 |
 |  |  |
 |
 | Module 1 - 10:
Labs |
|  |
 |
 | : Vulnerabilities, Threats, and Attacks |
|  |
 |
 | : Security Planning and Policy |
 | | |
 |
 |
|
Lab
Exercise: Designing a Security Plan
In this lab, students will analyze, offer recommendations, and help improve
the security infrastructure of a fictitious business. Students will be asked to
analyze business application requirements, security risks, and network assets.
Students will also examine security requirements and tradeoffs.
|
 |
|
Resource: SAFE Poster
|
 |
|
Lab
Exercise: Configure SSH
In this lab, students will configure a router as
a Secure Shell (SSH) Version 1 server. Students will install and configure an
SSH client on a student PC. Students will then use show and debug commands to
troubleshoot SSH. Finally, the students will strengthen SSH by configuring SSH
Version 2.
|
 |
|
Lab
Exercise: Controlling TCP/IP Services
In this lab, students will begin the process of implementing a secure
perimeter router. Students will explicitly deny common TCP/IP services, and
then verify that these services have been disabled.
|
 |
|
Lab
Exercise: Configure Routing Authentication and Filtering
In this lab,
students will configure routing protocol authentication. Students will then
configure route filters to control route updates from peer routers.
|
 | |
| |
|  |
 |
 | : Security Devices |
 | | |
 |
 |
|
Lab
Exercise: Configure Basic Security using Security Device Manager (SDM)
In
this lab, students will configure basic router security using SDM. Students
will learn to copy the SDM files to the router Flash memory, and configure the
router to support SDM. Students will then use SDM to configure a basic
firewall, reset a router interface, configure PAT, create a banner, and
configure secure management access. Finally, students will learn to use SDM to
perform a security audit and automatic lockdown.
|
 |
|
e-Lab
Activity: Basic PIX Security Appliance Commands
In this activity students
will practice some of the basic commands that are used to configure the PIX
Security Appliance. These commands name the PIX interfaces, assign the security
level of the interfaces, assign an IP address to the interfaces, set the duplex
and speed settings for interfaces, and enable operation of the interfaces.
|
 |
|
Lab
Exercise: Configuring the PIX Security Appliance using Setup Mode and ADSM
Startup Wizard
In this lab activity, students will verify that the PIX
Security Appliance and Student PC are properly cabled and set up. Students will
learn to erase the current configuration of the PIX. Students will then
configure basic settings using both the Interactive Setup mode and the ADSM
Startup Wizard.
|
 |
|
Lab
Exercise: Configure the PIX Security Appliance using CLI
In this lab
exercise, students will learn to execute general PIX Security Appliance
commands. Students will also configure the PIX Security Appliance inside and
outside interfaces. Finally, students will test and verify basic PIX Security
Appliance operation.
|
 |
|
e-Lab
Activity: PIX Security Appliance show Commands
In
this activity, the student will demonstrate how to use the
show commands to learn about the configuration of the PIX
Security Appliance.
|
 |
|
e-Lab
Activity: Configure Internet Access on a PIX Security Appliance
The
administrator wants to set up basic Internet connectivity for the internal
network. The administrator does not want internal addresses exposed. However,
the administrator wants to grant access to the internal Web server from outside
hosts. In this activity, the student will create a default route to the
perimeter router.
|
 |
|
e-Lab
Activity: PIX Security Appliance PAT Configuration
In this activity, the
student will configure PAT to allow all internal hosts to share one IP
address.
|
 |
|
e-Lab
Activity: PIX Security Appliance NAT 0 Configuration
In this activity,
the student will demonstrate how to use the nat 0
command.
|
 |
|
e-Lab
Activity: Configure a PIX Security Appliance with Three Interfaces
In this activity, the student will practice configuring three interfaces on
the PIX Security Appliance.
