Module 1 - 10: Labs

: Vulnerabilities, Threats, and Attacks

Lab Exercise: Student Lab Orientation

In this lab students will review the lab bundle equipment. Students will also gain an understanding of the "pod" topology, naming scheme, and addressing scheme. Students will learn to load the IOS firewall image and the default lab configurations. Students will also cable the standard lab topology and test for connectivity.

Resource: Network Security Graphic Icons

Lab Exercise: Vulnerabilities and Exploits

In this lab, students will examine the use of common network mapping tools, hacking programs, and scripts, both on a LAN and across a WAN. Where vulnerabilities are discovered, students will propose a fix or solution to the problem.

Resource: Example of Output Interpreter Results

: Security Planning and Policy

Lab Exercise: Designing a Security Plan

In this lab, students will analyze, offer recommendations, and help improve the security infrastructure of a fictitious business. Students will be asked to analyze business application requirements, security risks, and network assets. Students will also examine security requirements and tradeoffs.

Resource: SAFE Poster

Lab Exercise: Configure SSH

In this lab, students will configure a router as a Secure Shell (SSH) Version 1 server. Students will install and configure an SSH client on a student PC. Students will then use show and debug commands to troubleshoot SSH. Finally, the students will strengthen SSH by configuring SSH Version 2.

Lab Exercise: Controlling TCP/IP Services

In this lab, students will begin the process of implementing a secure perimeter router. Students will explicitly deny common TCP/IP services, and then verify that these services have been disabled.

Lab Exercise: Configure Routing Authentication and Filtering

In this lab, students will configure routing protocol authentication. Students will then configure route filters to control route updates from peer routers.

: Security Devices

Lab Exercise: Configure Basic Security using Security Device Manager (SDM)

In this lab, students will configure basic router security using SDM. Students will learn to copy the SDM files to the router Flash memory, and configure the router to support SDM. Students will then use SDM to configure a basic firewall, reset a router interface, configure PAT, create a banner, and configure secure management access. Finally, students will learn to use SDM to perform a security audit and automatic lockdown.

e-Lab Activity: Basic PIX Security Appliance Commands

In this activity students will practice some of the basic commands that are used to configure the PIX Security Appliance. These commands name the PIX interfaces, assign the security level of the interfaces, assign an IP address to the interfaces, set the duplex and speed settings for interfaces, and enable operation of the interfaces.

Lab Exercise: Configuring the PIX Security Appliance using Setup Mode and ADSM Startup Wizard

In this lab activity, students will verify that the PIX Security Appliance and Student PC are properly cabled and set up. Students will learn to erase the current configuration of the PIX. Students will then configure basic settings using both the Interactive Setup mode and the ADSM Startup Wizard.

Lab Exercise: Configure the PIX Security Appliance using CLI

In this lab exercise, students will learn to execute general PIX Security Appliance commands. Students will also configure the PIX Security Appliance inside and outside interfaces. Finally, students will test and verify basic PIX Security Appliance operation.

e-Lab Activity: PIX Security Appliance show Commands

In this activity, the student will demonstrate how to use the show commands to learn about the configuration of the PIX Security Appliance.

e-Lab Activity: Configure Internet Access on a PIX Security Appliance

The administrator wants to set up basic Internet connectivity for the internal network. The administrator does not want internal addresses exposed. However, the administrator wants to grant access to the internal Web server from outside hosts. In this activity, the student will create a default route to the perimeter router.

e-Lab Activity: PIX Security Appliance PAT Configuration

In this activity, the student will configure PAT to allow all internal hosts to share one IP address.

e-Lab Activity: PIX Security Appliance NAT 0 Configuration

In this activity, the student will demonstrate how to use the nat 0 command.

e-Lab Activity: Configure a PIX Security Appliance with Three Interfaces

In this activity, the student will practice configuring three interfaces on the PIX Security Appliance.

e-Lab Activity: Configure a PIX Security Appliance with Four Interfaces

In this activity, the student will practice configuring three interfaces on the PIX Security Appliance.

Lab Exercise: Configuring the PIX Security Appliance with ASDM

In this lab, students will learn to configure basic settings using ASDM. Students will configure outbound access with NAT. Students will test connectivity through the PIX Security Appliance. Students will also configure banners, as well as Telnet and SSH for Remote access.

: Trust and Identity Technology

There are no labs for this module.

: Cisco Secure Access Control Server

Lab Exercise: Install and Configure CSACS 3.3 for Windows

In this lab, students will install Cisco Secure Access Control Server (CSACS) for Windows 2000. Students will then examine the features of CSACS for Windows.

Resource: Installing Cisco Secure ACS 3.0 and greater for Windows 2000

Resource: How to Add Users to CSACS

: Configure Trust and Identity at Layer 3

Lab Exercise: Configure Local AAA on Cisco Router

In this lab, students will secure and test access to the EXEC mode, VTY lines, and the console. Students will configure local database authentication using AAA. Students will then verify and test the AAA configuration.

Lab Exercise: Configure Authentication Proxy

In this lab, students will first configure CSACS for Windows 2000. Students will also configure authentication, authorization, and accounting (AAA). Students will then configure an authentication proxy. Finally, students will test and verify the functionality of the authentication proxy.

e-Lab Activity: Configure AAA

In this activity, students will configure AAA on the Cisco router.

e-Lab Activity: Configure Authentication

In this activity, students will configure authentication proxy on a Cisco router.

e-Lab Activity: Configure Authentication Proxy on Cisco Router

In this activity, students will configure AAA, configure authentication proxy, test and verify authentication proxy.

e-Lab Activity: Test and Verify AAA

In this activity, students will test and verify authentication proxy.

e-Lab Activity: Configure PIX Security Appliance Authentication

In this activity, the student will practice how to authenticate users.

e-Lab Activity: Authentication of Non-Telnet, FTP, or HTTP Traffic with the PIX Security Appliance

In this activity, the student will configure virtual Telnet, virtual HTTP, console authentication, authentication timeouts and authentication prompts.

e-Lab Activity: PIX Security Appliance AAA Configuration Lab

In this activity, the student will configure the PIX Security Appliance to work with an AAA server running CSACS software.

