Network Associate » Khóa học CCNA Security: Implementing Cisco Network Security (IINS)

Thời gian khóa học: 80 giờ
Điều kiện tiên quyết:

Hoàn thành chương trình học CCNA Routing & Switching hoặc tương đương.

Giới thiệu
Nội dung khóa học
Lịch trình học
  • Khóa học CCNA Security (210-260) là bước đầu tiên ở cấp độ cơ bản trong lĩnh vực bảo mật của Cisco. CCNA Security cung cấp cho bạn kiến thức và kỹ năng cần thiết để phát triển một hệ thống hạ tầng an ninh, dự báo và phát hiện các lỗ hổng của hệ thống, giảm thiểu các mối đe dọa từ bên ngoài đối với hệ thống.
  • Khóa học CCNA Security nhấn mạnh công nghệ bảo mật cốt lõi nhất; hiểu, nắm vững cách thức cài đặt và xử lý sự cố các thiết bị mạng. Giúp cho hệ thống mạng luôn duy trì tính toàn vẹn, tính sẵn sàng cao và bảo mật dữ liệu cũng như thiết bị tại doanh nghiệp.
  • CCNA Security phù hợp với nhiều đối tượng: Sinh viên, chuyên viên IT, chuyên viên bảo mật hệ thống cần kiến thức thực tiễn về bảo mật mạng nhằm đáp ứng nhu cầu tuyển dụng và ứng dụng vào môi trường mạng doanh nghiệp.

Khả năng đạt được sau khóa học:

  • Hiểu được khái niệm chung về an ninh mạng
  • Hiểu được vai trò của routing và switching nhằm đảm bảo an toàn hạ tầng mạng.
  • Thiết kế và triển khai các dịch vụ cơ bản về xác thực, cấp quyền và giám sát.
  • Thiết kế và triển khai các dịch vụ cơ bản về Firewall.
  • Thiết kế và triển khai dịch vụ VPN site-to-site và remote access cơ bản
  • Hiểu các dịch vụ bảo mật chuyên sâu như các kỹ thuật chống xâm nhập, quản lý đinh danh, bảo mật nội dung.

.

 

Security Concepts

Common security principles

  • Describe confidentiality, integrity, availability (CIA)
  • Describe SIEM technology
  • Identify common security terms
  • Identify common network security zones

Common security threats

  • Identify common network attacks
  • Describe social engineering
  • Identify malware
  • Classify the vectors of data loss/exfiltration

Cryptography concepts

  • Describe key exchange
  • Describe hash algorithm
  • Compare and contrast symmetric and asymmetric encryption
  • Describe digital signatures, certificates, and PKI

Describe network topologies

  • Campus area network (CAN)
  • Cloud, wide area network (WAN)
  • Data center
  • Small office/home office (SOHO)
  • Network security for a virtual environment.

Secure Access

Secure management

  • Compare in-band and out-of band
  • Configure secure network management
  • Configure and verify secure access through SNMP v3 using an ACL
  • Configure and verify security for NTP
  • Use SCP for file transfer

AAA concepts

  • Configure administrative access on a Cisco router using TACACS+
  • Verify connectivity on a Cisco router to a TACACS+ server
  • Explain the integration of Active Directory with AAA
  • Describe authentication and authorization using ACS and ISE

802.1X authentication

  • Identify the functions 802.1X components

BYOD

  • Describe the BYOD architecture framework
  • Describe the function of mobile device management (MDM)

VPN

VPN concepts

  • Describe IPsec protocols and delivery modes (IKE, ESP, AH, tunnel mode, transport mode)
  • Describe hairpinning, split tunneling, always-on, NAT traversal

Remote access VPN

  • Implement basic clientless SSL VPN using ASDM
  • Verify clientless connection
  • Implement basic AnyConnect SSL VPN using ASDM

Site-to-site VPN

  • Implement an IPsec site-to-site VPN with pre-shared key authentication on Cisco routers and ASA firewalls
  • Verify an IPsec site-to-site VPN

Secure Routing and Switching

Security on Cisco routers

  • Configure multiple privilege levels
  • Configure Cisco IOS role-based CLI access
  • Implement Cisco IOS resilient configuration

Securing routing protocols & control plane

  • Implement routing update authentication on OSPF
  • Explain the function of control plane policing

Common Layer 2 attacks

  • Describe STP attacks
  • Describe ARP spoofing
  • Describe MAC spoofing
  • Describe CAM table (MAC address table) overflows
  • Describe CDP/LLDP reconnaissance
  • Describe VLAN hopping
  • Describe DHCP spoofing

Mitigation procedures

  • Implement DHCP snooping
  • Implement Dynamic ARP Inspection
  • Implement port security
  • Describe BPDU guard, root guard, loop guard

VLAN security

  • Describe the security implications of a PVLAN
  • Describe the security implications of a native VLAN

