Cisco Security Accelerated

(SNPA & CSVPN)

Class Schedule Click here for dates and locations.

Course Description (SNPA & CSVPN)

Cisco security certifications focus on the growing need for knowledgeable network professionals who can implement complete network security solutions. The range of available security certifications enable candidates to validate their expertise in specific focused areas.

 

The Cisco Security Accelerated course is a combination of the Securing Networks with PIX and ASA (SNPA) and the Cisco Secure Virtual Private Networks  (CSVPN) course, both delivered together in one 5-day class. Because of the accelerated nature of the course, be prepared for long days in class -- 8:00 AM to 6:00 PM -- and a heavy study load. Also, not all material in the student manuals for each course will be reviewed in class. Students will have opportunities to ask questions on the material covered in the course kits that is not presented in class. The following are the descriptions of both included curricula presented separately.

 

Cisco Securing Networks with PIX and ASA  (SNPA)

SNPA Course Description

Course Content

The Cisco Securing Networks with PIX and ASA (SNPA) course is an instructor-led, lab-intensive course. This task-oriented course teaches the knowledge and skill needed to describe, configure, verify and manage the PIX Firewall product family.  Learners will implement an integrated hardware and software firewall solution which delivers full stateful firewall protection and IP Security (IPSec) VPN capabilities, allowing them to rigorously protect their internal network from outside intrusions.

Cisco security certifications focus on the growing need for knowledgeable network professionals who can implement complete network security solutions. The range of available security certifications enable candidates to validate their expertise in specific focused areas.

Course Objectives

After completing this course the student should be able to:

Install and configure a security appliance for basic network connectivity

  • Describe the Security Appliance hardware and software architecture
  • Determine the Security Appliance hardware and software configuration and verify if it is correct
  • Use setup or the CLI to configure basic network settings, including interface configurations
  • Use appropriate show commands to verify initial configurations
  • Configure NAT and global addressing to meet user requirements
  • Configure DHCP client option
  • Set default route
  • Configure logging options
  • Describe the firewall technology
  • Explain the information contained in syslog files
  • Configure static address translations
  • Configure Network Address Translations: PAT
  • Configure static port redirection
  • Configure a net static
  • Set embryonic and connection limits on the security appliance
  • Verify network address translation operation

Configure a security appliance to restrict inbound traffic from untrusted sources

  • Configure access-lists to filter traffic based on address, time, and protocols
  • Configure object-groups to optimize access-list processing
  • Configure Network Address Translations: Nat0
  • Configure Network Address Translations: Policy NAT
  • Configure java/activeX filtering
  • Configure URL filtering
  • Verify inbound traffic restrictions

Configure a security appliance to provide secure connectivity using site-to-site VPNs

  • Explain certificates, certificate authorities and how they are used
  • Explain the basic functionality of IPSec
  • Configure IKE with preshared keys
  • Configure IKE to use certificates
  • Differentiate between the types of encryption
  • Configure IPSec parameters
  • Configure crypto-maps and ACLs

Configure a security appliance to provide secure connectivity using remote access VPNs

  • Explain the functions of EasyVPN
  • Configure IPSec using EasyVPN Server/Client
  • Configure the Cisco Secure VPN client
  • Explain the purpose of WebVPN
  • Configure WebVPN services: Server/Client
  • Verify VPN operations

Configure transparent firewall, virtual firewall, and high availability firewall features on a security appliance

  • Explain differences between L2 and L3 operating modes
  • Configure security appliance for transparent mode (L2)
  • Explain purpose of virtual firewalls
  • Configure security appliance to support virtual firewall
  • Monitor and maintain virtual firewall
  • Explain the types, purpose and operation of fail-over
  • Install appropriate topology to support cable-based or LAN-based fail-over
  • Explain the hardware, software and licensing requirements for high-availability
  • Configure the SA for active/standby fail-over
  • Configure the SA for stateful fail-over
  • Configure the SA for active-active fail-over
  • Verify fail-over operation
  • Recover from a fail-over

Configure AAA services for access through a security appliance

  • Configure ACS for security appliance support
  • Configure security appliance to use AAA feature
  • Configure authentication using both local and external databases
  • Configure authorization using an external database
  • Configure the ACS server for downloadable ACLs
  • Configure accounting of connection start/stop
  • Verify AAA operation

Configure routing and switching on a security appliance

  • Enable DHCP server and relay functionality
  • Configure VLANs on a security appliance interface
  • Configure routing functionality of security appliance including OSPF, RIP
  • Configure security appliance to pass multi-cast traffic
  • Configure ICMP on the security appliance

Configure a modular policy on a security appliance

  • Configure a class-map
  • Configure a policy-map
  • Configure a service-policy
  • Configure a ftp-map
  • Configure a http-map
  • Configure an inspection protocol
  • Explain the function of protocol inspection
  • Explain DNS guard feature
  • Describe the AIP-SSM HW and SW
  • Load IPS SW on the AIP-SSM
  • Verify AIP-SSM
  • Configure an IPS modular policy

