CCNA Security (210-660)
Cryptofy is a leading IT Institute of CCNA Security. This course deliver the security concepts, VPN understanding, understand the secure access management, firewall, IPS, endpoint security along with the email and web security. We also provide Online CCNA Security training
Module 1:
Common security principles
Describe confidentiality, integrity, availability (CIA)Describe SIEM technology
Identify common security terms
Identify common network security zones
Module 2:
Common security threats
Identify common network attacksDescribe social engineering
Identify malware
Classify the vectors of data loss/exfiltration
Module 3:
Cryptography concepts
Describe key exchangeDescribe hash algorithm
Compare and contrast symmetric and asymmetric encryption
Describe digital signatures, certificates, and PKI
Module 4:
Describe network topologies
Campus area network (CAN)Enable and verify Cisco IOS IPS operations using SDM.
Cloud, wide area network (WAN)
Data center
Small office/home office (SOHO)
Network security for a virtual environment 2015 Cisco Systems, Inc. This document is Cisco Public.
Module 5:
Secure Access
Secure managementCompare in-band and out-of band
Configure secure network management
Configure and verify secure access through SNMP v3 using an ACL
Configure and verify security for NTP
Use SCP for file transfer
Module 6:
AAA concepts
Describe RADIUS and TACACS+ technologiesConfigure administrative access on a Cisco router using TACACS+
Verify connectivity on a Cisco router to a TACACS+ server
Explain the integration of Active Directory with AAA
Describe authentication and authorization using ACS and ISE
Module 7:
802.1X authentication
Identify the functions 802.1X componModule 8:
VPN
VPN conceptsDescribe IPsec protocols and delivery modes (IKE, ESP, AH, tunnel mode, transport mode)
Describe hairpinning, split tunneling, always-on, NAT traversal
Site-to-site VPN
Implement an IPsec site-to-site VPN with pre-shared key authentication on Cisco routers and ASA firewalls
Verify an IPsec site-to-site VPN
Module 9:
Remote access VPN
Implement basic clientless SSL VPN using ASDMVerify clientless connection
Implement basic AnyConnect SSL VPN using ASDM
Verify AnyConnect connection
Identify endpoint posture assessment
Module 10:
Secure Routing and Switching
Security on Cisco routersConfigure multiple privilege levels
Configure Cisco IOS role-based CLI access
Implement Cisco IOS resilient configuration
Module 11:
Securing routing protocols
Implement routing update authentication on OSPF 2015 Cisco Systems, Inc. This document is Cisco PublicModule 12:
Securing the control plane
Explain the function of control plane policingModule 13:
Common Layer 2 attacks
Describe STP attacksDescribe ARP spoofing
Describe MAC spoofing
Describe CAM table (MAC address table) overflows
Describe CDP/LLDP reconnaissance
Describe VLAN hopping
Describe DHCP spoofing
Module 14:
Mitigation procedures
Implement DHCP snoopingImplement Dynamic ARP Inspection
Implement port security
Describe BPDU guard, root guard, loop guard
Verify mitigation procedures
Module 15:
VLAN security
Describe the security implications of a PVLANDescribe the security implications of a native VLAN
Module 16:
Cisco Firewall Technologies
Describe operational strengths and weaknesses of the different firewall technologiesProxy firewalls
Application firewall
Personal firewall
Module 17:
Compare stateful vs. stateless firewalls
OperationsFunction of the state table
Module 18:
Implement NAT on Cisco ASA 9.x
StaticDynamic
PAT
Policy NAT
Verify NAT operations
Module 19:
Implement zone-based firewall
Zone to zoneSelf zone
Firewall features on the Cisco Adaptive Security Appliance (ASA) 9.x
Module 20:
Configure ASA access management
Configure security access policies 2015 Cisco Systems, Inc. This document is Cisco PublicConfigure Cisco ASA interface security levels
Configure default Cisco Modular Policy Framework (MPF)
Describe modes of deployment (routed firewall, transparent firewall)
Describe methods of implementing high availability
Describe security contexts
Describe firewall services
Module 21:
Securing the control plane
Explain the function of control plane policingModule 22:
IPS
Describe IPS deployment considerationsNetwork-based IPS vs. host-based IPS
Modes of deployment (inline, promiscuous - SPAN, tap)
Placement (positioning of the IPS within the network)
False positives, false negatives, true positives, true negatives
Describe IPS technologies
Rules/signatures
Detection/signature engines
Trigger actions/responses (drop, reset, block, alert, monitor/log, shun)
Blacklist (static and dynamic)
Module 23:
Describe mitigation technology for email-based threats
SPAM filtering, anti-malware filtering, DLP, blacklisting, email encryptionModule 24:
Describe mitigation technology for web-based threats
Local and cloud-based web proxiesBlacklisting, URL filtering, malware scanning, URL categorization, web application filtering, TLS/SSL decryption
Module 25:
Describe mitigation technology for endpoint threats
Anti-virus/anti-malwarePersonal firewall/HIPS
Hardware/software encryption of local data