Page 1
ISCWImplementing Secure Cisco WANs
Preview
CIS 186 ISCW
Rick Graziani
Fall 2007
Page 2
Rick Graziani [email protected] 2
My Web Site
Page 3
Rick Graziani [email protected] 3
On-line curriculum
Page 4
Rick Graziani [email protected] 4
Labs and NetLab
Page 5
Rick Graziani [email protected] 5
ISCW Exam Certification Guide
Page 6
Rick Graziani [email protected] 6
Review Questions: On-line curriculum and ISCW Exam Cert Book
Page 7
Rick Graziani [email protected] 7
Description and Chapters
This course will teach advanced skills required to secure and enhance services in enterprise networks for teleworkers and remote sites.
It will focus on securing remote access, VPN client configuration and other topics including Mulit-Protocol Label Switching (MPLS), IPsec, Cisco device hardening, IOS firewall features, and IOS threat defense features.
1. Remote Network Connectivity Requirements2. Teleworker Connectivity (Simulation)3. IPsec VPNs (Labs)4. Frame Mode MPLS Implmentation (One lab)5. Cisco Device Hardening (Labs)6. Cisco IOS Threat Defense Features (Labs)
Page 8
Rick Graziani [email protected] 8
Chapter 1 Remote Network Connectivity Requirements
• Enterprise Networking
• Hierarchical Model
• Cisco Enterprise Architecture
• Remote Connection Requirements in a Converged Network
• Remote Connection Considerations
• Intelligent Information Network
• Cisco SONA Framework
Page 9
Rick Graziani [email protected] 9
Hierarchical Network Model
Page 10
Rick Graziani [email protected] 10
Cisco Enterprise Architecture
Page 11
Rick Graziani [email protected] 11
Remote Connection Considerations
Page 12
Rick Graziani [email protected] 12
Cisco SONA Framework
Page 13
Rick Graziani [email protected] 13
Chapter 2 Teleworker Connectivity
• Describing Remote Connection Topologies for Teleworkers
• Describing Cable Technology
• Deploying Cable System Technology
• Describing DSL Technology
• Deploying ADSL
• Configuring the CPE as the PPPoE or PPPoA Client
• Troubleshooting Broadband ADSL Configurations
• PPPoE Simulation Practice
Page 14
Rick Graziani [email protected] 14
Remote Connection Topologies for the Teleworker
Page 15
Rick Graziani [email protected] 15
Components of the Teleworker Solution
Page 16
Rick Graziani [email protected] 16
What is a Cable System?
Page 17
Rick Graziani [email protected] 17
Describing Cable Technology
Page 18
Rick Graziani [email protected] 18
Deploying Cable System Technology
Page 19
Rick Graziani [email protected] 19
Describing DSL Technology
Page 20
Rick Graziani [email protected] 20
Deploying ADSL
Page 21
Rick Graziani [email protected] 21
Configuring the CPE as the PPPoE or PPPoA Client
Page 22
Rick Graziani [email protected] 22
Troubleshooting Broadband ADSL Configurations
Page 23
Rick Graziani [email protected] 23
PPPoE Simulation Practice
Page 24
Rick Graziani [email protected] 24
Chapter 3 IPsec VPNs
• Introducing VPN Technology
• Understanding IPsec Components and IPsec VPN Features
• Implementing Site-to-Site IPsec VPN Operations
• Configuring IPsec Site-to-Site VPN Using SDM
• Configuring GRE Tunnels over IPsec
• Configuring High-Availability VPNs
• Introducing Cisco Easy VPN
• Configuring Easy VPN Server using Cisco SDM
• Implementing the Cisco VPN Client
• IPsec VPN Lab Exercises
Page 25
Rick Graziani [email protected] 25
Introducing VPN Technology
Page 26
Rick Graziani [email protected] 26
Understanding IPsec Components and IPsec VPN Features
Page 27
Rick Graziani [email protected] 27
Implementing Site-to-Site IPsec VPN Operations
Page 28
Rick Graziani [email protected] 28
Configuring IPsec Site-to-Site VPN Using SDM
Page 29
Rick Graziani [email protected] 29
Configuring GRE Tunnels over IPsec
Page 30
Rick Graziani [email protected] 30
Configuring High-Availability VPNs
Page 31
Rick Graziani [email protected] 31
Introducing Cisco Easy VPN
Page 32
Rick Graziani [email protected] 32
Configuring Easy VPN Server using Cisco SDM
Page 33
Rick Graziani [email protected] 33
Implementing the Cisco VPN Client
Page 34
Rick Graziani [email protected] 34
Lab 3.1 Configuring SDM on a Router
Page 35
Rick Graziani [email protected] 35
Lab 3.2 Configuring a Basic GRE Tunnel
Page 36
Rick Graziani [email protected] 36
Lab 3.3 Configuring Wireshark and SPAN
Page 37
Rick Graziani [email protected] 37
Lab 3.4 Configuring Site-to-Site IPsec VPNs with SDM