Monitor and manage an installed security appliance

  • Obtain and apply OS updates
  • Backup and restore configurations and software
  • Explain the security appliance file management system
  • Perform password/lockout recovery procedures
  • Obtain and upgrade license keys
  • Configure passwords for various access methods: Telnet, serial, enable, SSH
  • Configure various access methods: Telnet, SSH, PDM
  • Configure command authorization and privilege levels
  • Configure local username database
  • Verify access control methods
  • Enable ASDM functionality
  • Verify a security appliance configuration via ASDM
  • Verify the licensing available on a security appliance

 

 

Course Outline

Introduction

Cisco Security Appliance Technology and Features

Cisco PIX Security Appliance and ASA Families

·         Models and Features

·         Licensing

·         Firewall Service Module

Getting Started

·         User Interface

·         File Management

·         Security Levels

·         Basic Config

·         Examining Status

·         Time and NTP Support

·         Syslog Config

Translations and Connections

·         Tranport Protocols

·         Network Address Translation

·         Port Address Translation

·         Configuring Multiple Interfaces

Access Control Lists and Content Filtering

·         ACLS

·         Active Code Filtering

·         URL Filtering

Object Grouping

AAA Authentication, Authorization, and Accounting

·         Introduction to AAA

·         Installation of Cisco Secure ACS

·         Downloadable ACLs

Switching and Routing

·         VLANS

·         Static and Dynamic Routing

·         OSPF

·         Multicasting

Modular Policy Framework

·         Overview

·         Class Map

·         Policy Map

Advanced Protocol Handling

·         FTP Inspection

·         HTTP Inspection

·         Multimedia Support

VPN Configuration

·         Secure VPNS – IPSEC, IKE, DES, AES, D-H, MD5, SHA…

·         IPSEC/VPN Config

Configuring Cisco Easy VPN

Configuring ASA for WebVPN

Configuring Transparent Firewall

Configuring Security Contexts

·         Enabling Multiple Mode

·         Configuring/Managing

Failover

·         Serial Cable-Based

·         Lan-Based

·         Active/Active Configuration

Cisco Security Appliance Device Manager

·         ADSM

AIP-SSM

Managing Security Appliances

·         System Access

·         User Access Levels

·         Managing Software Licensing

·         Image Upgrade

 

 

 

Who Should Attend

  • Cisco CUSTOMERS who implement and maintain Cisco PIX Firewalls
  • Cisco CHANNEL PARTNERS who sell, implement and maintain Cisco PIX Firewalls
  • Cisco ENGINEERS who support the sales of the Cisco PIX Firewall

 

Prerequisites

  • Possess Cisco Certified Network Associate (CCNA) certification or the equivalent knowledge
  • Be familiar with encryption technologies: DES, 3DES, RSA, hashing algorithms (MD5/SHA), and IPSec
  • Have a basic knowledge of the Windows operating system.

 

 

Cisco Secure Virtual Private Networks (CSVPN)

Course Content

The Cisco Secure Virtual Private Networks (CSVPN) course is an instructor-led, lab-intensive course.  This task-oriented course teaches the knowledge and skills needed to describe, configure, verify, and manage a secure Cisco network through the use of the Cisco VPN 3000 Concentrator, Cisco VPN Software Client, and Cisco VPN 3002 Hardware Client feature set.  Learners will be able to provide network data encryption at the IP packet level, offering a robust, standards-based, security solution. CSVPN provides data authentication and anti-replay services, in addition to data confidentiality services.

Course Objectives

After completing this course the student should be able to:

Have an Overview of Virtual Private Networks and IPSec Technologies

• 

Cisco products enable a secure VPN

 

• 

IPSec overview

 

• 

IPSec protocol framework

 

• 

How IPSec works

 

Configure Cisco Virtual Private Network 3000 Concentrator Series Hardware

• 

Overview of the Cisco VPN 3000 Concentrator Series

 

• 

Cisco VPN 3000 Concentrator

 

• 

Cisco VPN 3000 Concentrator Series Client support

 

Configure the Cisco VPN 3000 Series Concentrator for Remote Access Using Pre-shared Keys

• 

Overview of remote access using pre-shared keys

 

• 

Initial configuration of the Cisco VPN 3000 Concentrator Series for remote access

 

• 

Browser configuration of the Cisco VPN 3000 Series Concentrator

 

• 

Configure users and groups

 

• 

More in-depth configuration information

 

• 

Configure the Cisco Windows VPN Software Client

 

Configure Cisco Virtual Private Network 3000 Series Concentrator for Remote Access Using Digital Certificates

• 

CA support overview

 

• 

Certificate generation

 

• 

Validating certificates

 

• 

Configuring the Cisco VPN 3000 Concentrator Series for CA support

 

Configure the Cisco Virtual Private Network Firewall Feature for IPSec Software Client

• 

Overview of software client's firewall feature

 

• 

Software Client's Are You There feature

 

