CCNASECURITY

CURRICULUM

1.1 Describe common security threats 1.1.a Common threats to the physical installationl�

1.1.b Mitigation methods for common network attacksl�

1.1.c Email-based threatsl�

1.1.d Web-based attacksl�

1.1.e Mitigation methods for Worm, Virus, and Trojan Horse attacksl�

1.1.f Phases of a secure network lifecyclel�

1.1.g Security needs of a typical enterprise with a comprehensive security policyl�

1.1.h Mobile/remote securityl�

1.1.i DLPl�

2.0 Security and Cisco Routers2.1 Implement Security on Cisco routers 2.1.a CCP Security Audit featurel�

2.1.b CCP One-Step Lockdown featurel�

2.1.c Secure router access using strong encrypted passwords, and using IOS login l�

enhancements, IPV6 security 2.1.d Multiple privilege levelsl�

2.1.e Role-Based CLIl�

2.1.f Cisco IOS image and configuration filesl�

2.2 Describe securing the control, data and management planel�

2.3 Describe CSMl�

2.4 Describe IPv4 to IPv6 transitionl�

2.4.a Reasons for IPv6l�

2.4.b Understanding IPv6 addressingl�

2.4.c Assigning IPv6 addressesl�

2.4.d Routing considerations for IPv6l�

3.0 AAA on Cisco Devices3.1 Implement authentication, authorization, and accounting (AAA) 3.1.a AAA using CCP on routersl�

3.1.b AAA using CLI on routers and switchesl�

3.1.c AAA on ASAl�

3.2 Describe TACACS+ l�

3.3 Describe RADIUSl�

3.4 Describe AAAl�

3.4.a Authenticationl�

3.4.b Authorizationl�

3.4.c Accountingl�

3.5 Verify AAA functionalityl�

4.0 IOS ACLs4.1 Describe standard, extended, and named IP IOS ACLs to filter packets 4.1.a IPv4l�

4.1.b IPv6l�

4.1.c Object groupsl�

4.1.d ACL operationsl�

4.1.e Types of ACLs (dynamic, reflexive, time-based ACLs)l�

4.1.f ACL wild card maskingl�

4.1.g Standard ACLsl�

4.1.h Extended ACLsl�

4.1.i Named ACLsl�

4.1.j VLSMl�

4.2 Describe considerations when building ACLs 4.2.a Sequencing of ACEsl�

4.2.b Modification of ACEsl�

4.3 Implement IP ACLs to mitigate threats in a networkl�

4.3.a Filter IP trafficl�

4.3.b SNMPl�

4.3.c DDoS attacksl�

4.3.d CLIl�

4.3.e CCPl�

4.3.f IP ACLs to prevent IP spoofingl�

4.3.g VACLsl�

5.0 Secure Network Management and Reporting5.1 Describe secure network management 5.1.a In-bandl�

5.1.b Out of bandl�

5.1.c Management protocolsl�

5.1.d Management enclavel�

5.1.e Management planel�

5.2 Implement secure network management 5.2.a SSHl�

5.2.b syslogl�

5.2.c SNMPl�

5.2.d NTPl�

5.2.e SCPl�

5.2.f CLIl�

5.2.g CCPl�

5.2.h SSLl�

6.0 Common Layer 2 Attacks 6.1 Describe Layer 2 security using Cisco switches 6.1.a STP attacksl�

6.1.b ARP spoofingl�

6.1.c MAC spoofingl�

6.1.d CAM overflowsl�

6.1.e CDP/LLDPl�

6.2 Describe VLAN Security 6.2.a Voice VLANl�

6.2.b PVLANl�

6.2.c VLAN hoppingl�

6.2.d Native VLANl�

6.3 Implement VLANs and trunking 6.3.a VLAN definitionl�

6.3.b Grouping functions into VLANsl�

6.3.c Considering traffic source to destination pathsl�

6.3.d Trunkingl�

6.3.e Native VLANl�

6.3.f VLAN trunking protocolsl�

6.3.g Inter-VLAN routingl�

6.4 Implement Spanning Tree 6.4.a Potential issues with redundant switch topologiesl�

6.4.b STP operationsl�

6.4.c Resolving issues with STPl�

7.0 Cisco Firewall Technologies7.1 Describe operational strengths and weaknesses of the different firewall technologies 7.1.a Proxy firewallsl�

7.1.b Packet and stateful packetl�

7.1.c Application firewalll�

7.1.d Personal firewalll�

7.1.e CDP/LLDPl�

7.2 Describe stateful firewalls 7.2.a Operationsl�

7.2.b Function of the state tablel�

7.3 Describe the types of NAT used in firewall technologies 7.3.a Staticl�

7.3.b Dynamicl�

7.3.c PATl�

7.4 Implement Zone Based Firewall using CCP 7.4.a Zone to zonel�

7.4.b Self zonel�

7.5 Implement the Cisco Adaptive Security Appliance (ASA) 7.5.a NATl�

7.5.b ACLl�

7.5.c Default MPFl�

7.5.d Cisco ASA sec levell�

7.6 Implement NAT and PAT 7.6.a Functions of NAT, PAT, and NAT Overloadl�

7.6.b Translating inside source addressesl�

7.6.c Overloading Inside global addressesl�

8.0 Cisco IPS8.1 Describe IPS deployment considerations 8.1.a SPANl�

8.1.b IPS product portfoliol�

8.1.c Placementl�

8.1.d Caveatsl�

8.2 Describe IPS technologies 8.2.a Attack responsesl�

8.2.b Monitoring optionsl�

8.2.c Syslogl�

8.2.d SDEEl�

8.2.e Signature enginesl�

8.2.f Signaturesl�

8.2.g Global correlation and SIOl�

8.2.h Network-basedl�

8.2.i Host-basedl�

Partners :

PITAMPURA (DELHI)NOIDAA-43 & A-52, Sector-16,

GHAZIABAD1, Anand Industrial Estate, Near ITS College, Mohan Nagar, Ghaziabad (U.P.)

GURGAON1808/2, 2nd floor old DLF,Near Honda Showroom,Sec.-14, Gurgaon (Haryana)

SOUTH EXTENSION

www.facebook.com/ducateducation

Java

Plot No. 366, 2nd Floor, Kohat Enclave, Pitampura,( Near- Kohat Metro Station)Above Allahabad Bank, New Delhi- 110034.

Noida - 201301, (U.P.) INDIA 70-70-90-50-90 +91 99-9999-3213 70-70-90-50-90 70-70-90-50-90

70-70-90-50-90

70-70-90-50-90

D-27,South Extension-1New Delhi-110049

+91 98-1161-2707

(DELHI)

8.3 Configure Cisco IOS IPS using CCP 8.3.a Loggingl�

8.3.b Signaturesl�

9.0VPN Technologies9.1 Describe the different methods used in cryptography 9.1.a Symmetricl�

9.1.b Asymmetricl�

9.1.c HMACl�

9.1.d Message digestl�

9.1.e PKIl�

9.2 Describe VPN technologies 9.2.a IPsecl�

9.2.b SSLl�

9.3 Describe the building blocks of IPSec 9.3.a IKEl�

9.3.b ESPl�

9.3.c AHl�

9.3.d Tunnel model�

9.3.e Transport model�

9.4 Implement an IOS IPSec site-to-site VPN with pre-shared key authentication 9.4.a CCPl�

9.4.b CLIl�

9.5 Verify VPN operations

9.6 Implement SSL VPN using ASA device manager 9.6.a Clientlessl�

9.6.b AnyConnectl