·µ»ØĿ¼¡ª¡ª>>
Course description

CCSP certification validates skills and knowledge in key areas of network security including firewalls, intrusion detection systems, and virtual private networks. Because you will understand major networking protocols, procedures, and how to integrate security devices with the underlying network, you will be uniquely positioned to design secure network solutions.

Course duration

11 days

Prerequisites

CCNA certification is required to achieve CCSP and because of the intense nature of this boot camp that level of certification or experience is required.
Target Audience

Individuals who are installing, configuring, and maintaining Cisco security products. This boot camp is uniquely designed for network professionals preparing for the CCSP or the CCIE Security certification.

Course outline

1. Network Security and Cisco
  • Overview of network security
  • Network security threats
  • Network attack types
  • The Cisco security wheel
2. Evaluating Network Security Threats
  • What is a security policy
  • Reasons for creating a security policy
  • Security threat types
3. Introduction to AAA Security for Cisco Routers
  • AAA for securing network access
  • Authentication methods
  • AAA Security Servers
4. Configuring Cisco Secure ACS (CSACS) and TACACS+
  • Installing CSACS 3.0
  • Administering and troubleshooting CSACS 3.0
5. Configuring a Cisco Perimeter Router
  • Perimeter router security problems and solutions
6. Cisco IOS Firewall Context-Based Access Control Configuration
  • Introduction to the Cisco IOS Firewall
  • Context-Based access control
  • Global timeouts and thresholds
  • Inspections rules and ACLs applied to router interfaces
  • Testing and verifying
7. Cisco IOS Firewall Authentication Proxy Configuration
  • Introduction to the Cisco IOS Firewall Authentication Proxy
  • AAA server configuration
  • Authentication Proxy configuration
  • Test and verify the configuration
8. Cisco IOS Firewall Intrusion Detection System Configuration
  • Cisco IOS Firewall IDS introduction
  • Creating and Applying Audit Rules
9. Understanding Cisco IOS IPSec Support
  • Cisco IOS IPSec technologies
  • Key exchange mechanisms
  • Cisco IOS Cryptosystem
10. Configure Cisco IOS IPSec for Pre-Shared Keys Site-to-Site
  • Configure IPSec encryption tasks
  • Configuring pre-Shared keys
11. Configure Cisco IOS IPSec Certificate Authority Support Site-to-Site
  • Configure CA support tasks
  • CA support overview
12. Configuring IOS Remote Access using Cisco Easy VPN
  • Introduction to Easy VPN
  • Overview of the Easy VPN server
  • Overview of the Easy VPN remote
  • Overview of the Cisco VPN client
  • How Easy VPN works
  • Easy VPN Server configuration tasks
13. PIX Firewall Technologies
  • Firewalling defined
  • PIX Firewall models
  • Finesse operating system
  • Adaptive security algorithm
  • Cut-through proxy operation
  • Stateful failover and hot standby
14. Identification of the Cisco PIX Firewall
  • PIX 501 controls and connectors
  • PIX 506E controls and connectors
  • PIX 515E controls and connectors
  • PIX 525 controls and connectors
  • PIX 535 controls and connectors
15. Basic Configuration of the Cisco PIX Firewall
  • ASA security levels
  • The six basic commands
  • Firewall status
  • Viewing and saving the configuration
  • The two ways through
  • Statics and conduits
  • NTP (Network Time Support)
  • Syslog configuration
  • Static & Dynamic Routing
  • DHCP
  • Multicast Support
16. Cisco Secure PIX Firewall Translations
  • Transport protocols
  • NAT, Bi-directional NAT and PAT
  • DNS Aliasing
  • PAT Port Redirection and the static command
  • The xlate command
  • Configure three interfaces
  • Configure four interfaces
  • The name command
17. Access Control List (ACL) Configuration and Content Filtering
  • Configuration of ACLs
  • Converting Conduits to ACLs
  • ICMP Interface control
  • Malicious active code filtering
  • URL filtering
18. Object Grouping
  • Understanding Object Groups
  • Network Objects
  • Service Objects
  • Port Objects
  • Object Nesting Rules
  • Using Object Groups to build Multi-layered access control
19. Advanced Protocol Handling
  • Multi-Channel Application Support
  • H.323
  • SQL*NET
  • RSH
  • FTP
  • Multimedia Support and the role of RTSP
  • SIP
  • Skinny (SSCP)
20. Attack Guards and Intrusion Detection
  • DNS Guard
  • Fragmentation Guard
  • Mail Guard
  • AAA Flood Guard
  • Mitigating Syn Flood attacks
  • IDS Support
  • IDS Signatures
  • Configuring PIX IDS support
  • Using the SHUN command
21. AAA Configuration on the Cisco PIX Firewall
  • The AAA Model
  • Cut-through proxy operation
  • Authentication of non-telnet, FTP or HTTP Traffic
  • AAA authorization configuration
  • Downloadable ACLs
  • AAA accounting configuration
  • Troubleshooting AAA
22. Cisco Secure PIX Firewall Failover
  • Understanding failover
  • Configuration replication
  • Interface testing
  • Configuring LAN-based failover
  • Test LAN-based failover and Stateful failover
23. PIX VPN Configuration
  • IPSec
  • Supported IPSec standards
  • Planning IKE configuration
  • Planning IPSec configuration
  • Configure policy and crypto map
  • Cisco VPN Client
  • Dynamic crypto map
  • IKE Mode config
  • IP Local Pool
  • Scaling IPSec with Certificate Authority
  • PPPoE configuration
  • 24. PIX System Maintenance
  • Remote access
  • Command-level authorization
  • Monitor mode and image upgrade
  • Password recovery
  • Secure Shell (SSH)
  • SNMP
  • Management tools
  • Upgrading activation keys to enable features
25. PIX Device Manager
  • GUI overview
  • New features of PDM 2.0
  • ACL rules
  • System monitoring and graphing
  • Configuration tasks
  • Using the VPN Wizard to greatly simplify VPN configuration
26. Overview and VPN and IPSec Technologies
  • IPSec overview
  • IPSec crypto components
  • IKE overview
  • How IPSec works
  • IPSec security associations
27. Cisco VPN 3000 Concentration Series Hardware
  • Overview of the Cisco VPN 3000 concentrator series
  • Cisco VPN 3000 Concentrator series models
  • Benefits and features of the Cisco VPN 3000 concentrator series
28. Cisco VPN 3000 for Remote Access Using Pre-Shared Keys
  • Overview of remote access using Pre-Shared keys
  • Initial configuration of the Cisco VPN 3000 concentrator series
  • Browser configuration of the Cisco VPN 3000 concentrator series
  • Configure users and groups
  • Configure IPSec
  • Configure the IPSec Client
  • Monitoring
29. Cisco VPN 3000 for Remote Access Using Digital Certificates
  • Certificate generation
  • Validating certificates
  • Configuring the Cisco VPN 3000 concentrator series for CA support
30. Cisco VPN Firewall Feature for IPSec Software Client
  • Overview of Software Client's Firewall feature
  • Software Client's Are You There feature
  • Software Client's Stateful Firewall feature
  • Software Client's Central Policy Protection feature
  • Client Firewall statistics
  • Customizing Firewall Policy
31. Monitor and Administer Cisco VPN 3000 Remote Access Networks
  • Monitoring
  • Administration
32. Configure Cisco VPN 3002 for Remote Access Using Pre-Shared Keys
  • Configure the VPN 3002 for "client mode" remote access.
  • Configure the VPN 3002 for "network extension mode" access
33. Configure the VPN 3002 for Unit and User Authentication
  • Overview of VPN 3002 Interactive Unit and User Authentication
  • Configuring VPN 3002 Interactive Unit Authentication
  • Configuring VPN 3002 User Authentication
  • Monitoring VPN 3002 User Statistics
34. Configure the VPN 3002 Backup Server and Load Balancing
  • Configuring the VPN 3002 Backup Server feature
  • Configuring VPN 3002 Load Balancing feature
  • Overview of the VPN 3002 Reverse Route Injection feature
35. Configure the VPN 3002 for Software Auto-Update
  • Overview and Configuration of the VPN 3002 software update
  • Monitoring the VPN 3002 software update
36. Configuring the VPN 3000 for IPSec over UDP and TCP
  • Configuring IPSec over TCP
  • Configuring IPSec over UDP
  • Monitoring session statistics
37. Configure Cisco VPN 3000 Site-to-Site with Pre-Shared Keys
  • Configure the concentrator via Quick Configuration
  • Configure LAN-to-LAN tunnels
  • Monitor LAN-to-LAN tunnels
  • Configure Network Lists
  • Configure Network Auto-discovery
38. Configure Cisco VPN 3000 Site-to Site with Digital Certificates
  • Explain the purpose of digital certificates
  • Explain how certificates requests are generated
39. Intrusion Detection Overview
  • Intrusion Detection terminology and technology
  • Host/Network Based IDS overview
  • Intrusion detection evasive techniques
40. Cisco Intrusion Protection Overview
  • Network/Host Sensor platforms
  • IDS communication overview
  • Deploying IDS
41. Sensor Appliance Installation
  • Sensor appliance models and usage
  • Sensor initialization
  • Basic sensor commands
42. Cisco IDS Device Manager and Event Viewer
  • IDS Device Manager installation
  • IDS Device Manager implementation
  • IDS Event Viewer installation
  • IDS Event Viewer implementation
  • Network Security Database
43. Sensor Configuration
  • Sensor setup
  • Sensor host communication
  • Sensor logging
44. Cisco IDS Alarms and Signatures
  • Cisco IDS Alarms and Signature descriptions
  • Cisco IDS micro-gbines:
  • Atomic Signature Micro-gbine description
  • Flood Signature Micro-gbine description
  • Service Signature Micro-gbine description
  • State Signature Micro-gbine description
  • String Signature Micro-gbine description
  • Sweep Signature Micro-gbine description
  • Signature Signature Micro-gbine selection
45. Sensing Configuration
  • Global sensing configuration
  • Signature configuration
  • Signature filtering
  • Custom signatures
  • Signature tuning
46. IP Blocking Configuration
  • ACL considerations
  • IP Blocking sensor configuration
  • Manual IP Blocking functions
47. Capturing Network Traffic for IDS
  • Network devices and capture methods
  • Switch SPAN configuration
  • Catalyst 6500 Switch capture configuration
  • Advance traffic capturing
48. Intrusion Detection System Module (IDSM) Configuration
  • IDSM Introduction
  • IDSM ports and traffic
  • IDSM initialization
  • Advanced IDSM configuration
  • IDSM commands
  • IDSM troubleshooting
49. Cisco Intrusion Detection System Maintenance
  • Software maintenance
  • Sensor updates
  • IDSM updates
50. Cisco IDS Architecture
  • Cisco IDS software architecture
  • Cisco IDS communication
  • Cisco IDS directory architecture
  • Cisco IDS service files
51. Enterprise IDS Management
  • IDS Management Center introduction
  • IDS Management Center installation
  • IDS Management Center Architecture directories and elements
  • IDS Management Center setting up sensors and Sensor Groups
  • IDS Management Center sensor configuration
  • IDS Management Center Generating, Approving, and Deploying configuration files
  • IDS Management Center Server administration
52. Enterprise IDS Monitoring and Reporting
  • Introduction
  • Installation
  • Security Monitor configuration
  • Event Viewer
  • Reporting
53. Cisco SAFE Implementation
  • Security Architecture Overview
  • The Cisco Security Portfolio
  • SAFE Small Network Design
  • SAFE Medium Network Design
  • SAFE Remote-User Network Implementation
  • CCSP Bootcamp Labs

CCSP Boot Camp Lab Exercise

Certifications

CCSP (Cisco Certified Security Professional)

 
Ê×    Ò³
¿Î³Ì½éÉÜ
¹ÜÀíóðÎÄ
¿Î³Ì°²ÅÅ
¹ØÓÚÎÒÃÇ
ÁªÏµÎÒÃÇ
Copyright©Alpha Consulting China Co. Ltd. All Rights Reserved
°æȨËùÓÐ Ôó¿¬ÆóÒµ¹ÜÀí×ÉѯÓÐÏÞ¹«Ë¾