Security Curriculum - Course outlines - The Cisco Learning Network

CISCO SYSTEMS, INC.

Security Curriculum Course Outline

10/13/2009

Created by Davie Chia ([email protected]), CCSP program manager

2 Security Curriculum Course Outline © 2009 Cisco Systems, Inc.

CONTENT: IINS (CCNA Security) – page 3 SNRS (CCSP‐core) – page 22 IPS (CCSP‐core) – page 36 SNAF (CCSP‐core) – page 48 SNAA (CCSP‐elective) – page 58 MARS (CCSP‐elective) – page 71 CANAC (CCSP‐elective) – page 81

© 2008 Cisco Systems, Inc. Course Administration Guide 3

IINS – Course Outline Overview

Implementing Cisco IOS Network Security (IINS) v1.0 is an instructor-led course presented by Cisco training partners to their end-user customers. This five-day course focuses on the necessity of a comprehensive security policy and how it affects the posture of the network. Learners will be able to perform basic tasks to secure a small branch type office network using Cisco IOS security features available through web-based GUIs (Cisco Router and Security Device Manager [SDM]) and the command-line interface (CLI) on the Cisco routers and switches.

Course Objectives Upon completing this course, the learner will be able to meet these overall objectives:

Develop a comprehensive network security policy to counter threats against information security

Configure routers on the network perimeter with Cisco IOS Software security features

Configure firewall features including ACLs and Cisco IOS zone-based firewalls to perform basic security operations on a network

Configure site-to-site VPNs using Cisco IOS features

Configure IPS on Cisco network routers

Configure LAN devices to control access, resist attacks, shield other network devices and systems, and protect the integrity and confidentiality of network traffic

High-Level Course Outline This subtopic provides an overview of how the course is organized. The course contains these seven components:

Introduction to Network Security Principles

Perimeter Security

Network Security Using Cisco IOS Firewalls

Site-to-Site VPNs

Network Security Using Cisco IOS IPS

LAN, SAN, Voice, and Endpoint Security Overview


Detailed Course Outline

Module 1: Introduction to Network Security Principles Upon completing this module, the learner will be able to develop a comprehensive network security policy to counter threats against information security.

Lesson 1: Examining Network Security Fundamentals This lesson describes the core principles that are part of a secure network. Upon completing this lesson, the learner will be able to meet these objectives:

Describe how sophisticated attack tools and open networks generate an increased need for network security and dynamic security policies

Describe the three primary objectives of security

Describe the different classifications of data that are used by the private sector and the public sector

Describe the three primary types of security controls

Describe some of the factors that are involved in responding to a security breach

Identify key laws and codes of ethics that are binding to INFOSEC professionals

The lesson includes these topics:

The Need for Network Security

Network Security Objectives

Data Classification

Security Controls

Response to a Security Breach

Laws and Ethics

Lesson 2: Examining Network Attack Methodologies This lesson describes various attack methods and how to plan a defense in depth to help protect your network from these attacks. Upon completing this lesson, the learner will be able to meet these objectives:

Describe network adversaries, motivations, and classes of attack

Describe how hackers work so that you have a better appreciation of the threats they pose

Describe the concept of defense in depth

Describe how attackers use IP spoofing to launch various types of attacks

Describe several attack methods that attackers use to compromise confidentiality

Describe several attack methods that attackers use to compromise integrity

Describe several attack methods that attackers use to compromise availability

Describe some best practices that can help defend your network against hackers



Adversaries, Motivations, and Classes of Attack

How Hackers Think

The Principles of Defense in Depth

IP Spoofing Attacks

Confidentiality Attacks

Integrity Attacks

Availability Attacks

Best Practices to Defeat Network Attacks

The lesson includes this activity:

Lab 1-1: Embedding a Secret Message Using Steganography

Lesson 3: Examining Operations Security This lesson describes the principles behind operations security and how correct practices increase security, including security testing, a secure life cycle, and business continuity planning. Upon completing this lesson, the learner will be able to meet these objectives:

Describe the SDLC and how you use it to design a Secure Network Lifecycle management process

Identify key operations security principles

Explain various network security testing techniques and tools

Explain the principles of disaster recovery and business continuity planning and give examples of how they are practiced


Secure Network Lifecycle Management

Principles of Operations Security

Network Security Testing

Disaster Recovery and Business Continuity Planning

The lesson includes these activities:

Lab 1-2: Scanning a Computer System Using Testing Tools

Lab 1-3: Scanning a Network Using Testing Tools

Lesson 4: Understanding and Developing a Comprehensive Network Security Policy This lesson describes how increasing network security threats demand comprehensive network security policies, and describes the main activities in each phase of a secure network lifecycle. Upon completing this lesson, the learner will be able to meet these objectives:

Describe the essential functions and goals of a security policy and how to use them to create a security policy

Identify commonly used policy documents and standards, and explain the differences between these standards and procedures


Identify the various roles that are played within an enterprise for the development and maintenance of a security policy

Describe the role that risk management plays in the development of a security policy

Describe the system-level security principles that should be considered throughout the lifecycle of a secure network

Describe how training and other awareness techniques can help to increase the effectiveness of a security policy


Security Policy Overview

Policies, Standards, and Procedures

Roles and Responsibilities

Risk Management

Principles of Secure Network Design

Security Awareness

Lesson 5: Building Cisco Self-Defending Networks This lesson describes how to implement the Cisco Self-Defending Network strategy by enhancing the existing network infrastructure with Cisco technologies, products, and solutions. Upon completing this lesson, the learner will be able to meet these objectives:

Describe how changing threats and challenges demand a new approach to network security

Describe the components of the Cisco Self-Defending Network strategy

Describe the positioning and benefits of the Cisco integrated security portfolio


Changing Threats and Challenges

Building a Cisco Self-Defending Network

Cisco Integrated Security Portfolio


Module 2: Perimeter Security Upon completing this module, the learner will be able to configure routers on the network perimeter with Cisco IOS Software security features.

Lesson 1: Securing Administrative Access to Cisco Routers This lesson defines how to secure the physical installation of and administrative access to Cisco routers based on different network requirements using the CLI. Upon completing this lesson, the learner will be able to meet these objectives:

Describe the security features of the Cisco IOS Software on Cisco routers

Describe the security features of the Cisco Integrated Services Routers

Configure passwords and login failure rates using the CLI to secure administrative access to Cisco routers

Configure multiple privilege levels using the CLI to secure administrative access to Cisco routers

Configure role-based CLI access to create views

Configure the Cisco IOS resilient configuration feature using the CLI to secure the Cisco IOS image and configuration file

Configure virtual login connection security using the CLI

Configure a banner message using the CLI to secure administrative access to Cisco routers


Cisco IOS Security Features

Introducing the Cisco Integrated Services Router Family

Configuring Secure Administrative Access

Setting Multiple Privilege Levels

Configuring Role-Based CLI Access

Securing the Cisco IOS Image and Configuration Files

Configuring Enhanced Support for Virtual Logins

Configuring Banner Messages


Lab 2-1: Securing Administrative Access to Cisco Routers

Lesson 2: Introducing Cisco SDM This lesson describes the features and wizards of Cisco SDM, and describes how to launch and navigate Cisco SDM. Upon completing this lesson, the learner will be able to meet these objectives:

Describe the key features, concepts, and purpose of Cisco SDM

Set up a router to run Cisco SDM and Cisco SDM Express

Launch Cisco SDM Express to configure a new router

Launch Cisco SDM


Navigate Cisco SDM

Describe the common wizards available in Cisco SDM


Cisco SDM Overview

Supporting Cisco SDM and Cisco SDM Express

Launching Cisco SDM Express

Launching Cisco SDM

Navigating the Cisco SDM Interface

Cisco SDM Wizards

Lesson 3: Configuring AAA on a Cisco Router Using the Local Database This lesson defines how to configure a Cisco router to perform authentication, authorization, and accounting (AAA) authentication with a local database using Cisco SDM. Upon completing this lesson, the learner will be able to meet these objectives:

Describe the functions and importance of AAA

Describe the different ways to implement AAA services on Cisco routers

Describe the steps to authenticate user access to a Cisco router using a local database

Configure AAA using Cisco SDM to support using the local database

Troubleshoot AAA on a Cisco router using the debug aaa command


AAA Overview

Introduction to AAA for Cisco Routers

Using Local Services to Authenticate Router Access

Configuring Local Database Authentication Using AAA

Troubleshooting AAA on Cisco Routers


Lab 2-2: Configuring AAA on Cisco Routers to Use the Local Database

Lesson 4: Configuring AAA on a Cisco Router to Use Cisco Secure ACS This lesson describes the operation of external AAA sources such as RADIUS and TACACS+ servers and defines how to configure a Cisco router to use Cisco Secure Access Control Server (ACS) to perform AAA. Upon completing this lesson, the learner will be able to meet these objectives:

List the features and benefits of Cisco Secure ACS products and describe their function in a network security solution

Describe and compare the TACACS+ and RADIUS protocols

Install Cisco Secure ACS for Windows

Configure the Cisco Secure ACS server


Configure Cisco Routers to use TACACS+ as a AAA protocol using the CLI and Cisco SDM

Describe troubleshooting TACACS+ using debug commands from the CLI


Cisco Secure ACS Overview

TACACS+ and RADIUS Protocols

Installing Cisco Secure ACS for Windows

Configuring the Server

Configuring TACACS+ Support on a Cisco Router

Troubleshooting TACACS+


Lab 2-3: Configuring AAA on Cisco Routers to Use Cisco Secure ACS

Lesson 5: Implementing Secure Management and Reporting This lesson defines how to securely implement the management and reporting features of syslog, Simple Network Management Protocol (SNMP), Secure Shell (SSH), and Network Time Protocol (NTP). Upon completing this lesson, the learner will be able to meet these objectives:

Describe the factors you must consider when planning the secure management and reporting configuration of network devices

Describe the architecture of secure management and reporting

Describe the key role that syslog plays in network security

Use Cisco SDM to monitor log messages

Describe the security features of SNMPv3

Configure an SSH daemon for secure management and reporting

Enable time features with Cisco SDM


Planning Considerations for Secure Management and Reporting

Secure Management and Reporting Architecture

Using Syslog Logging for Network Security

Using Logs to Monitor Network Security

Using SNMP

Configuring an SSH Daemon for Secure Management and Reporting

Enabling Time Features


Lab 2-4: Implementing Secure Management and Reporting


Lesson 6: Locking Down the Router This lesson defines how to examine router configurations with the Security Audit feature of Cisco SDM and make the router and network more secure by using the one-step lockdown feature in Cisco SDM or the command auto secure. Upon completing this lesson, the learner will be able to meet these objectives:

Describe the router services and interfaces that are vulnerable to network attacks

Explain the vulnerabilities posed by commonly configured router management services

Use the Cisco SDM Security Audit feature to determine and to fix router security vulnerabilities

Use the Cisco SDM one-step lockdown feature or the CLI auto secure command to secure a router

Explain the limitations of using the Cisco SDM one-step lockdown feature or the CLI auto secure command


Vulnerable Router Services and Interfaces

Management Service Vulnerabilities

Performing a Security Audit

Locking Down a Cisco Router

Limitations and Cautions


Lab 2-5: Using Cisco SDM One-Step Lockdown and Security Audit


Module 3: Network Security Using Cisco IOS Firewalls Upon completing this module, the learner will be able to configure firewall features including access control lists (ACLs) and Cisco IOS zone-based policy firewalls to perform basic security operations on a network.

Lesson 1: Introducing Firewall Technologies This lesson describes the operations of the different types of firewall technologies, and the firewall technologies that are embedded in Cisco routers and Cisco security appliances. Upon completing this lesson, the learner will be able to meet these objectives:

Describe the role of firewalls in securing networks

Describe the role of firewalls in a layered defense strategy

Describe how a static packet filter allows or blocks data packets as they pass through a network interface

Describe how application layer or proxy firewalls control or monitor inbound and outbound traffic

Describe how dynamic or stateful inspection packet filtering improves network security and performance

Describe additional types of firewalls, including application inspection firewalls and transparent firewalls

Describe the features of the Cisco IOS Firewall, Cisco PIX 500 Series Security Appliances, and Cisco ASA 5500 Series Adaptive Security Appliances

Develop an effective firewall policy that is based on firewall best practices


Firewall Fundamentals

Firewalls in a Layered Defense Strategy

Static Packet Filtering Firewalls

Application Layer Gateways

Dynamic or Stateful Packet Filtering Firewalls

Other Types of Firewalls

Cisco Family of Firewalls

Developing an Effective Firewall Policy

Lesson 2: Creating Static Packet Filters Using ACLs This lesson defines how to create static packet filters using ACLs. Upon completing this lesson, the learner will be able to meet these objectives:

Explain how ACLs are used to control access in networks

Define wildcard masks and explain how they are used by ACLs

Configure and apply ACLs to router interfaces using the CLI

Explain the caveats you must consider when creating ACLs


Configure standard and extended ACLs using Cisco SDM

Configure ACLs to protect common network services


ACL Fundamentals

ACL Wildcard Masking

Using ACLs to Control Traffic

ACL Considerations

Configuring ACLs Using SDM

Using ACLs to Permit and Deny Network Services


Lab 3-1: Creating Static Packet Filters Using ACLs

Lesson 3: Configuring Cisco IOS Zone-Based Policy Firewall This lesson defines how to configure a Cisco IOS zone-based policy firewall on your network using the Cisco SDM wizard. Upon completing this lesson, the learner will be able to meet these objectives:

Describe the principles of zone-based policy firewalls

Configure a zone-based policy firewall using Cisco SDM Basic Firewall wizard

Configure a zone-based policy firewall manually using Cisco SDM

Verify the zone-based policy firewall configuration using Cisco SDM and the CLI


Zone-Based Policy Firewall Overview

Configuring Zone-Based Policy Firewalls Using the Basic Firewall Wizard

Manually Configuring Zone-Based Policy Firewalls Using Cisco SDM

Monitoring a Zone-Based Policy Firewall


Lab 3-2: Configuring a Cisco IOS Zone-Based Policy Firewall


Module 4: Site-to-Site VPNs After completing this module, the learner will be able to configure site-to-site virtual private networks (VPNs) using Cisco IOS features.

