Cisco Certified Network Associate Security (CCNA Security) validates associate-level knowledge and skills required to secure Cisco networks. With a CCNA Security certification, a network professional demonstrates the skills required to develop a security infrastructure, recognize threats and vulnerabilities to networks, and mitigate security threats.

The CCNA Security Certification is the next step after the CCNA R&S to enhance your associate level skill set in network security. It prepares you for entry-level security career opportunities to meet the growing demand of network for network security professionals.

Prerequisites:

• Module 1 : Common Security Threats
  • Describe common security threats
  • Common threats to the physical installation
  • Mitigation methods for common network attacks
  • Email-based threats
  • Web-based attacks
  • Mitigation methods for Worm, Virus, and Trojan Horse attacks
  • Phases of a secure network lifecycle
  • Security needs of a typical enterprise with a comprehensive security policy
  • Mobile/remote security
  • DLP
• Module 2 : Authentication, Authorization & Accounting (AAA)
  • What is AAA?
  • TACAS+ vs. RADIUS
  • TACAS+ and RADIUS Configuration
  • Authentication Configuration
  • AAA Login
  • Using AAA for Privileged EXEC Mode and PPP
  • Accounting
  • Authorization
  • Configuring AAA with SDM
  • Configuring AAA with CLI router and Switches
  • Configuring AAA with ASA
• Module 3 : Layer 2 Security
• 3.1 Describe Layer 2 security using Cisco switches
  • STP attacks
  • ARP spoofing
  • MAC spoofing
  • CAM overflows
  • CDP/LLDP
• 3.2 Describe VLAN security
  • Voice VLAN
  • PVLAN
  • VLAN hopping
  • Native VLAN
• 3.3 Implement VLANs and trunking
  • VLAN definition
  • Grouping functions into VLANs
  • Considering traffic source to destination paths
  • Trunking
  • Native VLAN
  • VLAN Trunking Protocols
  • Inter-VLAN Routing
  • Private-vlan
• 3.4 Configuring Port-Security
  • Preventing CAM Overflow Attacks with Port Security
  • Port Security
  • Configuring Port Security
  • Misconfiguring Port Security
  • Aging Time for Secure Addresses
  • Sticky Addresses
  • Configuring MAC Table Event Notification
  • Dot1x Port-Based Authentication
• 3.5 Implement spanning tree
  • Potential issues with redundant switch topologies
  • STP operations
  • Resolving issues with STP - RootGuard , BpduGuard, Bpdufilter
• 3.6 Basic L2 Security Features
  • Cisco Password
  • Cisco Lightweight Extensible Authentication Protocol (LEAP)
  • Extensible Authentiaction Protocol-Flexible Authentication via Secure Tunneling (EAP-FAST)
  • Local SPAN Configuration
  • Remote SPAN Configuration
  • VACL
  • PACL
• Module 4 : Layer 3 Security
• 4.1 Basic Security
  • Configuring Enable Password
  • Privileged Level Password vs. Privleged Level Secret
  • Encrypting Passwords
  • Creating and Testing Minimum Length Password Policy
  • Telnet and SSH
  • exec-timeout Command
• 4.2 Access-list Control - ACL
  • IPv4
  • IPv6
  • Object groups
  • ACL operations
  • Types of ACLs (dynamic, reflexive, time-based ACLs)
  • ACL wild card masking
  • Standard ACLs
  • Extended ACLs
  • Named ACLs
  • VLSM
• 4.3 Network Time Protocol (NTP)
  • Configuring NTP Master Time Source
  • Configuring Peering with NTP Peers Command
  • Creating Banners
  • Different Types of Network Attacks
• 4.4 Attacks
  • Denial of Services (DoS) Attack and SYN Flooding Attack
  • TCP Intercept Defense
  • ICMP (Ping) Sweep, Port Scan and Port Sweep
  • Smurf Attacks
  • IP Spoofing
  • IP Source Routing
  • Packet Sniffers and Queries
  • Password Attacks
  • Salami Attack
  • Other Network Attacks Types - Trust Exploitation
  • Superviews - Role-Based CLI Views
  • AutoSecure
  • One-Step Lockdown.
  • Security Audit
• Module 5 : Describe Intrusion Prevention System (IPS) deployment considerations
  • SPAN
  • IPS product portfolio
  • Placement
  • Caveats
• 5.2 Describe IPS technologies
  • Attack responses
  • Monitoring options
  • Syslog
  • SDEE
  • Signature engines
  • Signatures
  • Global correlation and SIO
  • Network-based
  • Host-based
• 5.3 Configure Cisco IOS IPS using CCP
  • Logging
  • Signatures
• Module 6 : Firewalls
• 6.1 Describe operational strengths and weaknesses of the different firewall technologies
  • Proxy firewalls
  • Packet and stateful packet
  • Application firewall
  • Personal firewall
• 6.2 Describe stateful firewalls
  • Operations
  • Function of the state table
• 6.3 Describe the types of NAT used in firewall technologies
  • Static
  • Dynamic
  • PAT
  • Translation (PAT)
  • Functions of NAT, PAT, and NAT Overload
  • Translating Inside Source addresses
  • Overloading Inside global addresses
• 6.4 Implement zone based policy firewall using CCP
  • Zone to zone
  • Self zone
• Module 7 : VPN (Virtual Private Network)
• 7.1 Cryptography and Virtual Private Networks (VPNs)
  • Symmetric
  • Asymetric
  • HMAC
  • Message digest (VTP)
  • PKI
• 7.2 Describe the building blocks of IPSec
  • IKE
  • ESP
  • AH
  • Tunnel mode
  • Transport mode
  • IPsec
  • SSL
• 7.3 Implement an IOS IPSec site-to-site VPN with pre-shared key authentication
  • CCP
  • CLI
• 7.4 Implement SSL VPN using ASA device manager
  • Clientless
  • AnyConnect
• Module 8 : Introduction to Voice and SAN Security
  • Voice Over IP Overview
  • Gateways and Gatekeepers
  • VoIP Protocols
  • Typical VoIP Attacks and Precautions
  • Introduction to Storage Area Networking (SAN)
  • SAN Transport Technologies and Protocols
  • SAN Security - LUNS and LUN Masking
  • SAN Zones
  • Virtual SANs (VSANs)
  • FCAP and FCPAP

The following modes of training are available for this course

• Regular duration Training program
• Fast Track Training program
• Customized Bootcamp
• Customized Online Training program