches to the Managed Domain
Configuring Switch Ports to Use Port Profiles
88 Security Curriculum Course Outline © 2009 Cisco Systems, Inc.
Managing Switch Configuration Settings
This lesson includes this activity:
Configuring SNMP, Switch, and Port Profiles for an Out-of-Band Cisco NAC Appliance Deployment
Note For the purposes of learning continuity, this lesson activity can be completed after the activities to configure Cisco NAM and Cisco NAS high availability.
Module 4: Cisco NAC Appliance Implementation Options Implement a highly available Cisco NAC Appliance solution to mitigate network threats and facilitate network access for those users that meet corporate security requirements.
Lesson 1: Implementing Cisco NAC Appliance on a Network This lesson defines how to explain which Cisco NAC Appliance features to implement in order to protect a network. Upon completing this lesson, the learner will be able to meet these objectives:
Describe how to implement Cisco NAC Appliance to protect a network
Describe how to use the Device Management menu options to configure the general setup options
Explain how user pages are configured in Cisco NAC Appliance
Describe how to use the Cisco NAM to manage certified devices in the network
The lesson includes these topics:
Implementing Cisco NAC Appliance
Introducing the General Setup Tab
Introducing User Pages
Managing Certified Devices
Lesson 2: Implementing Network Scanning This lesson defines how to configure the Cisco NAC Appliance network scanner to use Nessus plug-ins to check for security vulnerabilities. Upon completing this lesson, the learner will be able to meet these objectives:
Describe the steps that are needed to configure the Cisco NAC Appliance network scanner to use Nessus plug-ins
Describe how to configure the quarantine role
Describe how to implement Nessus plug-ins into the Cisco NAM repository
Describe how to test a network scanning configuration
Describe how to customize the User Agreement page
Describe how to view scan reports
© 2008 Cisco Systems, Inc. Course Administration Guide 89
The lesson includes these topics:
Introducing Network Scanning
Configuring the Quarantine Role
Implementing Nessus Plug-Ins
Testing a Scanning Configuration
Customizing the User Agreement Page
Viewing Scan Reports
Lesson 3: Configuring the Cisco NAM to Implement the Cisco NAA on User Devices This lesson defines how to configure the Cisco NAM to implement Cisco NAA on client machines in a network. Upon completing this lesson, the learner will be able to meet these objectives:
Describe the steps that are used to configure the Cisco NAM to implement the Cisco NAA on client machines
Describe how to retrieve updates from the Cisco NAC Appliance update server
Describe how to ensure that the Cisco NAA is installed on user devices
Describe how to configure the Cisco NAA temporary role on the Cisco NAM
Explain Cisco NAA system requirements
Describe how to create a check
Describe how to create an antivirus rule and a normal rule
Describe how to create an antivirus requirement and a custom requirement
Describe how to map requirements to rules and roles
The lesson includes these topics:
Configuring the Cisco NAM to Implement the Cisco NAA
Retrieving Updates
Requiring the Use of the Cisco NAA
Configuring the Cisco NAA Temporary Role
Introducing Cisco NAA Checks, Rules, and Requirements
Creating a Check
Creating Rules
Creating Requirements
Mapping Requirements to Rules and Roles
This lesson includes this activity:
Configuring the Cisco NAA
90 Security Curriculum Course Outline © 2009 Cisco Systems, Inc.
Lesson 4: Configuring Cisco NAM High Availability This lesson defines how to configure a high-availability pair of Cisco NAMs. Upon completing this lesson, the learner will be able to meet these objectives:
Describe how to configure high availability between two Cisco NAMs
Describe how to establish a serial connection between two Cisco NAMs
Describe how to configure a primary Cisco NAM for high availability
Describe how to configure a secondary Cisco NAM for high availability
The lesson includes these topics:
Introducing High Availability for Cisco NAMs
Establishing a Serial Connection Between Cisco NAMs
Configuring the Primary Cisco NAM
Configuring the Secondary Cisco NAM
Lesson 5: Configuring Cisco NAS High Availability This lesson defines how to configure a high-availability pair of Cisco NASs. Upon completing this lesson, the learner will be able to meet these objectives:
Describe how to configure high availability between two Cisco NASs
Describe how to configure the primary Cisco NAS for high availability
Describe how to configure the secondary Cisco NAS for high availability
Describe how to test the Cisco NAS high-availability configuration
Describe how to configure DHCP failover
The lesson includes these topics:
Introducing High Availability for Cisco NASs
Configuring the Primary Cisco NAS
Configuring the Secondary Cisco NAS
Testing the Cisco NAS High-Availability Configuration
Configure DHCP Failover
This lesson includes this activity:
Configuring an HA In-Band VPN Cisco NAC Appliance Solution
© 2008 Cisco Systems, Inc. Course Administration Guide 91
Module 5: Cisco NAC Appliance Monitoring and Administration Maintain a highly available Cisco NAC Appliance deployment in medium and enterprise network environments.
Lesson 1: Monitoring a Cisco NAC Appliance Deployment This lesson defines how to monitor the operational information of a Cisco NAC Appliance deployment using the Cisco NAM. Upon completing this lesson, the learner will be able to meet these objectives:
Describe how to monitor Cisco NAC Appliance activities
Describe how to use the Online Users page to monitor online users
Describe how to use the web-based administrative console to monitor event logging
The lesson includes these topics:
Introducing Cisco NAC Appliance Monitoring
Monitoring Online Users
Monitoring Event Logs
92 Security Curriculum Course Outline © 2009 Cisco Systems, Inc.
Lesson 2: Administering the Cisco NAM This lesson defines how to manage a Cisco NAC Appliance deployment. Upon completing this lesson, the learner will be able to meet these objectives:
Describe the components of the Cisco NAM administration module
Describe how to manage administrator groups
Describe how to manage users with administrator privileges
Describe how to manage user passwords
Describe how to administer the Cisco NAM system time settings
Describe how to configure SSL certificate management using the administrator console of the Cisco NAM
Describe how to manage Cisco NAC Appliance software upgrades and licenses
Describe the steps used to maintain a Cisco NAM configuration
The lesson includes these topics:
Defining the Cisco NAM Administration Module
Managing Administrator Groups
Managing Administrator Users
Managing User Passwords
Administering the System Time
Managing SSL Certificates
Managing the Cisco NAC Appliance Software
Protecting Your Cisco NAM Configuration