Lesson 1: Examining Cryptographic Services This lesson describes how encryption, hashing, and digital signatures provide confidentiality, integrity, and nonrepudiation. Upon completing this lesson, the learner will be able to meet these objectives:

Define cryptology, cryptanalysis, and encryption, and explain the symbiotic relationship between cryptanalysis and encryption

Explain the difference between, and the functionality of, symmetric and asymmetric encryption algorithms

Describe the differences between block and stream ciphers

Describe the basic forms of encryption, as well as their differences and their benefits

Explain the importance and function of cryptographic hashes

Explain the importance of key length, key creation, key distribution, key recovery, and key destruction

Describe the basic functions, advantages, and disadvantages of SSL VPNs


Cryptology Overview

Symmetric and Asymmetric Encryption Algorithms

Block and Stream Ciphers

Encryption Algorithm Selection

Cryptographic Hashes

Key Management

Introducing SSL VPNs

Lesson 2: Examining Symmetric Encryption This lesson defines how to describe the methods, algorithms, and purposes of symmetric encryption. Upon completing this lesson, the learner will be able to meet these objectives:

Explain the generic functionality of symmetric encryption algorithms

Describe the features and functions of the DES algorithm

Describe the features and functions of the 3DES algorithm

Describe the features and functions of the AES algorithm

Describe the features and functions of the SEAL algorithm

Describe the features and functions of several algorithms written by Ron Rivest



Symmetric Encryption Overview

DES Features and Functions

3DES Features and Functions

AES Features and Functions

SEAL Features and Functions

Rivest Ciphers Features and Functions

Lesson 3: Examining Cryptographic Hashes and Digital Signatures This lesson describes the use and purpose of hashes and digital signatures in providing integrity and nonrepudiation. Upon completing this lesson, the learner will be able to meet these objectives:

Explain the generic functionality of hash algorithms and the HMAC variant

Describe the features and functions of the MD5 algorithm

Describe the features and functions of the SHA-1 algorithm

Explain the generic functionality of digital signatures

Describe the features and functions of the DSS


Overview of Hash Algorithms and HMACs

MD5 Features and Functions

SHA-1 Features and Functions

Overview of Digital Signatures

DSS Features and Functions

Lesson 4: Examining Asymmetric Encryption and PKI This lesson describes the use and purpose of asymmetric encryption and public key infrastructure (PKI). Upon completing this lesson, the learner will be able to meet these objectives:

Explain the generic functionality of asymmetric encryption algorithms

Describe the features and functions of the RSA algorithm

Describe the features and functions of the DH key exchange algorithm

Explain the principles behind a PKI

Explain the PKI standards

Explain the role of CAs and RAs in a PKI


Asymmetric Encryption Overview

RSA Features and Functions


DH Features and Functions

PKI Definitions and Algorithms

PKI Standards

Certificate Authorities

Lesson 5: Examining IPsec Fundamentals This lesson describes the fundamental concepts, technologies, and terms that IP Security (IPsec) VPNs use. Upon completing this lesson, the learner will be able to meet these objectives:

Describe the purpose and types of VPNs, contrast SSL with IPsec VPNs, and define where to use VPNs in a network

List the Cisco VPN product line and describe the security features of these products

Describe the IPsec protocol and its basic functions

Describe the advantages of IPsec VPNs compared with other types of VPNs

Describe the ESP protocols, the AH protocols, and the tunnel modes that IPsec uses

List and describe the IKE protocols


VPN Overview

Cisco VPN Product Family

Introducing IPsec

IPsec Advantages

IPsec Protocol Framework

IKE Protocol

Lesson 6: Building a Site-to-Site IPsec VPN This lesson describes how to configure a site-to-site IPsec VPN. Upon completing this lesson, the learner will be able to meet these objectives:

Describe the five steps of IPsec operation

Describe the procedure to configure IPsec

Ensure that ACLs are compatible with IPsec

Describe and configure the IKE parameters using the CLI

Configure the IPsec transform sets using the CLI

Configure the cryptographic ACL and other IPsec settings using the CLI

Configure and apply a cryptographic map to an interface using the CLI

Confirm the IPsec configuration



Site-to-Site IPsec VPN Operations

Configuring IPsec

Site-to-Site IPsec Configuration—Step 1





Verifying the IPsec Configuration

Lesson 7: Configuring IPsec on a Site-to-Site VPN Using Cisco SDM This lesson defines how to configure a site-to-site IPsec VPN with preshared keys (PSKs) authentication using Cisco SDM. Upon completing this lesson, the learner will be able to meet these objectives:

Describe how to navigate the Cisco SDM site-to-site VPN Wizard interface

Describe the components that you configure when you use the Cisco SDM site-to-site VPN wizard

Configure the site-to-site VPN tunnel connections using the Cisco SDM wizards

Complete the site-to-site VPN configuration using Cisco SDM and verify the VPN configuration


Introducing the Cisco SDM VPN Wizard Interface

Site-to-Site VPN Components

Using the Cisco SDM Wizards to Configure Site-to-Site VPNs

Completing the Configuration


Lab 4-1: Configuring a Site-to-Site IPsec VPN


Module 5: Network Security Using Cisco IOS IPS Upon completing this module, learners will be able to configure IPS on Cisco network routers.

Lesson 1: Introducing IPS Technologies This lesson describes the underlying intrusion detection system (IDS) and intrusion prevention system (IPS) technology that is embedded in the Cisco host- and network-based IDS and IPS solutions. Upon completing this lesson, the learner will be able to meet these objectives:

Describe the functions and operations of IDS and IPS systems

Describe the types of IDS and IPS systems

Describe IPS technologies, attack responses, and monitoring options such as syslog and SDEE

Describe host and network-based IDS and IPS monitoring

Explain the available Cisco IPS appliances

Explain how IDS and IPS signatures are used to detect malicious network traffic and describe different types of signatures

Describe signature micro-engines

Describe the role of signature alarms in a Cisco IPS solution

Describe IPS policies and best practices


Introducing IDS and IPS

Types of IDS and IPS Systems

Intrusion Prevention Technologies

Host and Network IPS

Introducing Cisco IPS Appliances

Introducing Signatures

Examining Signature Micro-Engines

Introducing Signature Alarms

IPS Best Practices

Lesson 2: Configuring Cisco IOS IPS Using Cisco SDM This lesson defines how to configure Cisco IOS IPS using Cisco SDM. Upon completing this lesson, the learner will be able to meet these objectives:

Describe the IPS features of Cisco IOS Software

Configure Cisco IOS IPS using Cisco SDM

Configure IPS signatures using Cisco SDM

Monitor a Cisco IOS IPS router using Cisco SDM and the CLI

Verify Cisco IOS IPS operations



Cisco IOS IPS Features

Configuring Cisco IOS IPS Using Cisco SDM

Configuring IPS Signatures

Monitoring IOS IPS

Verifying IPS Operation


Lab 5-1: Configuring Cisco IOS IPS


Module 6: LAN, SAN, Voice, and Endpoint Security Overview You will be able to configure LAN devices to control access, resist attacks, shield other network devices and systems, and protect the integrity and confidentiality of network traffic.

Lesson 1: Examining Endpoint Security This lesson describes the current endpoint protection methods, such as host intrusion protection system (HIPS), integrity checkers, operating system protection, and the Cisco NAC Appliance. Upon completing this lesson, the learner will be able to meet these objectives:

Describe what endpoint security is and the fundamental principles that are involved in host security

Describe buffer overflows and the threat that they present

Describe the features of IronPort products and how they enhance and complement endpoint security

Describe the features of the Cisco NAC Appliance and how it enhances and complements endpoint security

Describe the functions of Cisco Security Agent at a high level and describe how it provides endpoint security

Provide a list of basic host security principles


What Is Endpoint Security?

Buffer Overflows

IronPort

Cisco NAC Products

Cisco Security Agent

Endpoint Security Best Practices

Lesson 2: Examining SAN Security This lesson defines how to describe the risks and countermeasures for storage area networks (SANs) security. Upon completing this lesson, the learner will be able to meet these objectives:

Describe a SAN and its benefits

Describe the basic principles of SANs

Explain various security strategies that can be used to compartmentalize data for security purposes


What Is a SAN?

SANs Fundamentals

SAN Security Scope


Lesson 3: Examining Voice Security This lesson describes the risks and countermeasures to IP telephony. Upon completing this lesson, the learner will be able to meet these objectives:

Describe VoIP fundamentals

Describe security threats to VoIP networks

Define SPIT and describe how it poses a security threat against voice-enabled networks

Explain how fraud can cost VoIP customers considerable sums of money

Describe various SIP vulnerabilities

Describe how to prevent hacking on VoIP networks


VoIP Fundamentals

Voice Security Threats

Spam over IP Telephony

Fraud

SIP Vulnerabilities

Defending Against VoIP Hacking

Lesson 4: Mitigating Layer 2 Attacks This lesson defines how to mitigate Layer 2 attacks against network topologies and protocols. Upon completing this lesson, the learner will be able to meet these objectives:

Explain how basic switch operations makes networks vulnerable to attacks at Layer 2 Configure Cisco switches to mitigate VLAN attacks Explain how to prevent STP manipulation Describe how an attacker can flood a switch by launching a CAM table overflow attack Describe how a MAC spoofing attack can be launched and mitigated Describe and configure port security as a key step in defending networks from Layer 2

attacks Describe some of the additional features available in Cisco switch security including

SPAN, RSPAN, and storm control Describe Layer 2 best practices and explain how they mitigate attacks on specific areas of

Layer 2 hardware and software components



Basic Switch Operation

Mitigating VLAN Attacks

Preventing STP Manipulation

CAM Table Overflow Attacks

MAC Address Spoofing Attacks

Using Port Security

Additional Switch Security Features

Layer 2 Best Practices


Lab 6-1: Using Cisco Catalyst Switch Security Features


SNRS - Course Outline

Overview Securing Networks with Cisco Routers and Switches (SNRS) v3.0 is an instructor-led course presented by Cisco training partners to their end-user customers. This five-day course focuses on providing the network specialists with the knowledge and skills needed to secure Cisco IOS router and switch-based networks. Learners will be able to secure the network environment using existing Cisco IOS features, including installing and configuring Cisco IOS Classic Firewall, Cisco IOS Zone-Based Policy Firewall, user group-based firewall, Cisco IOS intrusion prevention system (IPS), authentication proxy, implementing secure tunnels using IP Security (IPsec) technology, and implementing advanced switch security. This course also covers advanced virtual private network (VPN) technologies.


Implement Layer 2 security features on a network using Cisco IOS commands

Implement Cisco Network Foundation Protection on Cisco IOS routers

Design, install, configure, and troubleshoot site-to-site VPNs using Cisco Integrated Services routers

Design, install, configure, and troubleshoot remote-access communications using Cisco IOS security features

Install, configure, and troubleshoot URL filtering, NAT and PAT, Cisco IOS Classic Firewall, Cisco IOS Zone-Based Policy Firewall, and Cisco IOS IPS on a Cisco Integrated Services router


High-Level Course Outline This subtopic provides an overview of how the course is organized. The course contains these components:

Course Introduction

Network Platform Security with Switches

Network Platform Security with Routers

Secure Site-to-Site Communications

Secure Remote Access Communications

Threat Control and Containment

Detailed Course Outline Module 1: Network Platform Security with Switches

Upon completing this module, the learner will be able to implement Layer 2 security features on a network using Cisco IOS commands.

Lesson 1: Configuring Advanced Layer 2 Security

This lesson describes how to implement some of the advanced security features of Cisco IOS switches. Upon completing this lesson, the learner will be able to meet these objectives:

Describe and configure the different types of ACLs available on switches

Explain how to use PVLANs to partition the Layer 2 broadcast domain of a VLAN into subdomains to improve scalability and security

Mitigate DHCP attacks using the Cisco DHCP snooping feature

Mitigate ARP spoofing using DAI

Configure IP Source Guard to provide source IP address filtering on a Layer 2 port to prevent a malicious host from impersonating a legitimate host

Describe Layer 2 best practices


Examining Switch ACLs

Understanding PVLANs

Mitigating DHCP Server Attacks

Mitigating ARP Spoofing Using DAI

Examining IP Source Guard

Layer 2 Best Practices


Lab 1-1: Configure Advanced Layer 2 Security


Lesson 2: Introducing Cisco IBNS

This lesson describes the Cisco Identity Based Networking Services (IBNS) model and explains how IEEE 802.1X helps to control network access. Upon completing this lesson, the learner will be able to meet these objectives:

Explain how Cisco IBNS improves the security of physical and logical access to LANs with the capabilities defined in 802.1X

Describe the 802.1X standard and 802.1X components

Examine Cisco Secure Services Client Version 5.0 and its enterprise management tools

Explain the processes used in 802.1X

Explain the different EAP types that are available for an 802.1X implementation

Explain how various logs, such as ACS logs and Cisco Security MARS logs, can be used to examine 802.1X events


Cisco IBNS Overview

802.1X Components

Cisco Secure Services Client Version 5.0

802.1X Operations

EAP Types

Reporting and Monitoring Cisco IBNS

Lesson 3: Implementing Basic 802.1X Authentication

This lesson describes how to configure basic IEEE 802.1X port-based authentication using Cisco Secure Access Control Server (ACS) and a Cisco Catalyst 2960 Series Switch from the command-line interface (CLI). Upon completing this lesson, the learner will be able to meet these objectives:

Describe the functions and features of Cisco Secure ACS for Windows Server

Configure simple 802.1X authentication using the Windows supplicant

Explain the different 802.1X host modes

Configure 802.1X timers

Use show and debug commands to verify and test 802.1X operation


Cisco Secure ACS for Windows Overview

Configuring 802.1X Authentication

802.1X Host Modes

Configuring 802.1X Timers

Verify 802.1X Operation


Lab 1-2: Configure Basic 802.1X Authentication


Lesson 4: Configuring Advanced 802.1X Authentication and Authorization

This lesson describes how to configure advanced 802.1X port-based authentication and authorization on a Cisco Catalyst 2960 Series Switch using the command-line interface (CLI). Upon completing this lesson, the learner will be able to meet these objectives:

Describe methods you can use to support devices that do not support 802.1X

Configure guest VLANs to support hosts that do not have a supplicant

Configure restricted VLANs to support hosts that have a supplicant but fail to authenticate

Configure MAC authentication bypass for hosts that have known MAC addresses but do not have an 802.1X supplicant

Configure inaccessible authentication bypass to support an unavailable RADIUS server

Explain how to configure web authentication

Configure 802.1X dynamic VLAN assignment

Use show commands to verify the MAC authentication bypass and inaccessible authentication bypass operation

Explain several special situations that can occur with 802.1X deployments


Authenticating Without 802.1X

Guest VLANs

Restricted VLANs

MAC Authentication Bypass

Inaccessible Authentication Bypass

Web Authentication Proxy

802.1X Dynamic VLAN Assignments

Testing and Verifying 802.1X

Special Situations with 802.1X


Lab 1-3: Configure Advanced 802.1X Authentication

Lab 1-4: Configure 802.1X VLAN Assignments

Module 2: Network Platform Security with Routers Upon completing this module, the learner will be able to implement Cisco Network Foundation Protection on Cisco IOS routers.

