Module 1 - 8: Outline
Module : Intrusion Detection and Prevention Technology
Module Overview
Overview of Intrusion Detection and Prevention
Introduction to intrusion detection and prevention
Network-based versus host-based
Types of alarms
Inspection Engine
Signature-based detection
Types of signatures
Anomaly-based detection
Cisco IDS and IPS Devices
Cisco integrated solutions
Cisco IPS 4200 Series sensors
Module: Summary
Module: Quiz

Module : Configure Network Intrusion Detection and Prevention
Module Overview
Cisco IOS Intrusion Prevention System
Cisco IOS Intrusion Prevention System (IPS)
Cisco IOS IPS signatures
Cisco IOS IPS configuration tasks
Install the Cisco IOS IPS
Configure logging using Syslog or SDEE
Verify the IPS configuration
Configure Attack Guards on the PIX Security Appliance
Mail Guard
DNS Guard
FragGuard and Virtual Reassembly
AAA Flood Guard
SYN Flood Guard
Connection limits
Configure Intrusion Prevention on the PIX Security Appliance
Intrusion detection and the PIX Security Appliance
Configure intrusion detection
Configure IDS policies
Configure Shunning on the PIX Security Appliance
Overview of shunning
Example of shunning an attacker
Module: Summary
Module: Quiz

Module : Encryption and VPN Technology
Module Overview
Encryption Basics
Symmetrical encryption
Asymmetrical encryption
Diffie-Hellman
Integrity Basics
Hashing
Hashed Method Authentication Code (HMAC)
Digital signatures and certificates
Implementing Digital Certificates
Certificate authority support
Simple Certificate Enrollment Protocol (SCEP)
Microsoft CA server
Enroll a device with a CA
VPN Topologies
Site-to-site VPNs
Remote access VPNs
VPN Technologies
VPN technology options
WebVPN
Tunneling protocols
Tunnel interfaces
IPSec
Overview
Authentication Header (AH)
Encapsulating Security Payload (ESP)
Tunnel and transport modes
Security associations
Five steps of IPSec
Internet Key Exchange (IKE)
IKE and IPSec
Cisco VPN solutions
Module: Summary
Module: Quiz

Module : Configure Site-to-Site VPN Using Pre-shared Keys
Module Overview
Prepare a Router for Site-to-Site VPN using Pre-shared Keys
IPSec encryption with pre-shared keys
Planning the IKE and IPSec policy
Step 1 – Determine ISAKMP (IKE Phase 1) policy
Step 2 – Determine IPSec (IKE Phase 2) policy
Step 3 – Check the current configuration
Step 4 – Ensure the network works without encryption
Step 5 – Ensure ACLs are compatible with IPSec
Configure a Router for IKE Using Pre-shared Keys
Step 1 – Enable or disable IKE
Step 2 – Create IKE policies
Step 3 – Configure pre-shared keys
Step 4 – Verify the IKE configuration
Configure a Router with IPSec Using Pre-shared Keys
Steps to configure IPSec
Step 1 – Configure transform set suites
Step 2 – Configure global IPSec SA lifetimes
Step 3 – Create crypto ACLs
Step 4 – Create crypto maps
Step 5 – Apply crypto maps to interfaces
Test and Verify the IPSec Configuration of the Router
Test and verify IPSec
Display the configured ISAKMP policies
Display the configured transform sets
Display the current state of IPSec SAs
Display the configured crypto maps
Enable debug output for IPSec events
Enable debug output for ISAKMP events
Configure a VPN using SDM
Configure a PIX Security Appliance Site-to-Site VPN using Pre-shared Keys
IPSec configuration tasks
Task 1 – Prepare to configure VPN support
Task 2 – Configure IKE parameters
Task 3 – Configure IPSec parameters
Task 4 – Test and verify the IPSec configuration
Module: Summary
Module: Quiz

Module : Configure Site-to-Site VPNs Using Digital Certificates
Module Overview
Configure CA Support on a Cisco Router
Steps to configure CA support
Step 1 – manage the non-volatile RAM (NVRAM)
Step 2 – set the router time and date
Step 3 – add a CA server entry to the router host table
Step 4 – generate an RSA key pair
Step 5 – declare a CA
Step 6 – authenticate the CA
Step 7 – request a certificate for the router
Step 8 – save the configuration
Step 9 – monitor and maintain CA interoperability
Step 10 – verify the CA support configuration
Configure an IOS Router Site-to-Site VPN Using Digital Certificates
Configuration tasks
Task 1 – prepare for IKE and IPSec
Task 2 – configure CA support
Task 3 – configure IKE
Task 4 – configure IPSec
Task 5 – test and verify IPSec
Configure a PIX Security Appliance Site-to-Site VPN Using Digital Certificates
Scaling PIX Security Appliance VPNs
Enroll the PIX Security Appliance with a CA
Module: Summary
Module: Quiz

