Logo

CCNA Security

Cisco CCNA Course In Dubai

Cisco Certified Network Associate Security (CCNA Security) validates associate-level knowledge and skills required to secure Cisco networks. With a CCNA Security certification, a network professional demonstrates the skills required to develop a security infrastructure, recognize threats and vulnerabilities to networks, and mitigate security threats.

The CCNA Security Certification is the next step after the CCNA R&S to enhance your associate level skill set in network security. It prepares you for entry-level security career opportunities to meet the growing demand of network for network security professionals.

 
Prerequisites:
Any valid Cisco CCENT, CCNA Routing and Switching, or any CCIE certification can act as a prerequisite
  • Module 1 : Common Security Threats
    • Describe common security threats
    • Common threats to the physical installation
    • Mitigation methods for common network attacks
    • Email-based threats
    • Web-based attacks
    • Mitigation methods for Worm, Virus, and Trojan Horse attacks
    • Phases of a secure network lifecycle
    • Security needs of a typical enterprise with a comprehensive security policy
    • Mobile/remote security
    • DLP
  • Module 2 : Authentication, Authorization & Accounting (AAA)
    • What is AAA?
    • TACAS+ vs. RADIUS
    • TACAS+ and RADIUS Configuration
    • Authentication Configuration
    • AAA Login
    • Using AAA for Privileged EXEC Mode and PPP
    • Accounting
    • Authorization
    • Configuring AAA with SDM
    • Configuring AAA with CLI router and Switches
    • Configuring AAA with ASA
  • Module 3 : Layer 2 Security
  • 3.1 Describe Layer 2 security using Cisco switches
    • STP attacks
    • ARP spoofing
    • MAC spoofing
    • CAM overflows
    • CDP/LLDP
  • 3.2 Describe VLAN security
    • Voice VLAN
    • PVLAN
    • VLAN hopping
    • Native VLAN
  • 3.3 Implement VLANs and trunking
    • VLAN definition
    • Grouping functions into VLANs
    • Considering traffic source to destination paths
    • Trunking
    • Native VLAN
    • VLAN Trunking Protocols
    • Inter-VLAN Routing
    • Private-vlan
  • 3.4 Configuring Port-Security
    • Preventing CAM Overflow Attacks with Port Security
    • Port Security
    • Configuring Port Security
    • Misconfiguring Port Security
    • Aging Time for Secure Addresses
    • Sticky Addresses
    • Configuring MAC Table Event Notification
    • Dot1x Port-Based Authentication
  • 3.5 Implement spanning tree
    • Potential issues with redundant switch topologies
    • STP operations
    • Resolving issues with STP - RootGuard , BpduGuard, Bpdufilter
  • 3.6 Basic L2 Security Features
    • Cisco Password
    • Cisco Lightweight Extensible Authentication Protocol (LEAP)
    • Extensible Authentiaction Protocol-Flexible Authentication via Secure Tunneling (EAP-FAST)
    • Local SPAN Configuration
    • Remote SPAN Configuration
    • VACL
    • PACL
  • Module 4 : Layer 3 Security
  • 4.1 Basic Security
    • Configuring Enable Password
    • Privileged Level Password vs. Privleged Level Secret
    • Encrypting Passwords
    • Creating and Testing Minimum Length Password Policy
    • Telnet and SSH
    • exec-timeout Command
  • 4.2 Access-list Control - ACL
    • IPv4
    • IPv6
    • Object groups
    • ACL operations
    • Types of ACLs (dynamic, reflexive, time-based ACLs)
    • ACL wild card masking
    • Standard ACLs
    • Extended ACLs
    • Named ACLs
    • VLSM
  • 4.3 Network Time Protocol (NTP)
    • Configuring NTP Master Time Source
    • Configuring Peering with NTP Peers Command
    • Creating Banners
    • Different Types of Network Attacks
  • 4.4 Attacks
    • Denial of Services (DoS) Attack and SYN Flooding Attack
    • TCP Intercept Defense
    • ICMP (Ping) Sweep, Port Scan and Port Sweep
    • Smurf Attacks
    • IP Spoofing
    • IP Source Routing
    • Packet Sniffers and Queries
    • Password Attacks
    • Salami Attack
    • Other Network Attacks Types - Trust Exploitation
    • Superviews - Role-Based CLI Views
    • AutoSecure
    • One-Step Lockdown.
    • Security Audit
  • Module 5 : Describe Intrusion Prevention System (IPS) deployment considerations
    • SPAN
    • IPS product portfolio
    • Placement
    • Caveats
  • 5.2 Describe IPS technologies
    • Attack responses
    • Monitoring options
    • Syslog
    • SDEE
    • Signature engines
    • Signatures
    • Global correlation and SIO
    • Network-based
    • Host-based
  • 5.3 Configure Cisco IOS IPS using CCP
    • Logging
    • Signatures
  • Module 6 : Firewalls
  • 6.1 Describe operational strengths and weaknesses of the different firewall technologies
    • Proxy firewalls
    • Packet and stateful packet
    • Application firewall
    • Personal firewall
  • 6.2 Describe stateful firewalls
    • Operations
    • Function of the state table
  • 6.3 Describe the types of NAT used in firewall technologies
    • Static
    • Dynamic
    • PAT
    • Translation (PAT)
    • Functions of NAT, PAT, and NAT Overload
    • Translating Inside Source addresses
    • Overloading Inside global addresses
  • 6.4 Implement zone based policy firewall using CCP
    • Zone to zone
    • Self zone
  • Module 7 : VPN (Virtual Private Network)
  • 7.1 Cryptography and Virtual Private Networks (VPNs)
    • Symmetric
    • Asymetric
    • HMAC
    • Message digest (VTP)
    • PKI
  • 7.2 Describe the building blocks of IPSec
    • IKE
    • ESP
    • AH
    • Tunnel mode
    • Transport mode
    • IPsec
    • SSL
  • 7.3 Implement an IOS IPSec site-to-site VPN with pre-shared key authentication
    • CCP
    • CLI
  • 7.4 Implement SSL VPN using ASA device manager
    • Clientless
    • AnyConnect
  • Module 8 : Introduction to Voice and SAN Security
    • Voice Over IP Overview
    • Gateways and Gatekeepers
    • VoIP Protocols
    • Typical VoIP Attacks and Precautions
    • Introduction to Storage Area Networking (SAN)
    • SAN Transport Technologies and Protocols
    • SAN Security - LUNS and LUN Masking
    • SAN Zones
    • Virtual SANs (VSANs)
    • FCAP and FCPAP

The following modes of training are available for this course

  • Regular duration Training program
  • Fast Track Training program
  • Customized Bootcamp
  • Customized Online Training program
(All the above modes of training include theory and practical as per the requirement of the course)
Exam Number: 640-554 IINS
Associated Certifications: CCNA Security
Duration: 90 minutes (55-65 questions)
Available Languages: English, Japanese
Exam Center Any Pearson VUE Authorized Testing Center

Enquire Now

 
  • *
    Please fill the text field
  • *
    Please fill the text field
  • *
    Please enter the email