IINS Implementing Cisco IOS Network Security
Course Description
Implementing Cisco IOS Network Security (IINS) is a 5 day,
instructor-led course that focuses on the necessity of a
comprehensive security policy and how it affects the posture of the
network. Learners will be able to perform basic tasks to secure a
small branch type of office network using Cisco IOS security
features available through web-based GUIs (Cisco Router and
Security Device Manager [SDM]) and the command-line interface (CLI)
on the Cisco routers and switches.
Prerequisites
To fully benefit from this course, it is recommended that you
have the following prerequisite skills and knowledge:
- Skills and knowledge equivalent to those learned in
Interconnecting Cisco Networking Devices Part 1 (ICND1)
- Working knowledge of the Windows operating system
- Working knowledge of Cisco IOS networking and concepts
Associated Certifications
Who Should Attend
This course is intended for the following audience:
- Network designers
- Network administrators
- Network engineers
- Network managers
- Systems engineers
Course Objectives
After completing this course, the student will be able to:
- Develop a comprehensive network security policy to counter
threats against information security
- Configure routers on the network perimeter with Cisco IOS
Software security features
- Configure firewall features including ACLs and Cisco IOS
zone-based policy firewalls to perform basic security operations on
a network
- Configure site-to-site VPNs using Cisco IOS features
- Configure IPS on Cisco network routers
- Configure LAN devices to control access, resist attacks, shield
other network devices and systems, and protect the integrity and
confidentiality of network traffic
Course Outline
1.Introduction to Network Security
Principles
- a.Examining Network Security Fundamentals
- b.Examining Network Attack Methodologies
- c.Examining Operations Security
- d.Understanding and Developing a Comprehensive Network Security
Policy
- e.Building Cisco Self-Defending Networks
2.Perimeter Security
- a.Securing Administrative Access to Cisco Routers
- b.Introducing Cisco SDM
- c.Configuring AAA on a Cisco Router Using the Local
Database
- d.Configuring AAA on Cisco Routers to Use Cisco Secure ACS
- e.Implementing Secure Management and Reporting
- f.Locking Down the Router
3.Network Security Using Cisco IOS
Firewalls
- a.Introducing Firewall Technologies
- b.Creating Static Packet Filters Using ACLs
- c.Configuring Cisco IOS Zone-Based Policy Firewall
4.Site-to-Site VPNs
- a.Examining Cryptographic Services
- b.Examining Symmetric Encryption
- c.Examining Cryptographic Hashes and Digital Signatures
- d.Examining Asymmetric Encryption and PKI
- e.Examining IPsec Fundamentals
- f.Building a Site-to-Site IPsec VPN
- g.Configuring IPsec on a Site-to-Site VPN Using Cisco SDM
5.Network Security Using Cisco IOS IPS
- a.Introducing IPS Technologies
- b.Configuring Cisco IOS IPS Using Cisco SDM
6.LAN, SAN, Voice, and Endpoint Security
Overview
- a.Examining Endpoint Security
- b.Examining SAN Security
- c.Examining Voice Security
- d.Mitigating Layer 2 Attacks
Hands-on Lab Exercises
- Lab 1-1: Embedding a Secret Message Using Steganography
- Lab 1-2: Scanning a Computer System Using Testing Tools
- Lab 1-3: Scanning a Network Using Testing Tools
- Lab 2-1: Securing Administrative Access to Cisco Routers
- Lab 2-2: Configuring AAA on Cisco Routers to Use the Local
Database
- Lab 2-3: Configuring AAA on Cisco Routers to Use Cisco Secure
ACS
- Lab 2-4: Implementing Secure Management and Reporting
- Lab 2-5: Using Cisco SDM One-Step Lockdown and Security
Audit
- Lab 3-1: Creating Static Packet Filters Using ACLs
- Lab 3-2: Configuring a Cisco IOS Zone-Based Policy
Firewall
- Lab 4-1: Configuring a Site-to-Site IPsec VPN
- Lab 5-1: Configuring Cisco IOS IPS
- Lab 6-1: Using Cisco Catalyst Switch Security Features