|
 |
|
e-Lab
Activity: Configure a PIX Security Appliance with Four Interfaces
In this activity, the student will practice configuring three interfaces on
the PIX Security Appliance.
|
 |
|
Lab Exercise: Configuring the PIX Security Appliance with ASDM
In this
lab, students will learn to configure basic settings using ASDM. Students will
configure outbound access with NAT. Students will test connectivity through the
PIX Security Appliance. Students will also configure banners, as well as Telnet
and SSH for Remote access.
|
 | |
| |
|  |
 |
 | : Trust and Identity Technology |
 | | |
 |
There are no labs for this module.
| |
|  |
 |
 | : Cisco Secure Access Control Server |
|  |
 |
 | : Configure Trust and Identity at Layer 3 |
 | | |
 |
 |
|
Lab
Exercise: Configure Local AAA on Cisco Router
In this lab, students will
secure and test access to the EXEC mode, VTY lines, and the console. Students
will configure local database authentication using AAA. Students will then
verify and test the AAA configuration.
|
 |
|
Lab
Exercise: Configure Authentication Proxy
In this lab, students will first
configure CSACS for Windows 2000. Students will also configure authentication,
authorization, and accounting (AAA). Students will then configure an
authentication proxy. Finally, students will test and verify the functionality
of the authentication proxy.
|
 |
|
e-Lab
Activity: Configure AAA
In this activity, students will configure AAA on
the Cisco router.
|
 |
|
e-Lab
Activity: Configure Authentication
In this activity, students will configure authentication proxy on a Cisco
router.
|
 |
|
e-Lab
Activity: Configure Authentication Proxy on Cisco Router
In this
activity, students will configure AAA, configure authentication proxy, test and
verify authentication proxy.
|
 |
|
e-Lab
Activity: Test and Verify AAA
In this activity, students will test and verify authentication proxy.
|
 |
|
e-Lab
Activity: Configure PIX Security Appliance Authentication
In this
activity, the student will practice how to authenticate users.
|
 |
|
e-Lab
Activity: Authentication of Non-Telnet, FTP, or HTTP Traffic with the PIX
Security Appliance
In this activity, the student will configure virtual
Telnet, virtual HTTP, console authentication, authentication timeouts and
authentication prompts.
|
 |
|
e-Lab
Activity: PIX Security Appliance AAA Configuration Lab
In this activity,
the student will configure the PIX Security Appliance to work with an AAA
server running CSACS software.
|
 |
|
Resource: How to Authorize Non-Telnet, FTP, or HTTP Traffic on the CSACS
|
 |
|
Resource: How to Create Authorization Rules Allowing Services Only to
Specific Hosts on the CSACS
|
 |
|
Resource: How to Create Authorization Rules Allowing Specific Services on
the CSACS
|
 |
|
Resource: Configuring Downloadable ACLs on the CSACS
|
 |
|
Resource: Assigning the ACL to the User on the CSACS
|
 |
|
Lab
Exercise: Configure Local AAA on the PIX Security Appliance
In this lab,
students will configure a local user account. Students will then configure and
test inbound and outbound authentication, telnet and http console access, and
Virtual Telnet authentication. Finally, students will change and test
authentication timeouts and prompts.
|
 |
|
Resource: How to View Accounting Information in CSACS
|
 |
|
Lab
Exercise: Configure AAA on the PIX Security Appliance Using Cisco Secure ACS
for Windows 2000
In this lab, students will configure and test inbound
and outbound authentication, console access and Virtual Telnet authentication,
as well as authorization and accounting. Students will also learn to change and
test authentication timeouts and prompts.
|
 | |
| |
|  |
 |
 | : Configure Trust and Identity at Layer 2 |
|  |
 |
 | : Configure Filtering on a Router |
 | | |
 |
 |
|
e-Lab
Activity: Configure CBAC Audit Trails and Alerts
In this activity, the
student will turn on logging, identify the Syslog server, and instruct the
router to create an audit trail.
