Site Powered by nite.org

IOS Security Specialist
Build skills equivalent to the SECURE - Securing Networks with Cisco Routers and Switches program
  • Credit Hours: 5 Days

  • Format: Virtual Classroom - Instructor-led, Online

  • Professional Certificate: Cisco IOS Security Specialist

  • Recommended for: Internetwork professionals who want to ensure security of their network using IOS devices Anyone seeking to learn the latest features in IOS 15.0 code to evaluate for their production environments

The IOS Security Specialist program prepares students for employment in the Informational Technology industry. The theory based lectures and labs provide a comprehensive look at skills required to configure, maintain, and operate the firewall features if the Cisco ASA 5500 Series Adaptive Security Appliances. The theory based lectures and labs provide a comprehensive look at skills required to configure, maintain, and operate the firewall features if the Cisco ASA 5500 Series Adaptive Security Appliances. Upon completion of these courses, the student will possess the skills and knowledge necessary to obtain employment and will be employable by various companies within the industry, as well as the opportunity for career advancement.

This course prepares students for employment as a Network Security Specialist. According to the Bureau of Labor Statistics, employment change between 2010 and 2020 will grow by 37% greater than the annual average.

What You'll Learn

  • Advanced IOS security technologies for locking down routers and switches: 802.1X, COPP/COPr, and user-based authentication
  • Various VPN technologies and their use in production environments: DMVPN, GRE, GRE w/ IPSEC, IPSEC, GET, Ez-VPN, and SSL
  • IOS IPS exploration with IME and Cisco configuration professional
  • Launch live attacks against the network using BackTrack4 and learn mitigation techniques
  • Use Cisco IME software to monitor alerts from the IOS IPS process
  • Use the new Cisco Configuration Professional tool to configure IPS
  • Advanced IPS topics: event action overrides, event action filters, signature tuning, and custom signature creation

Who Needs to Attend

  • Internetwork professionals who want to ensure security of their network using IOS devices
  • Anyone seeking to learn the latest features in IOS 15.0 code to evaluate for their production environments
  • Internetwork professionals who seek CCNP Security certification

Course Outline

1. Network Foundation Controls

  • Control, Data, and Management Planes

2. Advanced Switched Data Plane Security Controls

  • Common Layer 2 Attacks
  • PVLANs
  • DHCP Attacks
  • ARP Poisoning
  • IP Source Guard

3. Cisco Identity-Based Network Services

  • 802.1 Overview
  • ACS Integration with 802.1X
  • Cisco Secure Services Client
  • EAP Overview

4. Basic 802.1X Features

  • 802.1X Switch Configuration
  • ACS and EAP-FAST Configuration
  • CSSC as an 802.1X Supplicant

5. Advanced Routed Data Plane Security Controls

  • Unicast Reverse Path Forwarding
  • Flexible Packet Matching Configuration
  • Flexible Netflow

6. Advanced Control Plane Security Controls

  • Deploy Infrastructure ACLs
  • Control Plane Policing
  • Control Plane Protection
  • Routing Protocol Authentication
  • Routing Protocol Filtering

7. Advanced Management Plane Security Controls

  • Configure IOS Software Management Access Controls
  • Configure Role-Based Access Controls
  • Configure SNMP in IOS
  • Digitally Signed IOS Images
  • CPU and Memory Thresholding

8. Cisco IOS Software Network Address Translation

  • IOS Static NAT and PAT Configurations
  • IOS Dynamic NAT and PAT Configurations

9. Basic Zone-Based Policy Firewalls

  • Zone-Based Policy Firewalls Zone Pairs
  • Configure Layer 3/4 Inter-Zone Access Policies
  • Configure Layer 3/4 Intra-Zone Access Policies
  • ZBPFW Inspection of Control Plane and Management Plane Traffic
  • Tune ZBPFW Stateful Engine and Connection Settings
  • Configure ZBPFW Transparent Mode and VRF Support

10. Advanced Zone-Based Policy Firewalls

  • Configure Layer 7 Zone-Based Policy Firewalls
  • Configure Zone-Based Policy Firewalls with User Policies
  • Configure Zone-Based Policy Firewall URL Filtering

11. Cisco IOS Software IPS

  • IOS IPS Signature Policies
  • Tune Cisco IOS Software IPS Signature Policies
  • IPS Signature Auto Update
  • Select an IPS Monitoring Solution

12. Site-to-Site VPN Architectures and Technologies

  • Cryptographic Controls

13. VTI-Based Site-to-Site IPsec VPNs

Virtual Tunnel Interfaces

Pre-Shared Keys

Static VTIs

Dynamic VTIs

14. Scalable Authentication in Site-to-Site IPsec VPNs

PKI Overview

Configure the IOS Certificate Server

IOS CA and PKI enrollment

15. DMVPNs

Generic Routing Encapsulation (GRE)

NHRP Client and Server

DMVPN Hub and Spoke Configurations

Verify Dynamic Routing in a DMVPN Environment

16. High Availability in Tunnel-Based IPsec VPNs

IPsec High Availability Features

Routing Protocols for HA

Mitigating Failures in VTI Environments

Mitigating Failures in a DMVPN Environment

17. Group Encrypted Transport (GET) VPN

Configuring Key Servers

Configuring Group Members

High Availability

18. Remote Access VPN Architectures and Technologies

Cryptographic Controls

19. Remote Access Solutions Using SSL VPN

SSL VPN Overview

Configure SSL VPN Parameters

Configure Client Authentication Policies

Full VPN tunnels

AnyConnect Client

Clientless VPN Configuration

20. Remote Access Solutions Using EZVPN

EzVPN with Dynamic VTIs

Cisco IPsec VPN Client

Configure Advanced EzVPN Functionality

Configure PKI for EzVPN

Labs

Lab 0: Exclusive - Introduction to the Remote Lab System

Remote Labs Familiarity

Lab 1: Enhanced - Advanced L2 Security

Port ACLs

VACLs

PVLAN Edge

Proxy Router Attacks

DHCP Snooping

DAI

IP Source Guard

Lab 2: Enhanced - Network Foundation Protection

Routing Protocol Authentication (EIGRP & OSPF)

SNMPv3

Flexible Netflow

uRPF

Management Plane Protection

Data Plane Protection

Lab 3: Enhanced - IOS Zone Based Firewalls

Basic Zone Configuration

Attack Mitigation

URL Filtering

HTTP Deep Packet Inspection

Stateful Inspections

Lab 4: Enhanced - IOS IPS

Loading Signature Definition Files

Basic Configuration

De-Obfuscation

IPS Manager Express

Signature Actions

Lab 5: Enhanced - Site-to-Site VPN using PKI and VTIs

Using VTIs

IOS CA

Enrollments

VPN Configuration

Lab 6: Enhanced - DMVPN

Hub Site Configuration

Spoke Site One Configuration

Spoke Site Two Configuration

Routing Configuration

Test and Verify DMVPN Connectivity

Lab 7: Enhanced - GET VPNs

OSPF Configuration

NAT Configuration

Key Server Configuration

Group Memeber Configuration

Configuring other GMs

Lab 8: Enhanced - EzVPN

EZ-VPN Server Wizard in CCP

Ez-VPN Software Based Client

Ez-VPN Hardware Based Client

Interactive Authentication for Hardware Clients

Network Extension Mode

Additional Hands-On Labs Available as an Appendix to the Lab Guide

Lab A-1: Exclusive - AAA with 802.1X Security

RADIUS Configuration

Restricted VLANs

Guest VLANs

CSSC

Dynamic VLAN Assignment

Lab A-2: Exclusive - SSL Based VPNs

Configure Clientless SSL VPN Access

Configure and Test Port Forwarding

Configure and Test Full Tunnel AnyConnect SSL VPN

Configure and Test Cisco Secure Desktop

Lab A-3: IOS Best Practices

Work with the BOGON List

Securing the IOS with AutoSecure

Investigating an Attack

Beyond What the Auditors Expect

Lab A-4: Site-to-Site VPN Using VTIs and PKI

Configure an IOS PKI Server

Assign an SSL Trustpoint in CCP

Enroll the IOS-FW with the CA Server via CCP

Configure the IOS-FW for VPN via CCP

Enroll the Site1-Rtr with the CA via the CLI

Configure the Site1-Rtr for VPN via the CLI

Test and Verify the VPN

Purchase this Course

$3495.00

Become versed as an IOS Security Specialist in 5 Days