Lesson 1: Examining the Cisco Network Foundation Protection Strategy

This lesson describes the Cisco Network Foundation Protection strategy. Upon completing this lesson, the learner will be able to meet these objectives:

Describe Cisco Network Foundation Protection in general

Describe the features and benefits of Cisco Network Foundation Protection

Describe the Cisco AutoSecure feature of Cisco routers


List the platforms that support Cisco Network Foundation Protection


Cisco Network Foundation Protection Overview

Cisco Network Foundation Protection Services and Benefits

Cisco AutoSecure

Supported Platforms

Lesson 2: Securing the Control Plane

This lesson describes tools that are used to secure the control plane of a Cisco router. Upon completing this lesson, the learner will be able to meet these objectives:

Describe the control plane of a router

Describe the basic function and benefits of CPPr

Explain the benefit of routing protocol authentication and how to configure routers

Describe CPU and memory threshold notifications


The Control Plane

Control Plane Protection

Routing Protocol Protection

CPU and Memory Thresholding

Lesson 3: Securing the Management Plane

This lesson describes how to protect the management plane of Cisco devices. Upon completing this lesson, the learner will be able to meet these objectives:

Describe the management plane and configure common secure management protocols

Configure HTTPS

Describe and configure the Role-Based CLI Access feature

Describe and configure the Cisco MPP feature

Describe and configure SNMPv3


The Management Plane

Secure Management Services

Role-Based Access Control

Cisco IOS MPP

SNMP v3 Architecture

Lesson 4: Securing the Data Plane


This lesson describes tools that are used to protect the data plane of a Cisco router. Upon completing this lesson, the learner will be able to meet these objectives:

Describe the data plane, data plane attacks, and the effects these attacks have on network devices

Explain NetFlow and how to configure it

Describe and configure uRPF

Describe and configure Cisco IOS FPM


The Data Plane

NetFlow

Configuring uRPF

Cisco IOS FPM


Lab 2-1: Configure the Cisco Network Foundation Protection Strategy

Module 3: Secure Site-to-Site Communications Upon completing this module, the learner will be able to design, install, configure, and troubleshoot site-to-site VPNs using Cisco Integrated Services Routers.

Lesson 1: Examining VPN and IPsec Fundamentals

This lesson describes basic characteristics and protocols used in IPsec configurations and describe the various types of VPNs available using Cisco IOS Software, including IPsec, Dynamic Multipoint Virtual Private Network (DMVPN), Group Encrypted Transport VPN (GET VPN), Cisco Easy VPN, and Cisco IOS Secure Sockets Layer (SSL) VPN. Upon completing this lesson, the learner will be able to meet these objectives:

Describe the basic functionality and protocols involved with IPsec VPNs

Describe different types of site-to-site VPNs, including fully-meshed, hub-and-spoke, IPsec, Cisco Easy VPN with VTI, GRE over IPsec, DMVPN, and GET VPN

Describe Cisco Easy VPN and Cisco IOS SSL VPNs

Explain the VPN design guide that is available in Cisco SDM

Configure global VPN router settings in Cisco SDM


IPsec Overview

Site-to-Site VPNs

Cisco Easy VPN and Cisco IOS SSL VPNs

VPN Design Guide

Global VPN Settings

Lesson 2: Implementing IPsec VPNs with PKI


This lesson describes how to configure a Cisco IOS certificate authority (CA) and an IPsec site-to-site VPN using digital certificates. Upon completing this lesson, the learner will be able to meet these objectives:

Describe Cisco IOS PKI support

Describe the use of CAs and RAs

Describe how SCEP manages the certificate lifecycle

Describe and configure the Cisco IOS CA Server

Configure CA interoperability on a Cisco router using Cisco SDM

Configure a PKI-based IPsec site-to-site VPN on a router using Cisco SDM

Troubleshoot CA interoperability using the CLI

Test and verify IPsec configurations using the CLI


Cisco IOS PKI Overview

Certificate Authorities

Examining SCEP

Cisco IOS CA Server

Configuring CA support

Configuring a PKI-Based IPsec Site-to-Site VPN

Testing and Verifying CA Support

Testing and Verifying IPsec


Lab 3-1: Configure A Site-To Site VPN Using Certificates

Lesson 3: Implementing GRE over IPsec

This lesson describes how to configure Generic Routing Encapsulation (GRE)-over-IPsec tunnels. Upon completing this lesson, the learner will be able to meet these objectives:

Describe GRE tunnels

Configure a GRE tunnel

Configure a GRE tunnel with IPsec encryption using Cisco SDM and verify the resulting CLI configurations

Generate mirror configurations

Verify GRE-over-IPsec operations using the CLI


Examining GRE Tunnels

Configuring a GRE Tunnel

Configuring a GRE-Over-IPsec Tunnel

Generate a Mirror Configuration


Testing and Verifying GRE Over IPsec


Lab 3-2: Configure a GRE over IPsec Tunnel

Lesson 4: Configuring High-Availability VPNs and VTI

This lesson describes how to configure high-availability VPN technologies. Upon completing this lesson, the learner will be able to meet these objectives:

Describe high availability for IPsec VPNs

Explain how to achieve high availability with IPsec VPNs using redundant peers and how to configure it

Describe HSRP, the role it plays in high availability, and how to configure it

Describe Cisco IOS stateful failover and how to configure it

Explain how to back up WAN links using VPNs

Describe the benefit of using static or dynamic VTI and how to configure VTIs for site-to-site IPsec VPNs


High Availability for Cisco IOS IPsec VPNs

IPsec Backup Peer

Hot Standby Router Protocol

IPsec Stateful Failover

Backing Up a WAN Connection with an IPsec VPN

Static and Dynamic VTIs

Lesson 5: Implementing DMVPN

This lesson describes how to configure a DMVPN. Upon completing this lesson, the learner will be able to meet these objectives:

Describe the overall requirements, features, operation, and high availability design for DMVPN

Describe how dynamic routing protocols operate over DMVPN

Configure a DMVPN hub using the Cisco SDM DMVPN hub wizard

Configure a DMVPN spoke using the Cisco SDM DMVPN spoke wizard

Edit DMVPN settings in Cisco SDM

Verify DMVPN connectivity


Dynamic Multipoint VPN

Dynamic Routing Protocols over DMVPN

Configuring a DMVPN Hub


Configuring a DMVPN Spoke

Editing DMVPN Settings

Verifying DMVPN


Lab 3-3: Configure a DMVPN Spoke Using Cisco SDM

Lesson 6: Implementing GET VPN

This lesson describes how to configure GET VPNs. Upon completing this lesson, the learner will be able to meet these objectives:

Describe problems that are encountered scaling tunnel-based VPNs

Describe GET VPN

Describe how dynamic routing protocols work over GET VPN

Describe the security measures that are built into the GET VPN solution

Describe GET VPN operations

Configure the GET VPN key server

Configure GET VPN group members

Verify GET VPN settings and operation


VPN Limitations

GET VPN Overview

GET VPN Architecture

GET VPN Security

GET VPN Operations

Configuring GET VPN Key Servers

Configuring GET VPN Group Members

Verifying GET VPN Settings


Lab 3-4: Configure GET VPN Using CLI

Module 4: Secure Remote Access Communications Upon completing this module, the learner will be able to design, install, configure, and troubleshoot remote-access communications using Cisco IOS security features.

Lesson 1: Implementing Cisco IOS Remote Access Using Cisco Easy VPN

This lesson describes how to configure Cisco Easy VPN for remote access. Upon completing this lesson, the learner will be able to meet these objectives:


Describe the role of each component of Cisco Easy VPN including Cisco Easy VPN Remote and Cisco Easy VPN Server

Explain how to configure the Cisco VPN Client

Explain how to configure a Cisco Easy VPN Remote using Cisco SDM

Explain how to configure a Cisco Easy VPN Server using Cisco SDM

Verify the Cisco Easy VPN configuration


Introduction to Cisco Easy VPN

Configuring the Cisco VPN Client

Configuring Cisco Easy VPN Remote

Configuring Cisco Easy VPN Server

Verify the Cisco Easy VPN Configuration


Lab 4-1: Configure Cisco Easy VPN Remote

Lab 4-2: Configure Cisco Easy VPN Server

Lesson 2: Examining a Cisco IOS SSL VPN

This lesson describes how to configure a Cisco IOS SSL VPN and verify its operation using Cisco Router and Security Device Manager (SDM). Upon completing this lesson, the learner will be able to meet these objectives:

Describe the Cisco IOS SSL VPN feature, including clientless mode, thin-client mode, full-tunnel client mode, and Cisco Secure Desktop

Describe the different client packages for the Cisco IOS SSL VPN

Configure the prerequisites for Cisco IOS SSL VPN

Configure Cisco IOS SSL VPN

Edit Cisco IOS SSL VPN configurations

Monitor and verify Cisco IOS SSL VPN



Overview of Cisco IOS SSL VPN

Client Software

Configuring Cisco IOS SSL VPN Prerequistes

Cisco IOS SSL VPN Configuration

Editing Cisco IOS SSL VPNs

Verifying SSL VPN Functionality


Lab 4-3: Configure a Cisco IOS SSL VPN

Module 5: Threat Control and Containment Upon completing this module, the learner will be able to install, configure, and troubleshoot URL filtering, NAT and PAT, Cisco IOS Classic Firewall, Cisco IOS Zone-Based Policy Firewall, and Cisco IOS IPS on a Cisco Integrated Services Router.

Lesson 1: Configuring NAT and PAT

This lesson describes how to configure inside and outside static and dynamic NAT and PAT as well as port forwarding. Upon completing this lesson, the learner will be able to meet these objectives:

Describe static and dynamic NAT and PAT

Configure PAT using the Cisco SDM NAT Basic wizard

Configure NAT and PAT using the Cisco SDM NAT Advanced wizard

Verify NAT and PAT configuration using the CLI

Troubleshoot a NAT configuration to resolve issues


Network Address Translation Overview

Configuring PAT Using the Basic NAT Wizard

Configuring NAT and PAT Using the Advanced NAT Wizard

Verifying NAT and PAT

Troubleshooting NAT and PAT

Lesson 2: Configuring a Cisco IOS Classic Firewall

This lesson describes how to configure a Cisco IOS Classic Firewall using Cisco SDM. Upon completing this lesson, the learner will be able to meet these objectives:

Describe the features and benefits of a Cisco IOS Classic Firewall

Use the Cisco SDM Basic Firewall wizard to configure a Cisco IOS Classic Firewall

Use the Cisco SDM Advanced Firewall wizard to configure a Cisco IOS Classic Firewall

Edit a basic or advanced firewall configuration, including global settings


Verify a Cisco IOS Firewall configuration using the CLI


Cisco IOS Classic Firewall Overview

Basic Firewall Wizard

Advanced Firewall Wizard

Editing Firewall Rules

Verifying Firewall Configuration


Lab 5-1: Configure Cisco IOS Classic Firewall on a Cisco Router

Lesson 3: Configuring a Cisco IOS Zoned-Based Policy Firewall

This lesson describes how to configure a Cisco IOS Zone-Based Policy Firewall on a Cisco Integrated Services Router. Upon completing this lesson, the learner will be able to meet these objectives:

Describe the general features of a Cisco IOS Zone-Based Policy Firewall

Configure Cisco IOS Zone-Based Policy Firewall using the Cisco SDM Advanced Firewall wizard

Edit the Cisco IOS Zone-Based Policy Firewall

Create zone-based policies without the Cisco SDM wizard

Verify the Cisco IOS Zone-Based Policy Firewall configuration using the CLI and Cisco SDM


Cisco IOS Zone-Based Policy Firewall Overview

Advanced Firewall Wizard

Editing Cisco IOS Zone-Based Policy Firewall

Configuring Zone-Based Policies

Verifying the Cisco IOS Zone-Based Policy Firewall Configuration


Lab 5-2: Configure Cisco IOS Zone-Based Policy Firewall with URL Filtering

Lesson 4: Configuring Cisco IOS IPS

This lesson describes how to configure a Cisco IOS IPS Software Version 5.x signature support, Risk Rating (Signature Event Action Processing [SEAP]), tuning, and custom signatures. Upon completing this lesson, the learner will be able to meet these objectives:

Describe the features, functions, limitations, and applications of Cisco IOS IPS

Describe the different IPS management products

Describe SDF and built-in signature operation


Migrate from Cisco IOS IPS Version 4.x to Cisco IOS IPS Version 5.x

Configure Cisco IOS IPS using 5.x signatures

Configure Auto Signature Update

Configure SEAP, including Risk Ratings, Events Action Overrides, and Events Action Filters

Perform a basic configuration of Cisco IOS IPS

Tune more advanced signature settings

Create custom signatures

Use show, debug, and clear commands to test and verify Cisco IOS IPS configurations

Explain various scenarios and deployment options



Cisco IOS IPS Overview

IPS Management Products

SDF and Built-In Signature Overview

Migrating from Cisco IOS IPS Version 4 to Version 5

Configuring Cisco IOS IPS Using 5.x Signatures

Auto Update

Signature Event Action Processing

Configuring, Disabling, and Excluding Signatures

Signature Tuning

Custom Signatures

Verifying Cisco IOS IPS Configuration

IPS Case Studies


Lab 5-3: Configure a Cisco IOS IPS on a Cisco Router


IPS - Course Outline

Overview Implementing Cisco Intrusion Prevention Systems (IPS) v6.0 provides the knowledge and skills needed to design, install, configure, and maintain a Cisco IPS sensor for small, medium, and enterprise networks. The course also describes the procedures for managing intrusion prevention system (IPS) alarms.


Explain how the Cisco IPS protects network devices from attacks

Install and configure the basic settings on a Cisco IPS 4200 Series Sensor

Use the Cisco IDM to configure built-in signatures to meet the requirements of a given security policy

Configure some of the more advanced features of the Cisco IPS product line

Initialize and install into your environment the rest of the Cisco IPS family of products

Use the CLI and the Cisco IDM to obtain system information, and configure the Cisco IPS sensor to allow an SNMP NMS to monitor the Cisco IPS sensor


Course Introduction

Intrusion Prevention Overview

Installation of a Cisco IPS 4200 Series Sensor

Cisco IPS Signatures

Advanced Cisco IPS Configuration

Additional Cisco IPS Devices

Cisco IPS Sensor Maintenance


Detailed Course Outline This in-depth outline of the course structure lists each module, lesson, and topic.

Module 1: Intrusion Prevention Overview This module explains how the Cisco IPS protects network devices from attacks.

