ccna security
TRANSCRIPT
CCNA SECURITY EVENINGSEMINAR
* Situation: Global IT Talent Gap Challenge
Evo
lutio
n of
the
Net
wor
k
Voice Transport
Telecommuting / VPN
Wireless
Web 2.0 Apps
Unified Communications
IP Video, TelePresence
Enhanced Security
Switching
Routing
Storage
Role of the Network Grows
KnowledgeGap
Converged Solutions 50% of Security is
secure routers. 35% of Voice is
router-embedded. Wireless is 15% and growing annually.
3.12 M Gap by 2012
In all markets, especially emerging markets, training and certification for specialized skills are in demand
• 80% of surveyed companies worldwide expect dedicated security role with 5 years (currently 46%)
• 69% expect dedicated voice role (40%)
• 66% expect dedicated wireless job role (36%)
*Forrester Consulting Findings…
Cisco Learning Partner COURSE: Implementing Cisco Unified Wireless Networking Essentials (IUWNE)
EXAM: IUWNE 640-721
CCNA WirelessCisco Learning Partner COURSE: Implementing Cisco IOS Network Security (IINS)
EXAM: IINS 640-453
CCNA Security
CCNA Concentrations: One Pre-Requisite Three Pathways to Success…
Cisco Learning Partner COURSE: Implementing Cisco IOS Unified Communications (IIUC)
EXAM: IIUC 640-460
CCNA Voice
Requirements: Hold active CCNA Certification (640-802 CCNA comp exam or 640-822 ICND1 and 640-816 ICND2 exams) and pass the corresponding CCNA
Concentration exams
*CCNA Security * Verifies an individual’s skills in the following
roles: *Network Security Specialists*Security Administrators *Network Security Support Engineers
* Enables installation, troubleshooting and monitoring of Cisco Security devices/technologies.
* Ability to administer security policies and identify risks in networks
* Serves as prerequisite for CCSP Certification* Employers hiring individuals can feel
confident their staff has the skills needed to install, troubleshoot and monitor Cisco security technologies.
*CCNA Security Overview
* In-depth network security education * Comprehensive understanding of network security concepts* Hands-on knowledge and skills, emphasizing practical experience* For entry-level job roles in network security* Installation, troubleshooting and monitoring of network devices to
maintain integrity, confidentiality and availability of data and devices* Prepares students for CCNA Security certification (IINS 640-553 exam)
*Benefits for Students
CCNA Security helps students:* Gain an introduction to core security technologies * Learn how to develop security policies and mitigate risks* Acquire the skills needed to develop a security infrastructure* Recognize vulnerabilities to networks*Mitigate potential security threats* Prepare for the CCNA Security certification exam* Start or build a career in networking security* Differentiate themselves in the market with specialized skills and
expertise to achieve success
*Security Certifications
SND
Cisco Certified Security Professional (CCSP) Certification
(as originally designed)
CCNACertification
(SND is Moved to CCNA Security)
SNRS
SNPA
IPS
Elective Exam
SNAF
IPS
SNRS
CCSP Certification(Revised in 2009)
Professional-level Associate-level
Elective Exam
IINS exam(640-553)
CCNA Security Course
CCNA certification is a pre-requisite for CCNA Security certification
CCNA SecurityCertification
*CCNA Security Target Audience
* Career starters seeking career-oriented, entry-level security specialist skills
*Working IT professionals looking to expand their core routing and switching skills to change or enhance their career
* Students in technical degree programs at institutions of higher education (colleges, universities, technical schools)
*What is in the course?
* Describe the security threats facing modern network infrastructures
* Secure Cisco routers
* Implement AAA on Cisco routers using local router database and external ACS
* Mitigate threats to Cisco routers and networks using ACLs * Implement secure network management and reporting
* Mitigate common Layer 2 attacks * Implement the Cisco IOS firewall feature set using SDM * Implement the Cisco IOS IPS feature set using SDM * Implement site-to-site VPNs on Cisco Routers using SDM
* Describe the security threats facing modern network infrastructures
*Describe and list mitigation methods for common network attacks*Describe and list
mitigation methods for Worm, Virus, and Trojan Horse attacks*Describe the Cisco Self
Defending Network architecture
* Secure Cisco routers
*Secure Cisco routers using the SDM Security Audit feature*Use the One-Step Lockdown feature in
SDM to secure a Cisco router*Secure administrative access to Cisco
routers by setting strong encrypted passwords, exec timeout, login failure rate and using IOS login enhancements*Secure administrative access to Cisco
routers by configuring multiple privilege levels*Secure administrative access to Cisco
routers by configuring role based CLI*Secure the Cisco IOS image and
configuration file
No, too simple….
* Implement AAA on Cisco routers using local router database and
external ACS
*Explain the functions and importance of AAA
*Describe the features of TACACS+ and RADIUS AAA protocols
*Configure AAA authentication
*Configure AAA authorization
*Configure AAA accounting
* Mitigate threats to Cisco routers and networks using ACLs
*Explain the functionality of standard, extended, and named IP ACLs used by routers to filter packets*Configure and verify IP ACLs
to mitigate given threats (filter IP traffic destined for Telnet, SNMP, and DDoS attacks) in a network using CLI*Configure IP ACLs to prevent
IP address spoofing using CLI*Discuss the caveats to be
considered when building ACLs
* Implement secure network management and reporting
*Use CLI and SDM to configure SSH on Cisco routers to enable secured management access
*Use CLI and SDM to configure Cisco routers to send Syslog messages to a Syslog server
*Mitigate common Layer 2 attacks
*Describe how to prevent layer 2 attacks by configuring basic Catalyst switch security features
* Implement the Cisco IOS firewall feature set using SDM
*Describe the operational strengths and weaknesses of the different firewall technologies*Explain stateful firewall
operations and the function of the state table*Implement Zone Based
Firewall using SDM
* Implement the Cisco IOS IPS feature set using SDM
*Define network based vs. host based intrusion detection and prevention
*Explain IPS technologies, attack responses, and monitoring options
*Enable and verify Cisco IOS IPS operations using SDM
* Implement site-to-site VPNs on Cisco Routers using SDM
*Explain the different methods used in cryptography*Explain IKE protocol
functionality and phases*Describe the building
blocks of IPSec and the security functions it provides*Configure and verify an
IPSec site-to-site VPN with pre-shared key authentication using SDM