Cisco Firewall Technologies

Describe operational strengths and weaknesses of the different firewall technologies

  • Proxy firewalls
  • Application firewall
  • Personal firewall

Compare stateful vs. stateless firewalls

  • Operations
  • Function of the state table

Implement NAT on Cisco ASA 9.x

  • Static
  • Dynamic
  • PAT
  • Policy NAT
  • Verify NAT operations

Implement zone-based firewall

  • Zone to zone
  • Self zone

Firewall features on the Cisco Adaptive Security Appliance (ASA) 9.x

  • Configure ASA access management
  • Configure security access policies
  • Configure Cisco ASA interface security levels
  • Configure default Cisco Modular Policy Framework (MPF)
  • Describe modes of deployment (routed firewall, transparent firewall)
  • Describe methods of implementing high availability
  • Describe security contexts
  • Describe firewall services

IPS

Describe IPS deployment considerations

  • Network-based IPS vs. host-based IPS
  • Modes of deployment (inline, promiscuous - SPAN, tap)
  • Placement (positioning of the IPS within the network)
  • False positives, false negatives, true positives, true negatives

Describe IPS technologies

  • Rules/signatures
  • Detection/signature engines
  • Trigger actions/responses (drop, reset, block, alert, monitor/log, shun)
  • Blacklist (static and dynamic)

Content and Endpoint Security

Describe mitigation technology for email-based threats

  • SPAM filtering, anti-malware filtering, DLP, blacklisting, email encryption

Describe mitigation technology for web-based threats

  • Local and cloud-based web proxies
  • Blacklisting, URL filtering, malware scanning, URL categorization, web application filtering, TLS/SSL decryption

Describe mitigation technology for endpoint threats

  • Anti-virus/anti-malware
  • Personal firewall/HIPS
  • Hardware/software encryption of local data

BUỔI

CHỦ ĐỀ BÀI HỌC

1

  • Common security principles
    • Describe confidentiality, integrity, availability (CIA)
    • Describe SIEM technology
    • Identify common security terms

2

  • Common security threats
    • Identify common network attacks
    • Describe social engineering
    • Identify malware
  • Describe network topologies

3

  • Secure management:
  • Configure secure network management
  • Configure and verify secure access through SNMP v3 using an ACL
  • Configure and verify security for NTP
  • Use SCP for file transfer

4

  • AAA concepts
  • Configure administrative access on a Cisco router using TACACS+
  • Verify connectivity on a Cisco router to a TACACS+ server
  • Explain the integration of Active Directory with AAA
  • Describe authentication and authorization using ACS and ISE

5

  • 802.1X authentication
  • BYOD

6

  • Cryptography concepts
  • VPN concepts

7

  • Site-to-site VPN
    • Implement an IPsec site-to-site VPN with pre-shared key authentication on Cisco routers.

8

  • Site-to-site VPN
    • Implement an IPsec site-to-site VPN with pre-shared key authentication on Cisco ASA firewalls

9

  • LAB Site-to-site VPN on Router and ASA firewall

10

  • Remote access VPN
    • Implement basic clientless SSL VPN

11

  • Remote access VPN
    • Implement basic AnyConnect SSL VPN

12

  • Security on Cisco routers
  • Securing routing protocols & control plane

13

  • Common Layer 2 attacks
  • Mitigation procedures:
    • Implement DHCP snooping
    • Implement Dynamic ARP Inspection
    • Implement port security
    • Describe BPDU guard, root guard, loop guard.

14

  • VLAN security:
    • Describe the security implications of a PVLAN
    • Describe the security implications of a native VLAN

15

  • Describe operational strengths and weaknesses of the different firewall technologies
  • Implement zone-based firewall.

16

  • Implement NAT on Cisco ASA 9.x
    • Static
    • Dynamic
    • PAT

17

  • Implement NAT on Cisco ASA 9.x
    • Policy NAT
    • Verify NAT operations

18

  • Firewall features on the Cisco Adaptive Security Appliance (ASA) 9.x
    • Configure ASA access management
    • Configure security access policies
    • Configure Cisco ASA interface security levels

19

  • Firewall features on the Cisco Adaptive Security Appliance (ASA) 9.x
    • Configure default Cisco Modular Policy Framework (MPF)
    • Describe modes of deployment (routed firewall, transparent firewall)
    • Describe methods of implementing high availability
    • Describe security contexts

20

  • Describe IPS deployment considerations
  • Describe IPS technologies
  • Describe mitigation technology for email-based threats
  • Describe mitigation technology for web-based threats
  • Describe mitigation technology for endpoint threats

21

  • LAB Firewall and NAT

22

  • LAB Firewall and VPN

23

  • FINAL WRITTEN

24

  • FINAL LAB
Chương trình đào tạo