IINS - Implementing Cisco IOS Network Security

In this course, you'll focus on the necessity of a comprehensive security policy and how it affects the posture of the network. You will also learn how to analyze and mitigate attacks, taking the mystery out of them.

Course Outline

In this course, you'll focus on the necessity of a comprehensive security policy and how it affects the posture of the network. You will also learn how to analyze and mitigate attacks, taking the mystery out of them.

You will learn to perform basic tasks to secure a small branch type office network using Cisco IOS security features available through web-based GUIs (Cisco Router and Security Device Manager [SDM]) and the command-line interface (CLI) on the Cisco routers and switches.

We made significant enhancements to the standard IINS course materials and lab exercises, providing you with information that is vital for security professionals. Exclusive lessons and labs you won't find anywhere else include:

• Self-signed certificate management in IOS routers
• Spoof mitigation with Unicast reverse path forwarding
• Route table protection with route authentication
• Ethical hacking
• NAT coverage
• GRE over IPsec, which provides a VPN solution that is compatible with ZBF

Our IINS course covers everything you need to prepare for the CCNA Security certification exam. In addition, our exclusive material provides the bigger picture and adds relevancy so the standard concepts are easier to understand, retain, and put into practice.

Why Global Knowledge?

Our Exclusive Enhancements to Standard IINS Training

We made significant enhancements to our IINS labs, taking them beyond what you'll find in the standard offerings. Using our Flexible Security Architecture, we provide hands-on experience with a realistic lab topology that closely resembles what you'll work with on the job. Every pod has:

• Two 2811 routers
• One 1841 router
• One 3560 switch
• VMware server with 10 Virtual Machines (VMs)

What You'll Learn

• Develop a comprehensive network security policy to counter threats against information security
• Configure routers with Cisco IOS Software security features
• Configure a Cisco IOS zone-based firewall to perform basic security operations on a network
• Configure site-to-site VPNs using Cisco IOS features
• Configure IPS on Cisco network routers
• Configure security features on IOS switches to mitigate various Layer 2 attacks

Who Needs to Attend

• Network Designers
• Network
• Administrators
• Network Engineers
• Network Managers
• Systems Engineers

Course Outline
1. Exclusive - NAT and PAT

• Basics of NAT and PAT
• Configuring NAT and PAT
• Maintaining NAT and PAT
• Advanced Concepts

2. Introduction to Network Security Principles

• Network Security Fundamentals
• Network Attack Methodologies
• Operations Security
• Security Policy
• Building Cisco Self-Defending Networks
• Cryptographic Services
• Symmetric Encryption
• Cryptographic Hashes and Digital Signatures
• Asymmetric Encryption and PKI

3. Perimeter Security

• Securing Administrative Access to Cisco Routers
• Cisco SDM
• Configuring AAA on a Cisco Router Using the Local Database
• Configuring AAA on a Cisco Router to Use Cisco Secure ACS
• Implementing Secure Management and Reporting
• Locking Down the Router

4. Network Security Using Cisco IOS Firewalls

• Firewall Technologies
• Creating Static Packet Filters Using ACLs
• Configuring Cisco IOS Zone-Based Policy Firewall

5. Site-to-Site VPNs

• IPsec Fundamentals
• Building a Site-to-Site IPsec VPN
• Configuring IPsec on a Site-to-Site VPN Using Cisco SDM
• Exclusive - IPsec over GRE

6. Network Security Using Cisco IOS IPS

• IPS Technologies
• Configuring Cisco IOS IPS Using Cisco SDM

7. LAN, SAN, Voice, and Endpoint Security Overview

• Endpoint Security
• SAN Security
• Voice Security
• Mitigating Layer 2 Attacks

Labs

Lab 1: Exclusive - Network Address Translation

• Test and Verify NAT
• Verify the Configurations

Lab 2: Ethical Hacking

• Use Nmap to Scan the Network
• Exclusive - Perform Vulnerability Analysis with Nessus
• Exclusive - Execute a Buffer Overflow Attack with Metasploit
• Exclusive - Perform a Port Forwarding Attack with Fpipe
• Exclusive - Launch a SYN Flood Attack with Hping
• Exclusive - Simulate Worm Propagation
• Exclusive - Perform an ARP Cache Poisoning Attack with Cain

