VnExperts Academy - Đào tạo, học, thi chứng chỉ Quốc tế Cisco CCNA, CCNP, Microsoft MCP, MCSA, MCITP, Linux, Security+, CEH

1. Introduction to Network Security Principles

• Network Security Fundamentals
• Network Attack Methodologies
• Operations Security
• Security Policy
• Building Cisco Self-Defending Networks
• Cryptographic Services
• Symmetric Encryption
• Cryptographic Hashes and Digital Signatures
• Asymmetric Encryption and PKI

2. Perimeter Security

• Securing Administrative Access to Cisco Routers
• Cisco SDM
• Configuring AAA on a Cisco Router Using the Local Database
• Configuring AAA on a Cisco Router to Use Cisco Secure ACS
• Implementing Secure Management and Reporting
• Locking Down the Router

3. Network Security Using Cisco IOS Firewalls

• Firewall Technologies
• Creating Static Packet Filters Using ACLs
• Configuring Cisco IOS Zone-Based Policy Firewall

4. Site-to-Site VPNs

• IPsec Fundamentals
• Building a Site-to-Site IPsec VPN
• Configuring IPsec on a Site-to-Site VPN Using Cisco SDM
• Exclusive - IPsec over GRE

5. Network Security Using Cisco IOS IPS

• IPS Technologies
• Configuring Cisco IOS IPS Using Cisco SDM

6. LAN, SAN, Voice, and Endpoint Security Overview

• Endpoint Security
• SAN Security
• Voice Security
• Mitigating Layer 2 Attacks

• Use Nmap to Scan the Network
• Exclusive - Perform Vulnerability Analysis with Nessus
• Exclusive - Execute a Buffer Overflow Attack with Metasploit
• Exclusive - Perform a Port Forwarding Attack with Fpipe
• Exclusive - Launch a SYN Flood Attack with Hping
• Exclusive - Simulate Worm Propagation
• Exclusive - Perform an ARP Cache Poisoning Attack with Cain

Lab 2: Securing IOS Administrative Access

• Set Passwords on the Physical Lines
• Configure Enable and Enable Secret Passwords
• Set VTY Line Passwords
• Use Service Password Encryption
• Exclusive - How Secure are Encrypted Passwords?
• Exclusive - How Secure are Hashed Passwords?
• Password Min-Length
• Line Timeouts
• Exclusive - Privilege Levels
• Configure Banner Messages
• Verify the IOS-FW Configuration

Lab 3: Exclusive - Preparing Cisco SDM

• Prepare the Admin PC for SDM
• Prepare the IOS-FW for SDM
• Install SDM on the Admin PC
• Launch SDM
• Manage IOS-FW Keys and Certificates
• Launch SDM again
• Verify Router Configuration

Lab 4: Configuring IOS AAA with the Local Database

• Enable AAA
• Test AAA
• Define and Test other Usernames
• Configure Role-Based CLI
• Exclusive - Role-Based CLI and AAA Authorization
• Exclusive - SDM's Built-In Roles
• Enhanced Login Features
• Verify the Router Configuration

Lab 5: Configuring IOS AAA with ACS

• Connect to ACS
• Set Up IOS-FW to ACS Communication
• Define a New Group and User in ACS
• Configure ACS-Based Authentication and Authorization
• Test ACS-Based Authentication and Authorization
• Configure ACS and Active Directory Integration
• Exclusive - Test the Fallback Method
• Exclusive - Command Authorization Sets
• AAA Accounting
• Verify the Router Configuration

Lab 6: IOS Secure Management and Reporting

• Configure SSH Server
• Configure NTP on the IOS-FW and Perimeter Router
• Configure Syslog on the IOS-FW
• Configure Syslog on the Perimeter Router
• Exclusive - Configure Unicast-RPF Verification
• Exclusive - Configure Route Authentication
• Verify the Router Configuration

Lab 7: Securing IOS Router Services

• Run a Mock Security Audit
• Run a Real Security Audit
• Perform Configuration Adjustments
• Verify the Router Configuration

Lab 8: Packet Filtering Using ACLs

• Limit VTY Access
• Filter Bogon Packets, Allow Outbound Connections
• Exclusive - Understand Packet Filter Limitations
• Allow Expected Traffic to the DMZ Server
• Allow Other Services from the Inside
• Test ACL Policy
• Exclusive - Insert Lines into an Existing ACL
• Verify Router Configuration

Lab 9: IOS Zone-Based Firewall

• Basic Firewall Wizard
• Exclusive - Implement the DMZ Inbound
• Exclusive - Implement the DMZ Outbound
• Exclusive - Allow Perimeter Router Management
• Exclusive - Demonstrate Attack Mitigation
• Verify the Router Configuration

Lab 10: Site-to-Site VPN: Traditional IPsec

• Verify No Tunnel/No Connectivity
• Exclusive - Prepare the Perimeter Router for the Tunnel
• Prepare the IOS-FW for the Tunnel
• Use the Site to Site VPN Wizard
• Verify VPN Status
• Verify the Router Configuration

Lab 11: Exclusive - Site-to-Site VPN: GRE and IPsec

• Prepare the Perimeter Router for the Tunnel
• Use the VPN Wizard
• Review the Updated Firewall Policy
• Generate, Update and Apply the Mirror Configuration
• Troubleshoot the Tunnel
• Verify the Router Configuration

Lab 12: IOS Intrusion Prevention System

• IOS IPS Wizard
• Exclusive - Deobfuscation
• Signature Definitions
• Exclusive - IPS Manager Express
• Signature Actions
• Exclusive - Event Action Overrides
• Exclusive - Event Action Filters
• Verify the Router Configuration

Lab 13: Layer 2 Security

• Exclusive - Perform Port Based Attacks
• Configure Port Security
• Exclusive - Demonstrate Attack Mitigation
• Exclusive - Perform an ARP Cache Poisoning Attack
• Exclusive - Configure Private VLAN Edge
• Verify the Switch Configuration

Tin liên quan:

Tin cũ hơn: