Think Career in IT
Think Steps......

IT Training from the masters

CCNA Security

Duration is of 60 days and time duration will be 1 and ½ Hrs per day. Pre-requisite for CCNA Security is CCNA Routing and Switching (200-125) Training.

Security Concepts::
  • Common security principles.
  • Describe confidentiality, integrity, availability (CIA).
  • Identify common security terms.
  • Identify common network security zones.
  • Identify common network attacks.
  • Describe social engineering.
  • Cryptography concepts.
  • Describe key exchange.
  • Describe hash algorithm.
  • Compare and contrast symmetric and asymmetric encryption.
  • Describe digital signatures, certificates, and PKI.
  • Describe network topologies.
  • Campus area network (CAN).
  • Cloud, wide area network (WAN).
  • Data center.
  • Small office/home office (SOHO).
Secure Access:
  • Secure management
  • Compare in-band and out-of band
  • Configure secure network management
  • Configure and verify secure access through SNMP v3 using an ACL
  • Configure and verify security for NTP
  • Use SCP for file transfer
  • AAA concepts
  • Describe RADIUS and TACACS+ technologies
  • Configure administrative access on a Cisco router using TACACS+
  • Verify connectivity on a Cisco router to a TACACS+ server
  • Explain the integration of Active Directory with AAA
  • Describe authentication and authorization using ACS and ISE
  • 802.1X authentication
  • Identify the functions 802.1X components
  • VPN concepts
  • Describe IPsec protocols and delivery modes (IKE, ESP, AH, tunnel mode, transport mode)
  • Describe hairpinning and split-tunneling.
  • Remote access VPN
  • Implement basic clientless SSL VPN using ASDM
  • Verify clientless connection.
  • Implement basic AnyConnect SSL VPN using ASDM.
  • Verify AnyConnect connection
  • Site-to- site VPN
  • Implement an IPsec site-to- site VPN with pre-shared key authentication on Cisco routers and ASA firewalls
  • Verify an IPsec site-to- site VPN
Secure Routing and Switching:
  • Configure multiple privilege levels
  • Configure Security on Cisco routers
  • Cisco IOS role-based CLI access.
  • Securing routing protocols
  • Implement routing update authentication on OSPF
  • Securing the control plane
  • Explain the function of control plane policing
Common Layer 2 attacks:
  • Describe STP attacks
  • Describe ARP spoofing
  • Describe MAC spoofing
  • Describe CAM table (MAC address table) overflows
  • Describe CDP/LLDP reconnaissance
  • Describe VLAN hopping
  • Describe DHCP spoofing
Mitigation procedures:
  • Implement DHCP snooping
  • Implement Dynamic ARP Inspection
  • Implement port security
  • Describe BPDU guard, root guard, loop guard
  • Verify mitigation procedures
  • VLAN security
  • Describe the security implications of a PVLAN
  • Describe the security implications of a native VLAN
Cisco Firewall Technologies:
  • Describe operational strengths and weaknesses of the different firewall technologies
  • Proxy firewalls
  • Application firewall
  • Personal firewall
  • Compare stateful vs. stateless firewalls
  • Implement NAT on Cisco ASA
  • Static
  • Dynamic
  • PAT
  • Policy NAT
  • Verify NAT operations
  • Implement zone-based firewall
  • Zone to zone
  • Self zone
  • Firewall features on the Cisco Adaptive Security Appliance (ASA)
  • Configure ASA access management
  • Configure security access policies
  • Configure Cisco ASA interface security levels
  • Describe modes of deployment (routed firewall, transparent firewall)
  • Describe methods of implementing high availability
  • Describe security contexts
  • Describe firewall services
  • Describe IPS deployment considerations
  • Network-based IPS vs. host-based IPS
  • Modes of deployment (inline, promiscuous - SPAN, tap)
  • False positives, false negatives, true positives, true negatives
  • Describe IPS technologies