Cisco CCNA Security plus ASA

Course Package

  • 5 days of classroom/ remote training
  • Digital recording of the classroom
  • Free retake policy
  • 24-hour lab access during course
  • Weekly live on-line revision sessions
  • Self-Paced CCNA Security revision & Labs

Cisco CCNA Security plus ASA Firewall

 

Want excellent training at a great deal?

Give us a call!

 

Earn your CCNA Security certification with us

 

£495+vat 5 days CCNA Security Training

 

The UK’s only Technical CCNA Security training course
Using real Cisco kit and led by Expert Instructors with comprehensive hands-on lab work

 

Get in Touch!

* These fields are required.

DATES

4th May
08.30 – 17.30 | Live On-Line

CCNA SECURITY COURSE CONTENTS

 

CISCO CCNA SECURITY COURSE CONTENTS

What’s on the Commsupport 5 day CCNA Security +ASA FIREWALL course in Detail

Below are the contents that we include in our CCNA Security course

Mitigate common Layer 2 attacks

You think your LAN network is safe. Not a chance! We will show you how vulnerable your network is. On the first day you learn how to defend your LAN from attackers. By the end of the day you will be able to prevent layer 2 attacks by configuring Catalyst switch security features.

• IP Source Guard
• Dynamic ARP inspection
• IP DHCP Snooping
• Private VLAN’s
• Vlan Access Control Lists
• Port Security using MAC security
• Port Security using 802.x security

Mitigate threats to Cisco routers and networks using ACLs

• You think you know ACL’s? think again, you will learn that ACL’s are the Devil when it comes to securing your router. But you will learn the functionality of standard, extended, and named IP ACLs used by routers to filter packets

• You will learn how to configure Reflexive and Dynamic ACL’s, plus you will configure and verify IP ACLs to mitigate given threats (filter IP traffic destined for Telnet, SNMP, and DDoS attacks) in a network using CLI

• Configure IP ACLs to prevent IP address spoofing using CLI

Implement secure network management and reporting

• Use CLI and CCP to configure SSH on Cisco routers to enable secured management access

• Use CLI and CCP to configure Cisco routers to send Syslog messages to a Syslog server

• Implement the Cisco IOS firewall feature set using CCP

• Describe the operational strengths and weaknesses of the different firewall technologies

 

Context Based Access Control

CBAC, what it is and what it does. You will learn how to configure a powerful firewall on your router, you will learn how to set up CBAC using the CLI and CCP and you will learn how to configure IOS TCP Intercept and Transparent IOS Firewall.

You will understand and explain what it means for a firewall to be stateful along with the operations and the function of the state table.

Implement Zone Based Firewall

(ZBF) using CCP and command line, learn to configure the Zones using the CLI. Master the Modular Policy Framework (MPF). How you can block anything from URL’s to file extensions using the immensely powerful ZBF

Understand and Configure the MPF
• Class maps
• Policy maps
• Zone pairings
• Service Policies
• Inspect rules
• What is the Self Zone and how it affects your router
• Getting traffic through the ZBF
• NAT and the ZBF
• VPN’s and the ZBF
• ZBPF Exceptions
• Port to Application Mapping (PAM)
• ZBPF Parameter Tuning
• ZBPF Application Inspection

Implement the Cisco IOS IPS feature set using CCP and CLI

• Define network based vs. host based intrusion detection and prevention, learn the difference between false positives and true negatives.

• Explain IPS, signatures, honey pots, policy based IPS, Fail opens and Fail closes, attack responses, and monitoring options.

