Course Description
Description
Implementing Cisco Edge Network Security Solutions (SENSS) v1.0 is a newly created five-day instructor-led training (ILT) course that is part of the curriculum path leading to the Cisco Certified Network Professional Security (CCNP Security) certification. Additionally, it is designed to prepare security engineers with the knowledge and hands-on experience to prepare them to configure Cisco perimeter edge security solutions utilizing Cisco Switches, Cisco Routers, and Cisco Adaptive Security Appliance (ASA) Firewalls.
The goal of the course is to provide students with foundational knowledge and the capabilities to implement and managed security on Cisco ASA firewalls, Cisco Routers with the firewall feature set, and Cisco Switches.
The student will gain hands-on experience with configuring various perimeter security solutions for mitigating outside threats and securing network zones. At the end of the course, students will be able to reduce the risk to their IT infrastructures and applications using Cisco Switches, Cisco ASA, and Router security appliance feature and provide detailed operations support for these products.
Note: Students registering for this course will be receiving their course kit in a digital format. To be able to view your digital kit you will need to bring a laptop PC and/or a compatible iPad or Android tablet. The recommended system requirements and instructions to access the course kit content can be found at the following link:Digital Course Kit Requirements and Instructions
Please be aware that this digital version is designed for online use, not for printing. You can print up to 10 pages only in each guide within a course. Please note that every time you click the Print button in the book, this counts as one page printed, whether or not you click OK in the Print dialog.
If you have any questions or issues with meeting the requirements listed above, please contact us at rlt@skyline-ats.com and provide the class name to which you are attending and we will be more than happy to help.
Objectives
Upon completing this course, you will be able to:
- Understand current security threat landscape
- Understanding and implementing Cisco modular Network Security Architectures such as SecureX and TrustSec
- Deploy Cisco Infrastructure management and control plane security controls
- Configuring Cisco layer 2 and layer 3 data plane security controls
- Implement and maintain Cisco ASA Network Address Translations (NAT)
- Implement and maintain Cisco IOS Software Network Address Translations (NAT)
- Designing and deploying Cisco Threat Defense solutions on a Cisco ASA utilizing access policy and application and identity based inspection
- Implementing Botnet Traffic Filters
- Deploying Cisco IOS Zone-Based Policy Firewalls (ZBFW)
- Configure and verify Cisco IOS ZBFW Application Inspection Policy
Prerequisites
The knowledge and skills that a learner must have before attending this course are as follows:
- Cisco Certified Network Associate (CCNA) certification
- Cisco Certified Network Associate (CCNA) Security certification
- Knowledge of Microsoft Windows operating system
Who Should Attend
The primary audience for this course is as follows:
- Network Security Engineers
Outline
Module 1: Cisco Secure Design Principles
Lesson 1: Network Security Zoning
Lesson 2: Cisco Module Network Architecture
Lesson 3: Cisco SecureX Architecture
Lesson 4: Cisco TrustSec Solutions
Module 2: Implement Network Infrastructure ProtectionLesson 1: Introducing Cisco Network Infrastructure Architecture
Lesson 2: Deploying Cisco IOS Control Plane Security Controls
Lesson 3: Deploying Cisco IOS Management Plane Security Controls
Lesson 4: Deploying Cisco ASA Management Plane Security Controls
Lesson 5: Deploying Cisco Traffic Telemetry Methods
Lesson 6: Deploying Cisco IOS Layer 2 Data Plane Security Controls
Lesson 7: Deploying Cisco IOS Layer 3 Data Plane Security Controls
Module 3: Deploying NAT on Cisco IOS and Cisco Adaptive Security Appliance (ASA)Lesson 1: Introducing Network Address Translation
Lesson 2: Deploying Cisco ASA Network Address Translation
Lesson 3: Deploying Cisco IOS Software Network Address Translation
Module 4: Deploying Threat Controls on Cisco ASALesson 1: Introducing Cisco Threat Controls
Lesson 2: Deploying Cisco ASA Basic Access Controls
Lesson 3: Deploying Cisco ASA Application Inspection Policies
Lesson 4: Deploying Cisco ASA Botnet Traffic Filtering
Lesson 5: Deploying Cisco ASA Identity Based Firewall
Module 5: Deploying Threat Controls on Cisco IOS SoftwareLesson 1: Deploying Cisco IOS Software with Basic Zone-Based Firewall Policies
Lesson 2: Deploying Cisco IOS Software Zone-Based Firewall with Application Inspection Policies
Lab Outline
Lab 2-1: Configuring Configure Cisco Policy Protection (CPP) and Management Plane Protection (MPP)
Lab 2-2: Configure Traffic Telemetry Methods
Lab 2-3: Configure Layer 2 Data Plane Security
Lab 2-4: Configure Layer 3 Data Plane Security
Lab 3-1: Configure NAT on Cisco Adaptive Security Appliance (ASA) Firewall
Lab 3-2: Configure NAT on Cisco IOS Software
Lab 4-1: Configure Cisco ASA Access Policy
Lab 4-2: Configure Cisco ASA Application Inspection Policy
Lab 4-3: Configure Cisco ASA Botnet Traffic Filter
Lab 4-4: Configure Cisco ASA Identity Based Firewall
Lab 5-1: Configure Cisco IOS Software Zone-Based Firewall (ZBFW)
Lab 5-2: Configure Cisco IOS Software ZBFW Application Inspection Policy