Cisco SecurityCST 269
Prerequisite: CST 161, 164, and 260. Introduces core security concepts and skills needed for the installation, troubleshooting, and monitoring of network devices to maintain the integrity, confidentiality, and availability of data and services. Stresses Command Line Interface (CLI) for securing Cisco equipment. Provides an in-depth, theoretical understanding of Cisco security in a logical sequence driven by technology. (15-30)
Outcomes and Objectives
Explain network threats, mitigation techniques, and the basics of securing a network.
- Describe the fundamental principles of securing a network.
- Describe the characteristics of worms, viruses, and Trojan horses and mitigation methods.
- Describe common network attack methodologies and mitigation techniques such as Reconnaissance, Access, Denial of Service, and DDoS.
Secure administrative access on Cisco routers.
- Configure secure administrative access and router resiliency.
- Configure command authorization using privilege levels and role-based CLI.
- Configure network devices for monitoring.
- Secure IOS-based routers using automated features.
Secure administrative access with AAA.
- Describe the purpose of AAA and the various implementation techniques.
- Identify and implement AAA methods using the local database.
- Use AAA to construct security solutions using TACACS+ and RADIUS protocols.
Identify and deploy firewall technologies to secure the network perimeter.
- Configure and assess ACLs.
- Describe the purpose and operation of firewall technologies.
- Integrate and analyze CBAC.
- Deploy zone-based policy Firewall using SDM and CLI.
Configure IPS to mitigate attacks on the network.
- Describe the purpose and operation of network-based and host-based Intrusion Prevention.
- Configure Cisco IOS IPS operations using SDM and CLI.
Describe LAN security considerations and implement endpoint and Layer 2 security features.
- Describe endpoint vulnerabilities and protection methods.
- Describe basic catalyst switch vulnerabilities such as VLAN attacks, STP manipulation, CAM table overflow attacks, and MAC address spoofing attacks.
- Describe the fundamentals of Wireless, VoIP, SANS, and the associated security considerations.
- Configure and verify switch security features including port security and storm control.
- Describe Switched Port Analyzer (SPAN) and Remote SPAN (RSPAN).
Describe methods for implementing data confidentiality and integrity.
- Describe how different types of encryption, hashes, and digital signatures work together to provide confidentiality, integrity, and non-repudiation.
- Describe the mechanisms to ensure data integrity.
- Describe the mechanisms used to ensure data confidentiality.
Implement secure virtual private networks.
- Describe the purpose and operation of VPN types.
- Describe the component and operations of IPSec VPNs.
- Configure and verify a site-to-site IPSec VPN with pre-shared key authentication using SDM and CLI.
- Configure and verify a remote access VPN.
- Configure and verify SSL VPNs.
Given the security needs of an enterprise, create and implement a comprehensive security policy.
- Describe the secure network lifecycle.
- Describe the components of a self-defending network and business continuity plans.
- Establish a comprehensive security policy to meet the security needs of a given enterprise.