• Configure IOS based IPS operations using CCP and CLI

 

Securing IPv6 Data Plane

• Why IPv6
• Understanding IPv6 address formats
• Ipv6 address types
• Best practises common to IPv6 and IPv4
• Threats common to both IPv6 and IPv4
• New Potential Risks
• IPv6 best practises

Implement site-to-site VPNs on Cisco Routers using CCP and CLI

Don’t know your Diffie Hellman from your RSA! You will learn the different methods used in cryptography, key generation and distribution

ISAKMP and IKE keeping you awake at night? Don’t know which is which? don’t fret we will show you how these protocols work. What to do when phase one fails to establish and what can go wrong along with how to fix phase one issues

How does IPSEC work and what are the building blocks and the security functions it
provides

You will learn how to Configure and verify an IPSec site-to-site VPN with pre-shared key and certificate authentication using the CLI and the CCP. We go through all the possible scenarios you will encounter in the real world

• Site to Site VPN’s
• Site to Site VPN’s through a Firewall
• Site to Site VPN’s through NAT
• Site to Site VPN’s using Certificates
• Implement Client and Clientless VPN’S on Cisco Routers using CCP and CLI
• Learn how to configure Remote site client based VPN’s
• Learn how to configure Remote site clientless SSL VPN’s
• Learn how to configure Remote site client based Anyconnect VPN’s
• Describe the security threats facing modern network infrastructures
• Describe and list mitigation methods for common network attacks
• Describe and list mitigation methods for Worm, Virus, and Trojan Horse attacks
• Describe the Cisco Self Defending Network architecture

Secure Cisco routers

• Secure Cisco routers using the CCP Security Audit feature
• Use the One-Step Lockdown feature in CCP to secure a Cisco router
• Secure administrative access to Cisco routers by setting strong encrypted passwords, exec timeout, login failure rate and using IOS login enhancements
• Secure administrative access to Cisco routers by configuring multiple privilege levels
• Secure administrative access to Cisco routers by configuring role based CLI
• Secure the Cisco IOS image and configuration file.

Implement AAA on Cisco routers using local router database and external ACS

• Explain the functions and importance of AAA
• Describe the features of TACACS+ and RADIUS AAA protocols
• Configure AAA authentication
• Configure AAA authorization
• Configure AAA accounting

 

CISCO ASA SECTION

 

Getting Started with Cisco Security Appliances

• Security appliance file management system
• Security appliance security levels
• ASA requirements and capabilities
• Use the CLI to configure and verify basic network settings, and prepare the security
• appliance for configuration via ASDM
• Verify security appliance configuration and licensing via ASDM

Essential Security Appliance Configuration

• Configure a security appliance for basic network connectivity
• Verify the initial configuration
• Password Recovery
• System IOS Recovery
• SSH
• Set the clock and synchronize the time on security appliances
• Configure the security appliance to send syslog messages to a syslog server
• Configuring the ASDM

Configuring Network Address Translations and Connection Limits

• Function of TCP and UDP protocols within the security appliance
• Function of static NAT and dynamic address translations
• Configure dynamic address translation
• Configure static address translation
• Set connection limits

Using ACLs and Content Filtering

• Configure the basic function of ACLs
• Configure additional functions of ACLs
• Configure active code filtering (ActiveX and Java applets)
• Configure the security appliance for URL filtering

Configuring Object Grouping

• Object grouping feature of the security appliance and its advantages
• Configure object groups and use them in ACLs

Using Transparent Firewalls

• Firewall Mode Overview
• Configuring Transparent Firewall Mode
• Controlling Traffic in Transparent Mode
• Using ARP Inspection
• Disabling MAC address learning

Multi-Mode aka Multi Context Firewalls

• Cisco Virtual Firewall Overview
• Deployment Choices and Limitations
• Configuring the System Execution Context
• The Admin Context
• Creating Security Contexts
• Managing Security Contexts
• Packet Classification
• Creating Resource-classes
• Verifying Resource management

Configuring Hardware Stateless and Stateful Failover

• ASA Failover overview
• Detecting an ASA failover
• Configuring Primary and Secondary Units
• Configure Failover using the CLI
• Configuring Interface Failover
• Configure Failover timers
• Configure ASA Failover Health Monitoring
• Configuring Zero Downtime Failover

Configuring VPN’s on a Cisco ASA firewall

• Anyconnect VPN’s
• SSL Clientless VPN’s
• Site to Site VPN’s



 

5 day – Cisco CCNA Security course

<

 

Designed to build knowledge and show competency with network security, the CCNA Security qualification from Cisco focuses on the latest hardware and software from the market leader in networking. With a huge demand for job-ready network security experts, the CCNA Security certification is a great way to qualify IT professionals for a range of roles in an established area of the industry.

 

Holding a CCNA Security certification highlights competency in installing, troubleshooting, and monitoring network devices with an emphasis on safety and security. With a clear focus on core security technologies, this certification shows that a network professional is able to recognize and stop threats before they develop, as well as identifying and fixing network vulnerabilities before they are exposed.

 

At Commsupport, we include real-world, hands-on experience with ASA technology with our CCNA Security course, because we appreciate what hiring companies expect from their network engineers. Getting hands-on experience with ASA while studying the CCNA Security course will ensure you are ready to hit the ground running as a network security engineer after you receive your qualification.

 

Comprehensive CCNA Security Lab manuals

 

We are the only technical training company focusing not only on passing the Cisco CCNA Security exam but also focusing on ensuring that all our students are put through their paces with our unique comprehensive Lab manuals and classroom technical practical exercises. Our CCNA Security training course lab manuals are a product of nearly 10 years of continuous development. Our CCNA Security training course lab’s manuals are responsible for creating great network engineers. Contact us for a sample of one of our labs.

 

More than the Official Cisco CCNA Security training course Syllabus

 

From the very start we have always been of the mind that the official Cisco CCNA Security training course syllabus left a lot of room for improvement, when Cisco first released the CCNA Security course the content was a little thin on the ground so we added our own very comprehensive sections on the Cisco ASA firewall and very detailed study regarding a wide range of VPN’s

 

With our CCNA Security training course, you will benefit from a deeper understanding of the Cisco ASA Firewall along with Site-To-Site VPN’s, Anyconnect VPN’s, VTI tunnels, DMVPN tunnels. We really throw the book at our students when it comes to VPN’s and Firewalls.

 

No Death by PowerPoint on the CCNA Security training course

 

We are human ourselves and the last thing we want is to bore our students with an endless stream of powerpoint slide after another. All of our lectures and training sessions are focused on involving the students all the way with live demonstrations before our students practice what they have learned then backed up with challenge labs against the clock

 

 

Your Complete CCNA Security training course Session recorded

 

Your Instructor-led CCNA Security training course Is RECORDED from start to finish, That’s right from the first to last, every word and every example and every piece of configuration is recorded in real time just for you, at the end of your course you will have access to the recordings of the class you just attended, We were the first and are the only training company in the world which does this.

 

 

FREE RETAKES – Attend the CCNA Security training course again from anywhere

 

If you feel you need more time and instruction, you can come back onto the course for free from anywhere in the world provided you have internet access via our unique Virtual On-Line CCNA Security training course or come back to the classroom. When you book your course you can start pretty much straight away if that course is running that week.

 

Call us for a free trial of the Virtual On-Line CCNA Security training course

 

Access to our Weekly Live Online CCNA Security training course  Revision Sessions

 

As a Commsupport student you will have the ability to gain access to our great live-online Webinar sessions, once again Commsupport is No:1 which we run once a week, this way you are always looked after even when you leave the CCNA Security training course. Contact us to find out more about our great webinar

 

 

One Physical Cisco Lab per Student

 

As We are unique in the industry of providing a stand-alone physical Cisco CCNA Security training course Lab setup per student. We do not expect our students to share equipment on our courses as you may find on other provider courses. Each student will work with their own Cisco ASA firewall as well as a collection of Cisco routers and switches

 

 

Come and Pay us a Visit – Sit in the CCNA Security training course

 

Once again we are unique in allowing you to come and visit us in the classroom sit with the students and see for yourselves if we are right for you, or alternatively, you can access the classroom remotely via GoToMeeting where you can hear and see the classroom lectures. Please contact us before you plan to visit.

 

 

Who is this CCNA Security training course for?

