Implementing Cisco IOS Network Security (IINS) is a 5 day, instructor-led course that focuses on the necessity of a comprehensive security policy and how it affects the posture of the network. Learners will be able to perform basic tasks to secure a small branch type of office network using Cisco IOS security features available through web-based GUIs (Cisco Router and Security Device Manager [SDM]) and the command-line interface (CLI) on the Cisco routers and switches.

Duration : 5 days, Instructor-led classroom training

Prerequisites

To fully benefit from this course, it is recommended that you have the following prerequisite skills and knowledge:

• Skills and knowledge equivalent to those learned in Interconnecting Cisco Networking Devices Part 1 (ICND1)
• Working knowledge of the Windows operating system
• Working knowledge of Cisco IOS networking and concepts

Who Should Attend

This course is intended for the following audience:

• Network designers
• Network administrators
• Network engineers
• Network managers
• Systems engineers

Course Objectives

After completing this course, the student will be able to:

• Develop a comprehensive network security policy to counter threats against information security
• Configure routers on the network perimeter with Cisco IOS Software security features
• Configure firewall features including ACLs and Cisco IOS zone-based policy firewalls to perform basic security operations on a network
• Configure site-to-site VPNs using Cisco IOS features
• Configure IPS on Cisco network routers
• Configure LAN devices to control access, resist attacks, shield other network devices and systems, and protect the integrity and confidentiality of network traffic

Course Outline

1. Introduction to Network Security Principles
   1. Examining Network Security Fundamentals
   2. Examining Network Attack Methodologies
   3. Examining Operations Security
   4. Understanding and Developing a Comprehensive Network Security Policy
   5. Building Cisco Self-Defending Networks
2. Perimeter Security
   1. Securing Administrative Access to Cisco Routers
   2. Introducing Cisco SDM
   3. Configuring AAA on a Cisco Router Using the Local Database
   4. Configuring AAA on Cisco Routers to Use Cisco Secure ACS
   5. Implementing Secure Management and Reporting
   6. Locking Down the Router
3. Network Security Using Cisco IOS Firewalls
   1. Introducing Firewall Technologies
   2. Creating Static Packet Filters Using ACLs
   3. Configuring Cisco IOS Zone-Based Policy Firewall
4. Site-to-Site VPNs
   1. Examining Cryptographic Services
   2. Examining Symmetric Encryption
   3. Examining Cryptographic Hashes and Digital Signatures
   4. Examining Asymmetric Encryption and PKI
   5. Examining IPsec Fundamentals
   6. Building a Site-to-Site IPsec VPN
   7. Configuring IPsec on a Site-to-Site VPN Using Cisco SDM
5. Network Security Using Cisco IOS IPS
   1. Introducing IPS Technologies
   2. Configuring Cisco IOS IPS Using Cisco SDM
6. LAN, SAN, Voice, and Endpoint Security Overview
   1. Examining Endpoint Security
   2. Examining SAN Security
   3. Examining Voice Security
   4. Mitigating Layer 2 Attacks

Hands-on Lab Exercises

• Lab 1-1: Embedding a Secret Message Using Steganography
• Lab 1-2: Scanning a Computer System Using Testing Tools
• Lab 1-3: Scanning a Network Using Testing Tools
• Lab 2-1: Securing Administrative Access to Cisco Routers
• Lab 2-2: Configuring AAA on Cisco Routers to Use the Local Database
• Lab 2-3: Configuring AAA on Cisco Routers to Use Cisco Secure ACS
• Lab 2-4: Implementing Secure Management and Reporting
• Lab 2-5: Using Cisco SDM One-Step Lockdown and Security Audit
• Lab 3-1: Creating Static Packet Filters Using ACLs
• Lab 3-2: Configuring a Cisco IOS Zone-Based Policy Firewall
• Lab 4-1: Configuring a Site-to-Site IPsec VPN
• Lab 5-1: Configuring Cisco IOS IPS
• Lab 6-1: Using Cisco Catalyst Switch Security Features