Module 1 - 10: Outline
Module : Vulnerabilities, Threats, and Attacks
Module Overview
Introduction to Network Security
The need for network security
Identifying potential risks to network security
Open versus closed security models
Trends driving network security
Information security organizations
Introduction to Vulnerabilities, Threats, and Attacks
Vulnerabilities
Threats
Attacks
Attack Examples
Reconnaissance attacks
Access attacks
Denial of service attacks
Distributed denial of service attacks
Malicious code
Vulnerability Analysis
Policy review
Network analysis
Host analysis
Analysis tools
Module: Summary
Module: Quiz

Module : Security Planning and Policy
Module Overview
Discussing Network Security and Cisco
The security wheel
Network security policy
Endpoint Protection and Management
Host and server based security components and technologies
PC management
Network Protection and Management
Network based security components and technologies
Network security management
Security Architecture
Security architecture (SAFE)
The Cisco Self-Defending Network
Cisco integrated security
Plan, Design, Implement, Operate, Optimize (PDIOO)
Basic Router Security
Control access to network devices
Remote configuration using SSH
Router passwords
Router privileges and accounts
IOS network services
Routing, proxy ARP and ICMP
Routing protocol authentication and update filtering
NTP, SNMP, router name, DNS
Module: Summary
Module: Quiz

Module : Security Devices
Module Overview
Device Options
Appliance-based, server-based, and integrated firewalls
Cisco IOS Firewall feature set
PIX Security Appliance
Adaptive Security Appliance
Finesse Operating System
Firewall Services Module
Using Security Device Manager
SDM overview
SDM software
Using the SDM startup wizard
SDM user interface
SDM wizards
Using SDM to configure a WAN
Using the factory reset wizard
Monitor mode
Introduction to the Cisco Security Appliance Family
PIX Security Appliance models
Adaptive Security Appliance models
Security appliance licensing
Expanding the features of the security appliance
Getting Started with the PIX Security Appliance
User interface
Configuring the PIX Security Appliance
Security levels
Basic PIX Security Appliance configuration commands
Additional PIX Security Appliance configuration commands
Examining the PIX Security Appliance status
Time setting and NTP support
Syslog configuration
PIX Security Appliance Translations and Connections
Transport protocols
Network address translation (NAT)
Port address translation (PAT)
The static command
The identity nat command
Connections and translations
Configuring multiple interfaces
Manage a PIX Security Appliance with Adaptive Security Device Manager
ASDM overview
ASDM operating requirements
Prepare for ASDM
Using ASDM to configure the PIX Security Appliance
PIX Security Appliance Routing Capabilities
Virtual LANs
Static and RIP routing
OSPF
Multicast routing
Firewall Services Module Operation
Firewall Services Module overview
Getting started with the FWSM
Using PDM with the FWSM
Module: Summary
Module: Quiz

Module : Trust and Identity Technology
Module Overview
AAA
TACACS+
RADIUS
Comparing TACACS+ and RADIUS
Authentication Technologies
Static passwords
One-time passwords and token cards
Digital certificates
Biometrics
Identity Based Networking Services (IBNS)
Introduction to IBNS
802.1x
Wired and wireless implementations
Network Admission Control (NAC)
NAC components
NAC phases
NAC operation
NAC vendor participation
Module: Summary
Module: Quiz

Module : Cisco Secure Access Control Server
Module Overview
Cisco Secure Access Control Server for Windows
Cisco Secure Access Control Server product overview
Authentication and user databases
The Cisco Secure ACS user database
Keeping databases current
Cisco Secure ACS for Windows architecture
How Cisco Secure ACS authenticates users
User changeable passwords
Configuring RADIUS and TACACS+ with CSACS
Installation steps
Administering Cisco Secure ACS for Windows
Troubleshooting
Enabling TACACS+
Verifying TACACS+
Configuring RADIUS
Module: Summary
Module: Quiz