Module : Configure Remote Access VPN
Module Overview
Introduction to Cisco Easy VPN
Introduction to Cisco Easy VPN
Overview of the Easy VPN Server
Overview of the Cisco Easy VPN Remote
How Cisco Easy VPN works
Easy VPN Remote client connection in detail
Configure the Easy VPN Server
Cisco Easy VPN Server configuration tasks
Task 1 – create an IP address pool
Task 2 – configure group policy lookup
Task 3 – create ISAKMP policy for remote VPN access
Task 4 – define a group policy for a mode configuration push
Task 5 – create a transform set
Task 6 – create a dynamic crypto map with RRI
Task 7 – apply mode configuration to the dynamic crypto map
Task 8 – apply a dynamic crypto map to the router interface
Task 9 – enable IKE dead peer detection
Task 10 – (optional) Configure XAUTH
Task 11 – (optional) Enable XAUTH save password feature
Configure Easy VPN Remote for the Cisco VPN Client 4.x
Cisco Easy VPN Client 4.x configuration tasks
Task 1 – install the Cisco VPN Client 4.x on the remote PC
Task 2 – create a new client connection entry
Task 3 – choose an authentication method
Task 4 – configure transparent tunneling
Task 5 – enable and add backup servers
Task 6 – configure connection to the Internet through dial-up networking
Configure Cisco Easy VPN Remote for Access Routers
Easy VPN Remote modes of operation
Configuration tasks for Cisco Easy VPN Remote for access routers
Task 1 – configure the DHCP server pool
Task 2 – configure and assign the Cisco Easy VPN Client profile
Task 3 – (optional) configure XAUTH save password feature
Task 4 – (optional) initiate the VPN tunnel (XAUTH)
Task 5 – verify the Cisco Easy VPN configuration
Configure the PIX Security Appliance as an Easy VPN Server
Easy VPN Server general configuration tasks
Task 1 – create ISAKMP policy for remote VPN Client access
Task 2 – create an IP address pool
Task 3 – define a group policy for mode configuration push
Task 4 – create a transform set
Tasks 5 through 7 – dynamic crypto map
Task 8 – configure XAUTH
Task 9 – configure NAT and NAT 0
Task 10 – enable IKE dead peer detection
Configure a PIX 501 or 506E as an Easy VPN Client
PIX Security Appliance Easy VPN Remote feature overview
Easy VPN Remote configuration
Easy VPN Client device mode and enabling Easy VPN Remote clients
Easy VPN Remote authentication
Configure the Adaptive Security Appliance to Support WebVPN
WebVPN end-user interface
Configure WebVPN general parameters
Configure WebVPN servers and URLs
Configure WebVPN port forwarding
Configure WebVPN e-mail proxy
Configure WebVPN content filters and ACLs
Module: Summary
Module: Quiz

Module : Secure Network Architecture and Management
Module Overview
Layer 2 Security Best Practices
Factors affecting layer 2 mitigation techniques
Single security zone, one user group, single physical switch
Single security zone, one user group, multiple physical switches
Single security zone, multiple user groups, single physical switch
Single security zone, multiple user groups, multiple physical switches
Multiple security zones, one user group, single physical switch
Multiple security zones, one user group, multiple physical switches
Multiple security zones, multiple user groups, single physical switch
Multiple security zones, multiple user groups, multiple physical switches
Layer 2 security best practices
SDM Security Audit
Using SDM to perform security audits
Using SDM monitor mode
Router Management Center (MC)
Introduction to the Router MC
Key concepts in the Router MC
Supported tunneling technologies
Router MC installation
Installation process
Getting started with the Router MC
Router MC interface
Installation process
Basic work flow and tasks
Simple Network Management Protocol (SNMP)
SNMP introduction
SNMP security
SNMP Version 3 (SNMPv3)
SNMP management applications
Configure SNMP support on an IOS router
Configure SNMP support on a PIX Security Appliance
Module: Summary
Module: Quiz

Module : PIX Security Appliance Contexts, Failover, and Management
Module Overview
Configure a PIX Security Appliance to Perform in Multiple Context Mode
Security context overview
Enable multiple context mode
Configure a security context
Manage security contexts
Configure PIX Security Appliance Failover
Understanding failover
Failover requirements
Serial cable-based failover configuration
Active/standby LAN-based failover configuration
Active/active failover
Configure Transparent Firewall Mode
Transparent firewall mode overview
Enable transparent firewall mode
Monitor and maintain a transparent firewall
PIX Security Appliance Management
Managing Telnet access
Managing SSH access
Command authorization
PIX Security Appliance password recovery
Adaptive Security Appliance password recovery
File management
Image upgrade and activation keys
Module: Summary
Module: Quiz



Close Window
All contents copyright ©2001-2005 Cisco Systems, Inc. All rights reserved.