Lesson 1: Explaining Intrusion Prevention This lesson describes how to discuss intrusion detection and intrusion prevention along with related terms and concepts. Upon completing this lesson, the learner will be able to meet these objectives:

Explain the difference between intrusion detection and intrusion prevention

Describe the similarities and differences among the various intrusion detection technologies

Explain the terminology used in intrusion prevention and detection

Explain the difference between promiscuous and inline intrusion protection

Describe the new features included in the Cisco IPS Sensor Software Version 6.0


Intrusion Detection vs. Intrusion Prevention

Intrusion Prevention Technologies

Intrusion Prevention Terminology

Promiscuous and Inline Modes

Features of Cisco IPS Sensor Software Version 6.0

Lesson 2: Examining Cisco IPS Products This lesson describes the Cisco IPS solutions and explains how Cisco IPS protects network devices from attacks. Upon completing this lesson, the learner will be able to meet these objectives:

Explain the various models available in the Cisco family of IPS sensors

Describe network IPS and list its features and limitations

Describe host IPS and list its features and limitations

Explain the considerations necessary for selection, placement, and deployment of a network IPS

Describe the Cisco Self-Defending Network and how the Cisco IPS products fit in to that structure


Cisco Network Sensors

Network IPS

Host-Based IPS


Sensor Deployment

Cisco Self-Defending Network

Lesson 3: Examining Cisco IPS Sensor Software Solutions This lesson describes the Cisco monitoring solutions and suggests how to utilize them. Upon completing this lesson, the learner will be able to meet these objectives:

Describe the Cisco IPS Sensor Software architecture

List the Cisco IPS management products for single device management

List the Cisco IPS management products that you can use for the enterprise


Cisco IPS Sensor Software Architecture

Cisco IPS Element Management Products

Cisco IPS Enterprise Management Products

Lesson 4: Examining Evasive Techniques This lesson describes major evasion techniques in order to justify several intrusion prevention system (IPS) features. Upon completing this lesson, the learner will be able to meet these objectives:

Explain what an evasive technique is and provide examples of evasive techniques

Explain how attackers use string match attacks to avoid detection by intrusion detection and intrusion prevention products

Explain how attackers use fragmentation attacks to avoid detection by intrusion detection and intrusion prevention products

Explain how attackers use session attacks to avoid detection by intrusion detection and intrusion prevention products

Explain how attackers use insertion attacks to avoid detection by intrusion detection and intrusion prevention products

Explain how attackers use evasion attacks to avoid detection by intrusion detection and intrusion prevention products

Explain how attackers use TTL-based attacks to avoid detection by intrusion detection and intrusion prevention products

Explain how attackers use encryption-based attacks to avoid detection by intrusion detection and intrusion prevention products

Explain how attackers use resource exhaustion attacks to avoid detection by intrusion detection and intrusion prevention products


Evasive Techniques

String Match Attacks

Fragmentation Attacks


Session Attacks

Insertion Attacks

Evasion Attacks

TTL-Based Attacks

Encryption-Based Attacks

Resource Exhaustion Attacks

Module 2: Installation of a Cisco IPS 4200 Series Sensor This module describes how to install and configure the basic settings on a Cisco IPS 4200 Series Sensor.

Lesson 1: Installing a Cisco IPS Sensor Using the CLI This lesson describes how to install and initialize a Cisco IPS sensor appliance in the network using the command-line interface (CLI). Upon completing this lesson, the learner will be able to meet these objectives:

Explain the CLI of the Cisco IPS sensor

Gain management access and initialize a sensor

Explain some of the administrative tasks that are done from the CLI

Explain some of the additional commands that are available from the CLI


Introducing the CLI

Initializing the Sensor

Performing Administrative Tasks

Additional Administrative Commands

Lesson 2: Using the Cisco IDM This lesson describes how to use the Cisco IPS Device Manager (IDM) to launch, navigate, manage, and monitor a Cisco IPS device. Upon completing this lesson, the learner will be able to meet these objectives:

Explain the features, benefits, and system requirements of the Cisco IDM

Log into and navigate the Cisco IDM

Configure SSH

Reboot and shutdown a Cisco IPS


Introducing the Cisco IDM

Getting Started with the Cisco IDM

How to Configure SSH

How to Reboot and Shut Down the Sensor


Lesson 3: Configuring Basic Sensor Settings This lesson describes how to use the Cisco IDM to configure basic sensor settings. Upon completing this lesson, the learner will be able to meet these objectives:

Configure hosts that are authorized to administer the sensor

Configure the time settings of a Cisco IPS sensor

Configure certificates of a Cisco IPS sensor

Configure user accounts

Describe the different roles that a sensor interface can play

Configure the interfaces of a Cisco IPS sensor in promiscuous and inline mode

Describe and configure software and hardware bypass

Explain how to view events from the Cisco IDM


How to Configure Allowed Hosts

How to Set the Time

How to Configure Certificates

How to Configure User Accounts

Defining Interface Roles

How to Configure the Interfaces

How to Configure Software and Hardware Bypass Mode

Viewing Events in the Cisco IDM


Lab 2-1: Install and Configure an IPS Sensor from the CLI

Lab 2-2: Use the Cisco IDM to Perform a Basic Sensor Configuration

Module 3: Cisco IPS Signatures This module describes how to use the Cisco IDM to configure built-in signatures to meet the requirements of a given security policy.

Lesson 1: Configuring Cisco IPS Signatures and Alerts This lesson describes how to use the Cisco IDM to configure built-in signatures to meet the requirements of a given security policy. Upon completing this lesson, the learner will be able to meet these objectives:

Describe the different types, features, and actions of signatures

Locate information about specific signatures and describe the Cisco Intrusion Prevention Alert Center

Enable, disable, and assign actions to signatures

Configure additional settings for denying and blocking actions



Cisco IPS Signatures

How to Locate Signature Information

How to Configure Basic Signatures

Special Considerations for Signature Actions

Lesson 2: Examining the Signature Engines This lesson describes the functions of signature engines and their parameters. Upon completing this lesson, the learner will be able to meet these objectives:

Describe the different signature engines used by the sensor

Describe the configuration parameters common to all signature engines

Describe the ATOMIC signature engines

Describe the FLOOD signature engines

Describe the SERVICE signature engines, including the new TNS and SMB advanced signature engines

Describe the STRING signature engines

Describe the SWEEP signature engines

Describe the TROJAN signature engines

Describe the TRAFFIC signature engines

Describe the AIC signature engines

Describe the STATE signature engine

Describe the META signature engine

Describe the NORMALIZER engine


Introducing Cisco IPS Signature Engines

Common Signature Engine Parameters

ATOMIC Signature Engines

FLOOD Signature Engines

SERVICE Signature Engines

STRING Signature Engines

SWEEP Signature Engines

TROJAN Signature Engines

TRAFFIC Signature Engines

AIC Signature Engines

STATE Signature Engine

META Signature Engine

NORMALIZER Engine


Lesson 3: Customizing Signatures This lesson describes how to use the Cisco IDM to tune and customize signatures to meet the requirements of a given security policy. Upon completing this lesson, the learner will be able to meet these objectives:

Explain the need to tune signatures

Tune and create signatures to accomplish noise reduction

Tune and create signatures to accomplish false positive reduction

Tune and create signatures to accomplish false negative reduction

Tune and create signatures to focus a Cisco IPS sensor on the environment

Describe examples of different signature tuning scenarios

Design and create custom signatures

Describe examples of creating custom signatures


Tuning Signatures

Noise Reduction

False Positive Reduction

False Negative Reduction

Focusing Cisco IPS Sensors

Customizing Built-in Signatures

How to Create Custom Signatures

Custom Signature Scenarios


Lab 3-1: Working with Signatures and Alerts

Lab 3-2: Customizing Signatures

Module 4: Advanced Cisco IPS Configuration This module describes how to configure some of the more advanced features of the Cisco IPS product line.

Lesson 1: Performing Advanced Tuning of Cisco IPS Sensors This lesson describes how to use the Cisco IDM to tune a Cisco IPS sensor to work optimally in the network. Upon completing this lesson, the learner will be able to meet these objectives:

Explain how to tune the sensor to avoid evasive techniques and provide network-specific intrusion prevention

Explain the logging capabilities of the sensor, how to configure logging, and the performance ramifications of logging

Describe the concept of IP fragment and TCP stream reassembly

Define and configure event variables

Explain and configure TVRs


Describe and configure event action overrides

Describe and configure event action filters

Describe the risk rating system and the values that it uses to calculate the risk rating number

Introduce and configure the general settings for event action rules


Sensor Configuration

IP Logging

Reassembly Options

How to Define Event Variables

Target Value Rating

Event Action Overrides

Event Action Filters

Risk Rating System

General Settings of Event Action Rules


Lab 4-1: Tune a Cisco IPS Sensor Using the Cisco IDM

Lesson 2: Monitoring and Managing Alarms This lesson describes how to use additional monitoring tools to maximize alarm management efficiency. Upon completing this lesson, the learner will be able to meet these objectives:

Explain the Cisco IEV, its features, benefits, and specifications

Explain the installation procedure for Cisco IEV

Add devices to the Cisco IEV

Use Cisco IEV to view events

Explain the Cisco Security Management Suite, its features, benefits, and specifications

Explain the external product interface, its benefits, and specifications

Explain how a Cisco Security Agent installation can be integrated into a Cisco IPS sensor installation using Cisco Security Monitor

Explain the Cisco ICS


Cisco IEV Overview

Installing Cisco IEV

Configuring Cisco IEV

Viewing Events

Cisco Security Management Suite Overview


External Product Interface

Integrating Cisco Security Agent into an IPS Installation

Cisco ICS


Lab 4-2: Monitor and Manage Alarms

Lesson 3: Configuring a Virtual Sensor This lesson describes how to explain the virtual sensor, its settings, and advantages. Upon completing this lesson, the learner will be able to meet these objectives:

Explain the principles behind virtual sensors

Prepare for creating virtual sensors by creating inline pairs, signature polices, event action rules, and anomaly detection policies

Create a virtual sensor by giving it a name and assigning interfaces


Virtual Sensor Overview

Preparing for Virtual Sensors

Creating Virtual Sensors


Lab 4-3: Configure a Virtual Sensor (Optional)

Lesson 4: Configuring Advanced Features This lesson describes how to explain and configure some of the new advanced features of the Cisco IPS Sensor Software. Upon completing this lesson, the learner will be able to meet these objectives:

Explain the principles behind anomaly detection

Explain the components used by anomaly detection

Configure anomaly detection

Monitor and troubleshoot problems with anomaly detection

Explain the principles behind POSFP

Explain the different methods available to identify operating systems

Explain the available configuration options for POSFP

Examine the results of POSFP


Anomaly Detection Overview

Anomaly Detection Components


Configuring Anomaly Detection

Monitoring Anomaly Detection

POSFP Overview

Operating System Identification

Configuring POSFP

Monitoring POSFP


Lab 4-4: Configure Anomaly Detection and POSFP

Lesson 5: Configuring Blocking This lesson describes how to explain blocking concepts and use Cisco IDM to configure blocking for a given scenario. Upon completing this lesson, the learner will be able to meet these objectives:

Explain the principles behind blocking

Describe the things that should be taken into account before applying ACLs

Explain how to configure a sensor to perform automatic blocking

Explain how to configure a sensor to perform manual blocking

Explain how to configure a master blocking scenario


Blocking Overview

ACL Considerations

How to Configure Automatic Blocking

How to Configure Manual Blocking

How to Configure a Master Blocking Scenario

Module 5: Additional Cisco IPS Devices This module describes how to initialize and install into your environment the rest of the Cisco IPS family of products.

Lesson 1: Installing the Cisco Catalyst 6500 Series IDSM-2 This lesson describes how to explain the basics of how to install the Cisco Catalyst 6500 Series Intrusion Detection System Services Module 2 (IDSM-2) in a Cisco Catalyst 6500 Series Switch and initialize it. Upon completing this lesson, the learner will be able to meet these objectives:

Describe the Cisco Catalyst 6500 Series IDSM-2

Install the Cisco Catalyst 6500 Series IDSM-2

Configure the Cisco Catalyst 6500 Series IDSM-2 interfaces

Monitor the Cisco Catalyst 6500 Series IDSM-2


Perform Cisco Catalyst 6500 Series IDSM-2 maintenance


Cisco Catalyst 6500 Series IDSM-2 Overview

Installing the Cisco Catalyst 6500 Series IDSM-2

Configuring Cisco Catalyst 6500 Series IDSM-2 Interfaces

Monitoring the Cisco Catalyst 6500 Series IDSM-2

Maintaining the Cisco Catalyst 6500 Series IDSM-2

Lesson 2: Initializing the Cisco ASA AIP-SSM This lesson describes how to initialize a Cisco Adaptive Security Appliance Advanced Inspection and Prevention Security Services Module (ASA AIP-SSM). Upon completing this lesson, the learner will be able to meet these objectives:

Describe the Cisco ASA AIP-SSM

Upload the IPS image to the Cisco ASA AIP-SSM

Perform the initial configuration of the Cisco ASA AIP-SSM using Cisco ASDM

Configure an IPS security policy using Cisco ASDM


Cisco ASA AIP-SSM Overview

Loading the Cisco ASA AIP-SSM

Initial Cisco ASA AIP-SSM Configuration Using Cisco ASDM

Configuring an IPS Security Policy

Module 6: Cisco IPS Sensor Maintenance This module describes how to use the CLI and the Cisco IDM to obtain system information, and how to configure the Cisco IPS sensor to allow a Simple Network Management Protocol (SNMP) network management system (NMS) to monitor the Cisco IPS sensor.

Lesson 1: Maintaining Cisco IPS Sensors This lesson describes how to install and recover the Cisco IPS Sensor Software and perform service pack and signature updates. Upon completing this lesson, the learner will be able to meet these objectives:

Describe the Cisco IPS sensor licenses and how to install them

Perform a Cisco IPS sensor upgrade or recovery

Install service pack and signature updates

Perform a password recovery on a Cisco IPS sensor

Restore a Cisco IPS sensor to its default configuration



Understanding Cisco IPS Licensing

How to Upgrade and Recover Sensor Images

How to Install Service Packs and Signature Updates

Password Recovery

How to Restore a Cisco IPS Sensor

Lesson 2: Managing Cisco IPS Sensors This lesson describes how to use the CLI and the Cisco IDM to verify sensor configuration. Upon completing this lesson, the learner will be able to meet these objectives:

Explain the various CLI commands used for sensor monitoring

Describe the Cisco IDM as a tool to perform sensor monitoring

Describe Cisco Security Manager as a tool to perform sensor monitoring

Describe SNMP as a tool to perform sensor monitoring


Using the CLI to Monitor the Sensor

Using the Cisco IDM to Monitor the Sensor

Monitoring Using Cisco Security Manager

Monitoring Using SNMP


Lab 6-1: Maintain Sensors and Verify System Configuration


SNAF - Course Outline

Overview Securing Networks with ASA Fundamentals (SNAF) v1.0 is a five-day, instructor-led, lab-intensive course, which will be delivered by Cisco Learning Partners. This task-oriented course teaches the knowledge and skills needed to configure, maintain, and operate Cisco ASA 5500 Series Adaptive Security Appliances.