 

This is an ideal course if you’re looking to move up the ladder in the Cisco world. All you need is the Cisco CCNA certification and then you can go into the Security aspect. This means it is very accessible, especially to current Networking Engineers and if you’re new to the industry.

 

Job roles: Security Specialist, Security Administrator, Network Security Support Engineer and Network Administrator.

 

Salary: As a Cisco Security Specialist, the current median salary in London is £57,500.

 

 

Finance options

 

We appreciate that the cost of the course can be a major deciding factor. To ease the process, we offer a Finance option which is easy to apply for and you get accepted within a few minutes!

 

This option can be funded extremely quickly and we will tailor the plan around you. Please give us a call or enquire and we’ll discuss it further with you.

 

The CCNA Security full course in CCNA security london is a CCNA security Classroom training course

 

CCNA SECURITY COURSE CONTENTS

 

CISCO CCNA SECURITY COURSE CONTENTS

What’s on the Commsupport 5 day CCNA Security+ASA FIREWALL course in Detail

Below are the contents that we include in our CCNA Security course

Mitigate common Layer 2 attacks

You think your LAN network is safe. Not a chance! We will show you how vulnerable your network is. On the first day you learn how to defend your LAN from attackers. By the end of the day you will be able to prevent layer 2 attacks by configuring Catalyst switch security features.

• IP Source Guard
• Dynamic ARP inspection
• IP DHCP Snooping
• Private VLAN’s
• Vlan Access Control Lists
• Port Security using MAC security
• Port Security using 802.x security

Mitigate threats to Cisco routers and networks using ACLs

• You think you know ACL’s? think again, you will learn that ACL’s are the Devil when it comes to securing your router. But you will learn the functionality of standard, extended, and named IP ACLs used by routers to filter packets

• You will learn how to configure Reflexive and Dynamic ACL’s, plus you will configure and verify IP ACLs to mitigate given threats (filter IP traffic destined for Telnet, SNMP, and DDoS attacks) in a network using CLI

• Configure IP ACLs to prevent IP address spoofing using CLI

Implement secure network management and reporting

• Use CLI and CCP to configure SSH on Cisco routers to enable secured management access

• Use CLI and CCP to configure Cisco routers to send Syslog messages to a Syslog server

• Implement the Cisco IOS firewall feature set using CCP

• Describe the operational strengths and weaknesses of the different firewall technologies

 

Context Based Access Control

CBAC, what it is and what it does. You will learn how to configure a powerful firewall on your router, you will learn how to set up CBAC using the CLI and CCP and you will learn how to configure IOS TCP Intercept and Transparent IOS Firewall.

You will understand and explain what it means for a firewall to be stateful along with the operations and the function of the state table.

Implement Zone Based Firewall

(ZBF) using CCP and command line, learn to configure the Zones using the CLI. Master the Modular Policy Framework (MPF). How you can block anything from URL’s to file extensions using the immensely powerful ZBF

Understand and Configure the MPF
• Class maps
• Policy maps
• Zone pairings
• Service Policies
• Inspect rules
• What is the Self Zone and how it affects your router
• Getting traffic through the ZBF
• NAT and the ZBF
• VPN’s and the ZBF
• ZBPF Exceptions
• Port to Application Mapping (PAM)
• ZBPF Parameter Tuning
• ZBPF Application Inspection

Implement the Cisco IOS IPS feature set using CCP and CLI

• Define network based vs. host based intrusion detection and prevention, learn the difference between false positives and true negatives.

• Explain IPS, signatures, honey pots, policy based IPS, Fail opens and Fail closes, attack responses, and monitoring options.

