Course Description
The Securing Networks with Cisco Routers and Switches (SECURE) 1.0 course is a 5-day instructor-led course that aims at providing network security engineers with the knowledge and skills needed to secure Cisco IOS Software router- and switch-based networks, and provide security services based on Cisco IOS Software. You will learn to secure the network environment using existing Cisco IOS Software features, as well as install and configure components of the Cisco IOS Software, such as zone-based policy firewall, Cisco IOS Intrusion Prevention System (IPS), user-based firewall, secure tunnels using IP Security (IPsec) virtual private network (VPN) technology including public key infrastructure (PKI), virtual tunnel interface/dynamic virtual tunnel interface (VTI/DVTI), Group Encrypted Transport VPN (GET VPN), Dynamic Multipoint Virtual Private Network (DMVPN), Secure Sockets Layer (SSL) VPN, and advanced switch security features. The course focuses on the implementation and troubleshooting aspects of the lifecycle services approach, adding some elements of the design phase as well.
Agenda
High-Level Course Outline
This subtopic provides an overview of how the course is organized. The course contains these components:
Course Introduction Deploying Cisco IOS Software Network Foundation Protection Deploying Cisco IOS Software Threat Control and Containment Deploying Cisco IOS Software Site-to-Site Transmission Security Deploying Secure Remote Access with Cisco IOS Software Appendix A: Case Study: Configuring and Verifying Basic 802.1X Features Appendix B: Deploying Advanced 802.1X Features Appendix C: Case Study: Configuring and Verifying Advanced 802.1X Features Lab Guide Who should attend
This course is primarily intended for:
Network Security Engineers (NSEs) involved in VPN design, implementation and maintenance Cisco customers who implement and maintain Cisco routers and switches Others who would find this course useful include:
Cisco channel partners who sell, implement and maintain Cisco switches and routers Cisco engineers who support the sale of Cisco switches and routers Certifications
This course is part of the following Certifications:
Cisco Firewall Security Specialist (CFSS) Cisco VPN Security Specialist (CVSS) Cisco IOS Security Specialist (CISS) Cisco Certified Network Professional Security (CCNP Security) CCIE Security (CCIES Security) Prerequisites
The knowledge and skills you must have before attending this course are as follows:
Cisco Certified Network Associate (CCNA) certification or equivalent in knowledge Cisco Certified Network Associate Security (CCNA Security) certification or equivalent in knowledge Working knowledge of the Microsoft Windows operating system Course Objectives
Upon completing this course, you will be able to:
Implement and maintain Cisco IOS Software infrastructure protection controls in a Cisco router- and switch-based network infrastructure Implement and maintain Cisco IOS Software threat control and containment technologies in a Cisco router-based perimeter infrastructure Implement and maintain Cisco IOS Software VPN technologies in a Cisco router-based WAN Implement and maintain Cisco IOS Software remote access VPN technologies in a Cisco router-based remote access solution Detailed Course Outline
Day 1: Deploying Cisco IOS Software Network Foundation Protection
Course Introduction Lesson 1-1: Deploying Network Foundation Protection Controls Lesson 1-2: Deploying Advanced Switched Data Plane Security Controls Lab 1-1: Configuring Advanced Switched Data Plane Security Controls Lesson 1-3: Implementing Cisco Identity-Based Network Services Lesson 1-4: Deploying Basic 802.1X Features Lesson 1-5: Deploying Advanced Routed Data Plane Security Controls Lesson 1-6: Deploying Advanced Control Plane Security Controls Day 2: Deploying Cisco IOS Software Network Foundation Protection; Deploying Cisco IOS Software Threat Control and Containment
Review of Day 1 Lesson 1-7: Deploying Advanced Management Plane Security Controls Lab 1-2: Configuring Advanced Infrastructure Security Controls Lesson 2-1: Deploying Cisco IOS Software Network Address Translation Lesson 2-2: Deploying Basic Zone-Based Policy Firewalls Lab 2-1: Configuring Basic Zoned-Based Policy Firewall Features Lesson 2-3: Deploying Advanced Zone-Based Policy Firewalls Day 3: Deploying Cisco IOS Software Threat Control and Containment; Deploying Cisco IOS Software Site-to-Site Transmission Security
Review of Day 2 Lab 2-2: Configuring Advanced Zoned-Based Policy Firewall Features Lesson 2-4: Deploying Cisco IOS IPS Lab 2-3: Configuring Cisco IOS Software IPS Lesson 3-1: Site-to-Site VPN Architectures and Technologies Lesson 3-2: Deploying VTI-Based Site-to-Site IPsec VPNs Lesson 3-3: Deploying Scalable Authentication in Site-to-Site IPsec VPNs Day 4: Deploying Cisco IOS Software Site-to-Site Transmission Security; Deploying Secure Remote Access with Cisco IOS Software
Lab 3-1: Configuring a PKI-Enabled Site-to-Site IPsec VPN Lesson 3-4: Deploying DMVPNs Lab 3-2: Configuring Cisco IOS Software DMVPN Spokes Lesson 3-5: Deploying High Availability in Tunnel-Based IPsec VPNs Lesson 3-6: Deploying GET VPN Lab 3-3: Configuring GET VPN Group Members Lesson 4-1: Remote Access VPN Architectures and Technologies Day 5: Deploying Secure Remote Access with Cisco IOS Software
Review of Day 4 Lesson 4-2: Deploying Remote Access Solutions Using SSL VPN Lab 4-1: Configuring a Cisco IOS Software SSL VPN Gateway Lesson 4-3: Deploying Remote Access Solutions Using Cisco Easy VPN Lab 4-2: Configuring Cisco Easy VPN