• 

Software Client's Central Policy Protection feature

 

• 

Software Client's firewall statistics

 

• 

Customizing firewall policy

 

Configure the Cisco Virtual Private Network Client Auto-Initiation Feature

• 

Overview of the Cisco VPN Software Client auto-initiation

 

• 

Configure the Cisco VPN Software Client auto-initiation

 

Monitor and Administer Cisco VPN 3000 Remote Access Networks

• 

Monitoring

 

• 

Administration

 

• 

Bandwidth Management

 

Configure the Cisco VPN 3002 Hardware Client for Remote Access

• 

Cisco VPN 3002 Hardware client remote access with pre-shared keys

 

Configure the Cisco Virtual Private Network 3002 Hardware Client

• 

Overview of the Hardware Client interactive unit and user authentication features

 

• 

Configuring the Hardware Client interactive unit authentication feature

 

• 

Configuring the Hardware Client user authentication feature

 

• 

Monitoring the Hardware Client user statistics

 

Configure the Cisco Virtual Private Network Client Backup Server and Load Balancing

• 

Configuring the Cisco VPN Client backup server feature

 

• 

Configuring the Cisco VPN Client load balancing feature

 

• 

Overview of the Cisco VPN Client Reverse Route Injection feature

 

Configure the Virtual Private Network 3002 Hardware Client for Software Auto-Update

• 

Overview and configuration of the VPN 3002 Hardware Client software auto-update feature

 

• 

Monitoring the Cisco VPN 3002 Hardware Client software auto-update feature

 

Configure the Cisco Virtual Private Network 3000 Series Concentrator for the IPSec Over UDP and IPSec Over TCP

• 

Overview of Port Address Translation

 

• 

Configuring IPSec over UDP

 

• 

Configuring NAT-Transversal

 

• 

Configuring IPSec over TCP

 

Cisco Virtual Private Network 3000 Series Concentrator LAN-to-LAN with Pre-Shared Keys

• 

Cisco VPN 3000 Series Concentrator IPSec LAN-to-LAN

 

• 

LAN-to-LAN configuration

 

Cisco Virtual Private Network 3000 Series Concentrator LAN-to-LAN with NAT

• 

LAN-to-LAN overview

 

• 

Configuring the Concentrator LAN-LAN NAT feature

 

Cisco Virtual Private Network 3000 Series Concentrator LAN-to-LAN using Digital Certificates

• 

Root certificate installation

 

• 

Identify certificate installation

 

 

Course Outline

Chapter 1: Introduction

Chapter 2: Network Security Fundamentals

·         Need for Security

·         Security Policies

·         Network Attack Taxonomy

·         Management Protocols

Chapter 3: Overview of VPN and IPSec Technologies

·         VPN Products

·         IPSec Overview

Chapter 4: Cisco Virtual Private Network 3000 Concentrator Series Hardware Overview

·         Models

·         Benefits and Features

Chapter 5: Configure Cisco VPN 3000 for Remote Access Using Pre-shared Keys

·         Menu Configuration

·         Browser Configuration

·         Configure Users/Groups

·         Configure VPN Software Client

Chapter 6: Configure Cisco VPN 3000 for Remote Access Using Digital Certificates

·         Certificate Authority Support

Chapter 7: Configure Cisco VPN Firewall Feature for IPSec Software Client

·         AYT Feature

·         Stateful Firewall Feature

·         CPP Feature

Chapter 8: Configure Cisco VPN Client Auto-initiation

Chapter 9: Monitor and Administrer Cisco Virtual Private Network 3000 Remote Access Networks

·         Monitoring

·         Administration

·         Bandwidth Management

Chapter 10: Configure Cisco Virtual Private Network 3002 Hardware Client Remote Access

Chapter 11: Configuring Cisco 3002 Hardware Client for user and unit authentication

Chapter 12: Configuring Cisco 3002 Hardware Client for backup server, load balancing and reverse route

Chapter 13: Configuring Cisco 3002 Hardware Client for software auto-update

Chapter 14: Configuring Cisco 3002 Hardware Client for IPSec over TCP and UDP

Chapter 15: Cisco VPN 3000 LAN-to-LAN with Pre-Shared Keys

Chapter 16: Configure Cisco VPN Concentrator for LAN-toLAN Using NAT

Chapter 17: Configure Cisco Virtual Private Network 3000 LAN-to-LAN Using Digital Certificates

 

 

Who Should Attend

  • Cisco CUSTOMERS who implement and maintain Cisco PIX Firewalls
  • Cisco CHANNEL PARTNERS who sell, implement and maintain Cisco PIX Firewalls
  • Cisco ENGINEERS who support the sales of the Cisco PIX Firewall

 

Prerequisites

  • Possess Cisco Certified Network Associate (CCNA) certification or the equivalent knowledge
  • Be familiar with encryption technologies: DES, 3DES, RSA, hashing algorithms (MD5/SHA), and IPSec
  • Have a basic knowledge of the Windows operating system.