Page 38
Rick Graziani [email protected] 38
Lab 3.5 Configuring Site-to-Site IPsec VPNs with the IOS CLI
Page 39
Rick Graziani [email protected] 39
Lab 3.6 Configuring a Secure GRE Tunnel with SDM
Page 40
Rick Graziani [email protected] 40
Lab 3.7 Configuring a Secure GRE Tunnel with the IOS CLI
Page 41
Rick Graziani [email protected] 41
Lab 3.8 Configuring IPsec VTIs
Page 42
Rick Graziani [email protected] 42
Lab 3.9 Configuring Easy VPN with SDM
Page 43
Rick Graziani [email protected] 43
Lab 3.10 Configuring Easy VPN with the IOS CLI
Page 44
Rick Graziani [email protected] 44
Chapter 4 Frame Mode MPLS
• Introducing MPLS Networks
• Assigning MPLS Labels to Packets
• Implementing Frame Mode MPLS
• Describing MPLS VPN Technology
• MPLS Lab Exercises
Page 45
Rick Graziani [email protected] 45
Introducing MPLS Networks
Page 46
Rick Graziani [email protected] 46
Assigning MPLS Labels to Packets
Page 47
Rick Graziani [email protected] 47
Implementing Frame Mode MPLS
Page 48
Rick Graziani [email protected] 48
Describing MPLS VPN Technology
Page 49
Rick Graziani [email protected] 49
Lab 4.1 Configuring Frame Mode MPLS
Page 50
Rick Graziani [email protected] 50
Lab 4.2 Challenge Lab: Implementing MPLS VPNs (Optional)
Page 51
Rick Graziani [email protected] 51
Chapter 5 Cisco Device Hardening
• Thinking Like a Hacker • Mitigating Network Attacks • Network Attacks Using Intelligence • Disabling Unused Cisco Router Network Services and
Interfaces• Securing Cisco Router Administrative Access• Configuring Role-Based CLI • Mitigating Threats and Attacks with Access Lists• Securing Management and Reporting Features • Configuring SNMP • Configuring the NTP Client • Configuring AAA on Cisco Routers • Cisco Device Hardening Lab Exercises
Page 52
Rick Graziani [email protected] 52
Thinking Like a Hacker
Page 53
Rick Graziani [email protected] 53
Mitigating Network Attacks
Page 54
Rick Graziani [email protected] 54
Network Attacks Using Intelligence
Page 55
Rick Graziani [email protected] 55
Disabling Unused Cisco Router Network Services and Interfaces
Page 56
Rick Graziani [email protected] 56
Securing Cisco Router Administrative Access
Page 57
Rick Graziani [email protected] 57
Configuring Role-Based CLI
Page 58
Rick Graziani [email protected] 58
Mitigating Threats and Attacks with Access Lists
Page 59
Rick Graziani [email protected] 59
Securing Management and Reporting Features
Page 60
Rick Graziani [email protected] 60
Configuring SNMP
Page 61
Rick Graziani [email protected] 61
Configuring the NTP Client
Page 62
Rick Graziani [email protected] 62
Configuring AAA on Cisco Routers
Page 63
Rick Graziani [email protected] 63
Lab 5.1 Using SDM One-Step Lockdown
Page 64
Rick Graziani [email protected] 64
Lab 5.2 Securing a Router with Cisco AutoSecure
Page 65
Rick Graziani [email protected] 65
Lab 5.3 Disabling Unneeded Services
Page 66
Rick Graziani [email protected] 66
Lab 5.4 Enhancing Router Security
Page 67
Rick Graziani [email protected] 67
Lab 5.5 Configuring Logging
Page 68
Rick Graziani [email protected] 68
Lab 5.6 Configuring AAA Authentication
Page 69
Rick Graziani [email protected] 69
Lab 5.7 Configuring Role-Based CLI Views
Page 70
Rick Graziani [email protected] 70
Lab 5.8 Configuring NTP
Page 71
Rick Graziani [email protected] 71
Chapter 6 Cisco IOS Threat Defense Features
• Introducing the Cisco IOS Firewall
• Configuring Cisco IOS Firewall from the CLI
• Basic and Advanced Firewall Wizards
• Introducing Cisco IOS IPS
• Configuring Cisco IOS IPS
• Threat Defense Lab Exercises
Page 72
Rick Graziani [email protected] 72
Introducing the Cisco IOS Firewall
Page 73
Rick Graziani [email protected] 73
Configuring Cisco IOS Firewall from the CLI
Page 74
Rick Graziani [email protected] 74
Basic and Advanced Firewall Wizards
Page 75
Rick Graziani [email protected] 75
Introducing Cisco IOS IPS
Page 76
Rick Graziani [email protected] 76
Configuring Cisco IOS IPS
Page 77
Rick Graziani [email protected] 77
Lab 6.1 Configuring a Cisco IOS Firewall Using SDM
Page 78
Rick Graziani [email protected] 78
Lab 6.2 Configuring CBAC
Page 79
Rick Graziani [email protected] 79
Lab 6.3 Configuring IPS with SDM
Page 80
Rick Graziani [email protected] 80
Lab 6.4 Configuring IPS with CLI
Page 81
ISCWImplementing Secure Cisco WANs
Preview
CIS 186 ISCW
Rick Graziani
Fall 2007