This document is exclusive property of Cisco Systems, Inc. Permission is granted to print and copy this document for non-commercial distribution and exclusive use by instructors in the CCNA Security course as part of an official Cisco Networking Academy Program. Network attacks have resulted in the loss of sensitive data and significant network downtime. When a network or the resources in it are inaccessible, worker productivity can suffer, and business income may be lost. Attackers have developed many tools over the......
You can use this book’s organization to your advantage while studying for the
CCNA Security 640-553 IINS exam because each part of the book is selfcontained.
Although it is recommended that you follow the parts sequentially, there are frequent
cross-references to content contained in other chapters if you choose to follow
your own path through this book.
The Cisco CCNA Security curriculum provides foundational network security knowledge, practical experience, opportunities for career exploration, and soft-skills development to help students prepare for careers with network security responsibilities. CCNA Security includes a comprehensive set of hands-on, online laboratories.
The Cisco® Networking Academy® course on CCNA® Security provides a next step for students who
want to expand their CCNA-level skill set to prepare for a career in network security. The CCNA
Security course also prepares students for the Implementing Cisco IOS® Network Security (IINS)
certification exam (640-553), which leads to the CCNA Security certification.
The CCNA Security Lab Manual provides you with all 11 labs from the course designed as hands-on
practice to master the knowledge and skills needed to prepare for entry-level security specialist careers....
With this document as your guide, you will review topics on implementing Cisco IOS network security. This fact-filled Quick Reference allows you to get all-important information at a glance, helping you to focus your study on areas of weakness and to enhance memory retention of essential exam concepts
Upon completion of this lesson, the successful participant will be able to: Describe the rationale for network security; describe the three principles of network security; identify risks, threats, vulnerabilities and countermeasures; discuss the three states of information and identify threats and appropriate countermeasures for each state;...
Learning objectives of this chapter include: Secure the physical installation of and the administrative access to Cisco routers based on different network requirements using the CLI and CCP; configure administrative roles using privilege levels and role-based CLI; Implement the management and reporting features of syslog, SNMP, SSH, and NTP;...
The following will be discussed in this chapter: Describle endpoint security with IronPort; describle endpoint security with Network Admission Control; describle endpoint Security with Cisco Security Agent; describle MAC address spoofing attacks, STP manipulation attacks, MAC address overflow attacks, LAN storm attacks, and VLAN attacks;...
Upon completion of this lesson, the successful participant will be able to: Describe the purpose and operation of VPNs, differentiate between the various types of VPNs; identify the Cisco VPN product line and the security features of these products; configure a site-to-site VPN GRE tunnel;... Inviting you to refer.
This chapter include objectives: Describle the principles of secure network design, describle threat identificaion and risk analysis, describle risk managenment and risk avoidance, describle the Cisco SecureX architecture, describle operation security,...
This chapter discusses how to develop a comprehensive network security policy to counter threats against information security. It also teaches you about possible threats and how to describe and implement the process of developing a security policy. It covers the identification of common vulnerabilities and threats, mitigation strategies, and the implementation of a security architecture using a lifecycle approach.
This chapterdiscusses the concept of borderless Networks. It discusses Cisco borderless Network architecture, including the components and underlying technologies. You will learn about the Cisco security portfolio products that address specifically issues of borderless Networks, and more precisely about Cisco SecureX. This chapter introduces Cisco threat control and containment products and VPN technologies that will be covered in greater detail in subsequent chapters.
This chapter deals with Cisco IOS Network Foundation Protection (NFP) as a framework for infrastructure protection, all its components, and commonly used countermeasures asfound in Cisco IOS devices. More precisely, this chapter differentiates the security measures to be implemented on the three conceptual planes of Cisco IOS devices: the control plane, the data plane, and the management plane. This chapter also discusses using Cisco Configuration Professional (CCP) to implement security controls on Cisco IOS routers.
This chapter describes how to securely implement the management and reporting features of Cisco IOS devices. It discusses technologies surrounding network management, such as syslog, Network Time Protocol, Secure Shell, and Simple Network Management Protocol.
Topics covered in this chapter include the following: An introduction to fundamental switching concepts, starting with the building blocks of VLANs and trunking; an introduction to other building blocks of switching technology, including Spanning Tree Protocol for high availability; a revisit and further explanation of security threats that exploit vulnerabilities in the switching infrastructure;...
This chapter explains the need for IPv6 and presents its fundamental features, as well as enhancements when compared to IPv4. It covers IPv6 addressing scheme, components, and design principles and how routing functions. The chapter then presents potential threats and develops a strategy for IPv6 security.
This chapter suggests design principles to plan a threat control and containment strategy using firewalls and intrusion prevention systems in Cisco IOS environments. This chapter provides a general evaluation of the current state of enterprise security in the presence of evolving threats. It presents the design considerations for a threat protection strategy as part of a risk management strategy with Cisco threat control and containment solutions.
This chapter explains the operations of the different types of firewall technologies and the role they play in network access control and security architectures. It also describes guidelines for firewall rule set creation. The chapter then describes the function and building blocks of Network Address Translation.
This chapter explains the two Cisco Firewall solutions: Cisco IOS Zone-Based Policy Firewalls and Cisco Adaptive Security Appliance. It describes in detail Cisco IOS Zone-Based Policy Firewall, and how the solution uses the Cisco Common Classification Policy Language (C3PL) for creating firewall policies. The chapter then presents the Cisco ASA firewall, identifying key supported features and the building blocks of its configuration using ASDM.
In this chapter, you learned to: Explain the funtion and operation of the authentication, authorization, and accounting (AAA) protocol; configure a Cisco router to perform AAA authentication with a local database; describe how to configure Cisco ACS to support AAA for Cisco IOS routers; configure server-base AAA.