SECUR (Securing Cisco IOS Networks) [formerly MCNS]

SECUR (Securing Cisco IOS Networks) [formerly MCNS]

Cisco has introduced significant security features into their router software - IOS. This authorized 5-day, hands-on course provides the important information with hands-on labs to support the concepts regarding how to make a Cisco router-based network secure. Today, security technology is pervasive and understanding how to use the right features of your Cisco routers is core to having a secure internetwork.

Global Knowledge has enhanced our SECUR course by adding extra depth to the existing Cisco-developed hands-on labs as well as extra hands-on labs to ensure you get the best experience possible.

To register, call 916-852-2570

This course can be delivered by the methods below:

Classroom Learning $2695 USD

You Learn...

Cisco Secure Access Control Server Software
Configuration of AAA
Security threats and mitigation of threats
Access List Packet Filter design rules and syntax
Securing a Cisco Perimeter Router
Securing a Cisco Router using IOS-FW
User authentication with Authentication Proxy
Secure a network environment with IOS-FW Intrusion Detection System
IPsec encryption using Cisco routers with Pre-Shared Keys
IPsec encryption using Cisco routers with a Certificate Authority
Test, verify, and troubleshoot encryption
IPsec encryption using the Cisco Secure VPN Client and Easy VPN
Management center for VPN routers

Who Would Benefit

Network Professionals tasked with designing and deploying Cisco security features in an IOS-based internetwork. Also, this is the first class required for the Cisco Certified Security Professional (CCSP) Certification.

Course Outline

1. Security Fundamentals

	Need for network security
	Network attack taxonomy
	Network security policy
	Management protocols and functions

2. Basic Cisco Router Security

	Securing Cisco router installations
	Securing Cisco router administrative access
	Introduction to AAA for Cisco routers
	Configuring AAA for Cisco perimeter routers

3. Advanced AAA Security for Cisco Router Networks

	Introduction to the Cisco Secure ACS
	Installing Cisco Secure ACS 3.0 for Windows NT or Windows 2000
	Administering and troubleshooting Cisco Secure ACS for Windows
	TACACS+ overview and configuration
	Verifying TACACS+
	RADIUS configuration overview

4. Cisco Router Threat Mitigation

	Using routers to secure the network
	Disabling unused router services and interfaces
	Using Access Lists to mitigate security threats
	Filtering router service traffic
	Filtering router network traffic
	DDoS mitigation
	Implementing Syslog logging

5. Cisco IOS Firewall Context-Based Access Control Configuration

	Context-based access control
	Global timeouts and thresholds
	Port-to-application mapping
	Define inspection rules
	Inspection rules and ACLs applies to router interfaces

6. Cisco IOS Firewall Authentication Proxy

	AAA sever configuration
	AAA configuration
	Authentication Proxy configuration

7. Cisco IOS Firewall Intrusion Detection System

	Initializing the Cisco IOS Firewall IDS
	Configuring, disabling, and excluding signatures
	Creating and applying Audit Rules
	Verifying the configuration

8. Building IPsec VPNs Using Cisco Routers

	IPsec fundamentals
	IPsec protocol framework
	How IPsec works
	Configuring IPsec encryption

9. Building Advanced IPsec VPNs Using Cisco Routers and Certificate Authorities

	Configure CA support tasks
	CA support overview

10. Configuring IOS Remote Access Using Cisco Easy VPN

	Overview of the Easy VPN Server
	Overview of the Easy VPN Remote Feature
	Overview of the Cisco VPN 3.X Client
	How the Cisco Easy VPN works
	Configuring the Easy VPN Server for Extended Authentication
	Cisco VPN Client 3.5 manual configuration tasks
	Working with the Cisco VPN 3.5 Client

11. Managing Enterprise VPN Routers

	Devices and device groups
	VPN settings
	Managing configurations

Hands-On Labs

Lab 1: Initial Lab Setup and Configuration

Connect the classroom cabling between the lab devices and install an initial configuration in the lab devices. Verify the connectivity of all of the devices.

Lab 2: Basic Router Security

Find out about default parameters that are configured on a Cisco router. Become familiar with the available passwords that can be used on the router. Find out which passwords are secure, and which passwords are not quite secure (and why).

Lab 3: Configure AAA on a Cisco Router

Configure authentication, authorization, and accounting on a Cisco router. Configure AAA to use the line password. Configure AAA to use the local database. Find out why you would use AAA for your authentication.

Lab 4: Installing Cisco Secure Access Control Server (CSACS)

Configure authentication, authorization, and accounting on a Cisco router using a remote database (CSACS). Initially, install CSACS for Windows. Then, configure the router to use CSACS for authentication. Find out why this solution is a great solution for your authentication requirements.

Lab 5: Configuring a Perimeter Router

Set up system logging on a Cisco router. Set up remote logging to a Syslog Server. Given a specific traffic flow policy, configure the appropriate access lists. Configure other required parameters necessary to build a secure environment.

Lab 6: Configuring Context Based Access Control (CBAC)

Configure CBAC, which is a function of the Firewall Feature Set. Configure the appropriate logging and audit trails. Define and apply the necessary inspection rules and access lists. Test and verify CBAC configuration.

Lab 7: Configuring Authentication Proxy

Configure Authentication Proxy, which is a function of the Firewall Feature Set. Configure the AAA commands on your Perimeter Router. Configure the router to authenticate HTTP access against a remote database (CSACS). Test and verify Authentication Proxy.

Lab 8: Configuring Intrusion Detection on a Cisco Router

Configure Intrusion Detection, which is a function of the Firewall Feature Set. Implement a simple predefined intrusion to generate an alarm. Verify the configuration of IDS.

Lab 9: Configuring Router to Router IPsec Using Pre-Shared Keys

Confirm that connectivity between two specific devices exists. Configure IKE Security Association parameters (IKE phase I) using pre-shared keys. Configure IPsec Security Association parameters (IKE phase II). Establish an IPsec session and monitor and verify connection

Lab 10: Configuring Router to Router IPsec Using a Certificate Authority

Configure the router to use a Certification Authority. Configure IKE Security Association parameters (IKE phase I) to use a Certification Authority. Test and verify the IPsec configuration.

Lab 11: Configure IPsec Using Cisco Easy VPN and Cisco Secure VPN Client

Configure a Cisco router to act as a VPN Server in an Easy VPN environment. Install and configure the 3.X CSVPN Client as a VPN Client in an Easy VPN environment. Configure this connection to use Xauth. Establish an IPsec session. Test and verify the IPsec configuration.

Lab 12: Install and Configure Router MC for VPN Routers

Install Router Management Center on a Windows server. Create an Activity and Device Group for the MC. Define and confirm VPN Settings.

Suggested Prerequisites

	ICND (Interconnecting Cisco Network Devices)
	BSCI (Building Scalable Cisco Internetworks)

Suggested Follow-ons

Students followed up SECUR (Securing Cisco IOS Networks) [formerly MCNS] by attending these popular classes:

	CSPFA (Cisco Secure PIX� Firewall Advanced 3.0)
	CSVPN (Cisco Secure Virtual Private Networks)
	CSIDS (Cisco Secure Intrusion Detection System 3.0)

Certifications

	CCSP� (Cisco Certified Security Specialist)
	Cisco� Firewall Specialist
	Cisco� VPN Specialist
	Cisco� IDS Specialist