Cisco Security Curriculum-Course Outlines

CISCO SYSTEMS, INC.
SecurityCurriculum CourseOutline
10/13/2009
Created by Davie Chia (dachia@cisco.com), CCSP program manager
CONTENT: IINS(CCNASecurity)page3 SNRS(CCSPcore)page22 IPS(CCSPcore)page36 SNAF(CCSPcore)page48 SNAA(CCSPelective)page58 MARS(CCSPelective)page71 CANAC(CCSPelective)page81
SecurityCurriculumCourseOutline
2009 Cisco Systems, Inc.
IINSCourseOutline
Overview
Implementing Cisco IOS Network Security (IINS) v1.0 is an instructor-led course presented by Cisco training partners to their end-user customers. This five-day course focuses on the necessity of a comprehensive security policy and how it affects the posture of the network. Learners will be able to perform basic tasks to secure a small branch type office network using Cisco IOS security features available through web-based GUIs (Cisco Router and Security Device Manager [SDM]) and the command-line interface (CLI) on the Cisco routers and switches.
Course Objectives
Upon completing this course, the learner will be able to meet these overall objectives:

Develop a comprehensive network security policy to counter threats against information security Configure routers on the network perimeter with Cisco IOS Software security features Configure firewall features including ACLs and Cisco IOS zone-based firewalls to perform basic security operations on a network Configure site-to-site VPNs using Cisco IOS features Configure IPS on Cisco network routers Configure LAN devices to control access, resist attacks, shield other network devices and systems, and protect the integrity and confidentiality of network traffic
High-Level Course Outline

This subtopic provides an overview of how the course is organized. The course contains these seven components:

Introduction to Network Security Principles Perimeter Security Network Security Using Cisco IOS Firewalls Site-to-Site VPNs Network Security Using Cisco IOS IPS LAN, SAN, Voice, and Endpoint Security Overview
Course Administration Guide
Detailed Course Outline

Module 1: Introduction to Network Security Principles
Upon completing this module, the learner will be able to develop a comprehensive network security policy to counter threats against information security.
Lesson 1: Examining Network Security Fundamentals

This lesson describes the core principles that are part of a secure network. Upon completing this lesson, the learner will be able to meet these objectives:

Describe how sophisticated attack tools and open networks generate an increased need for network security and dynamic security policies Describe the three primary objectives of security Describe the different classifications of data that are used by the private sector and the public sector Describe the three primary types of security controls Describe some of the factors that are involved in responding to a security breach Identify key laws and codes of ethics that are binding to INFOSEC professionals
The lesson includes these topics:

The Need for Network Security Network Security Objectives Data Classification Security Controls Response to a Security Breach Laws and Ethics
Lesson 2: Examining Network Attack Methodologies

This lesson describes various attack methods and how to plan a defense in depth to help protect your network from these attacks. Upon completing this lesson, the learner will be able to meet these objectives:

Describe network adversaries, motivations, and classes of attack Describe how hackers work so that you have a better appreciation of the threats they pose Describe the concept of defense in depth Describe how attackers use IP spoofing to launch various types of attacks Describe several attack methods that attackers use to compromise confidentiality Describe several attack methods that attackers use to compromise integrity Describe several attack methods that attackers use to compromise availability Describe some best practices that can help defend your network against hackers

Adversaries, Motivations, and Classes of Attack How Hackers Think The Principles of Defense in Depth IP Spoofing Attacks Confidentiality Attacks Integrity Attacks Availability Attacks Best Practices to Defeat Network Attacks
The lesson includes this activity: Lab 1-1: Embedding a Secret Message Using Steganography
Lesson 3: Examining Operations Security

This lesson describes the principles behind operations security and how correct practices increase security, including security testing, a secure life cycle, and business continuity planning. Upon completing this lesson, the learner will be able to meet these objectives:

Describe the SDLC and how you use it to design a Secure Network Lifecycle management process Identify key operations security principles Explain various network security testing techniques and tools Explain the principles of disaster recovery and business continuity planning and give examples of how they are practiced

Secure Network Lifecycle Management Principles of Operations Security Network Security Testing Disaster Recovery and Business Continuity Planning
The lesson includes these activities:

Lab 1-2: Scanning a Computer System Using Testing Tools Lab 1-3: Scanning a Network Using Testing Tools
Lesson 4: Understanding and Developing a Comprehensive Network Security Policy

This lesson describes how increasing network security threats demand comprehensive network security policies, and describes the main activities in each phase of a secure network lifecycle. Upon completing this lesson, the learner will be able to meet these objectives:

Describe the essential functions and goals of a security policy and how to use them to create a security policy Identify commonly used policy documents and standards, and explain the differences between these standards and procedures
Course Administration Guide 5
Identify the various roles that are played within an enterprise for the development and maintenance of a security policy Describe the role that risk management plays in the development of a security policy Describe the system-level security principles that should be considered throughout the lifecycle of a secure network Describe how training and other awareness techniques can help to increase the effectiveness of a security policy

Security Policy Overview Policies, Standards, and Procedures Roles and Responsibilities Risk Management Principles of Secure Network Design Security Awareness
Lesson 5: Building Cisco Self-Defending Networks

This lesson describes how to implement the Cisco Self-Defending Network strategy by enhancing the existing network infrastructure with Cisco technologies, products, and solutions. Upon completing this lesson, the learner will be able to meet these objectives:

Describe how changing threats and challenges demand a new approach to network security Describe the components of the Cisco Self-Defending Network strategy Describe the positioning and benefits of the Cisco integrated security portfolio

Changing Threats and Challenges Building a Cisco Self-Defending Network Cisco Integrated Security Portfolio
Module 2: Perimeter Security

Upon completing this module, the learner will be able to configure routers on the network perimeter with Cisco IOS Software security features. Lesson 1: Securing Administrative Access to Cisco Routers This lesson defines how to secure the physical installation of and administrative access to Cisco routers based on different network requirements using the CLI. Upon completing this lesson, the learner will be able to meet these objectives:

Describe the security features of the Cisco IOS Software on Cisco routers Describe the security features of the Cisco Integrated Services Routers Configure passwords and login failure rates using the CLI to secure administrative access to Cisco routers Configure multiple privilege levels using the CLI to secure administrative access to Cisco routers Configure role-based CLI access to create views Configure the Cisco IOS resilient configuration feature using the CLI to secure the Cisco IOS image and configuration file Configure virtual login connection security using the CLI Configure a banner message using the CLI to secure administrative access to Cisco routers

Cisco IOS Security Features Introducing the Cisco Integrated Services Router Family Configuring Secure Administrative Access Setting Multiple Privilege Levels Configuring Role-Based CLI Access Securing the Cisco IOS Image and Configuration Files Configuring Enhanced Support for Virtual Logins Configuring Banner Messages
The lesson includes this activity:
Lab 2-1: Securing Administrative Access to Cisco Routers
Lesson 2: Introducing Cisco SDM This lesson describes the features and wizards of Cisco SDM, and describes how to launch and navigate Cisco SDM. Upon completing this lesson, the learner will be able to meet these objectives:

Describe the key features, concepts, and purpose of Cisco SDM Set up a router to run Cisco SDM and Cisco SDM Express Launch Cisco SDM Express to configure a new router Launch Cisco SDM
Navigate Cisco SDM Describe the common wizards available in Cisco SDM

Cisco SDM Overview Supporting Cisco SDM and Cisco SDM Express Launching Cisco SDM Express Launching Cisco SDM Navigating the Cisco SDM Interface Cisco SDM Wizards
Lesson 3: Configuring AAA on a Cisco Router Using the Local Database This lesson defines how to configure a Cisco router to perform authentication, authorization, and accounting (AAA) authentication with a local database using Cisco SDM. Upon completing this lesson, the learner will be able to meet these objectives:

Describe the functions and importance of AAA Describe the different ways to implement AAA services on Cisco routers Describe the steps to authenticate user access to a Cisco router using a local database Configure AAA using Cisco SDM to support using the local database Troubleshoot AAA on a Cisco router using the debug aaa command

AAA Overview Introduction to AAA for Cisco Routers Using Local Services to Authenticate Router Access Configuring Local Database Authentication Using AAA Troubleshooting AAA on Cisco Routers
Lab 2-2: Configuring AAA on Cisco Routers to Use the Local Database
Lesson 4: Configuring AAA on a Cisco Router to Use Cisco Secure ACS This lesson describes the operation of external AAA sources such as RADIUS and TACACS+ servers and defines how to configure a Cisco router to use Cisco Secure Access Control Server (ACS) to perform AAA. Upon completing this lesson, the learner will be able to meet these objectives:

List the features and benefits of Cisco Secure ACS products and describe their function in a network security solution Describe and compare the TACACS+ and RADIUS protocols Install Cisco Secure ACS for Windows Configure the Cisco Secure ACS server
Configure Cisco Routers to use TACACS+ as a AAA protocol using the CLI and Cisco SDM Describe troubleshooting TACACS+ using debug commands from the CLI

Cisco Secure ACS Overview TACACS+ and RADIUS Protocols Installing Cisco Secure ACS for Windows Configuring the Server Configuring TACACS+ Support on a Cisco Router Troubleshooting TACACS+
Lab 2-3: Configuring AAA on Cisco Routers to Use Cisco Secure ACS
Lesson 5: Implementing Secure Management and Reporting This lesson defines how to securely implement the management and reporting features of syslog, Simple Network Management Protocol (SNMP), Secure Shell (SSH), and Network Time Protocol (NTP). Upon completing this lesson, the learner will be able to meet these objectives:

Describe the factors you must consider when planning the secure management and reporting configuration of network devices Describe the architecture of secure management and reporting Describe the key role that syslog plays in network security Use Cisco SDM to monitor log messages Describe the security features of SNMPv3 Configure an SSH daemon for secure management and reporting Enable time features with Cisco SDM

Planning Considerations for Secure Management and Reporting Secure Management and Reporting Architecture Using Syslog Logging for Network Security Using Logs to Monitor Network Security Using SNMP Configuring an SSH Daemon for Secure Management and Reporting Enabling Time Features
Lab 2-4: Implementing Secure Management and Reporting

Lesson 6: Locking Down the Router This lesson defines how to examine router configurations with the Security Audit feature of Cisco SDM and make the router and network more secure by using the one-step lockdown feature in Cisco SDM or the command auto secure. Upon completing this lesson, the learner will be able to meet these objectives:

Describe the router services and interfaces that are vulnerable to network attacks Explain the vulnerabilities posed by commonly configured router management services Use the Cisco SDM Security Audit feature to determine and to fix router security vulnerabilities Use the Cisco SDM one-step lockdown feature or the CLI auto secure command to secure a router Explain the limitations of using the Cisco SDM one-step lockdown feature or the CLI auto secure command

Vulnerable Router Services and Interfaces Management Service Vulnerabilities Performing a Security Audit Locking Down a Cisco Router Limitations and Cautions
Lab 2-5: Using Cisco SDM One-Step Lockdown and Security Audit
10
Module 3: Network Security Using Cisco IOS Firewalls

Upon completing this module, the learner will be able to configure firewall features including access control lists (ACLs) and Cisco IOS zone-based policy firewalls to perform basic security operations on a network. Lesson 1: Introducing Firewall Technologies This lesson describes the operations of the different types of firewall technologies, and the firewall technologies that are embedded in Cisco routers and Cisco security appliances. Upon completing this lesson, the learner will be able to meet these objectives:

Describe the role of firewalls in securing networks Describe the role of firewalls in a layered defense strategy Describe how a static packet filter allows or blocks data packets as they pass through a network interface Describe how application layer or proxy firewalls control or monitor inbound and outbound traffic Describe how dynamic or stateful inspection packet filtering improves network security and performance Describe additional types of firewalls, including application inspection firewalls and transparent firewalls Describe the features of the Cisco IOS Firewall, Cisco PIX 500 Series Security Appliances, and Cisco ASA 5500 Series Adaptive Security Appliances Develop an effective firewall policy that is based on firewall best practices

Firewall Fundamentals Firewalls in a Layered Defense Strategy Static Packet Filtering Firewalls Application Layer Gateways Dynamic or Stateful Packet Filtering Firewalls Other Types of Firewalls Cisco Family of Firewalls Developing an Effective Firewall Policy
Lesson 2: Creating Static Packet Filters Using ACLs This lesson defines how to create static packet filters using ACLs. Upon completing this lesson, the learner will be able to meet these objectives:

Explain how ACLs are used to control access in networks Define wildcard masks and explain how they are used by ACLs Configure and apply ACLs to router interfaces using the CLI Explain the caveats you must consider when creating ACLs
11
Configure standard and extended ACLs using Cisco SDM Configure ACLs to protect common network services

ACL Fundamentals ACL Wildcard Masking Using ACLs to Control Traffic ACL Considerations Configuring ACLs Using SDM Using ACLs to Permit and Deny Network Services
Lab 3-1: Creating Static Packet Filters Using ACLs
Lesson 3: Configuring Cisco IOS Zone-Based Policy Firewall This lesson defines how to configure a Cisco IOS zone-based policy firewall on your network using the Cisco SDM wizard. Upon completing this lesson, the learner will be able to meet these objectives:

Describe the principles of zone-based policy firewalls Configure a zone-based policy firewall using Cisco SDM Basic Firewall wizard Configure a zone-based policy firewall manually using Cisco SDM Verify the zone-based policy firewall configuration using Cisco SDM and the CLI

Zone-Based Policy Firewall Overview Configuring Zone-Based Policy Firewalls Using the Basic Firewall Wizard Manually Configuring Zone-Based Policy Firewalls Using Cisco SDM Monitoring a Zone-Based Policy Firewall
Lab 3-2: Configuring a Cisco IOS Zone-Based Policy Firewall
12
Module 4: Site-to-Site VPNs

After completing this module, the learner will be able to configure site-to-site virtual private networks (VPNs) using Cisco IOS features. Lesson 1: Examining Cryptographic Services This lesson describes how encryption, hashing, and digital signatures provide confidentiality, integrity, and nonrepudiation. Upon completing this lesson, the learner will be able to meet these objectives:

Define cryptology, cryptanalysis, and encryption, and explain the symbiotic relationship between cryptanalysis and encryption Explain the difference between, and the functionality of, symmetric and asymmetric encryption algorithms Describe the differences between block and stream ciphers Describe the basic forms of encryption, as well as their differences and their benefits Explain the importance and function of cryptographic hashes Explain the importance of key length, key creation, key distribution, key recovery, and key destruction Describe the basic functions, advantages, and disadvantages of SSL VPNs

Cryptology Overview Symmetric and Asymmetric Encryption Algorithms Block and Stream Ciphers Encryption Algorithm Selection Cryptographic Hashes Key Management Introducing SSL VPNs
Lesson 2: Examining Symmetric Encryption This lesson defines how to describe the methods, algorithms, and purposes of symmetric encryption. Upon completing this lesson, the learner will be able to meet these objectives:

Explain the generic functionality of symmetric encryption algorithms Describe the features and functions of the DES algorithm Describe the features and functions of the 3DES algorithm Describe the features and functions of the AES algorithm Describe the features and functions of the SEAL algorithm Describe the features and functions of several algorithms written by Ron Rivest
13

Symmetric Encryption Overview DES Features and Functions 3DES Features and Functions AES Features and Functions SEAL Features and Functions Rivest Ciphers Features and Functions
Lesson 3: Examining Cryptographic Hashes and Digital Signatures This lesson describes the use and purpose of hashes and digital signatures in providing integrity and nonrepudiation. Upon completing this lesson, the learner will be able to meet these objectives:

Explain the generic functionality of hash algorithms and the HMAC variant Describe the features and functions of the MD5 algorithm Describe the features and functions of the SHA-1 algorithm Explain the generic functionality of digital signatures Describe the features and functions of the DSS

Overview of Hash Algorithms and HMACs MD5 Features and Functions SHA-1 Features and Functions Overview of Digital Signatures DSS Features and Functions
Lesson 4: Examining Asymmetric Encryption and PKI This lesson describes the use and purpose of asymmetric encryption and public key infrastructure (PKI). Upon completing this lesson, the learner will be able to meet these objectives:

Explain the generic functionality of asymmetric encryption algorithms Describe the features and functions of the RSA algorithm Describe the features and functions of the DH key exchange algorithm Explain the principles behind a PKI Explain the PKI standards Explain the role of CAs and RAs in a PKI

14
Asymmetric Encryption Overview RSA Features and Functions

DH Features and Functions PKI Definitions and Algorithms PKI Standards Certificate Authorities
Lesson 5: Examining IPsec Fundamentals This lesson describes the fundamental concepts, technologies, and terms that IP Security (IPsec) VPNs use. Upon completing this lesson, the learner will be able to meet these objectives:

Describe the purpose and types of VPNs, contrast SSL with IPsec VPNs, and define where to use VPNs in a network List the Cisco VPN product line and describe the security features of these products Describe the IPsec protocol and its basic functions Describe the advantages of IPsec VPNs compared with other types of VPNs Describe the ESP protocols, the AH protocols, and the tunnel modes that IPsec uses List and describe the IKE protocols

VPN Overview Cisco VPN Product Family Introducing IPsec IPsec Advantages IPsec Protocol Framework IKE Protocol
Lesson 6: Building a Site-to-Site IPsec VPN This lesson describes how to configure a site-to-site IPsec VPN. Upon completing this lesson, the learner will be able to meet these objectives:

Describe the five steps of IPsec operation Describe the procedure to configure IPsec Ensure that ACLs are compatible with IPsec Describe and configure the IKE parameters using the CLI Configure the IPsec transform sets using the CLI Configure the cryptographic ACL and other IPsec settings using the CLI Configure and apply a cryptographic map to an interface using the CLI Confirm the IPsec configuration
15

Site-to-Site IPsec VPN Operations Configuring IPsec Site-to-Site IPsec ConfigurationStep 1 Site-to-Site IPsec ConfigurationStep 2 Site-to-Site IPsec ConfigurationStep 3 Site-to-Site IPsec ConfigurationStep 4 Site-to-Site IPsec ConfigurationStep 5 Verifying the IPsec Configuration
Lesson 7: Configuring IPsec on a Site-to-Site VPN Using Cisco SDM This lesson defines how to configure a site-to-site IPsec VPN with preshared keys (PSKs) authentication using Cisco SDM. Upon completing this lesson, the learner will be able to meet these objectives:

Describe how to navigate the Cisco SDM site-to-site VPN Wizard interface Describe the components that you configure when you use the Cisco SDM site-to-site VPN wizard Configure the site-to-site VPN tunnel connections using the Cisco SDM wizards Complete the site-to-site VPN configuration using Cisco SDM and verify the VPN configuration

Introducing the Cisco SDM VPN Wizard Interface Site-to-Site VPN Components Using the Cisco SDM Wizards to Configure Site-to-Site VPNs Completing the Configuration
Lab 4-1: Configuring a Site-to-Site IPsec VPN
16
Module 5: Network Security Using Cisco IOS IPS

Upon completing this module, learners will be able to configure IPS on Cisco network routers. Lesson 1: Introducing IPS Technologies This lesson describes the underlying intrusion detection system (IDS) and intrusion prevention system (IPS) technology that is embedded in the Cisco host- and network-based IDS and IPS solutions. Upon completing this lesson, the learner will be able to meet these objectives:

Describe the functions and operations of IDS and IPS systems Describe the types of IDS and IPS systems Describe IPS technologies, attack responses, and monitoring options such as syslog and SDEE Describe host and network-based IDS and IPS monitoring Explain the available Cisco IPS appliances Explain how IDS and IPS signatures are used to detect malicious network traffic and describe different types of signatures Describe signature micro-engines Describe the role of signature alarms in a Cisco IPS solution Describe IPS policies and best practices

Introducing IDS and IPS Types of IDS and IPS Systems Intrusion Prevention Technologies Host and Network IPS Introducing Cisco IPS Appliances Introducing Signatures Examining Signature Micro-Engines Introducing Signature Alarms IPS Best Practices
Lesson 2: Configuring Cisco IOS IPS Using Cisco SDM This lesson defines how to configure Cisco IOS IPS using Cisco SDM. Upon completing this lesson, the learner will be able to meet these objectives:

Describe the IPS features of Cisco IOS Software Configure Cisco IOS IPS using Cisco SDM Configure IPS signatures using Cisco SDM Monitor a Cisco IOS IPS router using Cisco SDM and the CLI Verify Cisco IOS IPS operations
17

Cisco IOS IPS Features Configuring Cisco IOS IPS Using Cisco SDM Configuring IPS Signatures Monitoring IOS IPS Verifying IPS Operation
Lab 5-1: Configuring Cisco IOS IPS
18
Module 6: LAN, SAN, Voice, and Endpoint Security Overview

You will be able to configure LAN devices to control access, resist attacks, shield other network devices and systems, and protect the integrity and confidentiality of network traffic. Lesson 1: Examining Endpoint Security This lesson describes the current endpoint protection methods, such as host intrusion protection system (HIPS), integrity checkers, operating system protection, and the Cisco NAC Appliance. Upon completing this lesson, the learner will be able to meet these objectives:

Describe what endpoint security is and the fundamental principles that are involved in host security Describe buffer overflows and the threat that they present Describe the features of IronPort products and how they enhance and complement endpoint security Describe the features of the Cisco NAC Appliance and how it enhances and complements endpoint security Describe the functions of Cisco Security Agent at a high level and describe how it provides endpoint security Provide a list of basic host security principles

What Is Endpoint Security? Buffer Overflows IronPort Cisco NAC Products Cisco Security Agent Endpoint Security Best Practices
Lesson 2: Examining SAN Security This lesson defines how to describe the risks and countermeasures for storage area networks (SANs) security. Upon completing this lesson, the learner will be able to meet these objectives:

Describe a SAN and its benefits Describe the basic principles of SANs Explain various security strategies that can be used to compartmentalize data for security purposes

What Is a SAN? SANs Fundamentals SAN Security Scope
19
Lesson 3: Examining Voice Security This lesson describes the risks and countermeasures to IP telephony. Upon completing this lesson, the learner will be able to meet these objectives:

Describe VoIP fundamentals Describe security threats to VoIP networks Define SPIT and describe how it poses a security threat against voice-enabled networks Explain how fraud can cost VoIP customers considerable sums of money Describe various SIP vulnerabilities Describe how to prevent hacking on VoIP networks

VoIP Fundamentals Voice Security Threats Spam over IP Telephony Fraud SIP Vulnerabilities Defending Against VoIP Hacking
Lesson 4: Mitigating Layer 2 Attacks This lesson defines how to mitigate Layer 2 attacks against network topologies and protocols. Upon completing this lesson, the learner will be able to meet these objectives:

Explain how basic switch operations makes networks vulnerable to attacks at Layer 2 Configure Cisco switches to mitigate VLAN attacks Explain how to prevent STP manipulation Describe how an attacker can flood a switch by launching a CAM table overflow attack Describe how a MAC spoofing attack can be launched and mitigated Describe and configure port security as a key step in defending networks from Layer 2 attacks Describe some of the additional features available in Cisco switch security including SPAN, RSPAN, and storm control Describe Layer 2 best practices and explain how they mitigate attacks on specific areas of Layer 2 hardware and software components
20

Basic Switch Operation Mitigating VLAN Attacks Preventing STP Manipulation CAM Table Overflow Attacks MAC Address Spoofing Attacks Using Port Security Additional Switch Security Features Layer 2 Best Practices
Lab 6-1: Using Cisco Catalyst Switch Security Features
21
SNRS - Course Outline

Overview
Securing Networks with Cisco Routers and Switches (SNRS) v3.0 is an instructor-led course presented by Cisco training partners to their end-user customers. This five-day course focuses on providing the network specialists with the knowledge and skills needed to secure Cisco IOS router and switch-based networks. Learners will be able to secure the network environment using existing Cisco IOS features, including installing and configuring Cisco IOS Classic Firewall, Cisco IOS Zone-Based Policy Firewall, user group-based firewall, Cisco IOS intrusion prevention system (IPS), authentication proxy, implementing secure tunnels using IP Security (IPsec) technology, and implementing advanced switch security. This course also covers advanced virtual private network (VPN) technologies.
Course Objectives

Implement Layer 2 security features on a network using Cisco IOS commands Implement Cisco Network Foundation Protection on Cisco IOS routers Design, install, configure, and troubleshoot site-to-site VPNs using Cisco Integrated Services routers Design, install, configure, and troubleshoot remote-access communications using Cisco IOS security features Install, configure, and troubleshoot URL filtering, NAT and PAT, Cisco IOS Classic Firewall, Cisco IOS Zone-Based Policy Firewall, and Cisco IOS IPS on a Cisco Integrated Services router
22

This subtopic provides an overview of how the course is organized. The course contains these components:

Course Introduction Network Platform Security with Switches Network Platform Security with Routers Secure Site-to-Site Communications Secure Remote Access Communications Threat Control and Containment

Module 1: Network Platform Security with Switches
Upon completing this module, the learner will be able to implement Layer 2 security features on a network using Cisco IOS commands.
Lesson 1: Configuring Advanced Layer 2 Security
This lesson describes how to implement some of the advanced security features of Cisco IOS switches. Upon completing this lesson, the learner will be able to meet these objectives:

Describe and configure the different types of ACLs available on switches Explain how to use PVLANs to partition the Layer 2 broadcast domain of a VLAN into subdomains to improve scalability and security Mitigate DHCP attacks using the Cisco DHCP snooping feature Mitigate ARP spoofing using DAI Configure IP Source Guard to provide source IP address filtering on a Layer 2 port to prevent a malicious host from impersonating a legitimate host Describe Layer 2 best practices

Examining Switch ACLs Understanding PVLANs Mitigating DHCP Server Attacks Mitigating ARP Spoofing Using DAI Examining IP Source Guard Layer 2 Best Practices
Lab 1-1: Configure Advanced Layer 2 Security
23
Lesson 2: Introducing Cisco IBNS
This lesson describes the Cisco Identity Based Networking Services (IBNS) model and explains how IEEE 802.1X helps to control network access. Upon completing this lesson, the learner will be able to meet these objectives:

Explain how Cisco IBNS improves the security of physical and logical access to LANs with the capabilities defined in 802.1X Describe the 802.1X standard and 802.1X components Examine Cisco Secure Services Client Version 5.0 and its enterprise management tools Explain the processes used in 802.1X Explain the different EAP types that are available for an 802.1X implementation Explain how various logs, such as ACS logs and Cisco Security MARS logs, can be used to examine 802.1X events

Cisco IBNS Overview 802.1X Components Cisco Secure Services Client Version 5.0 802.1X Operations EAP Types Reporting and Monitoring Cisco IBNS
Lesson 3: Implementing Basic 802.1X Authentication
This lesson describes how to configure basic IEEE 802.1X port-based authentication using Cisco Secure Access Control Server (ACS) and a Cisco Catalyst 2960 Series Switch from the command-line interface (CLI). Upon completing this lesson, the learner will be able to meet these objectives:

Describe the functions and features of Cisco Secure ACS for Windows Server Configure simple 802.1X authentication using the Windows supplicant Explain the different 802.1X host modes Configure 802.1X timers Use show and debug commands to verify and test 802.1X operation

Cisco Secure ACS for Windows Overview Configuring 802.1X Authentication 802.1X Host Modes Configuring 802.1X Timers Verify 802.1X Operation
Lab 1-2: Configure Basic 802.1X Authentication

24
Lesson 4: Configuring Advanced 802.1X Authentication and Authorization
This lesson describes how to configure advanced 802.1X port-based authentication and authorization on a Cisco Catalyst 2960 Series Switch using the command-line interface (CLI). Upon completing this lesson, the learner will be able to meet these objectives:

Describe methods you can use to support devices that do not support 802.1X Configure guest VLANs to support hosts that do not have a supplicant Configure restricted VLANs to support hosts that have a supplicant but fail to authenticate Configure MAC authentication bypass for hosts that have known MAC addresses but do not have an 802.1X supplicant Configure inaccessible authentication bypass to support an unavailable RADIUS server Explain how to configure web authentication Configure 802.1X dynamic VLAN assignment Use show commands to verify the MAC authentication bypass and inaccessible authentication bypass operation Explain several special situations that can occur with 802.1X deployments

Authenticating Without 802.1X Guest VLANs Restricted VLANs MAC Authentication Bypass Inaccessible Authentication Bypass Web Authentication Proxy 802.1X Dynamic VLAN Assignments Testing and Verifying 802.1X Special Situations with 802.1X

Lab 1-3: Configure Advanced 802.1X Authentication Lab 1-4: Configure 802.1X VLAN Assignments
Module 2: Network Platform Security with Routers Upon completing this module, the learner will be able to implement Cisco Network Foundation Protection on Cisco IOS routers.
Lesson 1: Examining the Cisco Network Foundation Protection Strategy
This lesson describes the Cisco Network Foundation Protection strategy. Upon completing this lesson, the learner will be able to meet these objectives:

Describe Cisco Network Foundation Protection in general Describe the features and benefits of Cisco Network Foundation Protection Describe the Cisco AutoSecure feature of Cisco routers
List the platforms that support Cisco Network Foundation Protection

Cisco Network Foundation Protection Overview Cisco Network Foundation Protection Services and Benefits Cisco AutoSecure Supported Platforms
Lesson 2: Securing the Control Plane
This lesson describes tools that are used to secure the control plane of a Cisco router. Upon completing this lesson, the learner will be able to meet these objectives:

Describe the control plane of a router Describe the basic function and benefits of CPPr Explain the benefit of routing protocol authentication and how to configure routers Describe CPU and memory threshold notifications

The Control Plane Control Plane Protection Routing Protocol Protection CPU and Memory Thresholding
Lesson 3: Securing the Management Plane
This lesson describes how to protect the management plane of Cisco devices. Upon completing this lesson, the learner will be able to meet these objectives:

Describe the management plane and configure common secure management protocols Configure HTTPS Describe and configure the Role-Based CLI Access feature Describe and configure the Cisco MPP feature Describe and configure SNMPv3

The Management Plane Secure Management Services Role-Based Access Control Cisco IOS MPP SNMP v3 Architecture
Lesson 4: Securing the Data Plane
26
This lesson describes tools that are used to protect the data plane of a Cisco router. Upon completing this lesson, the learner will be able to meet these objectives:

Describe the data plane, data plane attacks, and the effects these attacks have on network devices Explain NetFlow and how to configure it Describe and configure uRPF Describe and configure Cisco IOS FPM

The Data Plane NetFlow Configuring uRPF Cisco IOS FPM
Lab 2-1: Configure the Cisco Network Foundation Protection Strategy
Module 3: Secure Site-to-Site Communications Upon completing this module, the learner will be able to design, install, configure, and troubleshoot site-to-site VPNs using Cisco Integrated Services Routers.
Lesson 1: Examining VPN and IPsec Fundamentals
This lesson describes basic characteristics and protocols used in IPsec configurations and describe the various types of VPNs available using Cisco IOS Software, including IPsec, Dynamic Multipoint Virtual Private Network (DMVPN), Group Encrypted Transport VPN (GET VPN), Cisco Easy VPN, and Cisco IOS Secure Sockets Layer (SSL) VPN. Upon completing this lesson, the learner will be able to meet these objectives:

Describe the basic functionality and protocols involved with IPsec VPNs Describe different types of site-to-site VPNs, including fully-meshed, hub-and-spoke, IPsec, Cisco Easy VPN with VTI, GRE over IPsec, DMVPN, and GET VPN Describe Cisco Easy VPN and Cisco IOS SSL VPNs Explain the VPN design guide that is available in Cisco SDM Configure global VPN router settings in Cisco SDM

IPsec Overview Site-to-Site VPNs Cisco Easy VPN and Cisco IOS SSL VPNs VPN Design Guide Global VPN Settings
Lesson 2: Implementing IPsec VPNs with PKI

2008 Cisco Systems, Inc. Course Administration Guide 27
This lesson describes how to configure a Cisco IOS certificate authority (CA) and an IPsec siteto-site VPN using digital certificates. Upon completing this lesson, the learner will be able to meet these objectives:

Describe Cisco IOS PKI support Describe the use of CAs and RAs Describe how SCEP manages the certificate lifecycle Describe and configure the Cisco IOS CA Server Configure CA interoperability on a Cisco router using Cisco SDM Configure a PKI-based IPsec site-to-site VPN on a router using Cisco SDM Troubleshoot CA interoperability using the CLI Test and verify IPsec configurations using the CLI

Cisco IOS PKI Overview Certificate Authorities Examining SCEP Cisco IOS CA Server Configuring CA support Configuring a PKI-Based IPsec Site-to-Site VPN Testing and Verifying CA Support Testing and Verifying IPsec
Lab 3-1: Configure A Site-To Site VPN Using Certificates
Lesson 3: Implementing GRE over IPsec
This lesson describes how to configure Generic Routing Encapsulation (GRE)-over-IPsec tunnels. Upon completing this lesson, the learner will be able to meet these objectives:

Describe GRE tunnels Configure a GRE tunnel Configure a GRE tunnel with IPsec encryption using Cisco SDM and verify the resulting CLI configurations Generate mirror configurations Verify GRE-over-IPsec operations using the CLI

28
Examining GRE Tunnels Configuring a GRE Tunnel Configuring a GRE-Over-IPsec Tunnel Generate a Mirror Configuration
Testing and Verifying GRE Over IPsec
Lab 3-2: Configure a GRE over IPsec Tunnel
Lesson 4: Configuring High-Availability VPNs and VTI
This lesson describes how to configure high-availability VPN technologies. Upon completing this lesson, the learner will be able to meet these objectives:

Describe high availability for IPsec VPNs Explain how to achieve high availability with IPsec VPNs using redundant peers and how to configure it Describe HSRP, the role it plays in high availability, and how to configure it Describe Cisco IOS stateful failover and how to configure it Explain how to back up WAN links using VPNs Describe the benefit of using static or dynamic VTI and how to configure VTIs for site-tosite IPsec VPNs

High Availability for Cisco IOS IPsec VPNs IPsec Backup Peer Hot Standby Router Protocol IPsec Stateful Failover Backing Up a WAN Connection with an IPsec VPN Static and Dynamic VTIs
Lesson 5: Implementing DMVPN
This lesson describes how to configure a DMVPN. Upon completing this lesson, the learner will be able to meet these objectives:

Describe the overall requirements, features, operation, and high availability design for DMVPN Describe how dynamic routing protocols operate over DMVPN Configure a DMVPN hub using the Cisco SDM DMVPN hub wizard Configure a DMVPN spoke using the Cisco SDM DMVPN spoke wizard Edit DMVPN settings in Cisco SDM Verify DMVPN connectivity

Dynamic Multipoint VPN Dynamic Routing Protocols over DMVPN Configuring a DMVPN Hub
Configuring a DMVPN Spoke Editing DMVPN Settings Verifying DMVPN
Lab 3-3: Configure a DMVPN Spoke Using Cisco SDM
Lesson 6: Implementing GET VPN
This lesson describes how to configure GET VPNs. Upon completing this lesson, the learner will be able to meet these objectives:

Describe problems that are encountered scaling tunnel-based VPNs Describe GET VPN Describe how dynamic routing protocols work over GET VPN Describe the security measures that are built into the GET VPN solution Describe GET VPN operations Configure the GET VPN key server Configure GET VPN group members Verify GET VPN settings and operation

VPN Limitations GET VPN Overview GET VPN Architecture GET VPN Security GET VPN Operations Configuring GET VPN Key Servers Configuring GET VPN Group Members Verifying GET VPN Settings
Lab 3-4: Configure GET VPN Using CLI
Module 4: Secure Remote Access Communications Upon completing this module, the learner will be able to design, install, configure, and troubleshoot remote-access communications using Cisco IOS security features.
Lesson 1: Implementing Cisco IOS Remote Access Using Cisco Easy VPN
This lesson describes how to configure Cisco Easy VPN for remote access. Upon completing this lesson, the learner will be able to meet these objectives:
30
Describe the role of each component of Cisco Easy VPN including Cisco Easy VPN Remote and Cisco Easy VPN Server Explain how to configure the Cisco VPN Client Explain how to configure a Cisco Easy VPN Remote using Cisco SDM Explain how to configure a Cisco Easy VPN Server using Cisco SDM Verify the Cisco Easy VPN configuration

Introduction to Cisco Easy VPN Configuring the Cisco VPN Client Configuring Cisco Easy VPN Remote Configuring Cisco Easy VPN Server Verify the Cisco Easy VPN Configuration

Lab 4-1: Configure Cisco Easy VPN Remote Lab 4-2: Configure Cisco Easy VPN Server
Lesson 2: Examining a Cisco IOS SSL VPN
This lesson describes how to configure a Cisco IOS SSL VPN and verify its operation using Cisco Router and Security Device Manager (SDM). Upon completing this lesson, the learner will be able to meet these objectives:

Describe the Cisco IOS SSL VPN feature, including clientless mode, thin-client mode, fulltunnel client mode, and Cisco Secure Desktop Describe the different client packages for the Cisco IOS SSL VPN Configure the prerequisites for Cisco IOS SSL VPN Configure Cisco IOS SSL VPN Edit Cisco IOS SSL VPN configurations Monitor and verify Cisco IOS SSL VPN
31

Overview of Cisco IOS SSL VPN Client Software Configuring Cisco IOS SSL VPN Prerequistes Cisco IOS SSL VPN Configuration Editing Cisco IOS SSL VPNs Verifying SSL VPN Functionality
Lab 4-3: Configure a Cisco IOS SSL VPN
Module 5: Threat Control and Containment Upon completing this module, the learner will be able to install, configure, and troubleshoot URL filtering, NAT and PAT, Cisco IOS Classic Firewall, Cisco IOS Zone-Based Policy Firewall, and Cisco IOS IPS on a Cisco Integrated Services Router.
Lesson 1: Configuring NAT and PAT
This lesson describes how to configure inside and outside static and dynamic NAT and PAT as well as port forwarding. Upon completing this lesson, the learner will be able to meet these objectives:

Describe static and dynamic NAT and PAT Configure PAT using the Cisco SDM NAT Basic wizard Configure NAT and PAT using the Cisco SDM NAT Advanced wizard Verify NAT and PAT configuration using the CLI Troubleshoot a NAT configuration to resolve issues

Network Address Translation Overview Configuring PAT Using the Basic NAT Wizard Configuring NAT and PAT Using the Advanced NAT Wizard Verifying NAT and PAT Troubleshooting NAT and PAT
Lesson 2: Configuring a Cisco IOS Classic Firewall
This lesson describes how to configure a Cisco IOS Classic Firewall using Cisco SDM. Upon completing this lesson, the learner will be able to meet these objectives:

32
Describe the features and benefits of a Cisco IOS Classic Firewall Use the Cisco SDM Basic Firewall wizard to configure a Cisco IOS Classic Firewall Use the Cisco SDM Advanced Firewall wizard to configure a Cisco IOS Classic Firewall Edit a basic or advanced firewall configuration, including global settings
Verify a Cisco IOS Firewall configuration using the CLI

Cisco IOS Classic Firewall Overview Basic Firewall Wizard Advanced Firewall Wizard Editing Firewall Rules Verifying Firewall Configuration
Lab 5-1: Configure Cisco IOS Classic Firewall on a Cisco Router
Lesson 3: Configuring a Cisco IOS Zoned-Based Policy Firewall
This lesson describes how to configure a Cisco IOS Zone-Based Policy Firewall on a Cisco Integrated Services Router. Upon completing this lesson, the learner will be able to meet these objectives:

Describe the general features of a Cisco IOS Zone-Based Policy Firewall Configure Cisco IOS Zone-Based Policy Firewall using the Cisco SDM Advanced Firewall wizard Edit the Cisco IOS Zone-Based Policy Firewall Create zone-based policies without the Cisco SDM wizard Verify the Cisco IOS Zone-Based Policy Firewall configuration using the CLI and Cisco SDM

Cisco IOS Zone-Based Policy Firewall Overview Advanced Firewall Wizard Editing Cisco IOS Zone-Based Policy Firewall Configuring Zone-Based Policies Verifying the Cisco IOS Zone-Based Policy Firewall Configuration
Lab 5-2: Configure Cisco IOS Zone-Based Policy Firewall with URL Filtering
Lesson 4: Configuring Cisco IOS IPS
This lesson describes how to configure a Cisco IOS IPS Software Version 5.x signature support, Risk Rating (Signature Event Action Processing [SEAP]), tuning, and custom signatures. Upon completing this lesson, the learner will be able to meet these objectives:

Describe the features, functions, limitations, and applications of Cisco IOS IPS Describe the different IPS management products Describe SDF and built-in signature operation
Migrate from Cisco IOS IPS Version 4.x to Cisco IOS IPS Version 5.x Configure Cisco IOS IPS using 5.x signatures Configure Auto Signature Update Configure SEAP, including Risk Ratings, Events Action Overrides, and Events Action Filters Perform a basic configuration of Cisco IOS IPS Tune more advanced signature settings Create custom signatures Use show, debug, and clear commands to test and verify Cisco IOS IPS configurations Explain various scenarios and deployment options
34

Cisco IOS IPS Overview IPS Management Products SDF and Built-In Signature Overview Migrating from Cisco IOS IPS Version 4 to Version 5 Configuring Cisco IOS IPS Using 5.x Signatures Auto Update Signature Event Action Processing Configuring, Disabling, and Excluding Signatures Signature Tuning Custom Signatures Verifying Cisco IOS IPS Configuration IPS Case Studies
Lab 5-3: Configure a Cisco IOS IPS on a Cisco Router
35
IPS - Course Outline

Overview
Implementing Cisco Intrusion Prevention Systems (IPS) v6.0 provides the knowledge and skills needed to design, install, configure, and maintain a Cisco IPS sensor for small, medium, and enterprise networks. The course also describes the procedures for managing intrusion prevention system (IPS) alarms.
Course Objectives

Explain how the Cisco IPS protects network devices from attacks Install and configure the basic settings on a Cisco IPS 4200 Series Sensor Use the Cisco IDM to configure built-in signatures to meet the requirements of a given security policy Configure some of the more advanced features of the Cisco IPS product line Initialize and install into your environment the rest of the Cisco IPS family of products Use the CLI and the Cisco IDM to obtain system information, and configure the Cisco IPS sensor to allow an SNMP NMS to monitor the Cisco IPS sensor


Course Introduction Intrusion Prevention Overview Installation of a Cisco IPS 4200 Series Sensor Cisco IPS Signatures Advanced Cisco IPS Configuration Additional Cisco IPS Devices Cisco IPS Sensor Maintenance
36

This in-depth outline of the course structure lists each module, lesson, and topic.
Module 1: Intrusion Prevention Overview

This module explains how the Cisco IPS protects network devices from attacks.
Lesson 1: Explaining Intrusion Prevention

This lesson describes how to discuss intrusion detection and intrusion prevention along with related terms and concepts. Upon completing this lesson, the learner will be able to meet these objectives:

Explain the difference between intrusion detection and intrusion prevention Describe the similarities and differences among the various intrusion detection technologies Explain the terminology used in intrusion prevention and detection Explain the difference between promiscuous and inline intrusion protection Describe the new features included in the Cisco IPS Sensor Software Version 6.0

Intrusion Detection vs. Intrusion Prevention Intrusion Prevention Technologies Intrusion Prevention Terminology Promiscuous and Inline Modes Features of Cisco IPS Sensor Software Version 6.0
Lesson 2: Examining Cisco IPS Products

This lesson describes the Cisco IPS solutions and explains how Cisco IPS protects network devices from attacks. Upon completing this lesson, the learner will be able to meet these objectives:

Explain the various models available in the Cisco family of IPS sensors Describe network IPS and list its features and limitations Describe host IPS and list its features and limitations Explain the considerations necessary for selection, placement, and deployment of a network IPS Describe the Cisco Self-Defending Network and how the Cisco IPS products fit in to that structure

Cisco Network Sensors Network IPS Host-Based IPS

Sensor Deployment Cisco Self-Defending Network
Lesson 3: Examining Cisco IPS Sensor Software Solutions