Module : Configure Trust and Identity at Layer 3
Module Overview
Cisco IOS Firewall Authentication Proxy
Cisco IOS Firewall authentication proxy
AAA server configuration
AAA configuration
Allow AAA traffic to the router
Authentication proxy configuration
Test and verify authentication proxy
Introduction to PIX Security Appliance AAA Features
PIX Security Appliance authentication
PIX Security Appliance authorization
PIX Security Appliance accounting
AAA server support
Configure AAA on the PIX Security Appliance
PIX Security Appliance access authentication
Interactive user authentication
The local user database
Authentication prompts and timeout
Cut-through proxy authentication
Authentication of Non-Telnet, FTP, or HTTP traffic
Authorization configuration
Downloadable ACLs
Accounting configuration
Troubleshooting the AAA configuration
Module: Summary
Module: Quiz

Module : Configure Trust and Identity at Layer 2
Module Overview
Identity-Based Networking Services (IBNS)
IBNS overview
IEEE 802.1x
802.1x components
802.1x applications with Cisco IOS Software
How 802.1x works
Selecting the correct EAP
IBNS and Cisco Secure ACS
ACS deployment considerations
Cisco Secure ACS RADIUS profile configuration
Configuring 802.1x Port-Based Authentication
802.1x port-based authentication configuration tasks
Enabling 802.1x authentication
Configuring the switch-to-RADIUS-server communication
Enabling periodic re-authentication
Manually re-authenticating a client connected to a port
Enabling multiple hosts
Resetting the 802.1x configuration to the default values
Displaying 802.1x statistics and status
Module: Summary
Module: Quiz

Module : Configure Filtering on a Router
Module Overview
Filtering Technologies
Packet filtering
Stateful filtering
URL filtering
Cisco IOS Firewall Context-Based Access Control
Context-based Access Control (CBAC)
Cisco IOS ACLs
How CBAC works
CBAC supported protocols
Configure Cisco IOS Firewall Context-Based Access Control
CBAC configuration tasks
Prepare for CBAC
Set audit trails and alerts
Set global timeouts
Set global thresholds
Half-open connection limits by host
System-defined port-to-application mapping
User-defined port-to-application mapping
Define inspection rules for applications
Define inspection rules for IP fragmentation
Define inspection rules for ICMP
Apply inspection rules and ACLs to interfaces
Test and verify CBAC
Configure an IOS firewall using SDM
Module: Summary
Module: Quiz

Module : Configure Filtering on a PIX Security Appliance
Module Overview
Configure ACLs and Content Filters
PIX Security Appliance ACLs
Configuring ACLs
ACL line numbers
The icmp command
nat 0 ACLs
Turbo ACLs
Using ACLs
Malicious code filtering
URL filtering
Object Grouping
Overview of object grouping
Getting started with object groups
Configure object groups
Nested object groups
Manage object groups
Configure a Security Appliance Modular Policy
Modular policy overview
Configure a class map
Configure a policy map
Configure a service policy
Configure Advanced Protocol Inspection
Introduction to advanced protocol inspection
Default traffic inspection and port numbers
FTP inspection
FTP deep packet inspection
HTTP inspection
Protocol application inspection
Multimedia support
Real-Time Streaming Protocol (RTSP)
Protocols required to support IP telephony
DNS inspection
Module: Summary
Module: Quiz

Module : Configure Filtering on a Switch
Module Overview
Introduction to Layer 2 Attacks
Types of attacks
MAC Address, ARP, and DHCP Vulnerabilities
CAM table overflow attack
Mitigating the CAM table overflow attack
MAC spoofing – man in the middle attacks
Mitigating MAC spoofing attacks
Using dynamic ARP inspection to mitigate MAC spoofing attacks
DHCP starvation attacks
Mitigating DHCP starvation attacks
VLAN Vulnerabilities
VLAN hopping attacks
Mitigating VLAN hopping attacks
Private VLAN vulnerabilities
Defending private VLANs
Spanning-Tree Protocol Vulnerabilities
Spanning-Tree Protocol vulnerabilities
Preventing Spanning-Tree Protocol manipulation
Module: Summary
Module: Quiz



Close Window
All contents copyright ©2001-2005 Cisco Systems, Inc. All rights reserved.