Lab 3: Securing IOS Administrative Access

• Set Passwords on the Physical Lines
• Configure Enable and Enable Secret Passwords
• Set VTY Line Passwords
• Use Service Password Encryption
• Exclusive - How Secure are Encrypted Passwords?
• Exclusive - How Secure are Hashed Passwords?
• Password Min-Length
• Line Timeouts
• Exclusive - Privilege Levels
• Configure Banner Messages
• Verify the IOS-FW Configuration

Lab 4: Exclusive - Preparing Cisco SDM

• Prepare the Admin PC for SDM
• Prepare the IOS-FW for SDM
• Install SDM on the Admin PC
• Launch SDM
• Manage IOS-FW Keys and Certificates
• Launch SDM again
• Verify Router Configuration

Lab 5: Configuring IOS AAA with the Local Database

• Enable AAA
• Test AAA
• Define and Test other Usernames
• Configure Role-Based CLI
• Exclusive - Role-Based CLI and AAA Authorization
• Exclusive - SDM's Built-In Roles
• Enhanced Login Features
• Verify the Router Configuration

Lab 6: Configuring IOS AAA with ACS

• Connect to ACS
• Set Up IOS-FW to ACS Communication
• Define a New Group and User in ACS
• Configure ACS-Based Authentication and Authorization
• Test ACS-Based Authentication and Authorization
• Configure ACS and Active Directory Integration
• Exclusive - Test the Fallback Method
• Exclusive - Command Authorization Sets
• AAA Accounting
• Verify the Router Configuration

Lab 7: IOS Secure Management and Reporting

• Configure SSH Server
• Configure NTP on the IOS-FW and Perimeter Router
• Configure Syslog on the IOS-FW
• Configure Syslog on the Perimeter Router
• Exclusive - Configure Unicast-RPF Verification
• Exclusive - Configure Route Authentication
• Verify the Router Configuration

Lab 8: Securing IOS Router Services

• Run a Mock Security Audit
• Run a Real Security Audit
• Perform Configuration Adjustments
• Verify the Router Configuration

Lab 9: Packet Filtering Using ACLs

• Limit VTY Access
• Filter Bogon Packets, Allow Outbound Connections
• Exclusive - Understand Packet Filter Limitations
• Allow Expected Traffic to the DMZ Server
• Allow Other Services from the Inside
• Test ACL Policy
• Exclusive - Insert Lines into an Existing ACL
• Verify Router Configuration

Lab 10: IOS Zone-Based Firewall

• Basic Firewall Wizard
• Exclusive - Implement the DMZ Inbound
• Exclusive - Implement the DMZ Outbound
• Exclusive - Allow Perimeter Router Management
• Exclusive - Demonstrate Attack Mitigation
• Verify the Router Configuration

Lab 11: Site-to-Site VPN: Traditional IPsec

• Verify No Tunnel/No Connectivity
• Exclusive - Prepare the Perimeter Router for the Tunnel
• Prepare the IOS-FW for the Tunnel
• Use the Site to Site VPN Wizard
• Verify VPN Status
• Verify the Router Configuration

Lab 12: Exclusive - Site-to-Site VPN: GRE and IPsec

• Prepare the Perimeter Router for the Tunnel
• Use the VPN Wizard
• Review the Updated Firewall Policy
• Generate, Update and Apply the Mirror Configuration
• Troubleshoot the Tunnel
• Verify the Router Configuration

Lab 13: IOS Intrusion Prevention System

• IOS IPS Wizard
• Exclusive - Deobfuscation
• Signature Definitions
• Exclusive - IPS Manager Express
• Signature Actions
• Exclusive - Event Action Overrides
• Exclusive - Event Action Filters
• Verify the Router Configuration

Lab 14: Layer 2 Security

• Exclusive - Perform Port Based Attacks
• Configure Port Security
• Exclusive - Demonstrate Attack Mitigation
• Exclusive - Perform an ARP Cache Poisoning Attack
• Exclusive - Configure Private VLAN Edge
• Verify the Switch Configuration

Additional Details

Pre-Requisites

- ICND1 and ICND2 or CCNA Boot Camp - Working knowledge of the Windows operating system - ICND1 - Interconnecting Cisco Network Devices 1 - ICND2 - Interconnecting Cisco Network Devices 2 - CCNAX - CCNA Boot Camp v1.1

Certificates offered

3 Cisco Learning Credits * You Get... - One free IINS exam voucher - Five extra security e-Lab credits, good for 30 days, so you can practice and refine your skills - Enhanced content that exceeds standard authorized Cisco content - World-class Certified Cisco Systems instructors - An enhanced lab topology based on our Flexible Security Architecture that represents a real-world network - An unrivaled IINS guarantee

Cancellation Policy

We require 16 calendar days notice to reschedule or cancel any registration. Failure to provide the required notification will result in 100% charge of the course. If a student does not attend a scheduled course without prior notification it will result in full forfeiture of the funds and no reschedule will be allowed. Within the required notification period, only student substitutions will be permitted.

Reschedules are permitted at anytime with 16 or more calendar days notice. Enrollments must be rescheduled within six months of the cancel date or funds on account will be forfeited.

Map & Reviews

Global Knowledge
[ View Provider's Profile ]

Global Knowledge Ottawa (Holland Cross)
1600 Scott Street
3rd Floor Tower B
Ottawa, Ontario
Canada   K1Y 4N7

Reviews

 

This course has not yet been rated by one of our members.

If you have taken a course through this vendor please log into your account and leave feedback for this vendor. You will be helping ensure our members get directed to the best training facilities.

Here are some reviews of the training vendor.

   

- do we get a certifiacate for completing the courseÉ - although the instructor did give us excercises to do I would have liked a few more - almost like a test, so that I made sure I retained and understood what was taught. I`m a learn to do by doing person and like the instrutor lead courses so I can have someone there to explain in my terms how things work. I`ll have to really use the online excercises to make sure Ì am confident when I need to do something in Excel.

Reviewed by Delores P. 2012

   

Should be time allocated for questions and answer

Reviewed by Vinod P. 2012

   

The instructor was excellent as was the hands-on learning approach. The only thing I took issue with was the fact that there were a lot of bilingual persons taking the course and they tended to ask questions in French, during this English class. The instructor was trying very hard to explain everything in both languages, but I felt that these students should have requested a French-speaking classroom setting if they wanted to speak French.

Reviewed by Sheila D. 2012

   

Very professional. Facility clean and comfortable.

Reviewed by Christine P. 2012

   

For the cost of this course, a hard copy of the course handout should be provided as the classes follows the handout word for word.

Reviewed by Caroline P. 2012

   

The facilities at Global Knowledge were great. The Instructor was very knowlegable and made it easy to learn the material. It was a very good experience:)

Reviewed by Tonia L. 2012

   

Note: We had 2 different trainers during this 3 day course. Course: Terminology should reflect North America and be consistent with our business lingo.

Reviewed by Harman M. 2012

   

Found the course very informative. I had little exposure to Sharepoint and learned a number of things I didn't know. Plan to take the next level of training

Reviewed by Michael R. 2011

   

A charged mannul would be provided for students to make notes whereever they think instructions are important as reminders

Reviewed by jinxiu z. 2011

   

The course is so expensive to be payed by oneself. In almost all the others participants their companies pay the fee.

Reviewed by Ricardo T. 2011

   

No course books were provided for us to take.

Reviewed by Hala M. 2011

   

Course was very detailed but more time would be helpful during workshops. An additional day would help lessen the course load.

Reviewed by Roydon F. 2011

   

should have discuss some case studies,,overall A+

Reviewed by Syed A. 2011

   

Our instructor was very knowlegable and he provided excellent real life stories.

Reviewed by Stephen W. 2011

   

The course was very relevant. I was able to apply the knowledge I aquired in the course to my job on the very next day. The only complaint I have is with the temperature of the room. It was freezing! Students has to wear a jacket or sweater. We were told the temp gage was shared with another classroom that was quite warm so they had turned the temp very low causing our room to be very uncomfortable.

Reviewed by Yasmine I. 2011

   

Given the cost of the course, the hardcopy of the manual should have been provided. It would have been useful to make notes alongside the material as we went along.

Reviewed by Jeff P. 2011

   

I am very disappointed with the handouts. I was told I could go online and download a copy of the manual, the problem is that I would like the printed copy of the manual. I chatted online with one of your technitian who was unable to help me. Then I was told someone would contact me by phone to help me. That never happened. When taking a training course, a person EXPECTS to leave the course with ALL the material.

Reviewed by Betty M. 2011

   

Great course provider, keep it on your roaster

Reviewed by Catherine G. 2011

   

Course content and labs were very good, everything worked as expected.

Reviewed by Francisco C. 2011

   

I really enjoyed this course and was surpised how ell everything was run...enjoyed the instructer very much (Par) and would like to take an other course with him. I wish we could have taken the work book home with us though!!!

Reviewed by gail h. 2010