This lesson describes the Cisco monitoring solutions and suggests how to utilize them. Upon completing this lesson, the learner will be able to meet these objectives:

Describe the Cisco IPS Sensor Software architecture List the Cisco IPS management products for single device management List the Cisco IPS management products that you can use for the enterprise

Cisco IPS Sensor Software Architecture Cisco IPS Element Management Products Cisco IPS Enterprise Management Products
Lesson 4: Examining Evasive Techniques

This lesson describes major evasion techniques in order to justify several intrusion prevention system (IPS) features. Upon completing this lesson, the learner will be able to meet these objectives:

Explain what an evasive technique is and provide examples of evasive techniques Explain how attackers use string match attacks to avoid detection by intrusion detection and intrusion prevention products Explain how attackers use fragmentation attacks to avoid detection by intrusion detection and intrusion prevention products Explain how attackers use session attacks to avoid detection by intrusion detection and intrusion prevention products Explain how attackers use insertion attacks to avoid detection by intrusion detection and intrusion prevention products Explain how attackers use evasion attacks to avoid detection by intrusion detection and intrusion prevention products Explain how attackers use TTL-based attacks to avoid detection by intrusion detection and intrusion prevention products Explain how attackers use encryption-based attacks to avoid detection by intrusion detection and intrusion prevention products Explain how attackers use resource exhaustion attacks to avoid detection by intrusion detection and intrusion prevention products

38
Evasive Techniques String Match Attacks Fragmentation Attacks

Session Attacks Insertion Attacks Evasion Attacks TTL-Based Attacks Encryption-Based Attacks Resource Exhaustion Attacks
Module 2: Installation of a Cisco IPS 4200 Series Sensor

This module describes how to install and configure the basic settings on a Cisco IPS 4200 Series Sensor. Lesson 1: Installing a Cisco IPS Sensor Using the CLI This lesson describes how to install and initialize a Cisco IPS sensor appliance in the network using the command-line interface (CLI). Upon completing this lesson, the learner will be able to meet these objectives:

Explain the CLI of the Cisco IPS sensor Gain management access and initialize a sensor Explain some of the administrative tasks that are done from the CLI Explain some of the additional commands that are available from the CLI

Introducing the CLI Initializing the Sensor Performing Administrative Tasks Additional Administrative Commands
Lesson 2: Using the Cisco IDM This lesson describes how to use the Cisco IPS Device Manager (IDM) to launch, navigate, manage, and monitor a Cisco IPS device. Upon completing this lesson, the learner will be able to meet these objectives:

Explain the features, benefits, and system requirements of the Cisco IDM Log into and navigate the Cisco IDM Configure SSH Reboot and shutdown a Cisco IPS

Introducing the Cisco IDM Getting Started with the Cisco IDM How to Configure SSH How to Reboot and Shut Down the Sensor
Lesson 3: Configuring Basic Sensor Settings This lesson describes how to use the Cisco IDM to configure basic sensor settings. Upon completing this lesson, the learner will be able to meet these objectives:

Configure hosts that are authorized to administer the sensor Configure the time settings of a Cisco IPS sensor Configure certificates of a Cisco IPS sensor Configure user accounts Describe the different roles that a sensor interface can play Configure the interfaces of a Cisco IPS sensor in promiscuous and inline mode Describe and configure software and hardware bypass Explain how to view events from the Cisco IDM

How to Configure Allowed Hosts How to Set the Time How to Configure Certificates How to Configure User Accounts Defining Interface Roles How to Configure the Interfaces How to Configure Software and Hardware Bypass Mode Viewing Events in the Cisco IDM

Lab 2-1: Install and Configure an IPS Sensor from the CLI Lab 2-2: Use the Cisco IDM to Perform a Basic Sensor Configuration
Module 3: Cisco IPS Signatures

This module describes how to use the Cisco IDM to configure built-in signatures to meet the requirements of a given security policy. Lesson 1: Configuring Cisco IPS Signatures and Alerts This lesson describes how to use the Cisco IDM to configure built-in signatures to meet the requirements of a given security policy. Upon completing this lesson, the learner will be able to meet these objectives:

Describe the different types, features, and actions of signatures Locate information about specific signatures and describe the Cisco Intrusion Prevention Alert Center Enable, disable, and assign actions to signatures Configure additional settings for denying and blocking actions
40

Cisco IPS Signatures How to Locate Signature Information How to Configure Basic Signatures Special Considerations for Signature Actions
Lesson 2: Examining the Signature Engines This lesson describes the functions of signature engines and their parameters. Upon completing this lesson, the learner will be able to meet these objectives:

Describe the different signature engines used by the sensor Describe the configuration parameters common to all signature engines Describe the ATOMIC signature engines Describe the FLOOD signature engines Describe the SERVICE signature engines, including the new TNS and SMB advanced signature engines Describe the STRING signature engines Describe the SWEEP signature engines Describe the TROJAN signature engines Describe the TRAFFIC signature engines Describe the AIC signature engines Describe the STATE signature engine Describe the META signature engine Describe the NORMALIZER engine

Introducing Cisco IPS Signature Engines Common Signature Engine Parameters ATOMIC Signature Engines FLOOD Signature Engines SERVICE Signature Engines STRING Signature Engines SWEEP Signature Engines TROJAN Signature Engines TRAFFIC Signature Engines AIC Signature Engines STATE Signature Engine META Signature Engine NORMALIZER Engine
Lesson 3: Customizing Signatures This lesson describes how to use the Cisco IDM to tune and customize signatures to meet the requirements of a given security policy. Upon completing this lesson, the learner will be able to meet these objectives:

Explain the need to tune signatures Tune and create signatures to accomplish noise reduction Tune and create signatures to accomplish false positive reduction Tune and create signatures to accomplish false negative reduction Tune and create signatures to focus a Cisco IPS sensor on the environment Describe examples of different signature tuning scenarios Design and create custom signatures Describe examples of creating custom signatures

Tuning Signatures Noise Reduction False Positive Reduction False Negative Reduction Focusing Cisco IPS Sensors Customizing Built-in Signatures How to Create Custom Signatures Custom Signature Scenarios

Lab 3-1: Working with Signatures and Alerts Lab 3-2: Customizing Signatures
Module 4: Advanced Cisco IPS Configuration

This module describes how to configure some of the more advanced features of the Cisco IPS product line. Lesson 1: Performing Advanced Tuning of Cisco IPS Sensors This lesson describes how to use the Cisco IDM to tune a Cisco IPS sensor to work optimally in the network. Upon completing this lesson, the learner will be able to meet these objectives:

42
Explain how to tune the sensor to avoid evasive techniques and provide network-specific intrusion prevention Explain the logging capabilities of the sensor, how to configure logging, and the performance ramifications of logging Describe the concept of IP fragment and TCP stream reassembly Define and configure event variables Explain and configure TVRs
Describe and configure event action overrides Describe and configure event action filters Describe the risk rating system and the values that it uses to calculate the risk rating number Introduce and configure the general settings for event action rules

Sensor Configuration IP Logging Reassembly Options How to Define Event Variables Target Value Rating Event Action Overrides Event Action Filters Risk Rating System General Settings of Event Action Rules
Lab 4-1: Tune a Cisco IPS Sensor Using the Cisco IDM
Lesson 2: Monitoring and Managing Alarms This lesson describes how to use additional monitoring tools to maximize alarm management efficiency. Upon completing this lesson, the learner will be able to meet these objectives:

Explain the Cisco IEV, its features, benefits, and specifications Explain the installation procedure for Cisco IEV Add devices to the Cisco IEV Use Cisco IEV to view events Explain the Cisco Security Management Suite, its features, benefits, and specifications Explain the external product interface, its benefits, and specifications Explain how a Cisco Security Agent installation can be integrated into a Cisco IPS sensor installation using Cisco Security Monitor Explain the Cisco ICS

Cisco IEV Overview Installing Cisco IEV Configuring Cisco IEV Viewing Events Cisco Security Management Suite Overview
External Product Interface Integrating Cisco Security Agent into an IPS Installation Cisco ICS
Lab 4-2: Monitor and Manage Alarms
Lesson 3: Configuring a Virtual Sensor This lesson describes how to explain the virtual sensor, its settings, and advantages. Upon completing this lesson, the learner will be able to meet these objectives:

Explain the principles behind virtual sensors Prepare for creating virtual sensors by creating inline pairs, signature polices, event action rules, and anomaly detection policies Create a virtual sensor by giving it a name and assigning interfaces

Virtual Sensor Overview Preparing for Virtual Sensors Creating Virtual Sensors
Lab 4-3: Configure a Virtual Sensor (Optional)
Lesson 4: Configuring Advanced Features This lesson describes how to explain and configure some of the new advanced features of the Cisco IPS Sensor Software. Upon completing this lesson, the learner will be able to meet these objectives:

Explain the principles behind anomaly detection Explain the components used by anomaly detection Configure anomaly detection Monitor and troubleshoot problems with anomaly detection Explain the principles behind POSFP Explain the different methods available to identify operating systems Explain the available configuration options for POSFP Examine the results of POSFP

Anomaly Detection Overview Anomaly Detection Components
44
Configuring Anomaly Detection Monitoring Anomaly Detection POSFP Overview Operating System Identification Configuring POSFP Monitoring POSFP
Lab 4-4: Configure Anomaly Detection and POSFP
Lesson 5: Configuring Blocking This lesson describes how to explain blocking concepts and use Cisco IDM to configure blocking for a given scenario. Upon completing this lesson, the learner will be able to meet these objectives:

Explain the principles behind blocking Describe the things that should be taken into account before applying ACLs Explain how to configure a sensor to perform automatic blocking Explain how to configure a sensor to perform manual blocking Explain how to configure a master blocking scenario

Blocking Overview ACL Considerations How to Configure Automatic Blocking How to Configure Manual Blocking How to Configure a Master Blocking Scenario
Module 5: Additional Cisco IPS Devices

This module describes how to initialize and install into your environment the rest of the Cisco IPS family of products. Lesson 1: Installing the Cisco Catalyst 6500 Series IDSM-2 This lesson describes how to explain the basics of how to install the Cisco Catalyst 6500 Series Intrusion Detection System Services Module 2 (IDSM-2) in a Cisco Catalyst 6500 Series Switch and initialize it. Upon completing this lesson, the learner will be able to meet these objectives:

Describe the Cisco Catalyst 6500 Series IDSM-2 Install the Cisco Catalyst 6500 Series IDSM-2 Configure the Cisco Catalyst 6500 Series IDSM-2 interfaces Monitor the Cisco Catalyst 6500 Series IDSM-2
Perform Cisco Catalyst 6500 Series IDSM-2 maintenance

Cisco Catalyst 6500 Series IDSM-2 Overview Installing the Cisco Catalyst 6500 Series IDSM-2 Configuring Cisco Catalyst 6500 Series IDSM-2 Interfaces Monitoring the Cisco Catalyst 6500 Series IDSM-2 Maintaining the Cisco Catalyst 6500 Series IDSM-2
Lesson 2: Initializing the Cisco ASA AIP-SSM This lesson describes how to initialize a Cisco Adaptive Security Appliance Advanced Inspection and Prevention Security Services Module (ASA AIP-SSM). Upon completing this lesson, the learner will be able to meet these objectives:

Describe the Cisco ASA AIP-SSM Upload the IPS image to the Cisco ASA AIP-SSM Perform the initial configuration of the Cisco ASA AIP-SSM using Cisco ASDM Configure an IPS security policy using Cisco ASDM

Cisco ASA AIP-SSM Overview Loading the Cisco ASA AIP-SSM Initial Cisco ASA AIP-SSM Configuration Using Cisco ASDM Configuring an IPS Security Policy
Module 6: Cisco IPS Sensor Maintenance

This module describes how to use the CLI and the Cisco IDM to obtain system information, and how to configure the Cisco IPS sensor to allow a Simple Network Management Protocol (SNMP) network management system (NMS) to monitor the Cisco IPS sensor. Lesson 1: Maintaining Cisco IPS Sensors This lesson describes how to install and recover the Cisco IPS Sensor Software and perform service pack and signature updates. Upon completing this lesson, the learner will be able to meet these objectives:

Describe the Cisco IPS sensor licenses and how to install them Perform a Cisco IPS sensor upgrade or recovery Install service pack and signature updates Perform a password recovery on a Cisco IPS sensor Restore a Cisco IPS sensor to its default configuration

46 SecurityCurriculumCourseOutline 2009 Cisco Systems, Inc.
Understanding Cisco IPS Licensing How to Upgrade and Recover Sensor Images How to Install Service Packs and Signature Updates Password Recovery How to Restore a Cisco IPS Sensor
Lesson 2: Managing Cisco IPS Sensors This lesson describes how to use the CLI and the Cisco IDM to verify sensor configuration. Upon completing this lesson, the learner will be able to meet these objectives:

Explain the various CLI commands used for sensor monitoring Describe the Cisco IDM as a tool to perform sensor monitoring Describe Cisco Security Manager as a tool to perform sensor monitoring Describe SNMP as a tool to perform sensor monitoring

Using the CLI to Monitor the Sensor Using the Cisco IDM to Monitor the Sensor Monitoring Using Cisco Security Manager Monitoring Using SNMP
Lab 6-1: Maintain Sensors and Verify System Configuration
47
SNAF - Course Outline

Overview
Securing Networks with ASA Fundamentals (SNAF) v1.0 is a five-day, instructor-led, labintensive course, which will be delivered by Cisco Learning Partners. This task-oriented course teaches the knowledge and skills needed to configure, maintain, and operate Cisco ASA 5500 Series Adaptive Security Appliances.
Course Objectives

Explain the functions of the three types of firewalls used to secure computer networks Describe the technology and features of Cisco security appliances Given diagrams of networks protected by Cisco ASA and PIX security appliances, explain how each appliance protects network devices from attacks and why each is an appropriate choice for the example network

This section provides an overview of how the course is organized. The course contains these components:

48
Introducing Cisco Security Appliance Technology and Features Introducing the Cisco ASA and PIX Security Appliance Families Getting Started with Cisco Security Appliances Configuring a Security Appliance Configuring Translations and Connection Limits Using ACLs and Content Filtering Configuring Object Grouping Switching and Routing on Cisco Security Appliances Configuring AAA for Cut-Through Proxy Configuring the Cisco Modular Policy Framework Configuring Advanced Protocol Handling Configuring Threat Detection Configuring Site-to-Site VPNs Using Pre-Shared Keys Configuring Security Appliance Remote-Access VPNs Configuring the Cisco ASA for SSL VPN Configuring Transparent Firewall Mode Configuring Security Contexts
Configuring Failover Managing the Security Appliance Lab Guide

This in-depth outline of the course structure lists each lesson and topic. Lesson 1: Introducing Cisco Security Appliance Technology and Features This lesson introduces the general functionality provided by firewalls and security appliances. Upon completing this lesson, the learner will be able to meet these objectives:

Explain the functions of the three types of firewalls that are used to secure modern computer networks Discuss the technology and features of Cisco security appliances

Firewalls Security Appliance Essentials
There is no lab for this lesson. Lesson 2: Introducing the Cisco ASA and PIX Security Appliance Families This lesson introduces Cisco ASA 5500 Series Adaptive Security Appliances and Cisco PIX 500 Series Security Appliances. Upon completing this lesson, the learner will be able to meet these objectives:

Identify the Cisco ASA and PIX security appliance models Explain the Cisco ASA security appliance licensing options

Models and Features of Cisco Security Appliances Cisco ASA Security Appliance Licensing
There is no lab for this lesson. Lesson 3: Getting Started with Cisco Security Appliances This lesson describes how to configure the security appliance for basic network connectivity. Upon completing this lesson, the learner will be able to meet these objectives:

Explain the four access modes Describe the security appliance file management system Discuss security appliance security levels Describe Cisco ASDM requirements and capabilities Use the CLI to configure and verify basic network settings, and prepare the security appliance for configuration via Cisco ASDM
Verify security appliance configuration and licensing via Cisco ASDM

User Interface File Management Security Appliance Security Levels Cisco ASDM Essentials and Operating Requirements Preparing to Use Cisco ASDM Navigating Cisco ASDM Windows
Lab 3-1: Prepare to Use Cisco ASDM to Configure the Security Appliance
Lesson 4: Configuring a Security Appliance This lesson describes how to configure a security appliance for basic network connectivity. Upon completing this lesson, the learner will be able to meet these objectives:

Configure a security appliance for basic network connectivity Verify the initial configuration Set the clock and synchronize the time on a security appliance Configure a security appliance to send syslog messages to a syslog server

Basic Security Appliance Configuration Examining Security Appliance Status Time Setting and NTP Support Syslog Configuration
Lab 4-1: Configure the Security Appliance with Cisco ASDM
Lesson 5: Configuring Translations and Connection Limits This lesson describes how to perform Network Address Translation (NAT) on a security appliance. Upon completing this lesson, the learner will be able to meet these objectives:

Describe how the TCP and UDP protocols function within the security appliance Describe how static and dynamic translations function Configure dynamic address translation Configure static address translation Set connection limits
50

Transport Protocols Understanding NAT Understanding PAT Static Translations TCP SYN Cookies and Connection Limits Connections and Translations
Lab 5-1: Configure Translations
Lesson 6: Using ACLs and Content Filtering This lesson describes how to configure security appliance access control. Upon completing this lesson, the learner will be able to meet these objectives:

Configure and explain the basic function of ACLs Configure and explain additional functions of ACLs Configure active code filtering (Microsoft ActiveX and Java applets) Configure the security appliance for URL filtering Use the Packet Tracer for troubleshooting

ACL Configuration Malicious Active Code Filtering URL Filtering Packet Tracer
Lab 6-1: Configure ACLs
Lesson 7: Configuring Object Grouping This lesson describes how to configure the object grouping feature of Cisco security appliances. Upon completing this lesson, the learner will be able to meet these objectives:

Describe the object grouping feature of the security appliance and its advantages Configure object groups and use them in ACLs

Essentials of Object Grouping Configuring and Using Object Groups
51
Lab 7-1: Configure Object Groups
Lesson 8: Switching and Routing on Cisco Security Appliances This lesson describes how to configure the switching and routing functionality that a security appliance provides. Upon completing this lesson, the learner will be able to meet these objectives:

Configure logical interfaces and VLANs Configure static routes and static route tracking Describe the dynamic routing capabilities of Cisco security appliances and configure passive RIP routing

VLAN Capabilities Static Routing Dynamic Routing
There is no lab for this lesson. Lesson 9: Configuring AAA for Cut-Through Proxy This lesson describes how to define, configure, and monitor AAA in Cisco security appliances. Upon completing this lesson, the learner will be able to meet these objectives:

Define AAA functions Configure the local user database Install and configure Cisco Secure ACS Define and configure cut-through proxy authentication Define and configure user authorization using downloadable ACLs Define and configure the accounting component

Introduction to AAA Configuring the Local User Database Installation of Cisco Secure ACS for Windows 2000 Cut-Through Proxy Authentication Configuration Authentication Prompts and Timeouts Authorization Configuration Accounting Configuration
Lab 9-1: Configure AAA on the Security Appliance Using Cisco Secure ACS for Windows
52
Lesson 10: Configuring the Cisco Modular Policy Framework This lesson describes how to describe and configure a security appliance modular policy. Upon completing this lesson, the learner will be able to meet these objectives:

Explain the Cisco Modular Policy Framework feature for security appliances Describe the functionality of class maps Describe the functionality of policy maps Describe the functionality of service policies Use Cisco ASDM to configure a service policy rule

Modular Policy Framework Overview Class Map Overview Policy Map Overview Configuring Modular Policies with Cisco ASDM Configuring a Policy for Management Traffic Displaying Modular Policy Framework Components
There is no lab for this lesson. Lesson 11: Configuring Advanced Protocol Handling This lesson describes how to configure security appliance advanced protocol handling. Upon completing this lesson, the learner will be able to meet these objectives:

Describe the need for advanced protocol handling Describe how the security appliance implements inspection of common network applications Describe the issues with multimedia applications and how the security appliance supports multimedia call control and audio sessions

Advanced Protocol Handling Protocol Application Inspection Multimedia Support
Lab 11-1: Configure Advanced Protocol Inspection on the Security Appliance
53
Lesson 12: Configuring Threat Detection This lesson describes how to use the threat detection capabilities of the security appliance to better defend the network. Upon completing this lesson, the learner will be able to meet these objectives:

Describe threat detection and threat statistics Configure basic threat detection Configure scanning threat detection Configure and view threat detection statistics

Threat Detection Overview Basic Threat Detection Scanning Threat Detection Configuring and Viewing Threat Detection Statistics
Lab 12-1: Configure Threat Detection on the Security Appliance
Lesson 13: Configuring Site-to-Site VPNs Using Pre-Shared Keys This lesson describes how to configure Cisco security appliances for VPN connectivity. Upon completing this lesson, the learner will be able to meet these objectives:

Describe how security appliances enable a secure VPN Perform the tasks necessary to configure security appliance IPsec support Identify the commands to configure security appliance IPsec support Configure a VPN between security appliances

Secure VPNs How IPsec Works Preparing to Configure an IPsec VPN Configuring a Site-to-Site VPN Using Pre-Shared Keys Modifying the Site-to-Site VPN Configuration Test and Verify VPN Configuration
Lab 13-1: Configure Security Appliance Site-to-Site VPN
54
Lesson 14: Configuring Security Appliance Remote-Access VPNs This lesson describes how to configure security appliances for secure remote access. Upon completing this lesson, the learner will be able to meet these objectives:

Describe Cisco Easy VPN Describe the Cisco VPN Client Configure an IPsec Remote-Access VPN Configure users and groups

Introduction to Cisco Easy VPN Overview of Cisco VPN Client Configuring Remote-Access VPNs Configuring Users and Groups
Lab 14-1: Configure a Secure VPN Using IPsec Between a Security Appliance and a Cisco VPN Client
Lesson 15: Configuring the Cisco ASA Security Appliance for SSL VPN This lesson describes how to configure Cisco ASA security appliances to support the SSL VPN feature set. Upon completing this lesson, the learner will be able to meet these objectives:

Describe SSL VPN and its purpose Use the SSL VPN Wizard to configure a basic Clientless SSL VPN connection Verify SSL VPN operations

SSL VPN Overview Using the SSL VPN Wizard to Configure Clientless SSL VPN Verifying Clientless SSL VPN Operations
Lab 15-1: Configure the Security Appliance to Provide Secure Clientless SSL VPN Connectivity
Lesson 16: Configuring Transparent Firewall Mode This lesson describes how to configure Cisco security appliances to run in transparent firewall mode. Upon completing this lesson, the learner will be able to meet these objectives:

Explain the purpose of transparent firewall mode Explain how data traverses a security appliance in transparent mode
55
Enable transparent firewall mode Monitor and maintain transparent firewall mode

Transparent Firewall Mode Overview Traversing a Security Appliance in Transparent Mode Configuring Transparent Firewall Mode Monitoring and Maintaining Transparent Firewall Mode
Lab 16-1: Configure Security Appliance Transparent Firewall
Lesson 17: Configuring Security Contexts This lesson describes how to configure the security appliance to support multiple contexts. Upon completing this lesson, the learner will be able to meet these objectives:

Explain the purpose of security contexts Enable and disable multiple context mode Configure a security context Allocate resources to security contexts Manage a security context

Security Context Overview Enabling Multiple Context Mode Configuring Security Contexts Managing Security Contexts
There is no lab for this lesson. Lesson 18: Configuring Failover This lesson describes how to implement and configure failover in a network. Upon completing this lesson, the learner will be able to meet these objectives:

Describe the difference between hardware and stateful failover Describe the difference between active/standby and active/active failover Define the security appliance failover hardware requirements Describe how active/standby failover works Explain the security appliance roles of primary, secondary, active, and standby Describe how active/active failover works Configure active/standby LAN-based failover
56
Configure active/active failover Enable the stateful failover option for maximum availability Describe and use remote command execution

Understanding Failover Configuring Redundant Interfaces Active/Standby LAN-Based Failover Configuration Active/Active Failover Configuration Remote Command Execution

Lab 18-1: Configure LAN-Based Active/Standby Failover Lab 18-2: Configure LAN-Based Active/Active Failover
Lesson 19: Managing the Security Appliance This lesson describes how to secure and upgrade system access to the security appliance and recover from problems. Upon completing this lesson, the learner will be able to meet these objectives:

Configure Telnet access to the security appliance Configure SSH access to the security appliance Configure command authorization Recover security appliance passwords using general password recovery procedures Use TFTP to install and upgrade the software image on the security appliance

Managing System Access Configuring Command Authorization Managing Configurations Managing Images and Activation Keys
Lab 19-1: Manage the Security Appliance
57
SNAA - Course Outline

Overview
Securing Networks with Cisco ASA Advanced (SNAA) v1.0 is a five-day, instructor-led, labintensive course, which will be delivered by Cisco Learning Partners. This task-oriented course teaches the knowledge and skills needed for advanced configuration, maintenance, and operation of the Cisco ASA 5500 Series Adaptive Security Appliances.
Course Objectives

58
Configure policy NAT based on traffic type Describe the Layer 7 Modular Policy Framework for the security appliance and how it is configured Describe the Layer 7 advanced protocol handling capabilities of Modular Policy Framework and how it is configured Identify the steps needed to configure the security appliance to segment traffic with VLANs Identify the steps need to configure the security appliance for dynamic routing Explain the components and functionality of IPsec, and explain what digital certificates are and how they are used Identify the steps needed to configure the security appliance to establish LAN-to-LAN tunnels with the digital certificate Identify the necessary steps to configure the IPsec VPN client using digital certificates Identify the necessary steps to configure the security appliance for remote access using digital certificates Explain the advanced remote access features of the security appliance Determine the necessary configuration for the ASA 5505 Adaptive Security Appliance to be a VPN hardware client Identify the steps to configure QoS for VPN traffic List the steps needed to configure the WebVPN functionality of the security appliance Identify the basic Clientless SSL VPN features of the security appliance Configure full network access SSL VPNs using the Cisco AnyConnect VPN Client List the features and functionality of the Cisco Secure Desktop Configure Cisco Secure Desktop and DAP for SSL VPN connections on the security appliance Identify and list the characteristics of the service modules for the security appliance Identify the steps needed to configure, inspect, and filter traffic with the Cisco CSC-SSM
Identify the steps needed to configure the security appliance to identify, alert, and defend against attacks

This section provides an overview of how the course is organized. The course contains these components:

Advanced NAT Advanced Protocol Handling Dynamic Routing and Switching IPsec VPNs SSL VPNs Security Services Modules Appendix: Handling Multimedia Protocols Appendix: Using Cisco ASA Multicast Lab Guide

This in-depth outline of the course structure lists each lesson and topic.
Module 1: Advanced NAT

Explain how the Cisco ASA security appliance performs NAT, the order of NAT matching, and policy-based NAT with the use of ACLs. Lesson 1: Applying NAT 0 and Policy NAT This lesson defines how to describe how to configure NAT based on traffic type and the appropriate policy. Upon completing this lesson, the learner will be able to meet these objectives:

Describe how to configure ACLs for the security appliance Describe the function of NAT and how to implement basic NAT Describe NAT 0 function and the steps necessary to implement NAT 0 Describe policy NAT and the steps necessary to implement policy NAT Explain how to verify and troubleshoot NAT configuration and operation

ACLs NAT Translation Behavior NAT Exemption Policy NAT Verify and Troubleshoot
Lab 1-1: Implementing Advanced NAT
Module 2: Advanced Protocol Handling

Describe Cisco Modular Policy Framework for the security appliance and how it is configured as it applies to Layer 7 application inspection. Lesson 1: Applying the Cisco Modular Policy Framework This lesson explains how to describe and configure a Layer 7 modular policy. Upon completing this lesson, the learner will be able to meet these objectives:

Describe the Cisco Modular Policy Framework capabilities of the security appliance Configure a modular policy on the security appliance using Cisco ASDM Create a Layer 7 class map Create a regular expression class map Create a Layer 7 policy map Describe the commands used to verify a Cisco Modular Policy Framework configuration

Cisco Modular Policy Framework Overview Configuring the Cisco Modular Policy Framework Configuring a Layer 7 Class Map Configuring a Regular Expression Class Map Configuring a Layer 7 Policy Map Verifying the Cisco Modular Policy Framework Configuration
The lesson includes no activities.
Lesson 2: Handling Advanced Protocols This lesson explains how to configure and troubleshoot inspection of several common network protocols. Upon completing this lesson, the learner will be able to meet these objectives:

60
Describe the protocol inspection capabilities of the Cisco ASA security appliance Explain how to configure FTP inspection Explain how to configure HTTP inspection Explain how to configure IM inspection Explain how to configure ESMTP inspection Explain how to configure DNS inspection Explain how to configure ICMP inspection Use show commands to verify that protocol inspection is configured Use debug commands to verify that protocol inspection is working properly

Protocol Inspection Overview FTP Inspection HTTP Inspection IM Inspection ESMTP Inspection DNS Inspection ICMP Inspection Protocol Inspection Verification
Lab 2-1: Configuring Advanced Protocol Inspection
Module 3: Dynamic Routing and Switching

Explain the dynamic routing and switching functionalities of the Cisco ASA security appliance. Lesson 1: Switching with VLANs This lesson defines how to describe and configure the switching functionality that the security appliance provides. Upon completing this lesson, the learner will be able to meet these objectives:

Describe the VLAN capabilities of the security appliance Explain the steps necessary to configure VLANs on the security appliance Explain the steps necessary to configure interfaces on the Cisco ASA 5505 Adaptive Security Appliance Use show commands to verify VLAN operations

Cisco ASA VLAN Operations VLAN Configuration VLAN Configuration on the Cisco ASA 5505 VLAN Verification
The lesson includes no activities. Lesson 2: Routing with Dynamic Protocols This lesson explains how to identify the steps needed to configure the security appliance for dynamic routing. Upon completing this lesson, the learner will be able to meet these objectives:

Describe the differences between the dynamic and static routing capabilities of the security appliance Configure the security appliance for active RIP routing Configure the security appliance for OSPF routing
Configure the security appliance for EIGRP routing Configure the security appliance for route redistribution Use show and debug commands to verify routing configuration and that the routing configuration is working properly

Dynamic and Static Routing RIP OSPF EIGRP Redistribution Verification and Troubleshooting
Lab 3-1: Dynamic Routing with EIGRP and OSPF
Module 4: IPsec VPNs Explain the IP Security (IPsec) virtual private network (VPN) features and capabilities of the security appliance. Lesson 1: Understanding IPsec and Digital Certificates This lesson defines how to explain the components and the functionality of IPsec and explains what digital certificates are and how they are used. Upon completing this lesson, the learner will be able to meet these objectives:

Describe IPsec and the components that define IPsec Describe how IPsec works Describe how digital certificates and Public-Key cryptography work Describe the scalability that is achieved by using certificates Describe the purpose of CRLs and the protocols used for CRLs Describe key pairs and trustpoints

62
What is IPsec? IPsec Operation Digital Certificates and Public-Key Cryptography Certificates and Scalability Certificate Enrollment Process Validating the Certificate Certificate Revocation Lists Security Appliance Certificate Enrollment Support
Key Pairs and Trustpoints
The lesson includes no activities. Lesson 2: Implementing Site-to-Site VPNs with Digital Certificates This lesson defines how to configure the security appliance to establish site-to-site tunnels using digital certificates. Upon completing this lesson, the learner will be able to meet these objectives:

Describe the components of site-to-site VPNs Explain the steps necessary to configure the Cisco ASA security appliance to use digital certificates Define interesting traffic with ACLs List the steps needed to configure an ISAKMP policy for site-to-site VPNs List the steps necessary to define IPsec transform set Explain the steps needed to configure a site-to-site VPN using digital certificates Configure a crypto map for site-to-site VPNs Configure the Cisco ASA security appliance for hub-and-spoke site-to-site connections Configure site-to-site redundancy Use show commands to verify the configuration of site-to-site VPNs Use debug commands to verify that the configuration of site-to-site VPNs is working properly

Site-to-Site VPNs Configuring CA Certificates Site-to-Site IPsec Connection Profiles Modifying Certificate to Connection Mapping Hub and Spoke Site-to-Site Redundancy Verifying Site-to-Site VPNs Troubleshooting Site-to-Site VPNs
Lab 4-1: Site-to-Site with Digital Certificates
Lesson 3: Configuring the Cisco VPN Client This lesson defines how to configure the Cisco VPN Client by using digital certificates for authentication. Upon completing this lesson, the learner will be able to meet these objectives:

Describe the key features and benefits of the Cisco VPN Client Describe the steps necessary to install the Cisco VPN Client
Describe the steps needed to configure and install digital certificates on the Cisco VPN Client List the connection entry configuration options available on the Cisco VPN Client List the advanced configuration options available on the Cisco VPN Client Describe the setting and options that would verify and troubleshoot the Cisco VPN Client configuration

Cisco VPN Client Cisco VPN Client Installation Digital Certificates with Cisco VPN Client Connection Entry Advanced Options Verify and Troubleshoot Client Configuration
The lesson includes no activities. Lesson 4: Implementing Remote-Access VPNs with Digital Certificates This lesson defines how to configure the security appliance for remote access using digital certificates. Upon completing this lesson, the learner will be able to meet these objectives:

Describe the components of remote-access VPNs Describe the general tasks for configuring a Cisco ASA security appliance to support Cisco Easy VPN Remote client access Configure the Cisco ASA security appliance to use digital certificates manually Define an address pool for remote-access VPN connections Explain the user policy inheritance that is determined by the Cisco ASA security appliance Configure an IPsec connection profile to support digital certificates Configure a certificate to connection policy to map the identity certificate to the proper connection profile Use Cisco ASDM graphs and show commands to verify the operation of remote-access VPNs Use logging and debug commands to troubleshoot remote-access VPNs

Remote-Access VPNs Configuring a Cisco ASA for Remote Access Installing Cisco ASA Certificates Defining a Remote-Access Address Pool User Policy Attribute Inheritance Configuring an IPsec Connection Profile
64
Configuring the Certificate to Connection Profile Policy Verifying Remote-Access VPNs Troubleshooting Remote-Access VPNs
Lab 4-2: Remote Access with Digital Certificates
Lesson 5: Configuring Advanced Remote-Access Features and Policy This lesson defines how to explain these remote-access features and configure the Cisco ASA security appliance to use them. Upon completing this lesson, the learner will be able to meet these objectives:

Use Cisco ASDM to configure advanced policy features of load balancing Use Cisco ASDM to configure reverse route injection for VPN connections Use Cisco ASDM to configure a backup server for the VPN connections Use Cisco ASDM to configure intra-interface VPN traffic forwarding on the Cisco ASA security appliance Use Cisco ASDM to configure NAT transparency for VPN connection behind a NAT device Use Cisco ASDM to configure IPsec over TCP for VPN connection behind a NAT device Use Cisco ASDM to configure certificate group mapping for IPsec connections using certificates Use Cisco ASDM to configure client updates for VPN software and hardware clients Use Cisco ASDM to configure the tunnel policy for personal firewalls and split tunneling

Load Balancing Reverse Route Injection Backup Servers Intra-Interface VPN Traffic NAT Transparency Client Update Split Tunneling Personal Firewalls
65
Lesson 6: Configuring the ASA 5505 as a Cisco Easy VPN Hardware Client This lesson defines how to configure security appliances for secure remote access. Upon completing this lesson, the learner will be able to meet these objectives:

Describe Cisco Easy VPN and its two components Describe how group policy is determined on the VPN hardware client Configure the ASA 5505 Adaptive Security Appliance as a Cisco Easy VPN Remote

Introduction to Cisco Easy VPN Cisco Easy VPN Server Policy Cisco Easy VPN Hardware Client
Lab 4-3: Cisco ASA 5505 Easy VPN Hardware Client
Lesson 7: Configuring QoS for IPsec VPNs This lesson defines how to identify the steps to configure QoS for VPN tunnel traffic. Upon completing this lesson, the learner will be able to meet these objectives:

Describe the QoS features of the Cisco ASA 5500 Series Adaptive Security Appliance Configure QoS on the Cisco ASA 5500 Series Adaptive Security Appliance for VPN tunnel traffic Verify the QoS for VPN tunnel traffic configuration of the Cisco ASA 5500 Series Adaptive Security Appliance

QoS Overview Cisco ASA QoS Configuring QoS for VPNs Verifying QoS
66
Module 5: SSL VPNs

Explain the Secure Sockets Layer (SSL) VPN features and capabilities of the security appliance. Lesson 1: Understanding SSL VPN Technology This lesson defines how to describe SSL, its use in SSL VPNs, and how it can be deployed in an enterprise network. Upon completing this lesson, the learner will be able to meet these objectives:

Describe the characteristics of SSL Describe SSL VPN components Describe Cisco Secure Desktop

SSL Overview Clientless SSL VPN Cisco Secure Desktop
The lesson includes no activities. Lesson 2: Configuring Clientless SSL VPNs This lesson defines how to describe and configure a Cisco ASA security appliance for Clientless SSL VPN connections from remote users. Upon completing this lesson, the learner will be able to meet these objectives:

Configure Clientless SSL VPN Configure Clientless SSL VPNs to use port forwarding Configure additional features for Clientless SSL VPNs Configure smart tunnels for non-plug-in supported applications Use debug and show commands to verify Clientless SSL VPN configuration

Configuring Clientless SSL VPN Verifying Clientless SSL VPN Operation Configuring Port-Forwarding SSL VPN Verifying Port-Forwarding SSL VPN Configuring Additional SSL VPN Features Troubleshooting Clientless and Port-Forwarding SSL VPNs
Lab 5-1: Clientless SSL VPNs
67
Lesson 3: Configuring Full Network Access SSL VPNs This lesson defines how to describe and configure the Cisco ASA security appliance for Full Network Access SSL VPN using the Cisco AnyConnect VPN Client. Upon completing this lesson, the learner will be able to meet these objectives:

Describe the features of the Cisco AnyConnect VPN Client Describe the different installation methods available for the Cisco AnyConnect VPN Client Configure DTLS for the Cisco AnyConnect VPN Client Configure the advanced features of the Cisco AnyConnect VPN Client Configure Certificate-Based Authentication for the Cisco AnyConnect VPN Client Verify Cisco AnyConnect VPN Client operation Troubleshoot Cisco AnyConnect VPN Client operation
The lesson includes these topics: Cisco Full Network Access SSL VPN Overview Configuring Cisco AnyConnect SSL VPN

Verifying Cisco AnyConnect VPN Operation Configuring Advanced Features for the Cisco AnyConnect VPN Client Configuring Certificate-Based Authentication for the Cisco AnyConnect SSL VPN Troubleshooting Cisco AnyConnect VPN Client Operation
Lab 5-2: SSL VPNs with the Cisco AnyConnect Client
Lesson 4: Cisco Secure Desktop This lesson defines how to describe the features available for Cisco Secure Desktop, how Cisco Secure Desktop interacts with other Cisco clients, and what steps are required to install the Cisco Secure Desktop image. Upon completing this lesson, the learner will be able to meet these objectives:

Describe the functionality of Cisco Secure Desktop Describe the interoperability of the Cisco AnyConnect VPN Client Install or upgrade the Cisco Secure Desktop image List the steps necessary to install Cisco Secure Desktop

Cisco Secure Desktop Overview Cisco Secure Desktop Interoperability Preparing the Cisco ASA for Cisco Secure Desktop
68
Lesson 5: Securing the Desktop with Cisco Secure Desktop and DAP This lesson defines how to configure Cisco Secure Desktop and configure Dynamic Access Policies (DAP) for SSL VPN client and clientless connections. Upon completing this lesson, the learner will be able to meet these objectives:

Describe the Cisco Secure Desktop Workflow for SSL VPN client and clientless connections Configure Cisco Secure Desktop for SSL VPN client and clientless connections Configure Advanced Endpoint Assessment for SSL VPN client and clientless connections Configure DAP for SSL VPN client and clientless connections

Cisco Secure Desktop Workflow Prelogin Assessment Secure Session Cache Cleaner Host Emulation and Keystroke Logger Detection Host Scan Dynamic Access Policy DAP Testing
Lab 5-3: Cisco Secure Desktop and Dynamic Access Policy
Module 6: Security Services Modules

Explain the features and capabilities of the security services modules of the security appliance. Lesson 1: Examining the Cisco SSMs This lesson defines how to identify and list the characteristics of the services modules for the Cisco ASA security appliance. Upon completing this lesson, the learner will be able to meet these objectives:

Identify the hardware characteristics of the Cisco SSM Explain the business needs for deploying a Cisco SSM List the security functions of the different types of application SSMs

Business Challenges Cisco SSMs CSC-SSM AIP-SSM AIP-SSM or CSC-SSM
69
The lesson includes no activities. Lesson 2: CSC-SSM: Getting Started This lesson defines how to describe how to configure the Cisco Content Security and Control Security Services Module (CSC-SSM). Upon completing this lesson, the learner will be able to meet these objectives:

Describe the how to initialize the CSC-SSM Load the CSC-SSM with the new operating system from the CLI Initialize and activate the CSC-SSM from the CLI Configure the CSC-SSM to scan, using the CSC Setup Wizard from Cisco ASDM

CSC-SSM Overview CSC-SSM Software Loading Initial CLI Cisco CSC Configuration Initially Configuring the CSC-SSM with the Cisco ASDM CSC Setup Wizard
The lesson includes no activities. Lesson 3: AIP-SSM: Getting Started This lesson defines how to initialize a Cisco Adaptive Security Appliance Advanced Inspection and Prevent Security Services Module (AIP-SSM). Upon completing this lesson, the learner will be able to meet these objectives:

Explain how the Cisco SSM modules operate within the Cisco ASA security appliance Upload the Cisco IPS image to the AIP-SSM Perform the initial configuration of the AIP-SSM Configure a Cisco IPS security policy using Cisco ASDM

AIP-SSM Overview AIP-SSM Software Loading Initial Cisco IPS ASDM Configuration Configure a Cisco IPS Security Policy
Lab 6-1: Initializing AIP-SSM
70
MARS - Course Management
Overview
Welcome to Implementing Cisco Security Monitoring, Analysis, and Response System (MARS) v3.0. Cisco Security MARS extends the portfolio of security management products for the Cisco Self-Defending Network initiative. Cisco Security MARS offers a family of highperformance, scalable appliances for threat management, monitoring, and mitigation, enabling customers to make more effective use of network and security devices. Cisco Security MARS combines network intelligence, context correlation, vector analysis, anomaly detection, hotspot identification, and automated mitigation capabilities. The result is a system that helps customers to readily and accurately identify, manage, and eliminate network attacks and maintain network security compliance. The purpose of this Course Administration Guide is to provide Cisco Learning Partners with information so that they can better administer the course content and labs.
CourseObjectives

Describe a Cisco Security MARS solution and its role in Cisco Threat-Defense System management Describe the software components of Cisco Security MARS architectural design Configure the network reporting devices to work with the Cisco Security MARS appliance Describe the key concepts involved in using network reporting and mitigation devices with the Cisco Security MARS appliance Use the Summary page to view the security status of your network Describe and configure a rule that detects interesting patterns of network activity and other anomalous network behavior
Describe the process of generating queries and reports in a Cisco Security MARS appliance Describe the process of incident investigation on a Cisco Security MARS appliance Configure user-defined log parser templates on the Cisco Security MARS appliance Integrate Cisco Security Manager and Cisco Security MARS Perform system maintenance tasks on the Cisco Security MARS appliance Identify common issues about Cisco Security MARS Describe the features and functions of the Cisco Security MARS Global Controller Summarize the key functionalities of Cisco Security MARS technologies at work
72

