Загрузить в PDFCCNA Security helps students develop the skills needed to succeed in IT-related degree programs and prepare for the CCNA Security certification. It provides a theoretically rich, hands-on introduction to network security, in a logical sequence driven by technologies.
The goals of CCNA Security are as follows:
- Provide an in-depth, theoretical understanding of network security
- Provide students with the knowledge and skills necessary to design and support network security
- Provide an experience-oriented course that employs industry-relevant instructional approaches to prepare students for associate-level jobs in the industry
- Enable students to have significant hands-on interaction with IT equipment to prepare them for certification exams and career opportunities
Upon completion of the CCNA Security course, students will be able to perform the following tasks:
- Describe the security threats facing modern network infrastructures
- Secure network device access
- Implement AAA on network devices
- Mitigate threats to networks using ACLs
- Implement secure network management and reporting
- Mitigate common Layer 2 attacks
- Implement the Cisco IOS firewall feature set
- Implement the Cisco IOS IPS feature set
- Implement site-to-site IPSec VPNs
- Administer effective security policies
Chapter Outline
| Chapter/Section | Goals/Objectives |
|---|---|
| Chapter 1. Modern Network Security Threats | Explain network threats, mitigation techniques, and the basics of securing a network |
| 1.1 Fundamental Principles of a Secure Network | Describe the fundamental principles of securing a network |
| 1.2 Worms, Viruses and Trojan Horses | Describe the characteristics of worms, viruses, and Trojan horses and mitigation methods |
| 1.3 Attack Methodologies | Describe common network attack methodologies and mitigation techniques such as Reconnaissance, Access, Denial of Service, and DDoS |
| Chapter 2. Securing Network Devices | Secure administrative access on Cisco routers |
| 2.1 Securing Device Access and Files | Configure secure administrative access and router resiliency |
| 2.2 Privilege Levels and Role-Based CLI | Configure command authorization using privilege levels and role-based CLI |
| 2.3 Monitoring Devices | Configure network devices for monitoring |
| 2.4 Using Automated Features | Secure IOS-based routers using automated features |
| Chapter 3. Authentication, Authorization and Accounting | Secure administrative access with AAA |
| 3.1 Purpose of AAA | Describe the purpose of AAA and the various implementation techniques |
| 3.2 Configuring Local AAA | Implementing AAA using the local database |
| 3.3 Configure Server-Based AAA | Implementing AAA using TACACS+ and RADIUS protocols |
| Chapter 4. Implementing Firewall Technologies | Implement firewall technologies to secure the network perimeter |
| 4.1 Access Control Lists | Implement ACLs |
| 4.2 Firewall Technologies | Describe the purpose and operation of firewall technologies |
| 4.3 Context-Based Access Control | Implement CBAC |
| 4.4 Zone-Based Policy Firewall | Implement Zone-based policy Firewall using SDM and CLI |
| Chapter 5. Implementing Intrusion Prevention | Configure IPS to mitigate attacks on the network |
| 5.1 IPS Technologies | Describe the purpose and operation of network-based and host-based Intrusion Prevention Systems |
| 5.2 Implementing IPS | Implement Cisco IOS IPS operations using SDM and CLI |
| Chapter 6. Securing the Local Area Network | Describe LAN security considerations and implement endpoint and Layer 2 security features |
| 6.1 Endpoint Security Considerations | Describe endpoint vulnerabilities and protection methods |
| 6.2 Layer 2 Security Considerations | Describe basic Catalyst switch vulnerabilities such as VLAN attacks, STP manipulation, CAM table overflow attacks, and MAC address spoofing attacks |
| 6.3 Wireless, VoIP and SAN Security Considerations | Describe the fundamentals of Wireless, VoIP and SANs, and the associated security considerations |
| 6.4 Configuring Switch Security | Configure and verify switch security features, including port security and storm control |
| 6.5 SPAN and RSPAN | Describe Switched Port Analyzer (SPAN) and Remote SPAN (RSPAN) |
| Chapter 7. Cryptography | Describe methods for implementing data confidentiality and integrity |
| 7.1 Cryptographic Services | Describe how different types of encryption, hashes, and digital signatures work together to provide confidentiality, integrity, and non-repudiation |
| 7.2 Hashes and Digital Signatures and authentication | Describe the mechanisms to ensure data integrity |
| 7.3 Symmetric and Asymmetric Encryption | Describe the mechanisms used to ensure data confidentiality |
| Chapter 8. Implementing Virtual Private Networks | Implement secure virtual private networks |
| 8.1 VPNs | Describe the purpose and operation of VPN types |
| 8.2 IPSec VPN Components and Operation | Describe the components and operations of IPSec VPNs |
| 8.3 Implementing Site-to-Site IPSec VPNs | Configure and verify a site-to-site IPSec VPN with pre-shared key authentication using SDM and CLI |
| 8.4 Implementing a Remote Access VPN | Configure and verify a remote access VPN |
| 8.5 Implementing SSL VPNs | Configure and verify SSL VPNs |
| Chapter 9. Managing a Secure Network | Given the security needs of an enterprise, create and implement a comprehensive security policy |
| 9.1 Secure Network Lifecycle | Describe the secure network lifecycle |
| 9.2 Self-Defending Network | Describe the components of a self-defending network and business continuity plans |
| 9.3 Building a Comprehensive Security Policy | Establish a comprehensive security policy to meet the security needs of a given enterprise |
| Chapter 10. Implementing the Cisco Adaptive Security Appliance (ASA) | Implement firewall technologies using the ASA to secure the network perimeter |
| 10.1 Introduction to the ASA | Describe the ASA as an advanced stateful firewall |
| 10.2 ASA Firewall Configuration | Implement an ASA firewall configuration |
| 10.3 ASA VPN Configuration | Implement remote-access VPNs on an ASA |