|
 |
|
e-Lab
Activity: Half-Open Connection Limits
In this activity, students will configure the number of existing half-open
sessions that will cause the software to start deleting half-open sessions.
|
 |
|
e-Lab
Activity: Port-to-Application Mapping
In this activity, students will apply host-specific port mapping.
|
 |
|
e-Lab
Activity: Define Inspection Rules
In this activity, students will configure a router to allow all general TCP,
UDP, and ICMP traffic initiated on the inside from the 10.0.0.0 network.
|
 |
|
e-Lab
Activity: Inspection Rules and ACLs Applied to Router Interfaces
In this
activity, students will configure the router to allow all general TCP, UDP, and
ICMP traffic initiated on the inside from the 10.0.0.0 network.
|
 |
|
Lab
Exercise: Configure Cisco IOS Firewall CBAC
In this lab, students will
understand how CBAC enables a router-based firewall. Students will configure a
simple firewall including CBAC using the Security Device Manager (SDM).
Students will then learn to configure a simple firewall including CBAC and RFC
Filtering using the IOS CLI. Students will also test and verify CBAC
operation.
|
 |
|
e-Lab
Activity: Configure CBAC on a Cisco Router
In this activity, students
will configure logging and audit trails, define and apply inspection rules ACL,
and test and verify CBAC.
|
 | |
| |
|  |
 |
 | : Configure Filtering on a PIX Security Appliance |
 | | |
 |
 |
|
Lab
Exercise: Configure Access Through the PIX Security Appliance using ASDM
In this lab, students will use ASDM to verify the starting configuration.
Students will then configure the PIX Security Appliance to allow inbound
traffic to the bastion host using ASDM. Students will also configure the PIX
Security Appliance to allow inbound traffic to the inside host using ASDM.
Finally, students will test and verify correct PIX Security Appliance operation
using ASDM.
|
 |
|
Lab
Exercise: Configure Access Through the PIX Security Appliance using CLI
In this lab, students will configure the PIX Security Appliance to allow
inbound traffic to both the inside host and the bastion host. Students will
then test and verify correct PIX Security Appliance operation.
|
 |
|
Lab
Exercise: Configure Multiple Interfaces using CLI – Challenge Lab
In this
lab, the student will complete the objective of configuring three PIX
interfaces and configure access through the PIX Security Appliance.
|
 |
|
Lab
Exercise: Configure ACLs in the PIX Security Appliance using CLI
In this
lab activity, students will learn to disable pinging from an interface.
Students will then configure inbound and outbound access control lists
(ACLs).
|
 |
|
e-Lab
Activity: Filter Java, ActiveX, and URLs with the PIX Security Appliance
In this activity, the student will block Java applets and ActiveX
controls.
|
 |
|
e-Lab
Activity: URL Filtering with the PIX Security Appliance
This activity
will demonstrate how to configure URL Filtering on the PIX Security
Appliance.
|
 |
|
Lab
Exercise: Configure Service Object Groups using ASDM
In this lab,
students will configure an inbound access control list (ACL) with object
groups. Students will also learn to configure a service object group. Students
will then configure web and ICMP access to the inside host. Finally, students
will test and verify the inbound ACL.
|
 |
|
Lab
Exercise: Configure Object Groups and Nested Object Groups using CLI
In
this lab, students will learn to configure a service, ICMP-Type, and nested
server object group. Students will also learn to configure an inbound access
control list (ACL) with object groups. Students will then configure web and
ICMP access to the inside host. Finally, students will test and verify the
inbound ACL.
|
 |
|
Lab
Exercise: Configure and Test Advanced Protocol Handling on the Cisco PIX
Security Appliance
In this lab, the student will complete the objective
of configuring three PIX interfaces and configure access through the PIX
Security Appliance.
|
 | |
| |
|  |
 |
 | : Configure Filtering on a Switch |
|  |
 |  |  |
|