This in-depth outline of the course structure lists each lesson and topic.
Course Introduction
The Course Introduction provides learners with the course objectives and prerequisite learner skills and knowledge. The Course Introduction presents the course flow diagram and the icons that are used in the course illustrations and figures. This course component also describes the curriculum for this course, providing learners with the information that they need to make decisions regarding their specific learning path.
Overview: Cisco Security Monitoring, Analysis and Response System (Cisco Security MARS) v3.0 is an update to Cisco Security Monitoring, Analysis and Response System (Cisco Security MARS) v2.0, an existing four-day instructor-led course on using Cisco Security MARS Software Versions 4.3.1 and 5.3.1. The lab setup and activities are based on the newer version of the virtual software VM-MARS 4.3.4 and VM-CSM 3.2. Upon completion of this course, the learner will have the skills and knowledge to implement the Cisco Security MARS solution into a network. Learners will learn Cisco Security MARS tasks such as quick install; adding security and network devices; creating rules, reports and queries; incident investigation; and performing system maintenance. Learners will install, configure, and administer Cisco Security MARS to protect a network. Learner Skills and Knowledge: Here are the required learner skills and knowledge: Cisco CCSP certified or equivalent knowledge Passage of the Securing Cisco IOS Networks (SECUR) exam (642-501), the Securing Networks with Cisco Routers and Switches (SNRS) exam (642-502), or both At least six months of practical experience configuring Cisco routers and security products Familiarity with implementing network security policies and these networking components and concepts:
Perimeter security system components: perimeter router, firewall, intrusion prevention system (IPS), virtual private network (VPN), and demilitarized zone (DMZ) host Servers: Cisco Security Manager; syslog; authentication, authorization, and accounting (AAA); Cisco Secure Access Control Server (Cisco Secure ACS); and FTP Protocols: syslog, Simple Network Management Protocol (SNMP), Secure Shell (SSH), FTP, and Telnet
73
Lesson 1: Introducing Cisco Security Monitoring, Analysis, and Response System

Lesson objective: Describe a Cisco Security MARS solution and its role in Cisco ThreatDefense System management. This ability includes being able to meet these objectives:

Describe effective security monitoring and management concepts Describe Cisco Self-Defending Network Describe a Cisco Security MARS solution Provide an overview of Cisco Security MARS terminology Describe Cisco Security MARS technologies

Effective Security Monitoring and Management Cisco Self-Defending Network and the Role of Cisco Security MARS Cisco Security MARS Cisco Security MARS Terminology Cisco Security MARS Technologies Cisco Security MARS User Interface Cisco Security MARS Product Portfolio
Lesson 2: Understanding the System Architecture

Lesson objective: Describe the software components of Cisco Security MARS architectural design. This ability includes being able to meet these objectives:

Provide an overview of Cisco Security MARS software components. Describe STM process flow and the corresponding architectural components of Cisco Security MARS in detail.

Cisco Security MARS Software Components Cisco Security MARS Process Flow Details
74
Lesson 3: Configuring a Cisco Security MARS Appliance

Lesson objective: Configure the network reporting devices to work with the Cisco Security MARS appliance. This ability includes being able to meet these objectives:

Provide an overview of the initial Cisco Security MARS configuration Provide brief overviews of each of the six tasks involved in configuring the appliance Describe guidelines for deploying a Cisco Security MARS appliance

Initial Cisco Configuration Overview Scenario: Configuration Tasks Deployment Planning Guidelines

Pre-Lab Activity: Accessing the Remote Lab Lab 3: Accessing the Cisco Security MARS Appliance
Lesson 4: Adding Reporting and Mitigation Devices

Lesson objective: Describe the key concepts involved in using network reporting and mitigation devices with the Cisco Security MARS appliance. This ability includes being able to meet these objectives:

Provide an overview of the reporting and mitigation devices that can be used with the Cisco Security MARS appliance Describe different methods of providing Cisco Security MARS with the data that is required to study the activities on the network Provide an overview of integrating Cisco Security MARS with third-party applications

Overview of Reporting and Mitigation Devices Scenario: Adding a Cisco Reporting Device and Enabling NetFlow Data-Enabling Features of Cisco Security MARS Integrating Cisco Security MARS with Third-Party Applications

Lab 4-1: Adding Reporting Devices and Enabling NetFlow Lab 4-2: Configuring the Syslog Forwarding Feature
75
Lesson 5: Viewing the Summary Page

Lesson objective: Use the Summary page to view the security status of your network. This ability includes being able to meet these objectives:

Describe the Summary page on a the Cisco Security MARS appliance Describe the Dashboard tab on the Cisco Security MARS Summary page Describe the Network Status tab of the Cisco Security MARS Summary page Describe the My Reports tab of the Cisco Security MARS Summary page

Summary Page Overview Dashboard Network Status My Reports Scenario: Getting Information from the Summary Page
Lab 5: Generating Summary Reports
Lesson 6: Managing Rules

Lesson objective: Describe and configure a rule (or rules) that detects interesting patterns of network activity and other anomalous network behavior. This ability includes being able to meet these objectives:

Provide an overview of rules in Cisco Security MARS Describe and configure system and user inspection rules Describe and configure drop rules Provide an overview of rule and report groups

Rules Overview Working with System and User Inspection Rules Working with Drop Rules Rule Groups Overview

Lab 6-1: Configuring Cisco Security MARS Event Types Lab 6-2: Configuring an Inspection Rule
76
Lesson 7: Understanding Queries and Reports

Lesson objective: describe the process of generating queries and reports in a Cisco Security MARS appliance. This ability includes being able to meet these objectives:

Provide an overview of the Query page and demonstrate how to generate a query Provide an overview of the Reports page and demonstrate how to create scheduled report

Query Page Scenario: Configuring a Query Reports Page Scenario: Configuring a System Report
Lab 7: Performing a Query and Creating a Custom Report
Lesson 8: Investigating and Mitigating Incidents

Lesson objective: Describe the process of incident investigation on a Cisco Security MARS appliance. This ability includes being able to meet these objectives:

Provide an overview of incidents Describe the Incidents submenu and incident investigation process Describe the role of Cisco Security MARS in a network Describe false positive terminology and the key elements of the False Positives page Describe the Case Management feature of Cisco Security MARS Describe how to configure a case to track an incident Describe the prerequisites and the process of sending notifications Discuss the case study on preventing the W32 Blaster worm

Incidents Overview Incidents Scenario: Role of Cisco Security MARS in Your Network False Positives Case Management Scenario: Configuring a Case to Track an Incident Configuring Notifications Case Study: Preventing the W32 Blaster Worm
Lab 8: Performing Incident Investigation and Mitigation
77
Lesson 9: Working with User-Defined Log Parser Templates

Lesson objective: Describe and configure user-defined log parser templates on the Cisco Security MARS appliance. This ability includes being able to meet these objectives:

Describe user-defined log parser templates Describe how to configure a custom parser

Overview of User-Defined Log Parser Templates Scenario: Configuring a Customer Parser
Lab 9: Configuring the Custom Parser
Lesson 10: Integrating with Cisco Security Manager

Lesson objective: Integrate Cisco Security Manager and Cisco Security MARS. This ability includes being able to meet these objectives:

Describe Cisco Security Manager and Cisco Security MARS integration Demonstrate how to add a Cisco Security Manager server to a Cisco Security MARS appliance and then invoke Cisco Security Manager Policy Table Lookup from Cisco Security MARS

Overview of Cisco Security Manager Policy Table Lookup Scenario: Invoking Cisco Security Manager Policy Table Lookup from Cisco Security MARS
Lab 10: Performing Cisco Security Manager Policy Lookup

At this point in the class, it is recommended that the instructor run the IPS-CSM-MARS.zip file to demonstrate the IPS-CSM-MARS integration feature. The demonstration file is included in the instructor CD.
Reference
Lesson 11: Managing and Administering the System

Lesson objective: Perform system maintenance tasks on the Cisco Security MARS appliance. This ability includes being able to meet these objectives:

Describe the event, addressing, service, and user management tasks that can be performed in Cisco Security MARS Provide an overview of the Cisco Security MARS appliance system maintenance tasks Describe how Cisco Security MARS can discover the new signatures on IPS devices Describe the software upgrade process in Cisco Security MARS appliance Describe the caveats and process of migrating data from a 4.3.x to 5.3.x Cisco Security MARS appliance
78

Management Overview Overview of System Maintenance Tasks IPS Signature Dynamic Update Settings Upgrading the Cisco Security MARS Appliance Software Migrating Data from Cisco Security MARS 4.3.x to 5.3.x

Lab 11-1: Reviewing the CLI and Upgrading the Device Version Lab 11-2: Configuring IPS Auto Signature Download Lab 11-3: Configuring AAA RADIUS Authentication and Working with the Account Locking and Session Timeout Menu Lab 11-4: Retrieving Raw Messages
Lesson 12: Troubleshooting and Optimizing Cisco Security MARS

Lesson objective: Identify common issues about the Cisco Security MARS. This ability includes being able to meet these objectives:

Describe common hardware issues with the Cisco Security MARS appliance Describes common configuration issues with the Cisco Security MARS appliance Discuss communications issues between a Global Controller and the Local Controllers it manages Describes the parameters to consider when sizing the Cisco Security MARS deployment Provide general recommendations for tuning Cisco Security MARS appliances Provide general recommendations for securing Cisco Security MARS appliances

Hardware Installation Issues Device Configuration Issues Global Controller-to-Local Controller Communications Sizing Cisco Security MARS Deployment Tuning Cisco Security MARS Securing Cisco Security MARS
79
Lesson 13: Using the Cisco Security MARS Global Controller

Lesson objective: Describe the features and functions of the Cisco Security MARS Global Controller. This ability includes being able to meet these objectives:

Provide an overview of the Cisco Security MARS Global Controller and its functions and architecture Describe the procedure to set up and perform the initial configuration on the Cisco Security MARS Global Controller Describe the user interface and Summary page of the Cisco Security MARS Global Controller Describe incident investigation on the Cisco Security MARS Global Controller Describes the Query and Reports tab options of the Cisco Security MARS Global Controller Describe how to configure rules on the Cisco Security MARS Global Controller that are propagated down to the Cisco Security MARS Local Controller Describe the steps to configure the administration and management features of the Cisco Security MARS Global Controller Describe the system maintenance tasks for the Cisco Security MARS Global Controller

Cisco Security MARS Global Controller Overview Configuring the Cisco Security MARS Global Controller Summary Tab Incidents Tab Queries and Reports Rules Tab Management Tab System Maintenance Tab
Lesson 14: Course Review: Cisco Security MARS at Work

Lesson objective: Summarize the key functionalities of Cisco Security MARS technologies at work. This ability includes being able to meet these objectives:
Describe how the Cisco Security MARS appliance is providing STM functionality, given a scenario
Cisco Security MARS At Work
80
CANAC - Course Outline

Overview
The Cisco Self-Defending Network (SDN) strategy addresses the need for Network Admission Control (NAC). The Cisco NAC Appliance is an easily deployed software NAC solution that can automatically detect, isolate, and clean infected or vulnerable devices that attempt to access your network. The Implementing Cisco NAC Appliance (CANAC) v2.1 course provides learners with the skills and knowledge needed to implement the Cisco NAC Appliance solution as a part of a Cisco SDN security strategy.
Course Objectives

Given client network security requirements, explain how a Cisco NAC Appliance deployment scenario will meet or exceed network security requirements Configure the common elements of a Cisco NAC Appliance solution Configure the Cisco NAC Appliance in-band and out-of-band implementation options Implement a highly available Cisco NAC Appliance solution to mitigate network threats and facilitate network access for those users that meet corporate security requirements Maintain a highly available Cisco NAC Appliance deployment in medium and enterprise network environments


Course Introduction Cisco NAC Endpoint Security Solutions Cisco NAC Appliance Common Elements Configuration Cisco NAC Appliance Implementation Cisco NAC Appliance Implementation Options Cisco NAC Appliance Monitoring and Administration

This in-depth outline of the course structure lists each module, lesson, and topic.
Module 1: Cisco NAC Endpoint Security Solutions

Given a client's network security requirements, explain how a Cisco NAC Appliance deployment scenario will meet or exceed network security requirements. Lesson 1: Introducing Cisco Self-Defending Networks This lesson defines how the Cisco SDN strategy can meet network security requirements. Upon completing this lesson, the learner will be able to meet these objectives:

Describe the key factors that are causing changes to network security Describe the role of each of the three components of the Cisco host-protection strategy Describe the Cisco SDN strategy Describe Cisco NAC products

Changing Landscape of Security Cisco Host-Protection Strategy The Cisco SDN Initiative Cisco NAC Products
Lesson 2: Introducing Cisco NAC Appliance This lesson defines how to describe the Cisco NAC Appliance solution. Upon completing this lesson, the learner will be able to meet these objectives:

Summarize how the Cisco NAC Appliance solution controls and secures networks Describe the components of a Cisco NAC Appliance solution Describe the supported platforms for a Cisco NAC Appliance solution Explain how Cisco NAC Appliance enforces compliance for remote and local users Summarize how to configure a Cisco NAC Appliance solution Navigate through the Cisco NAC Appliance web-based GUI

Cisco NAC Appliance Solution Cisco NAC Appliance Components Cisco NAC Appliance Platforms Cisco NAC Appliance Local and Remote Compliance Scenarios Cisco NAC Appliance Configuration Overview Cisco NAC Appliance User Interface
82
This lesson includes this activity:
Preparing the Cisco NAM to Support Web-Based Administration Console Configuration
Lesson 3: Introducing In-Band and Out-of-Band Deployment Options This lesson defines how to deploy Cisco NAC Appliance to protect against specified threats. Upon completing this lesson, the learner will be able to meet these objectives:

Describe the Cisco NAS deployment options Describe the in-band and out-of-band deployment options Describe the key features of a Cisco NAC Appliance out-of-band deployment Describe the key features of a Cisco NAC Appliance in-band deployment Describe the Cisco NAS operating modes for an in-band and out-of-band deployment

Cisco NAS Deployment Options In-Band and Out-of-band Deployment Options Cisco NAC Appliance Out-of-Band Deployment Cisco NAC Appliance In-Band Deployment Cisco NAS Operating Modes
Module 2: Cisco NAC Appliance Common Elements Configuration

Configure the common elements of a Cisco NAC Appliance solution. Lesson 1: Configuring User Roles This lesson defines how to configure user roles in the Cisco NAC Appliance solution for a customer network scenario using the Cisco NAC Appliance Manager (Cisco NAM). Upon completing this lesson, the learner will be able to meet these objectives:

Describe user roles in Cisco NAC Appliance Describe how to manage user roles Explain traffic control policies for user roles Describe how to configure traffic control policies for a user role Describe how to create a local user account Describe how to configure user session timeouts for user roles Describe how to configure guest access for visitors or temporary users in a Cisco NAC Appliance network

What Is a User Role? Managing User Roles Defining Traffic Policies for User Roles Configuring Traffic Policies for User Roles
Creating Local User Accounts Configuring User Session Timeouts Configuring Guest Access
Configuring User Roles
Lesson 2: Configuring External Authentication This lesson defines how to configure external authentication for users in a network using the Cisco NAM. Upon completing this lesson, the learner will be able to meet these objectives:

Describe how to configure the Cisco NAM to use external authentication providers Describe how to map users to user roles when configuring external authentication Describe how to test user authentication for configured external authentication providers Describe how to configure RADIUS accounting for users in a Cisco NAC Appliance network

Configuring External Authentication Providers Mapping Users to User Roles Testing User Authentication Configuring RADIUS Accounting for Users
Lesson 3: Configuring DHCP on the Cisco NAS This lesson defines how to configure the Cisco NAS for a DHCP-enabled network. Upon completing this lesson, the learner will be able to meet these objectives:

Describe Cisco NAS modes of operation for a DHCP-enabled network Describe how to enable the Cisco NAS DHCP module Describe how to configure the Cisco NAS to provide DHCP services Describe how to manage generated subnets on the Cisco NAS Describe how to configure the Cisco NAS to provide reserved IP addresses Describe how to configure user-specified DHCP options on the Cisco NAS

Cisco NAS DHCP Modes Enabling the DHCP Module Configuring IP Ranges Working with Subnets Reserving IP Addresses Configuring User-Specified DHCP Options
84
Module 3: Cisco NAC Appliance Implementation

Configure the Cisco NAC Appliance in-band and out-of-band implementation options. Lesson 1: Implementing Cisco NAC Appliance In-Band Deployment This lesson defines how to deploy the Cisco NAC Appliance in-band solution for Layer 2 and Layer 3 network environments. Upon completing this lesson, the learner will be able to meet these objectives:

Describe the Cisco NAC Appliance in-band process flow Describe central and edge in-band deployment configurations for Cisco NAC Appliance Describe how to configure the Cisco NAS for in-band deployment Describe how to add the Cisco NAS to the Cisco NAM managed domain for in-band deployment Describe how to use the Cisco NAM to configure the trusted and untrusted interfaces of the Cisco NAS Describe how to add managed subnets on the Cisco NAS Describe how to configure Cisco NAS VLAN settings

In-Band Process Flow In-Band Deployment Configurations Configuring the Cisco NAS for In-Band Deployment Adding the Cisco NAS to the Managed Domain Configuring the Cisco NAS Interfaces Adding Managed Subnets Configuring Cisco NAS VLAN Settings
Adding an In-Band Virtual Gateway Cisco NAS to the Cisco NAM
Lesson 2: Implementing the Microsoft Windows SSO Feature on the Cisco NAC Appliance This lesson defines how to configure the Cisco NAC Appliance Server (Cisco NAS) to support the NAC Appliance Microsoft Windows single sign-on (SSO) with Active Directory feature for client and server machines to meet customer remote access requirements. Upon completing this lesson, the learner will be able to meet these objectives:

Describe how Cisco NAC Appliance uses Windows SSO to ensure increased security Summarize the process used by Microsoft Windows to exchange Kerberos tickets with the Cisco NAS Describe how a Cisco NAS communicates with a Microsoft Windows Active Directory server Describe the steps that are used to configure Active Directory SSO for the Cisco NAM, Cisco NAS, and Microsoft Windows Active Directory Server

Cisco NAC Appliance SSO for Microsoft Windows Kerberos Ticket Exchange Communicating Between Cisco NAS and a Microsoft Windows Active Directory Server Configuring Active Directory SSO for the Cisco NAM, Cisco NAS, and Microsoft Windows Active Directory Server
Configuring the Microsoft Windows Active Directory SSO Feature on the Cisco NAC Appliance
Lesson 3: Implementing the Cisco VPN SSO Feature on the Cisco NAC Appliance This lesson defines how to use the Cisco NAC Appliance web-based administration console to configure the Cisco NAS to support Cisco VPN SSO devices. Upon completing this lesson, the learner will be able to meet these objectives:

Describe the Cisco NAC Appliance VPN SSO support for Cisco VPN concentrators and Cisco Adaptive Security Appliances (ASAs) Explain how the SSO improves the use of VPN services with the Cisco NAC Appliance solution Describe how to configure the Cisco NAC Appliance for Cisco VPN SSO device integration

Introducing Cisco NAC Appliance VPN SSO Introducing VPN SSO Support Configuring Cisco NAC Appliance for VPN Concentrator or ASA Integration
Configuring the Cisco VPN SSO Feature on the Cisco NAC Appliance
Lesson 4: Implementing Cisco NAC Appliance Out-of-Band Deployment This lesson defines how to deploy a Cisco NAC Appliance out-of-band solution for VLANbased quarantine. Upon completing this lesson, the learner will be able to meet these objectives:

Describe the Cisco NAC Appliance out-of-band process flow Describe the considerations for implementing the Cisco NAC Appliance out-of-band for central- and edge-deployment scenarios Describe how to add an out-of-band Cisco NAS to the Cisco NAM Describe how to implement the Cisco NAC Appliance out-of-band deployment for the different Cisco NAS operating modes

86 SecurityCurriculumCourseOutline 2009 Cisco Systems, Inc.
Out-of-Band Process Flow Out-of-Band Deployment Considerations Adding an Out-of-Band Cisco NAS to the Cisco NAM Implementing Cisco NAS Out-of-Band Operating Modes
Adding an Out-of-Band Virtual Gateway Cisco NAS to an HA Cisco NAC Appliance Deployment
Note
For the purposes of learning continuity, this lesson activity can be completed after the lab activity Configuring an HA In-Band VPN Cisco NAC Appliance Solution.
Lesson 5: Managing Switches This lesson defines how to configure the Cisco NAM to manage switches for out-of-band deployment scenarios. Upon completing this lesson, the learner will be able to meet these objectives:

Describe how to implement switch management for Cisco NAC Appliance out-of-band deployment Describe how to set up switches so that they can be used with Cisco NAC Appliance outof-band deployment Describe how to configure group profiles on the Cisco NAM for out-of-band deployment Describe how to configure switch profiles on the Cisco NAM for out-of-band deployment Describe how to configure port profiles on the Cisco NAM for out-of-band deployment Describe how to configure the SNMP receiver on the Cisco NAM for out-of-band deployment Describe how to add switches to the Cisco NAM managed domain for out-of-band deployment Describe how to configure switch ports to use the Cisco NAM port profiles for out-of-band deployment Describe how to manage the switch configuration settings for out-of-band deployment

Implementing Switch Management Configuring the Network for Out-of-Band Deployment Configuring Group Profiles Configuring Switch Profiles Configuring Port Profiles Configuring the SNMP Receiver Adding Switches to the Managed Domain Configuring Switch Ports to Use Port Profiles
Managing Switch Configuration Settings
Configuring SNMP, Switch, and Port Profiles for an Out-of-Band Cisco NAC Appliance Deployment
Note
For the purposes of learning continuity, this lesson activity can be completed after the activities to configure Cisco NAM and Cisco NAS high availability.
Module 4: Cisco NAC Appliance Implementation Options

Implement a highly available Cisco NAC Appliance solution to mitigate network threats and facilitate network access for those users that meet corporate security requirements. Lesson 1: Implementing Cisco NAC Appliance on a Network This lesson defines how to explain which Cisco NAC Appliance features to implement in order to protect a network. Upon completing this lesson, the learner will be able to meet these objectives:

Describe how to implement Cisco NAC Appliance to protect a network Describe how to use the Device Management menu options to configure the general setup options Explain how user pages are configured in Cisco NAC Appliance Describe how to use the Cisco NAM to manage certified devices in the network

Implementing Cisco NAC Appliance Introducing the General Setup Tab Introducing User Pages Managing Certified Devices
Lesson 2: Implementing Network Scanning This lesson defines how to configure the Cisco NAC Appliance network scanner to use Nessus plug-ins to check for security vulnerabilities. Upon completing this lesson, the learner will be able to meet these objectives:

Describe the steps that are needed to configure the Cisco NAC Appliance network scanner to use Nessus plug-ins Describe how to configure the quarantine role Describe how to implement Nessus plug-ins into the Cisco NAM repository Describe how to test a network scanning configuration Describe how to customize the User Agreement page Describe how to view scan reports
88

Introducing Network Scanning Configuring the Quarantine Role Implementing Nessus Plug-Ins Testing a Scanning Configuration Customizing the User Agreement Page Viewing Scan Reports
Lesson 3: Configuring the Cisco NAM to Implement the Cisco NAA on User Devices This lesson defines how to configure the Cisco NAM to implement Cisco NAA on client machines in a network. Upon completing this lesson, the learner will be able to meet these objectives:

Describe the steps that are used to configure the Cisco NAM to implement the Cisco NAA on client machines Describe how to retrieve updates from the Cisco NAC Appliance update server Describe how to ensure that the Cisco NAA is installed on user devices Describe how to configure the Cisco NAA temporary role on the Cisco NAM Explain Cisco NAA system requirements Describe how to create a check Describe how to create an antivirus rule and a normal rule Describe how to create an antivirus requirement and a custom requirement Describe how to map requirements to rules and roles

Configuring the Cisco NAM to Implement the Cisco NAA Retrieving Updates Requiring the Use of the Cisco NAA Configuring the Cisco NAA Temporary Role Introducing Cisco NAA Checks, Rules, and Requirements Creating a Check Creating Rules Creating Requirements Mapping Requirements to Rules and Roles
Configuring the Cisco NAA
89
Lesson 4: Configuring Cisco NAM High Availability This lesson defines how to configure a high-availability pair of Cisco NAMs. Upon completing this lesson, the learner will be able to meet these objectives:

Describe how to configure high availability between two Cisco NAMs Describe how to establish a serial connection between two Cisco NAMs Describe how to configure a primary Cisco NAM for high availability Describe how to configure a secondary Cisco NAM for high availability

Introducing High Availability for Cisco NAMs Establishing a Serial Connection Between Cisco NAMs Configuring the Primary Cisco NAM Configuring the Secondary Cisco NAM
Lesson 5: Configuring Cisco NAS High Availability This lesson defines how to configure a high-availability pair of Cisco NASs. Upon completing this lesson, the learner will be able to meet these objectives:

Describe how to configure high availability between two Cisco NASs Describe how to configure the primary Cisco NAS for high availability Describe how to configure the secondary Cisco NAS for high availability Describe how to test the Cisco NAS high-availability configuration Describe how to configure DHCP failover

Introducing High Availability for Cisco NASs Configuring the Primary Cisco NAS Configuring the Secondary Cisco NAS Testing the Cisco NAS High-Availability Configuration Configure DHCP Failover
Configuring an HA In-Band VPN Cisco NAC Appliance Solution
90
Module 5: Cisco NAC Appliance Monitoring and Administration

Maintain a highly available Cisco NAC Appliance deployment in medium and enterprise network environments. Lesson 1: Monitoring a Cisco NAC Appliance Deployment This lesson defines how to monitor the operational information of a Cisco NAC Appliance deployment using the Cisco NAM. Upon completing this lesson, the learner will be able to meet these objectives:

Describe how to monitor Cisco NAC Appliance activities Describe how to use the Online Users page to monitor online users Describe how to use the web-based administrative console to monitor event logging

Introducing Cisco NAC Appliance Monitoring Monitoring Online Users Monitoring Event Logs
91
Lesson 2: Administering the Cisco NAM This lesson defines how to manage a Cisco NAC Appliance deployment. Upon completing this lesson, the learner will be able to meet these objectives:

Describe the components of the Cisco NAM administration module Describe how to manage administrator groups Describe how to manage users with administrator privileges Describe how to manage user passwords Describe how to administer the Cisco NAM system time settings Describe how to configure SSL certificate management using the administrator console of the Cisco NAM Describe how to manage Cisco NAC Appliance software upgrades and licenses Describe the steps used to maintain a Cisco NAM configuration

Defining the Cisco NAM Administration Module Managing Administrator Groups Managing Administrator Users Managing User Passwords Administering the System Time Managing SSL Certificates Managing the Cisco NAC Appliance Software Protecting Your Cisco NAM Configuration
92

Cisco Security Curriculum-Course Outlines

Cargado por

Información del documento

Título original

Derechos de autor

Formatos disponibles

Compartir este documento

Compartir o incrustar documentos

Opciones para compartir

¿Le pareció útil este documento?

¿Este contenido es inapropiado?

Copyright:

Formatos disponibles

Cisco Security Curriculum-Course Outlines

Cargado por

Copyright:

Formatos disponibles

CISCO SYSTEMS, INC.

Created by Davie Chia (dachia@cisco.com), CCSP program manager

CONTENT: IINS(CCNASecurity)page3 SNRS(CCSPcore)page22 IPS(CCSPcore)page36 SNAF(CCSPcore)page48 SNAA(CCSPelective)page58 MARS(CCSPelective)page71 CANAC(CCSPelective)page81

2009 Cisco Systems, Inc.

High-Level Course Outline

2008 Cisco Systems, Inc.

Course Administration Guide

Detailed Course Outline

Lesson 1: Examining Network Security Fundamentals

The lesson includes these topics:

Lesson 2: Examining Network Attack Methodologies

2009 Cisco Systems, Inc.

The lesson includes these topics:

Lesson 3: Examining Operations Security

The lesson includes these topics:

The lesson includes these activities:

Lesson 4: Understanding and Developing a Comprehensive Network Security Policy

2008 Cisco Systems, Inc.

The lesson includes these topics:

Lesson 5: Building Cisco Self-Defending Networks

The lesson includes these topics:

2009 Cisco Systems, Inc.

Module 2: Perimeter Security

The lesson includes these topics:

The lesson includes this activity:

Lab 2-1: Securing Administrative Access to Cisco Routers

2008 Cisco Systems, Inc.

The lesson includes these topics:

The lesson includes these topics:

The lesson includes this activity:

2009 Cisco Systems, Inc.

The lesson includes these topics:

The lesson includes this activity:

The lesson includes these topics:

The lesson includes this activity:

Lab 2-4: Implementing Secure Management and Reporting

2008 Cisco Systems, Inc.

The lesson includes these topics:

The lesson includes this activity:

2009 Cisco Systems, Inc.

Module 3: Network Security Using Cisco IOS Firewalls

The lesson includes these topics:

2008 Cisco Systems, Inc.

Course Administration Guide

The lesson includes these topics:

The lesson includes this activity:

Lab 3-1: Creating Static Packet Filters Using ACLs

The lesson includes these topics:

The lesson includes this activity:

Lab 3-2: Configuring a Cisco IOS Zone-Based Policy Firewall

2009 Cisco Systems, Inc.

Module 4: Site-to-Site VPNs

The lesson includes these topics:

2008 Cisco Systems, Inc.

Course Administration Guide

The lesson includes these topics:

The lesson includes these topics:

The lesson includes these topics:

Asymmetric Encryption Overview RSA Features and Functions

The lesson includes these topics:

2008 Cisco Systems, Inc.

Course Administration Guide

The lesson includes these topics: