CIT 2251-002 CCNA Security

INSTRUCTOR

Joanne Wagner

Professor

CCAI, CCNA, CCNA Security, CCNP, CCSP

Computer and Internetworking Technologies (CIT)

Open Campus Center OCC1113b

Phone:630/942-2692

E-Mail:

Office Hours:

Tuesday/Thursday 8:00 a.m. to 1:00 p.m.

COURSE INFORMATION

Division:Computer and Internetworking Technologies (CIT)

Course Name: Networking Basics

Code: CIT-2251-001

Evenings:Thusday/Thursday

Time: 6:30 p.m. to 10:20 p.m.

Room: IC2K

DESCRIPTION

Provides the knowledge and hands-on skills required to install, troubleshoot, and monitor Cisco security network devices. Students who complete this course will be prepared to sit for the Cisco Certified Networking Associate (CCNA) Security Certification exam which is a stepping stone for job roles such as network security specialist and network security administrator. CCNA Security certification is a prerequisite for becoming a Cisco Certified Security Professional (CCSP).

PREPARATION FOR

The 640-553 Implementing Cisco IOS Network Security (IINS) exam is associated with the CCNA Security certification. This exam tests a candidate's knowledge of securing Cisco routers and switches and their associated networks. It leads to validated skills for installation, troubleshooting, and monitoring of network devices to maintain integrity, confidentiality and availability of data and devices and develops competency in the technologies that Cisco uses in its security infrastructure.

PREREQUISITE

CIT1124 with a grade of "C" or better, or CCNA Certification or Consent of Instructor

TEXT AND LAB MANUAL

CCNA Security Course Booklet, Version 1.0 by Cisco Networking Academy; ISBN-10: 1587132486 (published date of 8/15/2009)

CCNA Security Lab Manual by Cisco Networking Academy; ISBN-10: 1587132494

CCNA Security Cisco Academy On-Line Curriculum (you will get access on the first evening of class)

Topical Outline:

1. Understanding network security concepts

*. Security operations and planning; risk management

*. Network security information processing;

*. Network security education and training

2. Developing a secure network

*. Security planning; evaluation; training; and measures.

*. Developed and review network security policies

*. Roles and responsibilities

3. Defending the perimeter

*. Public vs. private

4. Configuring Authentication, authorization, and accounting (AAA)

5. Securing the router

6. Constructing a secure infrastructure

7. Implementing endpoint security

8. Providing Storage-Area Network (SAN) security

9. Securing voice solutions

10. Using Cisco IOS firewalls to defend the network

11. Extending security and availability with cryptography and Virtual Private Networks (VPNs)

12. Implementing digital signatures

13. Exploring Public Key Infrastructure (PKI) and asymmetric encryption

14. Building a site-to-site Internet Protocol Security (IPSec) VPN solution

COURSE OBJECTIVES

  • Describe the security threats facing modern network infrastructures
  • Describe network security policies
  • Describe and list mitigation methods for common network attacks
  • Describe and list mitigation methods for Worm, Virus, and Trojan Horse attacks
  • Describe the Cisco Self Defending Network architecture
  • Secure Cisco routers
  • Secure Cisco routers using the SDM Security Audit feature
  • Use the One-Step Lockdown feature in SDM to secure a Cisco router
  • Secure administrative access to Cisco routers by setting strong encryption passwords, exec timeout, login failure rate and using IOS login enhancements
  • Secure administrative access to Cisco routers by configuring multiple privilege levels
  • Secure administrative access to Cisco routers by configuring role based CLI
  • Secure the Cisco IOS image and configuration file
  • Implement Authentication, Authorization, and Accounting (AAA) on Cisco routers using Cisco Secure Access Control Server (ACS)
  • Explain the functions and importance of AAA
  • Describe the features of TACACS+ and RADIUS AAA protocols
  • Configure AAA authentication
  • Configure AAA authorization
  • Configure AAA accounting
  • Mitigate threats to Cisco routers and networks using ACLs
  • Explain the functionality of standard, extended, and named IP ACLs used by routers to filter packets
  • Configure and verify IP ACLs to mitigate given threats (filter IP traffic destined for Telnet, SNMP, and DDoS attacks) in a network using CLI
  • Configure IP ACLs to prevent IP address spoofing using CLI
  • Discuss the caveats to be considered when building ACLs
  • Implement secure network management and reporting
  • Use CLI and SDM to configure SSH on Cisco routers to enable secured management access
  • Use CLI and SDM to configure Cisco routers to send Syslog messages to a Syslog server
  • Mitigate common Layer 2 attacks
  • Describe how to prevent Layer 2 attacks by configuring basic Catalyst switch security features
  • Implement the Cisco IOS firewall feature set using Secure Device Manager (SDM)
  • Describe the operational strengths and weaknesses of the different firewall technologies
  • Explain stateful firewall operations and the function of the state table
  • Implement Zone Based Firewall using SDM
  • Implement the Cisco IOS Intrusion Prevention System (IPS) feature set using SDM
  • Define network based vs. host based intrusion detection and prevention
  • Explain IPS technologies, attack responses, and monitoring options
  • Enable and verify Cisco IOS IPS operations using SDM
  • Implement site-to-site Virtual Private Networks (VPNs) on Cisco Routers using SDM
  • Explain the different methods used in cryptography
  • Explain Internet Key Exchange (IKE) protocol functionality and phases
  • Describe the building blocks of IPSec and the security functions it provides
  • Configure and verify an IPSec site-to-site VPN with pre-shared key authentication using SDM
  • Managing a Secure Network

TOPICAL OUTLINE

  • Modern Network Security Threats
  • Securing Network Devices
  • Authentication, Authorization, and Accounting
  • Implementing Firewall Technologies
  • Implementing Intrusion Prevention
  • Securing the Local Area Network
  • Cryptographic Systems
  • Implementing Virtual Private Networks
  • Managing a Secure Network

METHODS OF EVALUATION

Point Distribution

  • On-Line Quizzes (33%)
  • Labs/Skills Final(33%)
  • On-Line Final (33%)

Accumulated Points/Grade

  • 90-100 – A
  • 80-89 – B
  • 70-79 – C
  • 60-69 – D
  • 59 and below – F
  • No Incompletes given in this course

CLASS POLICY

  • COD Student Code of Conduct.pdf

ADDITIONAL COURSE INFORMATION

  • Cisco site for on-line curriculum, labs, and tests:
  • Blog Site:

WEEKLY SCHEDULE

  • Prior to Coming to Class, read:
  • Chapter 1 Modern Network Security Threats.ppt
  • Week 1: 10/19 & 10/21
  • Chapter 2 Securing Network Devices.ppt
  • Week 2: 10/26 & 10/28
  • Chapter 3 AAA.ppt
  • Week 3:11/2 & 11/4
  • Chapter 4 Implementing Firewall Technologies.ppt
  • Week 4: 11/9 & 11/11
  • Chapter 5 Intrustion Prevention System.ppt
  • Week 5:11/16 & 11/18
  • Chapter 6 Securing the Local Area Network.ppt
  • Week 6:11/30 & 12/2
  • Chapter 7 Cryptographic Systems.ppt
  • Chapter 8 Implementing Virtual Private Networks.ppt
  • Week 7: 12/7 & 12/9
  • Chapter 9 Managing a Secure Network.ppt
  • Week 8: 12/14 & 12/16
  • Skills Final

On-Line Final Bottom of Form