In this course, you'll focus on the necessity of a comprehensive security policy and how it affects the posture of the network. You will also learn how to analyze and mitigate attacks, taking the mystery out of them.

You will learn to perform basic tasks to secure a small branch type office network using Cisco IOS security features available through web-based GUIs (Cisco Router and Cisco Security Professional [CCP]) and the command-line interface (CLI) on the Cisco routers and switches.

We made significant enhancements to the standard IINS course materials and lab exercises, providing you with information that is vital for security professionals. Exclusive lessons and labs you won't find anywhere else include:

• Self-signed certificate management in IOS routers
• Spoof mitigation with Unicast reverse path forwarding
• Route table protection with route authentication
• Ethical hacking
• GRE over IPSec, which provides a VPN solution that is compatible with ZBF

Our IINS course covers everything you need to prepare for the CCNA Security certification exam. In addition, our exclusive material provides the bigger picture and adds relevancy so the standard concepts are easier to understand, retain, and put into practice.

You Get...

• Five extra e-Lab credits, good for 30 days, so you can practice and refine your skills
• Enhanced content that exceeds standard authorized Cisco content
• World-class Certified Cisco Systems instructors
• An enhanced lab topology based on our Flexible Security Architecture that represents a real-world network

What You'll Learn

• Develop a comprehensive network security policy to counter threats against information security
• Configure routers with Cisco IOS Software security features, including management and reporting functions
• Configure IPv6 addressing, routing, and access control in Cisco network routers
• Bootstrap the Cisco Adaptive Security Appliance (ASA) Firewall for use in a production network
• Configure the Cisco ASA Firewall for remote access SSL VPN
• Configure a Cisco IOS zone-based firewall (ZBF) to perform basic security operations on a network
• Configure site-to-site VPNs using Cisco IOS features
• Configure IOS IPS on Cisco network routers
• Configure security features on IOS switches to mitigate various Layer 2 attacks
• How a network can be compromised using freely available tools
• Implement line passwords, and enable passwords and secrets
• Examine Authentication, Authorization, and Accounting (AAA) concepts and features using the local database as well as Cisco Secure ACS 5.2
• Run a CCP security audit and analyze the results
• Configure packet filtering on the Perimeter Router
• Define a virtual tunnel interface Using GRE with IPSec

Who Needs to Attend

• Network designers
• Network SAN security administrators
• Network, systems, and security engineers
• Network and security managers

Prerequisites

• Working knowledge of the Windows operating system

• ICND1 - Interconnecting Cisco Network Devices 1

Follow-On Courses

• SECURE - Securing Networks with Cisco Routers and Switches
• FIREWALL 2.0 - Deploying Cisco ASA Firewall Solutions
• VPN 2.0 - Deploying Cisco ASA VPN Solutions
• IPS - Implementing Cisco Intrusion Prevention System v7.0

Certification Programs and Certificate Tracks

This course is part of the following programs or tracks:

• CCNA Security

Why Global Knowledge?

Our Exclusive Enhancements to Standard IINS Training

We made significant enhancements to our IINS labs, taking them beyond what you'll find in the standard offerings. Using our Flexible Security Architecture, we provide hands-on experience with a realistic lab topology that closely resembles what you'll work with on the job. Every pod has:

• Two 2811 routers
• One 1841 router
• One 3560 switch
• VMware server with 11 Virtual Machines (VMs)

Course Outline

1. Networking Security Fundamentals

• Networking Security Concepts
• Security Policies Using a Lifecycle Approach
• Building a Security Strategy for Borderless Networks

2. Protecting the Network Infrastructure

• Cisco Network Foundation Protection
• Protecting the Network Infrastructure Using Cisco Configuration Professional
• Securing the Management Plane on Cisco IOS Devices
• Configuring AAA on Cisco IOS Devices Using Cisco Secure ACS
• Securing the Data Plane on Cisco Catalyst Switches
• Securing the Data Plane in IPv6 Environments

3. Threat Control and Containment

• Planning a Threat Control Strategy
• Implementing Access Control Lists for Threat Mitigation
• Firewall Fundamentals
• Implementing Cisco IOS Zone-Based Policy Firewalls
• Configuring Basic Firewall Policies on Cisco ASA
• IPS Fundamentals
• Implementing Cisco IOS IPS

4. Secure Connectivity

• Fundamentals of VPN Technologies
• Public Key Infrastructure
• IPSec Fundamentals
• Implementing Site-to-Site VPNs on Cisco IOS Routers
• Implementing SSL VPNs Using Cisco ASA

Labs

Lab 1: Ethical Hacking

Lab 2: Securing Admin Access with CLI

Lab 3: Cisco Configuration Professional (CCP)

Lab 4: Secure Management and Reporting

Lab 5: Configuring IOS AAA with ACS

Lab 6: Layer 2 Security

Lab 7: ACLs and IPv6

Lab 8: IOS Zone-Based Firewall

Lab 9: ASA Basic Setup with ASDM

Lab 10: IOS IPS

Lab 11: Site-to-Site VPN Traditional IPSec

Lab 12: Site-to-Site GRE and IPSec

Lab 13: SSL VPN with the ASA