640-553 Implementing Cisco IOS Network Security Curriculum Outline

Cisco IINS 1.0: Mitigating Layer 2 Attacks

Overview/Description
Like routers, both Layer 2 and Layer 3 switches have their own set of network security requirements. Access to switches is a convenient entry point for attackers who are intent on illegally gaining access to a corporate network. With access to a switch, an attacker can set up rogue access points and protocol analyzers, and launch all types of attacks from within the network. Attackers can even spoof the MAC and IP addresses of critical servers to do a great deal of damage. This course examines various Layer 2 attacks and strategies to mitigate them. This course is one of a series from the IINS 1.0 SkillSoft learning paths which cover the objectives for Cisco exam 640-553 IINS 1.0.

Target Audience
Network designers, administrators, engineers, and managers; systems engineers; individuals seeking the Implementing Cisco IOS Network Security (IINS) v1.0 640-553 certification

Prerequisites
Knowledge and skills equivalent to those learned in Interconnecting Cisco Networking Devices Part 1 (ICND1); working knowledge of the Windows Operating System; working knowledge of Cisco IOS networking and concepts.

Expected Duration
1.0 hours

Lesson Objectives

Layer 2 Vulnerabilities and VLAN Attacks recognize how to mitigate VLAN attacks

Types of Layer 2 Attacks recognize how to prevent STP manipulation recognize how to mitigate STP vulnerabilities

Using Port Security recognize how to use port security to defend networks from Layer 2 attacks

Switch Security Features and Best Practices recognize features available in Cisco switch security

Using Cisco Catalyst Switch Security Features

Course ID: cc_iins_a09_it_enus

Back to List

Cisco IINS 1.0: Network Security Principles I

Overview/Description
The open nature of the Internet makes it increasingly important for growing businesses to pay attention to the security of their networks. As companies move more of their business functions to the public network, they need to take precautions to ensure that their data remains uncompromised. With the challenges of increased availability requirements and growing regulatory requirements, establishing and maintaining a secure network computing environment is becoming increasingly difficult.
This course provides an explanation of the core principles that are part of the secure network environment. It explains how sophisticated attack tools and open networks generate an increased need for network security and dynamic security policies, the primary objectives of security and primary types of security controls, as well as some of the factors that are involved in responding to a security breach. Examining who hackers are, what motivates them, and how they do what they do, as well as variety of attacks against confidentiality, integrity, and availability and some of the best practices to defeat them are also covered. This course is one of a series from the IINS 1.0 SkillSoft learning paths which cover the objectives for Cisco exam 640-553 IINS 1.0.

Target Audience
Network designers, administrators, engineers, and managers; systems engineers; individuals seeking the Implementing Cisco IOS Network Security (IINS) v1.0 640-553 certification

Prerequisites
Knowledge and skills equivalent to those learned in Interconnecting Cisco Networking Devices Part 1 (ICND1); a working knowledge of the Windows operating system and Cisco IOS networking and concepts

Expected Duration
2.0 hours

Lesson Objectives

Combating Threats to Security recognize why theres an increased need for network security and dynamic security policies recognize the three primary objectives of security

Data Classification and Security Controls recognize how data is classified recognize the primary types of security controls

Security breaches, laws, and ethics recognize the factors involved in responding to a security breach recognize key codes of ethics that are binding to INFOSEC professionals

Adversaries, Motivations, and Classes of Attack recognize the motivations of different types of hackers recognize typical attacks that hackers use

Defense in Depth recognize the principles of defense in depth

IP Spoofing Attacks recognize how attackers use IP spoofing to launch various types of attacks

Confidentiality Attacks recognize how attackers can compromise confidentiality

Integrity attacks recognize the methods that attackers can use to compromise integrity

Availability Attacks recognize how attackers can compromise availability

Responding to a Security Breach

Course ID: cc_iins_a01_it_enus

Back to List

Cisco IINS 1.0: Network Security Principles II

Overview/Description
Operations security concerns the day-to-day practices necessary to first deploy and later maintain a secure system. As an administrator, its very important to understand the principles behind operations security. Its equally important to know that the security policy thats developed in your organization drives all of the steps taken to secure network resources. In order to create an effective security policy, it is necessary to do a risk analysis in order to maximize the effectiveness of the policy. Also, it is essential that everyone is aware of the policy, or it is doomed to fail. This course explains the principles behind operations security and how correct practices increase security, including security testing, a secure life cycle, and business continuity planning. In addition, it reviews how increasing network security threats demand comprehensive network security policies, and describes the main activities in each phase of a secure network life cycle. Implementing the Cisco Self-Defending Network strategy by enhancing the existing network infrastructure with Cisco technologies, products, and solutions is also covered. This course is one of a series from the IINS 1.0 SkillSoft learning paths which cover the objectives for Cisco exam 640-553 IINS 1.0.

Target Audience
Network designers, administrators, engineers, and managers; systems engineers; individuals seeking the Implementing Cisco IOS Network Security (IINS) v1.0 640-553 certification

Expected Duration
2.0 hours

Lesson Objectives

Operations Security Principles recognize how to use SDLC to design a secure network life cycle management process identify key operations security principles

Security Testing and Disaster Recovery recognize how network security testing works recognize the principles of disaster recovery planning

Security Policy Overview recognize the function of a security policy recognize the functions and characteristics of security standards, guidelines, and procedures

Risk Management recognize the role that risk management plays in the development of a security policy

Principles of Secure Network Design recognize the principles of secure network design

Security Awareness recognize how security awareness, education, and training can help to increase the effectiveness of a security policy

Threats and Challenges recognize how changing threats and challenges demand a new approach to network security

The Cisco Self-Defending Network recognize the benefits of a Cisco Self-Defending Network recognize the solution components of a Cisco Self-Defending Network

Implementing Network Security Principles

Course ID: cc_iins_a02_it_enus

Back to List

Cisco IINS 1.0: Perimeter Security

Overview/Description
Traffic from outside a closed network that has a destination inside a closed network passes through the network perimeter. The routers at the network perimeter are an important initial point of network security. This course explains how to use the CLI to configure routers on the network perimeter with Cisco IOS Software security features, including securing the physical installation of and administrative access to Cisco routers based on different network requirements. It explores the features and uses of SDM, and how to configure a Cisco router to perform AAA authentication with a local database using the Cisco SDM. This course also covers the operation of external AAA sources such as RADIUS and TACACS+ servers, how to configure a Cisco router to perform AAA, and how to securely implement the management and reporting features of syslog, SNMP, SSH, and NTP. This course is one of a series from the IINS 1.0 SkillSoft learning paths which cover the objectives for Cisco exam 640-553 IINS 1.0.

Target Audience
Network designers, administrators, engineers, and managers; systems engineers; individuals seeking the Implementing Cisco IOS Network Security (IINS) v1.0 640-553 certification

Expected Duration
1.5 hours

Lesson Objectives

Router Security Features recognize the security features of the Cisco IOS Software recognize the features of the Cisco Integrated Services Routers

Configuring Secure Administrative Access recognize how to configure secure administrative access

Multiple Privilege Levels and Role-Based CLI Access recognize how to configure multiple privilege levels recognize how to configure role-based CLI access

Image Files, Virtual Logins, and Banner Messages recognize how to configure the Cisco IOS Resilient Configuration feature, virtual login connection security, and a banner message

Securing Cisco Router Administrative Access

Introducing Cisco SDM recognize the features of Cisco SDM recognize how to configure existing routers so that Cisco SDM can access them properly

Configuring AAA on a Cisco Router recognize how to use local services to authenticate router access recognize how to configure a Cisco router to perform AAA using a local database for authentication

Course ID: cc_iins_a03_it_enus

Back to List

Cisco IINS 1.0: Network Security Using Cisco IOS Firewalls

Overview/Description
Implementing network-wide security can be a daunting task depending on the size and business of the company. Organizations must balance the cost in staff and equipment to implement a network security policy against the potential costs of network security breaches. Cisco provides several router-based solutions for implementing firewall features: basic traffic filtering capabilities using access control lists (ACLs), Cisco IOS Firewalls, and Cisco IOS zone-based policy firewalls. This course explains the operations of the different types of firewall technologies and describes the firewall technologies that are embedded in Cisco routers and Cisco security appliances. The processes of creating static packet filters using ACLs, and configuring a Cisco IOS zone-based policy firewall on your network using the Cisco SDM wizard are also covered. This course is one of a series from the IINS 1.0 SkillSoft learning paths which cover the objectives for Cisco exam 640-553 IINS 1.0.

Target Audience
Network designers, administrators, engineers, and managers; systems engineers; individuals seeking the Implementing Cisco IOS Network Security (IINS) v1.0 640-553 certification

Expected Duration
2.5 hours

Lesson Objectives

Firewall Fundamentals recognize the role of firewalls in securing networks recognize how a static packet filter allows or blocks data packets as they pass through a network interface

Application Layer Gateways recognize how application layer or proxy firewalls control or monitor inbound and outbound traffic

Firewall Types and Features recognize how dynamic or stateful inspection packet filtering provides improved network security and performance recognize how application inspection firewalls, transparent firewalls, and Cisco IOS firewalls function

Access Control List Fundamentals recognize how ACLs are used to control access in networks

ACL Wildcard Masking and Traffic Control recognize how to use wildcard masks with ACLs recognize how to configure ACLs to control traffic using a variety of protocols

ACL Considerations recognize the considerations for creating ACLs

Security Device Manager ACL Configuration recognize how to configure standard and extended ACLs using Cisco SDM recognize how to configure ACLs to protect common network services

Creating Static Packet Filters Using ACLs

Zone-Based Policy Firewalls Basics recognize the principles of Zone-Based Policy Firewalls recognize how to configure a Zone-Based Policy Firewall using the Cisco SDM Basic Firewall Configuration Wizard

Configuring and Verifying Zone-Based Firewalls recognize how to use the Cisco SDM to manually configure a Zone-Based Policy Firewall

Course ID: cc_iins_a04_it_enus

Back to List

Cisco IINS 1.0: Cryptography, Encryption, and Digital Signatures

Overview/Description
Cryptographic services form the foundation for many security implementations and provide both confidentiality and integrity of data when that data might be exposed to untrusted parties. Understanding the basic functions of cryptography and how encryption and hashing provide confidentiality and integrity help in the creation of a successful security policy. It is also important to have a good understanding of the issues involved in key management. Cryptographic hashes and digital signatures play a major role in modern cryptosystems, and it is important to have a good understanding of the basic mechanisms of these algorithms and some of the issues that are involved in choosing a particular hashing algorithm or digital signature method. This course provides a primer on the theory of cryptography. It discusses the principles behind symmetric encryption, provides examples of major symmetric encryption algorithms, and examines their operations, strengths, and weaknesses. This course also touches on the major hashing algorithms that use Hashed Message Authentication Code (HMAC), and the digital signature technologies that are widely used in modern computing and networking. It also describes some of the real-world implications of using various algorithms and technologies. The principles behind asymmetric encryption and provides examples of major asymmetric encryption algorithms, including Rivest, Shamir, and Adleman (RSA); Diffie-Hellman (DH); and public key infrastructure (PKI) are also covered. This course is one of a series from the IINS 1.0 SkillSoft learning paths which cover the objectives for Cisco exam 640-553 IINS 1.0.

Target Audience
Network designers, administrators, engineers, and managers; systems engineers; individuals seeking the Implementing Cisco IOS Network Security (IINS) v1.0 640-553 certification

Expected Duration
2.5 hours

Lesson Objectives

Cryptology and Encryption Basics recognize how cryptography works recognize how cryptanalysis works

Algorithms, Ciphers, and Hashes recognize how symmetric and asymmetric encryption algorithms function recognize the differences between and benefits of the basic encryption algorithms

Key Management and SSL VPNs recognize the considerations of key management recognize how SSL VPNs work

Examining Symmetric Encryption recognize the features of symmetric encryption

Hash Algorithms recognize how hash algorithms and the HMAC variant function

MD-5, SHA-1, and Digital Signatures recognize the features of the MD5 and SHA-1 algorithms recognize the features of digital signatures

Asymmetric Encryption Algorithms recognize the generic functionality of asymmetric encryption algorithms recognize the features of the RSA and DH key exchange algorithms

PKI recognize how PKI algorithms function recognize PKI standards

Certificate Authorities recognize the role of CAs in a PKI

Comparing Encryption Methods

Course ID: cc_iins_a05_it_enus

Back to List

Cisco IINS 1.0: IP Security Site-to-Site Virtual Private Networks

Overview/Description
An IPsec VPN uses the Internet to connect branch offices, remote employees, and business partners to your company�s resources. It is a reliable way to maintain your company privacy while streamlining operations, reducing costs, and allowing flexible network administration.
This course explains the fundamental VPN-related concepts and technologies, and describes how to configure an IPsec site-to-site VPN tunnel using both the command-line interface (CLI) and the Cisco Router and Security Device Manager (SDM). This course is one of a series from the IINS 1.0 SkillSoft learning paths which cover the objectives for Cisco exam 640-553 IINS 1.0.

Target Audience
Network designers, administrators, engineers, and managers; systems engineers; individuals seeking the Implementing Cisco IOS Network Security (IINS) v1.0 640-553 certification

Expected Duration
1.5 hours

Lesson Objectives

VPN Fundamentals recognize the features of Cisco VPNs

IPsec Concepts and Framework recognize the advantages IPsec has over SSL recognize how encryption, integrity, and authentication are applied to the IPsec protocol suite

Internet Key Exchange Protocols recognize how the IKE protocol works

Configuring Site-to-Site IPsec VPNs I recognize how to configure a site-to-site IPsec VPN by configuring the interface ACL recognize how to configure a site-to-site IPsec VPN by creating an ISAKMP policy recognize how to configure a site-to-site IPsec VPN by defining the IPsec transform set

Configuring Site-to-Site IPsec VPNs II recognize how to configure a site-to-site IPsec VPN by creating a crypto ACL recognize how to configure a site-to-site IPsec VPN by creating and applying a crypto map

IPsec Site-to-Site VPN Using Cisco SDM recognize how to configure a site-to-site IPsec VPN with PSK authentication using Cisco SDM

Configuring a Site-to-Site IPsec VPN

Course ID: cc_iins_a06_it_enus

Back to List

Cisco IINS 1.0: Network Security Using Cisco IOS IPS

Overview/Description
In technological environments, Internet worms and viruses can spread across the world in a matter of minutes. Without the luxury of time to react, a network needs to be able to instantaneously recognize and mitigate worm and virus threats. A networking architecture paradigm shift is required to defend against these fast-moving attacks. Its no longer possible to contain the intrusions at a few points in the network. Intrusion prevention is required throughout the entire network to detect and stop an attack at every ingress and egress point in the network. The most scalable and cost-effective way to accomplish this is by integrating intrusion prevention systems (IPSs) into the access points of the network. This course provides the knowledge and skills required to configure IPSs on Cisco routers. This course is one of a series from the IINS 1.0 SkillSoft learning paths, which cover the objectives for Cisco exam 640-553 IINS 1.0.

Target Audience
Network designers, administrators, engineers, and managers; systems engineers; individuals seeking the Implementing Cisco IOS Network Security (IINS) v1.0 640-553 certification

Expected Duration
1.5 hours

Lesson Objectives

Intrusion Prevention System Overview recognize the differences between and similarities of IDS and IPS recognize how IPS may respond to an attack

Intrusion Prevention System Management recognize the role of IPS event monitoring and management recognize how host-based and network-based IPS monitoring operate

Intrusion Prevention System Solutions recognize the features of Cisco IPS appliances recognize how an IDS or IPS can use signatures

Cisco IOS IPS Features and Configuration recognize the IPS features of Cisco IOS Software recognize how to configure Cisco IOS IPS using Cisco SDM

Tuning, Monitoring, & Verifying Cisco IOS IPS recognize how to configure IPS signatures using Cisco SDM recognize how to monitor a Cisco IOS IPS router using Cisco SDM and the CLI

Configuring Cisco IOS IPS

Course ID: cc_iins_a07_it_enus

Back to List

Cisco IINS 1.0: LAN, SAN, Voice, and Endpoint Security

Overview/Description
It is important to have a good understanding of the additional aspects of network security, such as LAN, storage area network (SAN), voice, and endpoints. An understanding of how to place emphasis on Layer 2 and host security to provide a much more comprehensive coverage of the important issues involved in securing an enterprise is also crucial. This course explains how to configure LAN devices to control access, resist attacks, shield other network devices and systems, and protect the integrity and confidentiality of network traffic. This course also provides an overview of the basic principles of SANs and SAN security. The implications of implementing security measures in IP networks that transport voice are also covered. This course is one of a series from the IINS 1.0 SkillSoft learning paths which cover the objectives for Cisco exam 640-553 IINS 1.0.

Target Audience
Network designers, administrators, engineers, and managers; systems engineers; individuals seeking the Implementing Cisco IOS Network Security (IINS) v1.0 640-553 certification

Expected Duration
2.0 hours

Lesson Objectives

Endpoint Security Fundamentals recognize how endpoint security works recognize how buffer overflows present a threat

IronPort and Cisco NAC Security Products recognize the features of IronPort security products recognize how the Cisco NAC products enhance and complement endpoint security

Cisco Security Agent recognize how Cisco Security Agent provides endpoint security

SAN Security recognize the basic principles of SANs recognize security strategies you can use to compartmentalize data for security purposes

VoIP Fundamentals and Threats recognize fundamental VoIP concepts recognize security threats to VoIP networks

IP Telephony Risks recognize the security risks that voice-enabled networks face recognize how to prevent hacking on VoIP networks

Defending Against Endpoint Attacks

Course ID: cc_iins_a08_it_enus

Back to List