Explain the functions of the three types of firewalls used to secure computer networks

Describe the technology and features of Cisco security appliances

Given diagrams of networks protected by Cisco ASA and PIX security appliances, explain how each appliance protects network devices from attacks and why each is an appropriate choice for the example network

High-Level Course Outline This section provides an overview of how the course is organized. The course contains these components:

Introducing Cisco Security Appliance Technology and Features

Introducing the Cisco ASA and PIX Security Appliance Families

Getting Started with Cisco Security Appliances

Configuring a Security Appliance

Configuring Translations and Connection Limits

Using ACLs and Content Filtering

Configuring Object Grouping

Switching and Routing on Cisco Security Appliances

Configuring AAA for Cut-Through Proxy

Configuring the Cisco Modular Policy Framework

Configuring Advanced Protocol Handling

Configuring Threat Detection

Configuring Site-to-Site VPNs Using Pre-Shared Keys

Configuring Security Appliance Remote-Access VPNs

Configuring the Cisco ASA for SSL VPN

Configuring Transparent Firewall Mode

Configuring Security Contexts


Configuring Failover

Managing the Security Appliance

Lab Guide

Detailed Course Outline This in-depth outline of the course structure lists each lesson and topic.

Lesson 1: Introducing Cisco Security Appliance Technology and Features This lesson introduces the general functionality provided by firewalls and security appliances. Upon completing this lesson, the learner will be able to meet these objectives:

Explain the functions of the three types of firewalls that are used to secure modern computer networks

Discuss the technology and features of Cisco security appliances


Firewalls

Security Appliance Essentials

There is no lab for this lesson.

Lesson 2: Introducing the Cisco ASA and PIX Security Appliance Families This lesson introduces Cisco ASA 5500 Series Adaptive Security Appliances and Cisco PIX 500 Series Security Appliances. Upon completing this lesson, the learner will be able to meet these objectives:

Identify the Cisco ASA and PIX security appliance models

Explain the Cisco ASA security appliance licensing options


Models and Features of Cisco Security Appliances

Cisco ASA Security Appliance Licensing


Lesson 3: Getting Started with Cisco Security Appliances This lesson describes how to configure the security appliance for basic network connectivity. Upon completing this lesson, the learner will be able to meet these objectives:

Explain the four access modes

Describe the security appliance file management system

Discuss security appliance security levels

Describe Cisco ASDM requirements and capabilities

Use the CLI to configure and verify basic network settings, and prepare the security appliance for configuration via Cisco ASDM


Verify security appliance configuration and licensing via Cisco ASDM


User Interface

File Management

Security Appliance Security Levels

Cisco ASDM Essentials and Operating Requirements

Preparing to Use Cisco ASDM

Navigating Cisco ASDM Windows


Lab 3-1: Prepare to Use Cisco ASDM to Configure the Security Appliance

Lesson 4: Configuring a Security Appliance This lesson describes how to configure a security appliance for basic network connectivity. Upon completing this lesson, the learner will be able to meet these objectives:

Configure a security appliance for basic network connectivity

Verify the initial configuration

Set the clock and synchronize the time on a security appliance

Configure a security appliance to send syslog messages to a syslog server


Basic Security Appliance Configuration

Examining Security Appliance Status

Time Setting and NTP Support

Syslog Configuration


Lab 4-1: Configure the Security Appliance with Cisco ASDM

Lesson 5: Configuring Translations and Connection Limits This lesson describes how to perform Network Address Translation (NAT) on a security appliance. Upon completing this lesson, the learner will be able to meet these objectives:

Describe how the TCP and UDP protocols function within the security appliance

Describe how static and dynamic translations function

Configure dynamic address translation

Configure static address translation

Set connection limits



Transport Protocols

Understanding NAT

Understanding PAT

Static Translations

TCP SYN Cookies and Connection Limits

Connections and Translations


Lab 5-1: Configure Translations

Lesson 6: Using ACLs and Content Filtering This lesson describes how to configure security appliance access control. Upon completing this lesson, the learner will be able to meet these objectives:

Configure and explain the basic function of ACLs

Configure and explain additional functions of ACLs

Configure active code filtering (Microsoft ActiveX and Java applets)

Configure the security appliance for URL filtering

Use the Packet Tracer for troubleshooting


ACL Configuration

Malicious Active Code Filtering

URL Filtering

Packet Tracer


Lab 6-1: Configure ACLs

Lesson 7: Configuring Object Grouping This lesson describes how to configure the object grouping feature of Cisco security appliances. Upon completing this lesson, the learner will be able to meet these objectives:

Describe the object grouping feature of the security appliance and its advantages

Configure object groups and use them in ACLs


Essentials of Object Grouping

Configuring and Using Object Groups



Lab 7-1: Configure Object Groups

Lesson 8: Switching and Routing on Cisco Security Appliances This lesson describes how to configure the switching and routing functionality that a security appliance provides. Upon completing this lesson, the learner will be able to meet these objectives:

Configure logical interfaces and VLANs

Configure static routes and static route tracking

Describe the dynamic routing capabilities of Cisco security appliances and configure passive RIP routing


VLAN Capabilities

Static Routing

Dynamic Routing


Lesson 9: Configuring AAA for Cut-Through Proxy This lesson describes how to define, configure, and monitor AAA in Cisco security appliances. Upon completing this lesson, the learner will be able to meet these objectives:

Define AAA functions

Configure the local user database

Install and configure Cisco Secure ACS

Define and configure cut-through proxy authentication

Define and configure user authorization using downloadable ACLs

Define and configure the accounting component


Introduction to AAA

Configuring the Local User Database

Installation of Cisco Secure ACS for Windows 2000

Cut-Through Proxy Authentication Configuration

Authentication Prompts and Timeouts

Authorization Configuration

Accounting Configuration


Lab 9-1: Configure AAA on the Security Appliance Using Cisco Secure ACS for Windows


Lesson 10: Configuring the Cisco Modular Policy Framework This lesson describes how to describe and configure a security appliance modular policy. Upon completing this lesson, the learner will be able to meet these objectives:

Explain the Cisco Modular Policy Framework feature for security appliances

Describe the functionality of class maps

Describe the functionality of policy maps

Describe the functionality of service policies

Use Cisco ASDM to configure a service policy rule


Modular Policy Framework Overview

Class Map Overview

Policy Map Overview

Configuring Modular Policies with Cisco ASDM

Configuring a Policy for Management Traffic

Displaying Modular Policy Framework Components


Lesson 11: Configuring Advanced Protocol Handling This lesson describes how to configure security appliance advanced protocol handling. Upon completing this lesson, the learner will be able to meet these objectives:

Describe the need for advanced protocol handling

Describe how the security appliance implements inspection of common network applications

Describe the issues with multimedia applications and how the security appliance supports multimedia call control and audio sessions


Advanced Protocol Handling

Protocol Application Inspection

Multimedia Support


Lab 11-1: Configure Advanced Protocol Inspection on the Security Appliance


Lesson 12: Configuring Threat Detection This lesson describes how to use the threat detection capabilities of the security appliance to better defend the network. Upon completing this lesson, the learner will be able to meet these objectives:

Describe threat detection and threat statistics

Configure basic threat detection

Configure scanning threat detection

Configure and view threat detection statistics


Threat Detection Overview

Basic Threat Detection

Scanning Threat Detection

Configuring and Viewing Threat Detection Statistics


Lab 12-1: Configure Threat Detection on the Security Appliance

Lesson 13: Configuring Site-to-Site VPNs Using Pre-Shared Keys This lesson describes how to configure Cisco security appliances for VPN connectivity. Upon completing this lesson, the learner will be able to meet these objectives:

Describe how security appliances enable a secure VPN

Perform the tasks necessary to configure security appliance IPsec support

Identify the commands to configure security appliance IPsec support

Configure a VPN between security appliances


Secure VPNs

How IPsec Works

Preparing to Configure an IPsec VPN

Configuring a Site-to-Site VPN Using Pre-Shared Keys

Modifying the Site-to-Site VPN Configuration

Test and Verify VPN Configuration


Lab 13-1: Configure Security Appliance Site-to-Site VPN


Lesson 14: Configuring Security Appliance Remote-Access VPNs This lesson describes how to configure security appliances for secure remote access. Upon completing this lesson, the learner will be able to meet these objectives:

Describe Cisco Easy VPN

Describe the Cisco VPN Client

Configure an IPsec Remote-Access VPN

Configure users and groups



Overview of Cisco VPN Client

Configuring Remote-Access VPNs

Configuring Users and Groups


Lab 14-1: Configure a Secure VPN Using IPsec Between a Security Appliance and a Cisco VPN Client

Lesson 15: Configuring the Cisco ASA Security Appliance for SSL VPN This lesson describes how to configure Cisco ASA security appliances to support the SSL VPN feature set. Upon completing this lesson, the learner will be able to meet these objectives:

Describe SSL VPN and its purpose

Use the SSL VPN Wizard to configure a basic Clientless SSL VPN connection

Verify SSL VPN operations


SSL VPN Overview

Using the SSL VPN Wizard to Configure Clientless SSL VPN

Verifying Clientless SSL VPN Operations


Lab 15-1: Configure the Security Appliance to Provide Secure Clientless SSL VPN Connectivity

Lesson 16: Configuring Transparent Firewall Mode This lesson describes how to configure Cisco security appliances to run in transparent firewall mode. Upon completing this lesson, the learner will be able to meet these objectives:

Explain the purpose of transparent firewall mode

Explain how data traverses a security appliance in transparent mode


Enable transparent firewall mode

Monitor and maintain transparent firewall mode


Transparent Firewall Mode Overview

Traversing a Security Appliance in Transparent Mode

Configuring Transparent Firewall Mode

Monitoring and Maintaining Transparent Firewall Mode


Lab 16-1: Configure Security Appliance Transparent Firewall

Lesson 17: Configuring Security Contexts This lesson describes how to configure the security appliance to support multiple contexts. Upon completing this lesson, the learner will be able to meet these objectives:

Explain the purpose of security contexts

Enable and disable multiple context mode

Configure a security context

Allocate resources to security contexts

Manage a security context


Security Context Overview

Enabling Multiple Context Mode

Configuring Security Contexts

Managing Security Contexts


Lesson 18: Configuring Failover This lesson describes how to implement and configure failover in a network. Upon completing this lesson, the learner will be able to meet these objectives:

Describe the difference between hardware and stateful failover

Describe the difference between active/standby and active/active failover

Define the security appliance failover hardware requirements

Describe how active/standby failover works

Explain the security appliance roles of primary, secondary, active, and standby

Describe how active/active failover works

Configure active/standby LAN-based failover


Configure active/active failover

Enable the stateful failover option for maximum availability

Describe and use remote command execution


Understanding Failover

Configuring Redundant Interfaces

Active/Standby LAN-Based Failover Configuration

Active/Active Failover Configuration

Remote Command Execution


Lab 18-1: Configure LAN-Based Active/Standby Failover

Lab 18-2: Configure LAN-Based Active/Active Failover

Lesson 19: Managing the Security Appliance This lesson describes how to secure and upgrade system access to the security appliance and recover from problems. Upon completing this lesson, the learner will be able to meet these objectives:

Configure Telnet access to the security appliance

Configure SSH access to the security appliance

Configure command authorization

Recover security appliance passwords using general password recovery procedures

Use TFTP to install and upgrade the software image on the security appliance


Managing System Access

Configuring Command Authorization

Managing Configurations

Managing Images and Activation Keys


Lab 19-1: Manage the Security Appliance


SNAA - Course Outline

Overview Securing Networks with Cisco ASA Advanced (SNAA) v1.0 is a five-day, instructor-led, lab-intensive course, which will be delivered by Cisco Learning Partners. This task-oriented course teaches the knowledge and skills needed for advanced configuration, maintenance, and operation of the Cisco ASA 5500 Series Adaptive Security Appliances.


Configure policy NAT based on traffic type

Describe the Layer 7 Modular Policy Framework for the security appliance and how it is configured

Describe the Layer 7 advanced protocol handling capabilities of Modular Policy Framework and how it is configured

Identify the steps needed to configure the security appliance to segment traffic with VLANs

Identify the steps need to configure the security appliance for dynamic routing

Explain the components and functionality of IPsec, and explain what digital certificates are and how they are used

Identify the steps needed to configure the security appliance to establish LAN-to-LAN tunnels with the digital certificate

Identify the necessary steps to configure the IPsec VPN client using digital certificates

Identify the necessary steps to configure the security appliance for remote access using digital certificates

Explain the advanced remote access features of the security appliance

Determine the necessary configuration for the ASA 5505 Adaptive Security Appliance to be a VPN hardware client

Identify the steps to configure QoS for VPN traffic

List the steps needed to configure the WebVPN functionality of the security appliance

Identify the basic Clientless SSL VPN features of the security appliance

Configure full network access SSL VPNs using the Cisco AnyConnect VPN Client

List the features and functionality of the Cisco Secure Desktop

Configure Cisco Secure Desktop and DAP for SSL VPN connections on the security appliance

Identify and list the characteristics of the service modules for the security appliance

Identify the steps needed to configure, inspect, and filter traffic with the Cisco CSC-SSM


Identify the steps needed to configure the security appliance to identify, alert, and defend against attacks

High-Level Course Outline This section provides an overview of how the course is organized. The course contains these components:

Advanced NAT

Advanced Protocol Handling

Dynamic Routing and Switching

IPsec VPNs

SSL VPNs

Security Services Modules

Appendix: Handling Multimedia Protocols

Appendix: Using Cisco ASA Multicast

Lab Guide


Module 1: Advanced NAT Explain how the Cisco ASA security appliance performs NAT, the order of NAT matching, and policy-based NAT with the use of ACLs.

Lesson 1: Applying NAT 0 and Policy NAT This lesson defines how to describe how to configure NAT based on traffic type and the appropriate policy. Upon completing this lesson, the learner will be able to meet these objectives:

Describe how to configure ACLs for the security appliance

Describe the function of NAT and how to implement basic NAT

Describe NAT 0 function and the steps necessary to implement NAT 0

Describe policy NAT and the steps necessary to implement policy NAT

Explain how to verify and troubleshoot NAT configuration and operation


ACLs

NAT

Translation Behavior

NAT Exemption

Policy NAT

Verify and Troubleshoot



Lab 1-1: Implementing Advanced NAT

Module 2: Advanced Protocol Handling Describe Cisco Modular Policy Framework for the security appliance and how it is configured as it applies to Layer 7 application inspection.

