CCNA SECURITY EVENINGSEMINAR

* Situation: Global IT Talent Gap Challenge

Evo

lutio

n of

the

Net

wor

k

Voice Transport

Telecommuting / VPN

Wireless

Web 2.0 Apps

Unified Communications

IP Video, TelePresence

Enhanced Security

Switching

Routing

Storage

Role of the Network Grows

KnowledgeGap

Converged Solutions 50% of Security is

secure routers. 35% of Voice is

router-embedded. Wireless is 15% and growing annually.

3.12 M Gap by 2012

In all markets, especially emerging markets, training and certification for specialized skills are in demand

• 80% of surveyed companies worldwide expect dedicated security role with 5 years (currently 46%)

• 69% expect dedicated voice role (40%)

• 66% expect dedicated wireless job role (36%)

*Forrester Consulting Findings…

Cisco Learning Partner COURSE: Implementing Cisco Unified Wireless Networking Essentials (IUWNE)

EXAM: IUWNE 640-721

CCNA WirelessCisco Learning Partner COURSE: Implementing Cisco IOS Network Security (IINS)

EXAM: IINS 640-453

CCNA Security

CCNA Concentrations: One Pre-Requisite Three Pathways to Success…

Cisco Learning Partner COURSE: Implementing Cisco IOS Unified Communications (IIUC)

EXAM: IIUC 640-460

CCNA Voice

Requirements: Hold active CCNA Certification (640-802 CCNA comp exam or 640-822 ICND1 and 640-816 ICND2 exams) and pass the corresponding CCNA

Concentration exams

*CCNA Security * Verifies an individual’s skills in the following

roles: *Network Security Specialists*Security Administrators *Network Security Support Engineers

* Enables installation, troubleshooting and monitoring of Cisco Security devices/technologies.

* Ability to administer security policies and identify risks in networks

* Serves as prerequisite for CCSP Certification* Employers hiring individuals can feel

confident their staff has the skills needed to install, troubleshoot and monitor Cisco security technologies.

*CCNA Security Overview

* In-depth network security education * Comprehensive understanding of network security concepts* Hands-on knowledge and skills, emphasizing practical experience* For entry-level job roles in network security* Installation, troubleshooting and monitoring of network devices to

maintain integrity, confidentiality and availability of data and devices* Prepares students for CCNA Security certification (IINS 640-553 exam)

*Benefits for Students

CCNA Security helps students:* Gain an introduction to core security technologies * Learn how to develop security policies and mitigate risks* Acquire the skills needed to develop a security infrastructure* Recognize vulnerabilities to networks*Mitigate potential security threats* Prepare for the CCNA Security certification exam* Start or build a career in networking security* Differentiate themselves in the market with specialized skills and

expertise to achieve success

*Security Certifications

SND

Cisco Certified Security Professional (CCSP) Certification

(as originally designed)

CCNACertification

(SND is Moved to CCNA Security)

SNRS

SNPA

IPS

Elective Exam

SNAF

IPS

SNRS

CCSP Certification(Revised in 2009)

Professional-level Associate-level

Elective Exam

IINS exam(640-553)

CCNA Security Course

CCNA certification is a pre-requisite for CCNA Security certification

CCNA SecurityCertification

*CCNA Security Target Audience

* Career starters seeking career-oriented, entry-level security specialist skills

*Working IT professionals looking to expand their core routing and switching skills to change or enhance their career

* Students in technical degree programs at institutions of higher education (colleges, universities, technical schools)

*What is in the course?

* Describe the security threats facing modern network infrastructures

* Secure Cisco routers

* Implement AAA on Cisco routers using local router database and external ACS

* Mitigate threats to Cisco routers and networks using ACLs * Implement secure network management and reporting

* Mitigate common Layer 2 attacks * Implement the Cisco IOS firewall feature set using SDM * Implement the Cisco IOS IPS feature set using SDM * Implement site-to-site VPNs on Cisco Routers using SDM

* Describe the security threats facing modern network infrastructures

*Describe and list mitigation methods for common network attacks*Describe and list

mitigation methods for Worm, Virus, and Trojan Horse attacks*Describe the Cisco Self

Defending Network architecture

* Secure Cisco routers

*Secure Cisco routers using the SDM Security Audit feature*Use the One-Step Lockdown feature in

SDM to secure a Cisco router*Secure administrative access to Cisco

routers by setting strong encrypted passwords, exec timeout, login failure rate and using IOS login enhancements*Secure administrative access to Cisco

routers by configuring multiple privilege levels*Secure administrative access to Cisco

routers by configuring role based CLI*Secure the Cisco IOS image and

configuration file

No, too simple….

* Implement AAA on Cisco routers using local router database and

external ACS

*Explain the functions and importance of AAA

*Describe the features of TACACS+ and RADIUS AAA protocols

*Configure AAA authentication

*Configure AAA authorization

*Configure AAA accounting

* Mitigate threats to Cisco routers and networks using ACLs

*Explain the functionality of standard, extended, and named IP ACLs used by routers to filter packets*Configure and verify IP ACLs

to mitigate given threats (filter IP traffic destined for Telnet, SNMP, and DDoS attacks) in a network using CLI*Configure IP ACLs to prevent

IP address spoofing using CLI*Discuss the caveats to be

considered when building ACLs

* Implement secure network management and reporting

*Use CLI and SDM to configure SSH on Cisco routers to enable secured management access

*Use CLI and SDM to configure Cisco routers to send Syslog messages to a Syslog server

*Mitigate common Layer 2 attacks

*Describe how to prevent layer 2 attacks by configuring basic Catalyst switch security features

* Implement the Cisco IOS firewall feature set using SDM

*Describe the operational strengths and weaknesses of the different firewall technologies*Explain stateful firewall

operations and the function of the state table*Implement Zone Based

Firewall using SDM

* Implement the Cisco IOS IPS feature set using SDM

*Define network based vs. host based intrusion detection and prevention

*Explain IPS technologies, attack responses, and monitoring options

*Enable and verify Cisco IOS IPS operations using SDM

* Implement site-to-site VPNs on Cisco Routers using SDM

*Explain the different methods used in cryptography*Explain IKE protocol

functionality and phases*Describe the building

blocks of IPSec and the security functions it provides*Configure and verify an

IPSec site-to-site VPN with pre-shared key authentication using SDM