Resource: How to Authorize Non-Telnet, FTP, or HTTP Traffic on the CSACS

Resource: How to Create Authorization Rules Allowing Services Only to Specific Hosts on the CSACS

Resource: How to Create Authorization Rules Allowing Specific Services on the CSACS

Resource: Configuring Downloadable ACLs on the CSACS

Resource: Assigning the ACL to the User on the CSACS

Lab Exercise: Configure Local AAA on the PIX Security Appliance

In this lab, students will configure a local user account. Students will then configure and test inbound and outbound authentication, telnet and http console access, and Virtual Telnet authentication. Finally, students will change and test authentication timeouts and prompts.

Resource: How to View Accounting Information in CSACS

Lab Exercise: Configure AAA on the PIX Security Appliance Using Cisco Secure ACS for Windows 2000

In this lab, students will configure and test inbound and outbound authentication, console access and Virtual Telnet authentication, as well as authorization and accounting. Students will also learn to change and test authentication timeouts and prompts.

: Configure Trust and Identity at Layer 2

Lab Exercise: Configure EAP on Cisco ACS for Windows

In this lab, students will configure Extensible Authentication Protocol (EAP) with Cisco Secure ACS for Windows.

Lab Exercise: Configure 802.1x Port-Based Authentication

In this lab, students will configure 802.1x port-based authentication on a Catalyst 2950 switch.

: Configure Filtering on a Router

e-Lab Activity: Configure CBAC Audit Trails and Alerts

In this activity, the student will turn on logging, identify the Syslog server, and instruct the router to create an audit trail.

e-Lab Activity: Half-Open Connection Limits

In this activity, students will configure the number of existing half-open sessions that will cause the software to start deleting half-open sessions.

e-Lab Activity: Port-to-Application Mapping

In this activity, students will apply host-specific port mapping.

e-Lab Activity: Define Inspection Rules

In this activity, students will configure a router to allow all general TCP, UDP, and ICMP traffic initiated on the inside from the 10.0.0.0 network.

e-Lab Activity: Inspection Rules and ACLs Applied to Router Interfaces

In this activity, students will configure the router to allow all general TCP, UDP, and ICMP traffic initiated on the inside from the 10.0.0.0 network.

Lab Exercise: Configure Cisco IOS Firewall CBAC

In this lab, students will understand how CBAC enables a router-based firewall. Students will configure a simple firewall including CBAC using the Security Device Manager (SDM). Students will then learn to configure a simple firewall including CBAC and RFC Filtering using the IOS CLI. Students will also test and verify CBAC operation.

e-Lab Activity: Configure CBAC on a Cisco Router

In this activity, students will configure logging and audit trails, define and apply inspection rules ACL, and test and verify CBAC.

: Configure Filtering on a PIX Security Appliance

Lab Exercise: Configure Access Through the PIX Security Appliance using ASDM

In this lab, students will use ASDM to verify the starting configuration. Students will then configure the PIX Security Appliance to allow inbound traffic to the bastion host using ASDM. Students will also configure the PIX Security Appliance to allow inbound traffic to the inside host using ASDM. Finally, students will test and verify correct PIX Security Appliance operation using ASDM.

Lab Exercise: Configure Access Through the PIX Security Appliance using CLI

In this lab, students will configure the PIX Security Appliance to allow inbound traffic to both the inside host and the bastion host. Students will then test and verify correct PIX Security Appliance operation.

Lab Exercise: Configure Multiple Interfaces using CLI – Challenge Lab

In this lab, the student will complete the objective of configuring three PIX interfaces and configure access through the PIX Security Appliance.

Lab Exercise: Configure ACLs in the PIX Security Appliance using CLI

In this lab activity, students will learn to disable pinging from an interface. Students will then configure inbound and outbound access control lists (ACLs).

e-Lab Activity: Filter Java, ActiveX, and URLs with the PIX Security Appliance

In this activity, the student will block Java applets and ActiveX controls.

e-Lab Activity: URL Filtering with the PIX Security Appliance

This activity will demonstrate how to configure URL Filtering on the PIX Security Appliance.

Lab Exercise: Configure Service Object Groups using ASDM

In this lab, students will configure an inbound access control list (ACL) with object groups. Students will also learn to configure a service object group. Students will then configure web and ICMP access to the inside host. Finally, students will test and verify the inbound ACL.

Lab Exercise: Configure Object Groups and Nested Object Groups using CLI

In this lab, students will learn to configure a service, ICMP-Type, and nested server object group. Students will also learn to configure an inbound access control list (ACL) with object groups. Students will then configure web and ICMP access to the inside host. Finally, students will test and verify the inbound ACL.

Lab Exercise: Configure and Test Advanced Protocol Handling on the Cisco PIX Security Appliance

In this lab, the student will complete the objective of configuring three PIX interfaces and configure access through the PIX Security Appliance.

: Configure Filtering on a Switch

Lab Exercise: Mitigate Layer 2 Attacks

In this Lab activity, students will configure network switches and routers to mitigate Layer 2 attacks. After completing this activity, students will be able to mitigate CAM table overflow attacks, MAC spoofing attacks, and DHCP starvation attacks.




Close Window
All contents copyright ©2001-2005 Cisco Systems, Inc. All rights reserved.