Lesson 1: Applying the Cisco Modular Policy Framework This lesson explains how to describe and configure a Layer 7 modular policy. Upon completing this lesson, the learner will be able to meet these objectives:

Describe the Cisco Modular Policy Framework capabilities of the security appliance

Configure a modular policy on the security appliance using Cisco ASDM

Create a Layer 7 class map

Create a regular expression class map

Create a Layer 7 policy map

Describe the commands used to verify a Cisco Modular Policy Framework configuration


Cisco Modular Policy Framework Overview

Configuring the Cisco Modular Policy Framework

Configuring a Layer 7 Class Map

Configuring a Regular Expression Class Map

Configuring a Layer 7 Policy Map

Verifying the Cisco Modular Policy Framework Configuration

The lesson includes no activities.

Lesson 2: Handling Advanced Protocols

This lesson explains how to configure and troubleshoot inspection of several common network protocols. Upon completing this lesson, the learner will be able to meet these objectives:

Describe the protocol inspection capabilities of the Cisco ASA security appliance

Explain how to configure FTP inspection

Explain how to configure HTTP inspection

Explain how to configure IM inspection

Explain how to configure ESMTP inspection

Explain how to configure DNS inspection

Explain how to configure ICMP inspection

Use show commands to verify that protocol inspection is configured

Use debug commands to verify that protocol inspection is working properly



Protocol Inspection Overview

FTP Inspection

HTTP Inspection

IM Inspection

ESMTP Inspection

DNS Inspection

ICMP Inspection

Protocol Inspection Verification


Lab 2-1: Configuring Advanced Protocol Inspection

Module 3: Dynamic Routing and Switching Explain the dynamic routing and switching functionalities of the Cisco ASA security appliance.

Lesson 1: Switching with VLANs This lesson defines how to describe and configure the switching functionality that the security appliance provides. Upon completing this lesson, the learner will be able to meet these objectives:

Describe the VLAN capabilities of the security appliance

Explain the steps necessary to configure VLANs on the security appliance

Explain the steps necessary to configure interfaces on the Cisco ASA 5505 Adaptive Security Appliance

Use show commands to verify VLAN operations


Cisco ASA VLAN Operations

VLAN Configuration

VLAN Configuration on the Cisco ASA 5505

VLAN Verification


Lesson 2: Routing with Dynamic Protocols This lesson explains how to identify the steps needed to configure the security appliance for dynamic routing. Upon completing this lesson, the learner will be able to meet these objectives:

Describe the differences between the dynamic and static routing capabilities of the security appliance

Configure the security appliance for active RIP routing

Configure the security appliance for OSPF routing


Configure the security appliance for EIGRP routing

Configure the security appliance for route redistribution

Use show and debug commands to verify routing configuration and that the routing configuration is working properly


Dynamic and Static Routing

RIP

OSPF

EIGRP

Redistribution

Verification and Troubleshooting


Lab 3-1: Dynamic Routing with EIGRP and OSPF

Module 4: IPsec VPNs

Explain the IP Security (IPsec) virtual private network (VPN) features and capabilities of the security appliance.

Lesson 1: Understanding IPsec and Digital Certificates This lesson defines how to explain the components and the functionality of IPsec and explains what digital certificates are and how they are used. Upon completing this lesson, the learner will be able to meet these objectives:

Describe IPsec and the components that define IPsec

Describe how IPsec works

Describe how digital certificates and Public-Key cryptography work

Describe the scalability that is achieved by using certificates

Describe the purpose of CRLs and the protocols used for CRLs

Describe key pairs and trustpoints


What is IPsec?

IPsec Operation

Digital Certificates and Public-Key Cryptography

Certificates and Scalability

Certificate Enrollment Process

Validating the Certificate

Certificate Revocation Lists

Security Appliance Certificate Enrollment Support


Key Pairs and Trustpoints


Lesson 2: Implementing Site-to-Site VPNs with Digital Certificates This lesson defines how to configure the security appliance to establish site-to-site tunnels using digital certificates. Upon completing this lesson, the learner will be able to meet these objectives:

Describe the components of site-to-site VPNs

Explain the steps necessary to configure the Cisco ASA security appliance to use digital certificates

Define interesting traffic with ACLs

List the steps needed to configure an ISAKMP policy for site-to-site VPNs

List the steps necessary to define IPsec transform set

Explain the steps needed to configure a site-to-site VPN using digital certificates

Configure a crypto map for site-to-site VPNs

Configure the Cisco ASA security appliance for hub-and-spoke site-to-site connections

Configure site-to-site redundancy

Use show commands to verify the configuration of site-to-site VPNs

Use debug commands to verify that the configuration of site-to-site VPNs is working properly


Site-to-Site VPNs

Configuring CA Certificates

Site-to-Site IPsec Connection Profiles

Modifying Certificate to Connection Mapping

Hub and Spoke

Site-to-Site Redundancy

Verifying Site-to-Site VPNs

Troubleshooting Site-to-Site VPNs


Lab 4-1: Site-to-Site with Digital Certificates

Lesson 3: Configuring the Cisco VPN Client This lesson defines how to configure the Cisco VPN Client by using digital certificates for authentication. Upon completing this lesson, the learner will be able to meet these objectives:

Describe the key features and benefits of the Cisco VPN Client

Describe the steps necessary to install the Cisco VPN Client


Describe the steps needed to configure and install digital certificates on the Cisco VPN Client

List the connection entry configuration options available on the Cisco VPN Client

List the advanced configuration options available on the Cisco VPN Client

Describe the setting and options that would verify and troubleshoot the Cisco VPN Client configuration


Cisco VPN Client

Cisco VPN Client Installation

Digital Certificates with Cisco VPN Client

Connection Entry

Advanced Options

Verify and Troubleshoot Client Configuration


Lesson 4: Implementing Remote-Access VPNs with Digital Certificates This lesson defines how to configure the security appliance for remote access using digital certificates. Upon completing this lesson, the learner will be able to meet these objectives:

Describe the components of remote-access VPNs

Describe the general tasks for configuring a Cisco ASA security appliance to support Cisco Easy VPN Remote client access

Configure the Cisco ASA security appliance to use digital certificates manually

Define an address pool for remote-access VPN connections

Explain the user policy inheritance that is determined by the Cisco ASA security appliance

Configure an IPsec connection profile to support digital certificates

Configure a certificate to connection policy to map the identity certificate to the proper connection profile

Use Cisco ASDM graphs and show commands to verify the operation of remote-access VPNs

Use logging and debug commands to troubleshoot remote-access VPNs


Remote-Access VPNs

Configuring a Cisco ASA for Remote Access

Installing Cisco ASA Certificates

Defining a Remote-Access Address Pool

User Policy Attribute Inheritance

Configuring an IPsec Connection Profile


Configuring the Certificate to Connection Profile Policy

Verifying Remote-Access VPNs

Troubleshooting Remote-Access VPNs


Lab 4-2: Remote Access with Digital Certificates

Lesson 5: Configuring Advanced Remote-Access Features and Policy This lesson defines how to explain these remote-access features and configure the Cisco ASA security appliance to use them. Upon completing this lesson, the learner will be able to meet these objectives:

Use Cisco ASDM to configure advanced policy features of load balancing

Use Cisco ASDM to configure reverse route injection for VPN connections

Use Cisco ASDM to configure a backup server for the VPN connections

Use Cisco ASDM to configure intra-interface VPN traffic forwarding on the Cisco ASA security appliance

Use Cisco ASDM to configure NAT transparency for VPN connection behind a NAT device

Use Cisco ASDM to configure IPsec over TCP for VPN connection behind a NAT device

Use Cisco ASDM to configure certificate group mapping for IPsec connections using certificates

Use Cisco ASDM to configure client updates for VPN software and hardware clients

Use Cisco ASDM to configure the tunnel policy for personal firewalls and split tunneling


Load Balancing

Reverse Route Injection

Backup Servers

Intra-Interface VPN Traffic

NAT Transparency

Client Update

Split Tunneling

Personal Firewalls



Lesson 6: Configuring the ASA 5505 as a Cisco Easy VPN Hardware Client This lesson defines how to configure security appliances for secure remote access. Upon completing this lesson, the learner will be able to meet these objectives:

Describe Cisco Easy VPN and its two components

Describe how group policy is determined on the VPN hardware client

Configure the ASA 5505 Adaptive Security Appliance as a Cisco Easy VPN Remote



Cisco Easy VPN Server Policy

Cisco Easy VPN Hardware Client


Lab 4-3: Cisco ASA 5505 Easy VPN Hardware Client

Lesson 7: Configuring QoS for IPsec VPNs This lesson defines how to identify the steps to configure QoS for VPN tunnel traffic. Upon completing this lesson, the learner will be able to meet these objectives:

Describe the QoS features of the Cisco ASA 5500 Series Adaptive Security Appliance

Configure QoS on the Cisco ASA 5500 Series Adaptive Security Appliance for VPN tunnel traffic

Verify the QoS for VPN tunnel traffic configuration of the Cisco ASA 5500 Series Adaptive Security Appliance


QoS Overview

Cisco ASA QoS

Configuring QoS for VPNs

Verifying QoS



Module 5: SSL VPNs Explain the Secure Sockets Layer (SSL) VPN features and capabilities of the security appliance.

Lesson 1: Understanding SSL VPN Technology This lesson defines how to describe SSL, its use in SSL VPNs, and how it can be deployed in an enterprise network. Upon completing this lesson, the learner will be able to meet these objectives:

Describe the characteristics of SSL

Describe SSL VPN components

Describe Cisco Secure Desktop


SSL Overview

Clientless SSL VPN

Cisco Secure Desktop


Lesson 2: Configuring Clientless SSL VPNs This lesson defines how to describe and configure a Cisco ASA security appliance for Clientless SSL VPN connections from remote users. Upon completing this lesson, the learner will be able to meet these objectives:

Configure Clientless SSL VPN

Configure Clientless SSL VPNs to use port forwarding

Configure additional features for Clientless SSL VPNs

Configure smart tunnels for non-plug-in supported applications

Use debug and show commands to verify Clientless SSL VPN configuration


Configuring Clientless SSL VPN

Verifying Clientless SSL VPN Operation

Configuring Port-Forwarding SSL VPN

Verifying Port-Forwarding SSL VPN

Configuring Additional SSL VPN Features

Troubleshooting Clientless and Port-Forwarding SSL VPNs


Lab 5-1: Clientless SSL VPNs


Lesson 3: Configuring Full Network Access SSL VPNs This lesson defines how to describe and configure the Cisco ASA security appliance for Full Network Access SSL VPN using the Cisco AnyConnect VPN Client. Upon completing this lesson, the learner will be able to meet these objectives:

Describe the features of the Cisco AnyConnect VPN Client

Describe the different installation methods available for the Cisco AnyConnect VPN Client

Configure DTLS for the Cisco AnyConnect VPN Client

Configure the advanced features of the Cisco AnyConnect VPN Client

Configure Certificate-Based Authentication for the Cisco AnyConnect VPN Client

Verify Cisco AnyConnect VPN Client operation

Troubleshoot Cisco AnyConnect VPN Client operation


Cisco Full Network Access SSL VPN Overview Configuring Cisco AnyConnect SSL VPN

Verifying Cisco AnyConnect VPN Operation

Configuring Advanced Features for the Cisco AnyConnect VPN Client

Configuring Certificate-Based Authentication for the Cisco AnyConnect SSL VPN

Troubleshooting Cisco AnyConnect VPN Client Operation


Lab 5-2: SSL VPNs with the Cisco AnyConnect Client

Lesson 4: Cisco Secure Desktop This lesson defines how to describe the features available for Cisco Secure Desktop, how Cisco Secure Desktop interacts with other Cisco clients, and what steps are required to install the Cisco Secure Desktop image. Upon completing this lesson, the learner will be able to meet these objectives:

Describe the functionality of Cisco Secure Desktop

Describe the interoperability of the Cisco AnyConnect VPN Client

Install or upgrade the Cisco Secure Desktop image

List the steps necessary to install Cisco Secure Desktop


Cisco Secure Desktop Overview

Cisco Secure Desktop Interoperability

Preparing the Cisco ASA for Cisco Secure Desktop



Lesson 5: Securing the Desktop with Cisco Secure Desktop and DAP This lesson defines how to configure Cisco Secure Desktop and configure Dynamic Access Policies (DAP) for SSL VPN client and clientless connections. Upon completing this lesson, the learner will be able to meet these objectives:

Describe the Cisco Secure Desktop Workflow for SSL VPN client and clientless connections

Configure Cisco Secure Desktop for SSL VPN client and clientless connections

Configure Advanced Endpoint Assessment for SSL VPN client and clientless connections

Configure DAP for SSL VPN client and clientless connections


Cisco Secure Desktop Workflow

Prelogin Assessment

Secure Session

Cache Cleaner

Host Emulation and Keystroke Logger Detection

Host Scan

Dynamic Access Policy

DAP Testing


Lab 5-3: Cisco Secure Desktop and Dynamic Access Policy

Module 6: Security Services Modules Explain the features and capabilities of the security services modules of the security appliance.

Lesson 1: Examining the Cisco SSMs This lesson defines how to identify and list the characteristics of the services modules for the Cisco ASA security appliance. Upon completing this lesson, the learner will be able to meet these objectives:

Identify the hardware characteristics of the Cisco SSM

Explain the business needs for deploying a Cisco SSM

List the security functions of the different types of application SSMs


Business Challenges

Cisco SSMs

CSC-SSM

AIP-SSM

AIP-SSM or CSC-SSM



Lesson 2: CSC-SSM: Getting Started This lesson defines how to describe how to configure the Cisco Content Security and Control Security Services Module (CSC-SSM). Upon completing this lesson, the learner will be able to meet these objectives:

Describe the how to initialize the CSC-SSM

Load the CSC-SSM with the new operating system from the CLI

Initialize and activate the CSC-SSM from the CLI

Configure the CSC-SSM to scan, using the CSC Setup Wizard from Cisco ASDM


CSC-SSM Overview

CSC-SSM Software Loading

Initial CLI Cisco CSC Configuration

Initially Configuring the CSC-SSM with the Cisco ASDM CSC Setup Wizard


Lesson 3: AIP-SSM: Getting Started This lesson defines how to initialize a Cisco Adaptive Security Appliance Advanced Inspection and Prevent Security Services Module (AIP-SSM). Upon completing this lesson, the learner will be able to meet these objectives:

Explain how the Cisco SSM modules operate within the Cisco ASA security appliance

Upload the Cisco IPS image to the AIP-SSM

Perform the initial configuration of the AIP-SSM

Configure a Cisco IPS security policy using Cisco ASDM


AIP-SSM Overview

AIP-SSM Software Loading

Initial Cisco IPS ASDM Configuration

Configure a Cisco IPS Security Policy


Lab 6-1: Initializing AIP-SSM


MARS - Course Management

Overview

Welcome to Implementing Cisco Security Monitoring, Analysis, and Response System (MARS) v3.0. Cisco Security MARS extends the portfolio of security management products for the Cisco Self-Defending Network initiative. Cisco Security MARS offers a family of high-performance, scalable appliances for threat management, monitoring, and mitigation, enabling customers to make more effective use of network and security devices.