• Configure IOS based IPS operations using CCP and CLI

 

Securing IPv6 Data Plane

• Why IPv6
• Understanding IPv6 address formats
• Ipv6 address types
• Best practises common to IPv6 and IPv4
• Threats common to both IPv6 and IPv4
• New Potential Risks
• IPv6 best practises

Implement site-to-site VPNs on Cisco Routers using CCP and CLI

Don’t know your Diffie Hellman from your RSA! You will learn the different methods used in cryptography, key generation and distribution

ISAKMP and IKE keeping you awake at night? Don’t know which is which? don’t fret we will show you how these protocols work. What to do when phase one fails to establish and what can go wrong along with how to fix phase one issues

How does IPSEC work and what are the building blocks and the security functions it
provides

You will learn how to Configure and verify an IPSec site-to-site VPN with pre-shared key and certificate authentication using the CLI and the CCP. We go through all the possible scenarios you will encounter in the real world

• Site to Site VPN’s
• Site to Site VPN’s through a Firewall
• Site to Site VPN’s through NAT
• Site to Site VPN’s using Certificates
• Implement Client and Clientless VPN’S on Cisco Routers using CCP and CLI
• Learn how to configure Remote site client based VPN’s
• Learn how to configure Remote site clientless SSL VPN’s
• Learn how to configure Remote site client based Anyconnect VPN’s
• Describe the security threats facing modern network infrastructures
• Describe and list mitigation methods for common network attacks
• Describe and list mitigation methods for Worm, Virus, and Trojan Horse attacks
• Describe the Cisco Self Defending Network architecture

Secure Cisco routers

• Secure Cisco routers using the CCP Security Audit feature
• Use the One-Step Lockdown feature in CCP to secure a Cisco router
• Secure administrative access to Cisco routers by setting strong encrypted passwords, exec timeout, login failure rate and using IOS login enhancements
• Secure administrative access to Cisco routers by configuring multiple privilege levels
• Secure administrative access to Cisco routers by configuring role based CLI
• Secure the Cisco IOS image and configuration file.

Implement AAA on Cisco routers using local router database and external ACS

• Explain the functions and importance of AAA
• Describe the features of TACACS+ and RADIUS AAA protocols
• Configure AAA authentication
• Configure AAA authorization
• Configure AAA accounting

 

CISCO ASA SECTION

 

Getting Started with Cisco Security Appliances

• Security appliance file management system
• Security appliance security levels
• ASA requirements and capabilities
• Use the CLI to configure and verify basic network settings, and prepare the security
• appliance for configuration via ASDM
• Verify security appliance configuration and licensing via ASDM

Essential Security Appliance Configuration

• Configure a security appliance for basic network connectivity
• Verify the initial configuration
• Password Recovery
• System IOS Recovery
• SSH
• Set the clock and synchronize the time on security appliances
• Configure the security appliance to send syslog messages to a syslog server
• Configuring the ASDM

Configuring Network Address Translations and Connection Limits

• Function of TCP and UDP protocols within the security appliance
• Function of static NAT and dynamic address translations
• Configure dynamic address translation
• Configure static address translation
• Set connection limits

Using ACLs and Content Filtering

• Configure the basic function of ACLs
• Configure additional functions of ACLs
• Configure active code filtering (ActiveX and Java applets)
• Configure the security appliance for URL filtering

Configuring Object Grouping

• Object grouping feature of the security appliance and its advantages
• Configure object groups and use them in ACLs

Using Transparent Firewalls

• Firewall Mode Overview
• Configuring Transparent Firewall Mode
• Controlling Traffic in Transparent Mode
• Using ARP Inspection
• Disabling MAC address learning

Multi-Mode aka Multi Context Firewalls

• Cisco Virtual Firewall Overview
• Deployment Choices and Limitations
• Configuring the System Execution Context
• The Admin Context
• Creating Security Contexts
• Managing Security Contexts
• Packet Classification
• Creating Resource-classes
• Verifying Resource management

Configuring Hardware Stateless and Stateful Failover

• ASA Failover overview
• Detecting an ASA failover
• Configuring Primary and Secondary Units
• Configure Failover using the CLI
• Configuring Interface Failover
• Configure Failover timers
• Configure ASA Failover Health Monitoring
• Configuring Zero Downtime Failover

Configuring VPN’s on a Cisco ASA firewall

• Anyconnect VPN’s
• SSL Clientless VPN’s
• Site to Site VPN’s