Duration is of 60 days and time duration will be 1 and ½ Hrs per day. Pre-requisite for CCNA Security is CCNA Routing and Switching (200-125) Training.
- Common security principles.
- Describe confidentiality, integrity, availability (CIA).
- Identify common security terms.
- Identify common network security zones.
- Identify common network attacks.
- Describe social engineering.
- Cryptography concepts.
- Describe key exchange.
- Describe hash algorithm.
- Compare and contrast symmetric and asymmetric encryption.
- Describe digital signatures, certificates, and PKI.
- Describe network topologies.
- Campus area network (CAN).
- Cloud, wide area network (WAN).
- Data center.
- Small office/home office (SOHO).
- Secure management
- Compare in-band and out-of band
- Configure secure network management
- Configure and verify secure access through SNMP v3 using an ACL
- Configure and verify security for NTP
- Use SCP for file transfer
- AAA concepts
- Describe RADIUS and TACACS+ technologies
- Configure administrative access on a Cisco router using TACACS+
- Verify connectivity on a Cisco router to a TACACS+ server
- Explain the integration of Active Directory with AAA
- Describe authentication and authorization using ACS and ISE
- 802.1X authentication
- Identify the functions 802.1X components
- VPN concepts
- Describe IPsec protocols and delivery modes (IKE, ESP, AH, tunnel mode, transport mode)
- Describe hairpinning and split-tunneling.
- Remote access VPN
- Implement basic clientless SSL VPN using ASDM
- Verify clientless connection.
- Implement basic AnyConnect SSL VPN using ASDM.
- Verify AnyConnect connection
- Site-to- site VPN
- Implement an IPsec site-to- site VPN with pre-shared key authentication on Cisco routers and ASA firewalls
- Verify an IPsec site-to- site VPN
Secure Routing and Switching:
- Configure multiple privilege levels
- Configure Security on Cisco routers
- Cisco IOS role-based CLI access.
- Securing routing protocols
- Implement routing update authentication on OSPF
- Securing the control plane
- Explain the function of control plane policing
Common Layer 2 attacks:
- Describe STP attacks
- Describe ARP spoofing
- Describe MAC spoofing
- Describe CAM table (MAC address table) overflows
- Describe CDP/LLDP reconnaissance
- Describe VLAN hopping
- Describe DHCP spoofing
- Implement DHCP snooping
- Implement Dynamic ARP Inspection
- Implement port security
- Describe BPDU guard, root guard, loop guard
- Verify mitigation procedures
- VLAN security
- Describe the security implications of a PVLAN
- Describe the security implications of a native VLAN
Cisco Firewall Technologies:
- Describe operational strengths and weaknesses of the different firewall technologies
- Proxy firewalls
- Application firewall
- Personal firewall
- Compare stateful vs. stateless firewalls
- Implement NAT on Cisco ASA
- Policy NAT
- Verify NAT operations
- Implement zone-based firewall
- Zone to zone
- Self zone
- Firewall features on the Cisco Adaptive Security Appliance (ASA)
- Configure ASA access management
- Configure security access policies
- Configure Cisco ASA interface security levels
- Describe modes of deployment (routed firewall, transparent firewall)
- Describe methods of implementing high availability
- Describe security contexts
- Describe firewall services
- Describe IPS deployment considerations
- Network-based IPS vs. host-based IPS
- Modes of deployment (inline, promiscuous - SPAN, tap)
- False positives, false negatives, true positives, true negatives
- Describe IPS technologies