Cisco Security MARS combines network intelligence, context correlation, vector analysis, anomaly detection, hotspot identification, and automated mitigation capabilities. The result is a system that helps customers to readily and accurately identify, manage, and eliminate network attacks and maintain network security compliance.

The purpose of this Course Administration Guide is to provide Cisco Learning Partners with information so that they can better administer the course content and labs.


Describe a Cisco Security MARS solution and its role in Cisco Threat-Defense System management

Describe the software components of Cisco Security MARS architectural design

Configure the network reporting devices to work with the Cisco Security MARS appliance

Describe the key concepts involved in using network reporting and mitigation devices with the Cisco Security MARS appliance

Use the Summary page to view the security status of your network

Describe and configure a rule that detects interesting patterns of network activity and other anomalous network behavior


Describe the process of generating queries and reports in a Cisco Security MARS appliance

Describe the process of incident investigation on a Cisco Security MARS appliance

Configure user-defined log parser templates on the Cisco Security MARS appliance

Integrate Cisco Security Manager and Cisco Security MARS

Perform system maintenance tasks on the Cisco Security MARS appliance

Identify common issues about Cisco Security MARS

Describe the features and functions of the Cisco Security MARS Global Controller

Summarize the key functionalities of Cisco Security MARS technologies at work



Course Introduction The Course Introduction provides learners with the course objectives and prerequisite learner skills and knowledge. The Course Introduction presents the course flow diagram and the icons that are used in the course illustrations and figures. This course component also describes the curriculum for this course, providing learners with the information that they need to make decisions regarding their specific learning path.

Overview: Cisco Security Monitoring, Analysis and Response System (Cisco Security MARS) v3.0 is an update to Cisco Security Monitoring, Analysis and Response System (Cisco Security MARS) v2.0, an existing four-day instructor-led course on using Cisco Security MARS Software Versions 4.3.1 and 5.3.1. The lab setup and activities are based on the newer version of the virtual software VM-MARS 4.3.4 and VM-CSM 3.2. Upon completion of this course, the learner will have the skills and knowledge to implement the Cisco Security MARS solution into a network. Learners will learn Cisco Security MARS tasks such as quick install; adding security and network devices; creating rules, reports and queries; incident investigation; and performing system maintenance. Learners will install, configure, and administer Cisco Security MARS to protect a network.

Learner Skills and Knowledge: Here are the required learner skills and knowledge:

— Cisco CCSP certified or equivalent knowledge

— Passage of the Securing Cisco IOS Networks (SECUR) exam (642-501), the Securing Networks with Cisco Routers and Switches (SNRS) exam (642-502), or both

— At least six months of practical experience configuring Cisco routers and security products

— Familiarity with implementing network security policies and these networking components and concepts:

Perimeter security system components: perimeter router, firewall, intrusion prevention system (IPS), virtual private network (VPN), and demilitarized zone (DMZ) host

Servers: Cisco Security Manager; syslog; authentication, authorization, and accounting (AAA); Cisco Secure Access Control Server (Cisco Secure ACS); and FTP

Protocols: syslog, Simple Network Management Protocol (SNMP), Secure Shell (SSH), FTP, and Telnet


Lesson 1: Introducing Cisco Security Monitoring, Analysis, and Response System Lesson objective: Describe a Cisco Security MARS solution and its role in Cisco Threat-Defense System management. This ability includes being able to meet these objectives:

Describe effective security monitoring and management concepts

Describe Cisco Self-Defending Network

Describe a Cisco Security MARS solution

Provide an overview of Cisco Security MARS terminology

Describe Cisco Security MARS technologies


Effective Security Monitoring and Management

Cisco Self-Defending Network and the Role of Cisco Security MARS

Cisco Security MARS

Cisco Security MARS Terminology

Cisco Security MARS Technologies

Cisco Security MARS User Interface

Cisco Security MARS Product Portfolio

Lesson 2: Understanding the System Architecture Lesson objective: Describe the software components of Cisco Security MARS architectural design. This ability includes being able to meet these objectives:

Provide an overview of Cisco Security MARS software components.

Describe STM process flow and the corresponding architectural components of Cisco Security MARS in detail.


Cisco Security MARS Software Components

Cisco Security MARS Process Flow Details


Lesson 3: Configuring a Cisco Security MARS Appliance Lesson objective: Configure the network reporting devices to work with the Cisco Security MARS appliance. This ability includes being able to meet these objectives:

Provide an overview of the initial Cisco Security MARS configuration

Provide brief overviews of each of the six tasks involved in configuring the appliance

Describe guidelines for deploying a Cisco Security MARS appliance


Initial Cisco Configuration Overview

Scenario: Configuration Tasks

Deployment Planning Guidelines


Pre-Lab Activity: Accessing the Remote Lab

Lab 3: Accessing the Cisco Security MARS Appliance

Lesson 4: Adding Reporting and Mitigation Devices Lesson objective: Describe the key concepts involved in using network reporting and mitigation devices with the Cisco Security MARS appliance. This ability includes being able to meet these objectives:

Provide an overview of the reporting and mitigation devices that can be used with the Cisco Security MARS appliance

Describe different methods of providing Cisco Security MARS with the data that is required to study the activities on the network

Provide an overview of integrating Cisco Security MARS with third-party applications


Overview of Reporting and Mitigation Devices

Scenario: Adding a Cisco Reporting Device and Enabling NetFlow

Data-Enabling Features of Cisco Security MARS

Integrating Cisco Security MARS with Third-Party Applications


Lab 4-1: Adding Reporting Devices and Enabling NetFlow

Lab 4-2: Configuring the Syslog Forwarding Feature


Lesson 5: Viewing the Summary Page Lesson objective: Use the Summary page to view the security status of your network. This ability includes being able to meet these objectives:

Describe the Summary page on a the Cisco Security MARS appliance

Describe the Dashboard tab on the Cisco Security MARS Summary page

Describe the Network Status tab of the Cisco Security MARS Summary page

Describe the My Reports tab of the Cisco Security MARS Summary page


Summary Page Overview

Dashboard

Network Status

My Reports

Scenario: Getting Information from the Summary Page


Lab 5: Generating Summary Reports

Lesson 6: Managing Rules Lesson objective: Describe and configure a rule (or rules) that detects interesting patterns of network activity and other anomalous network behavior. This ability includes being able to meet these objectives:

Provide an overview of rules in Cisco Security MARS

Describe and configure system and user inspection rules

Describe and configure drop rules

Provide an overview of rule and report groups


Rules Overview

Working with System and User Inspection Rules

Working with Drop Rules

Rule Groups Overview


Lab 6-1: Configuring Cisco Security MARS Event Types

Lab 6-2: Configuring an Inspection Rule


Lesson 7: Understanding Queries and Reports Lesson objective: describe the process of generating queries and reports in a Cisco Security MARS appliance. This ability includes being able to meet these objectives:

Provide an overview of the Query page and demonstrate how to generate a query

Provide an overview of the Reports page and demonstrate how to create scheduled report


Query Page

Scenario: Configuring a Query

Reports Page

Scenario: Configuring a System Report


Lab 7: Performing a Query and Creating a Custom Report

Lesson 8: Investigating and Mitigating Incidents Lesson objective: Describe the process of incident investigation on a Cisco Security MARS appliance. This ability includes being able to meet these objectives:

Provide an overview of incidents

Describe the Incidents submenu and incident investigation process

Describe the role of Cisco Security MARS in a network

Describe false positive terminology and the key elements of the False Positives page

Describe the Case Management feature of Cisco Security MARS

Describe how to configure a case to track an incident

Describe the prerequisites and the process of sending notifications

Discuss the case study on preventing the W32 Blaster worm


Incidents Overview

Incidents

Scenario: Role of Cisco Security MARS in Your Network

False Positives

Case Management

Scenario: Configuring a Case to Track an Incident

Configuring Notifications

Case Study: Preventing the W32 Blaster Worm


Lab 8: Performing Incident Investigation and Mitigation


Lesson 9: Working with User-Defined Log Parser Templates Lesson objective: Describe and configure user-defined log parser templates on the Cisco Security MARS appliance. This ability includes being able to meet these objectives:

Describe user-defined log parser templates

Describe how to configure a custom parser


Overview of User-Defined Log Parser Templates

Scenario: Configuring a Customer Parser


Lab 9: Configuring the Custom Parser

Lesson 10: Integrating with Cisco Security Manager Lesson objective: Integrate Cisco Security Manager and Cisco Security MARS. This ability includes being able to meet these objectives:

Describe Cisco Security Manager and Cisco Security MARS integration

Demonstrate how to add a Cisco Security Manager server to a Cisco Security MARS appliance and then invoke Cisco Security Manager Policy Table Lookup from Cisco Security MARS


Overview of Cisco Security Manager Policy Table Lookup

Scenario: Invoking Cisco Security Manager Policy Table Lookup from Cisco Security MARS


Lab 10: Performing Cisco Security Manager Policy Lookup

Reference At this point in the class, it is recommended that the instructor run the IPS-CSM-MARS.zip file to demonstrate the IPS-CSM-MARS integration feature. The demonstration file is included in the instructor CD.

Lesson 11: Managing and Administering the System Lesson objective: Perform system maintenance tasks on the Cisco Security MARS appliance. This ability includes being able to meet these objectives:

Describe the event, addressing, service, and user management tasks that can be performed in Cisco Security MARS

Provide an overview of the Cisco Security MARS appliance system maintenance tasks

Describe how Cisco Security MARS can discover the new signatures on IPS devices

Describe the software upgrade process in Cisco Security MARS appliance

Describe the caveats and process of migrating data from a 4.3.x to 5.3.x Cisco Security MARS appliance



Management Overview

Overview of System Maintenance Tasks

IPS Signature Dynamic Update Settings

Upgrading the Cisco Security MARS Appliance Software

Migrating Data from Cisco Security MARS 4.3.x to 5.3.x


Lab 11-1: Reviewing the CLI and Upgrading the Device Version

Lab 11-2: Configuring IPS Auto Signature Download

Lab 11-3: Configuring AAA RADIUS Authentication and Working with the Account Locking and Session Timeout Menu

Lab 11-4: Retrieving Raw Messages

Lesson 12: Troubleshooting and Optimizing Cisco Security MARS Lesson objective: Identify common issues about the Cisco Security MARS. This ability includes being able to meet these objectives:

Describe common hardware issues with the Cisco Security MARS appliance

Describes common configuration issues with the Cisco Security MARS appliance

Discuss communications issues between a Global Controller and the Local Controllers it manages

Describes the parameters to consider when sizing the Cisco Security MARS deployment

Provide general recommendations for tuning Cisco Security MARS appliances

Provide general recommendations for securing Cisco Security MARS appliances


Hardware Installation Issues

Device Configuration Issues

Global Controller-to-Local Controller Communications

Sizing Cisco Security MARS Deployment

Tuning Cisco Security MARS

Securing Cisco Security MARS


Lesson 13: Using the Cisco Security MARS Global Controller Lesson objective: Describe the features and functions of the Cisco Security MARS Global Controller. This ability includes being able to meet these objectives:

Provide an overview of the Cisco Security MARS Global Controller and its functions and architecture

Describe the procedure to set up and perform the initial configuration on the Cisco Security MARS Global Controller

Describe the user interface and Summary page of the Cisco Security MARS Global Controller

Describe incident investigation on the Cisco Security MARS Global Controller

Describes the Query and Reports tab options of the Cisco Security MARS Global Controller

Describe how to configure rules on the Cisco Security MARS Global Controller that are propagated down to the Cisco Security MARS Local Controller

Describe the steps to configure the administration and management features of the Cisco Security MARS Global Controller

Describe the system maintenance tasks for the Cisco Security MARS Global Controller


Cisco Security MARS Global Controller Overview

Configuring the Cisco Security MARS Global Controller

Summary Tab

Incidents Tab

Queries and Reports

Rules Tab

Management Tab

System Maintenance Tab

Lesson 14: Course Review: Cisco Security MARS at Work Lesson objective: Summarize the key functionalities of Cisco Security MARS technologies at work. This ability includes being able to meet these objectives:

Describe how the Cisco Security MARS appliance is providing STM functionality, given a scenario


Cisco Security MARS At Work


CANAC - Course Outline

Overview The Cisco Self-Defending Network (SDN) strategy addresses the need for Network Admission Control (NAC). The Cisco NAC Appliance is an easily deployed software NAC solution that can automatically detect, isolate, and clean infected or vulnerable devices that attempt to access your network. The Implementing Cisco NAC Appliance (CANAC) v2.1 course provides learners with the skills and knowledge needed to implement the Cisco NAC Appliance solution as a part of a Cisco SDN security strategy.


Given client network security requirements, explain how a Cisco NAC Appliance deployment scenario will meet or exceed network security requirements

Configure the common elements of a Cisco NAC Appliance solution

Configure the Cisco NAC Appliance in-band and out-of-band implementation options

Implement a highly available Cisco NAC Appliance solution to mitigate network threats and facilitate network access for those users that meet corporate security requirements

Maintain a highly available Cisco NAC Appliance deployment in medium and enterprise network environments


Course Introduction

Cisco NAC Endpoint Security Solutions

Cisco NAC Appliance Common Elements Configuration

Cisco NAC Appliance Implementation

Cisco NAC Appliance Implementation Options

Cisco NAC Appliance Monitoring and Administration


Detailed Course Outline This in-depth outline of the course structure lists each module, lesson, and topic.

Module 1: Cisco NAC Endpoint Security Solutions Given a client's network security requirements, explain how a Cisco NAC Appliance deployment scenario will meet or exceed network security requirements.

Lesson 1: Introducing Cisco Self-Defending Networks This lesson defines how the Cisco SDN strategy can meet network security requirements. Upon completing this lesson, the learner will be able to meet these objectives:

Describe the key factors that are causing changes to network security

Describe the role of each of the three components of the Cisco host-protection strategy

Describe the Cisco SDN strategy

Describe Cisco NAC products


Changing Landscape of Security

Cisco Host-Protection Strategy

The Cisco SDN Initiative

Cisco NAC Products

Lesson 2: Introducing Cisco NAC Appliance This lesson defines how to describe the Cisco NAC Appliance solution. Upon completing this lesson, the learner will be able to meet these objectives:

Summarize how the Cisco NAC Appliance solution controls and secures networks

Describe the components of a Cisco NAC Appliance solution

Describe the supported platforms for a Cisco NAC Appliance solution

Explain how Cisco NAC Appliance enforces compliance for remote and local users

Summarize how to configure a Cisco NAC Appliance solution

Navigate through the Cisco NAC Appliance web-based GUI


Cisco NAC Appliance Solution

Cisco NAC Appliance Components

Cisco NAC Appliance Platforms

Cisco NAC Appliance Local and Remote Compliance Scenarios

Cisco NAC Appliance Configuration Overview

Cisco NAC Appliance User Interface


This lesson includes this activity:

Preparing the Cisco NAM to Support Web-Based Administration Console Configuration

Lesson 3: Introducing In-Band and Out-of-Band Deployment Options This lesson defines how to deploy Cisco NAC Appliance to protect against specified threats. Upon completing this lesson, the learner will be able to meet these objectives:

Describe the Cisco NAS deployment options

Describe the in-band and out-of-band deployment options

Describe the key features of a Cisco NAC Appliance out-of-band deployment

Describe the key features of a Cisco NAC Appliance in-band deployment

Describe the Cisco NAS operating modes for an in-band and out-of-band deployment


Cisco NAS Deployment Options

In-Band and Out-of-band Deployment Options

Cisco NAC Appliance Out-of-Band Deployment

Cisco NAC Appliance In-Band Deployment

Cisco NAS Operating Modes

Module 2: Cisco NAC Appliance Common Elements Configuration Configure the common elements of a Cisco NAC Appliance solution.

Lesson 1: Configuring User Roles This lesson defines how to configure user roles in the Cisco NAC Appliance solution for a customer network scenario using the Cisco NAC Appliance Manager (Cisco NAM). Upon completing this lesson, the learner will be able to meet these objectives:

Describe user roles in Cisco NAC Appliance

Describe how to manage user roles

Explain traffic control policies for user roles

Describe how to configure traffic control policies for a user role

Describe how to create a local user account

Describe how to configure user session timeouts for user roles

Describe how to configure guest access for visitors or temporary users in a Cisco NAC Appliance network


What Is a User Role?

Managing User Roles

Defining Traffic Policies for User Roles

Configuring Traffic Policies for User Roles


Creating Local User Accounts

Configuring User Session Timeouts

Configuring Guest Access


Configuring User Roles

Lesson 2: Configuring External Authentication This lesson defines how to configure external authentication for users in a network using the Cisco NAM. Upon completing this lesson, the learner will be able to meet these objectives:

Describe how to configure the Cisco NAM to use external authentication providers

Describe how to map users to user roles when configuring external authentication

Describe how to test user authentication for configured external authentication providers

Describe how to configure RADIUS accounting for users in a Cisco NAC Appliance network


Configuring External Authentication Providers

Mapping Users to User Roles

Testing User Authentication

Configuring RADIUS Accounting for Users

Lesson 3: Configuring DHCP on the Cisco NAS This lesson defines how to configure the Cisco NAS for a DHCP-enabled network. Upon completing this lesson, the learner will be able to meet these objectives:

Describe Cisco NAS modes of operation for a DHCP-enabled network

Describe how to enable the Cisco NAS DHCP module

Describe how to configure the Cisco NAS to provide DHCP services

Describe how to manage generated subnets on the Cisco NAS

Describe how to configure the Cisco NAS to provide reserved IP addresses

Describe how to configure user-specified DHCP options on the Cisco NAS


Cisco NAS DHCP Modes

Enabling the DHCP Module

Configuring IP Ranges

Working with Subnets

Reserving IP Addresses

Configuring User-Specified DHCP Options


Module 3: Cisco NAC Appliance Implementation Configure the Cisco NAC Appliance in-band and out-of-band implementation options.

Lesson 1: Implementing Cisco NAC Appliance In-Band Deployment This lesson defines how to deploy the Cisco NAC Appliance in-band solution for Layer 2 and Layer 3 network environments. Upon completing this lesson, the learner will be able to meet these objectives:

Describe the Cisco NAC Appliance in-band process flow

Describe central and edge in-band deployment configurations for Cisco NAC Appliance

Describe how to configure the Cisco NAS for in-band deployment

Describe how to add the Cisco NAS to the Cisco NAM managed domain for in-band deployment

Describe how to use the Cisco NAM to configure the trusted and untrusted interfaces of the Cisco NAS

Describe how to add managed subnets on the Cisco NAS

Describe how to configure Cisco NAS VLAN settings


In-Band Process Flow

In-Band Deployment Configurations

Configuring the Cisco NAS for In-Band Deployment

Adding the Cisco NAS to the Managed Domain

Configuring the Cisco NAS Interfaces

Adding Managed Subnets

Configuring Cisco NAS VLAN Settings


Adding an In-Band Virtual Gateway Cisco NAS to the Cisco NAM

Lesson 2: Implementing the Microsoft Windows SSO Feature on the Cisco NAC Appliance This lesson defines how to configure the Cisco NAC Appliance Server (Cisco NAS) to support the NAC Appliance Microsoft Windows single sign-on (SSO) with Active Directory feature for client and server machines to meet customer remote access requirements. Upon completing this lesson, the learner will be able to meet these objectives:

Describe how Cisco NAC Appliance uses Windows SSO to ensure increased security

Summarize the process used by Microsoft Windows to exchange Kerberos tickets with the Cisco NAS

Describe how a Cisco NAS communicates with a Microsoft Windows Active Directory server

Describe the steps that are used to configure Active Directory SSO for the Cisco NAM, Cisco NAS, and Microsoft Windows Active Directory Server



Cisco NAC Appliance SSO for Microsoft Windows

Kerberos Ticket Exchange

Communicating Between Cisco NAS and a Microsoft Windows Active Directory Server

Configuring Active Directory SSO for the Cisco NAM, Cisco NAS, and Microsoft Windows Active Directory Server


Configuring the Microsoft Windows Active Directory SSO Feature on the Cisco NAC Appliance

Lesson 3: Implementing the Cisco VPN SSO Feature on the Cisco NAC Appliance This lesson defines how to use the Cisco NAC Appliance web-based administration console to configure the Cisco NAS to support Cisco VPN SSO devices. Upon completing this lesson, the learner will be able to meet these objectives:

Describe the Cisco NAC Appliance VPN SSO support for Cisco VPN concentrators and Cisco Adaptive Security Appliances (ASAs)

Explain how the SSO improves the use of VPN services with the Cisco NAC Appliance solution

Describe how to configure the Cisco NAC Appliance for Cisco VPN SSO device integration


Introducing Cisco NAC Appliance VPN SSO

Introducing VPN SSO Support

Configuring Cisco NAC Appliance for VPN Concentrator or ASA Integration


Configuring the Cisco VPN SSO Feature on the Cisco NAC Appliance

Lesson 4: Implementing Cisco NAC Appliance Out-of-Band Deployment This lesson defines how to deploy a Cisco NAC Appliance out-of-band solution for VLAN-based quarantine. Upon completing this lesson, the learner will be able to meet these objectives:

Describe the Cisco NAC Appliance out-of-band process flow

Describe the considerations for implementing the Cisco NAC Appliance out-of-band for central- and edge-deployment scenarios

Describe how to add an out-of-band Cisco NAS to the Cisco NAM

Describe how to implement the Cisco NAC Appliance out-of-band deployment for the different Cisco NAS operating modes



Out-of-Band Process Flow

Out-of-Band Deployment Considerations

Adding an Out-of-Band Cisco NAS to the Cisco NAM

Implementing Cisco NAS Out-of-Band Operating Modes


Adding an Out-of-Band Virtual Gateway Cisco NAS to an HA Cisco NAC Appliance Deployment

Note For the purposes of learning continuity, this lesson activity can be completed after the lab activity Configuring an HA In-Band VPN Cisco NAC Appliance Solution.

Lesson 5: Managing Switches This lesson defines how to configure the Cisco NAM to manage switches for out-of-band deployment scenarios. Upon completing this lesson, the learner will be able to meet these objectives:

Describe how to implement switch management for Cisco NAC Appliance out-of-band deployment

Describe how to set up switches so that they can be used with Cisco NAC Appliance out-of-band deployment

Describe how to configure group profiles on the Cisco NAM for out-of-band deployment

Describe how to configure switch profiles on the Cisco NAM for out-of-band deployment

Describe how to configure port profiles on the Cisco NAM for out-of-band deployment

Describe how to configure the SNMP receiver on the Cisco NAM for out-of-band deployment

Describe how to add switches to the Cisco NAM managed domain for out-of-band deployment

Describe how to configure switch ports to use the Cisco NAM port profiles for out-of-band deployment

Describe how to manage the switch configuration settings for out-of-band deployment


Implementing Switch Management

Configuring the Network for Out-of-Band Deployment

Configuring Group Profiles

Configuring Switch Profiles

Configuring Port Profiles

Configuring the SNMP Receiver

Adding Switches to the Managed Domain

Configuring Switch Ports to Use Port Profiles


Managing Switch Configuration Settings


Configuring SNMP, Switch, and Port Profiles for an Out-of-Band Cisco NAC Appliance Deployment

Note For the purposes of learning continuity, this lesson activity can be completed after the activities to configure Cisco NAM and Cisco NAS high availability.

Module 4: Cisco NAC Appliance Implementation Options Implement a highly available Cisco NAC Appliance solution to mitigate network threats and facilitate network access for those users that meet corporate security requirements.

Lesson 1: Implementing Cisco NAC Appliance on a Network This lesson defines how to explain which Cisco NAC Appliance features to implement in order to protect a network. Upon completing this lesson, the learner will be able to meet these objectives:

Describe how to implement Cisco NAC Appliance to protect a network

Describe how to use the Device Management menu options to configure the general setup options

Explain how user pages are configured in Cisco NAC Appliance

Describe how to use the Cisco NAM to manage certified devices in the network


Implementing Cisco NAC Appliance

Introducing the General Setup Tab

Introducing User Pages

Managing Certified Devices

Lesson 2: Implementing Network Scanning This lesson defines how to configure the Cisco NAC Appliance network scanner to use Nessus plug-ins to check for security vulnerabilities. Upon completing this lesson, the learner will be able to meet these objectives:

Describe the steps that are needed to configure the Cisco NAC Appliance network scanner to use Nessus plug-ins

Describe how to configure the quarantine role

Describe how to implement Nessus plug-ins into the Cisco NAM repository

Describe how to test a network scanning configuration

Describe how to customize the User Agreement page

Describe how to view scan reports



Introducing Network Scanning

Configuring the Quarantine Role

Implementing Nessus Plug-Ins

Testing a Scanning Configuration

Customizing the User Agreement Page

Viewing Scan Reports

Lesson 3: Configuring the Cisco NAM to Implement the Cisco NAA on User Devices This lesson defines how to configure the Cisco NAM to implement Cisco NAA on client machines in a network. Upon completing this lesson, the learner will be able to meet these objectives:

Describe the steps that are used to configure the Cisco NAM to implement the Cisco NAA on client machines

Describe how to retrieve updates from the Cisco NAC Appliance update server

Describe how to ensure that the Cisco NAA is installed on user devices

Describe how to configure the Cisco NAA temporary role on the Cisco NAM

Explain Cisco NAA system requirements

Describe how to create a check

Describe how to create an antivirus rule and a normal rule

Describe how to create an antivirus requirement and a custom requirement

Describe how to map requirements to rules and roles


Configuring the Cisco NAM to Implement the Cisco NAA

Retrieving Updates

Requiring the Use of the Cisco NAA

Configuring the Cisco NAA Temporary Role

Introducing Cisco NAA Checks, Rules, and Requirements

Creating a Check

Creating Rules

Creating Requirements

Mapping Requirements to Rules and Roles


Configuring the Cisco NAA


Lesson 4: Configuring Cisco NAM High Availability This lesson defines how to configure a high-availability pair of Cisco NAMs. Upon completing this lesson, the learner will be able to meet these objectives:

Describe how to configure high availability between two Cisco NAMs

Describe how to establish a serial connection between two Cisco NAMs

Describe how to configure a primary Cisco NAM for high availability

Describe how to configure a secondary Cisco NAM for high availability


Introducing High Availability for Cisco NAMs

Establishing a Serial Connection Between Cisco NAMs

Configuring the Primary Cisco NAM

Configuring the Secondary Cisco NAM

Lesson 5: Configuring Cisco NAS High Availability This lesson defines how to configure a high-availability pair of Cisco NASs. Upon completing this lesson, the learner will be able to meet these objectives:

Describe how to configure high availability between two Cisco NASs

Describe how to configure the primary Cisco NAS for high availability

Describe how to configure the secondary Cisco NAS for high availability

Describe how to test the Cisco NAS high-availability configuration

Describe how to configure DHCP failover


Introducing High Availability for Cisco NASs

Configuring the Primary Cisco NAS

Configuring the Secondary Cisco NAS

Testing the Cisco NAS High-Availability Configuration

Configure DHCP Failover


Configuring an HA In-Band VPN Cisco NAC Appliance Solution


Module 5: Cisco NAC Appliance Monitoring and Administration Maintain a highly available Cisco NAC Appliance deployment in medium and enterprise network environments.

Lesson 1: Monitoring a Cisco NAC Appliance Deployment This lesson defines how to monitor the operational information of a Cisco NAC Appliance deployment using the Cisco NAM. Upon completing this lesson, the learner will be able to meet these objectives:

Describe how to monitor Cisco NAC Appliance activities

Describe how to use the Online Users page to monitor online users

Describe how to use the web-based administrative console to monitor event logging


Introducing Cisco NAC Appliance Monitoring

Monitoring Online Users

Monitoring Event Logs


Lesson 2: Administering the Cisco NAM This lesson defines how to manage a Cisco NAC Appliance deployment. Upon completing this lesson, the learner will be able to meet these objectives:

Describe the components of the Cisco NAM administration module

Describe how to manage administrator groups

Describe how to manage users with administrator privileges

Describe how to manage user passwords

Describe how to administer the Cisco NAM system time settings

Describe how to configure SSL certificate management using the administrator console of the Cisco NAM

Describe how to manage Cisco NAC Appliance software upgrades and licenses

Describe the steps used to maintain a Cisco NAM configuration


Defining the Cisco NAM Administration Module

Managing Administrator Groups

Managing Administrator Users

Managing User Passwords

Administering the System Time

Managing SSL Certificates

Managing the Cisco NAC Appliance Software

Protecting Your Cisco NAM Configuration

Security Curriculum - Course outlines - The Cisco Learning Network

Documents

Transcript of Security Curriculum - Course outlines - The Cisco Learning Network