Logo

Maxtrain.com - [email protected] - 513-322-8888 - 866-595-6863

SL-SENSS

Implementing Cisco Edge Network Security Solutions

Alert Me

Description

Implementing Cisco Edge Network Security Solutions (SENSS) v1.0 is a newly created 5 day instructor-led training (vILT) course which is part of the curriculum path leading to the Cisco Certified Network Professional Security (CCNP© Security) certification. Additionally, it is designed to prepare security engineers with the knowledge and hands-on experience to prepare them to configure Cisco perimeter edge security solutions utilizing Cisco Switches, Cisco Routers, and Cisco Adaptive Security Appliance (ASA) Firewalls.

The goal of the course is to provide students with foundational knowledge and the capabilities to implement and managed security on Cisco ASA firewalls, Cisco Routers with the firewall feature set, and Cisco Switches.
The student will gain hands-on experience with configuring various perimeter security solutions for mitigating outside threats and securing network zones. At the end of the course, students will be able to reduce the risk to their IT infrastructures and applications using Cisco Switches, Cisco ASA, and Router security appliance feature and provide detailed operations support for these products.

Upon completing this course, the learner will be able to meet these overall objectives:

  • Understand current security threat landscape
  • Understanding and implementing Cisco modular Network Security Architectures such as
  • SecureX and TrustSec
  • Deploy Cisco Infrastructure management and control plane security controls
  • Configuring Cisco layer 2 and layer 3 data plane security controls
  • Implement and maintain Cisco ASA Network Address Translations (NAT)
  • Implement and maintain Cisco IOS Software Network Address Translations (NAT)
  • Designing and deploying Cisco Threat Defense solutions on a Cisco ASA utilizing access
  • policy and application and identity based inspection
  • Implementing Botnet Traffic Filters
  • Deploying Cisco IOS Zone-Based Policy Firewalls (ZBFW)
  • Configure and verify Cisco IOS ZBFW Application Inspection Policy

Outline

Module 1: Cisco Secure Design Principles

Lesson 1: Network Security Zoning This lesson defines how to identify the benefits of implementing a Cisco Zone based security architecture solution. Upon completing this lesson, the learner will be able to meet these objectives:
  • Describe the principles behind zone based security architecture
Lesson 2: Cisco Module Network Architecture This lesson defines how why it is important to develop a modular security architecture. Upon completing this lesson, the learner will be able to meet these objectives:
  • Describe the various approaches to architecting a security solution based on access areas
Lesson 3: Cisco SecureX Architecture This lesson defines how to identify the components and functions of a Cisco SecureX solution. Upon completing this lesson, the learner will be able to meet these objectives:
  • Describe Cisco SecureX network-centric approach
  • Understand the enforcement model
  • Align corporate business needs to network security policies
  • Integrate global intelligence with context-aware networking
Lesson 4: Cisco TrustSec Solutions This lesson defines how to identify the components and functions of a Cisco TrustSec solution. Upon completing this lesson, the learner will be able to meet these objectives:
  • Describe the architecture and deployment options for a TrustSec solution
  • Understand the basics to identify based security control
  • Basics of Profiling and devices assessment
  • How Security Group Tagging (SGA) is integrated into the network
Module 2: Implement Network Infrastructure Protection Lesson 1: Introducing Cisco Network Infrastructure Architecture This lesson defines how to describe the basic concepts of why network infrastructure equipment should be protected. Upon completing this lesson, the learner will be able to meet these objectives:
  • Understand the threats and risks facing the network infrastructure
Lesson 2: Deploying Cisco IOS Control Plane Security Controls This lesson defines how and why to configuring Cisco IOS security to limit access to the IOS control plane. Upon completing this lesson, the learner will be able to meet these objectives:
  • Describe how to implement Cisco IOS control plane security
Lesson 3: Deploying Cisco IOS Management Plane Security Controls Upon completing this lesson, the learner will be able to meet these objectives:
  • Describe how to implement Cisco IOS management plane security
Lesson 4: Deploying Cisco ASA Management Plane Security Controls Upon completing this lesson, the learner will be able to meet these objectives:
  • Describe how to implement Cisco ASA management plane security

Lesson 5: Deploying Cisco Traffic Telemetry Methods

Upon completing this lesson, the learner will be able to meet these objectives:
  • Understand how telemetry data such as NTP, logging, and NetFlow can improve network security posture
Lesson 6: Deploying Cisco IOS Layer 2 Data Plane Security Controls Upon completing this lesson, the learner will be able to meet these objectives:
  • Describe
Lesson 7: Deploying Cisco IOS Layer 3 Data Plane Security Controls Upon completing this lesson, the learner will be able to meet these objectives:
  • Describe Cisco IOS Layer 3 Data Plane Security controls such as antispoofing ACLs, uRPF, and IP Source Guard.
Module 3: Deploying NAT on Cisco IOS and Cisco Adaptive Security Appliance (ASA) Lesson 1: Introducing Network Address Translation Understand the basics need for Network Address translation. Upon completing this lesson, the learner will be able to meet these objectives:
  • Review the fundamentals of Network Address Translation
  • Learn the different between PAT, Dynamic NAT, and Static NAT
Lesson 2: Deploying Cisco ASA Network Address Translation Understand the requirements for setting up Network Address Translation on a Cisco ASA firewall. Upon completing this lesson, the learner will be able to meet these objectives:
  • Learn to configure NAT to support many use cases
Lesson 3: Deploying Cisco IOS Software Network Address Translation Understand how to implement NAT on an IOS software device. Upon completing this lesson, the learner will be able to meet these objectives:
  • Learn how NAT functions on an IOS Software device
  • Configure both Static NAT and dynamic NAT
Module 4: Deploying Threat Controls on Cisco ASA Lesson 1: Introducing Cisco Threat Controls This lesson defines how to identify what features are available on the ASA to support threat control. Upon completing this lesson, the learner will be able to meet these objectives:
  • Understand the features and solutions for configuring ASA threat control
Lesson 2: Deploying Cisco ASA Basic Access Controls This lesson defines how to configure Cisco ASA basic access policies. Upon completing this lesson, the learner will be able to meet these objectives:
  • Understand the configuration requirements and functionality of Cisco ASA access controls
Lesson 3: Deploying Cisco ASA Application Inspection Policies Upon completing this lesson, the learner will be able to meet these objectives:
  • Setup and configure ASA with Application Inspections policies
Lesson 4: Deploying Cisco ASA Botnet Traffic Filtering Upon completing this lesson, the learner will be able to meet these objectives:
  • Overview and Configuration of Cisco ASA Botnet Traffic Filter
Lesson 5: Deploying Cisco ASA Identity Based Firewall Upon completing this lesson, the learner will be able to meet these objectives:
  • Overview and Configuration of Cisco Identity Based Firewall
Module 5: Deploying Threat Controls on Cisco IOS Software Lesson 1: Deploying Cisco IOS Software with Basic Zone-Based Firewall Policies This lesson provides an overview and configuration tasks of Cisco IOS Zone-Based Policy Firewall:
  • Overview and configuration of ZBPF Access Control Policies.
Lesson 2: Deploying Cisco IOS Software Zone-Based Firewall with Application Inspection Policies Upon completing this lesson, the learner will be able to meet these objectives.
  • Describe how to implement ZBFW policy for certain application inspection rules
Labs:
  • Lab 2-1: Configuring Cisco Control and Management Plane Security
  • Lab 2-2: Configuring Traffic Telemetry Methods
  • Lab 2-3: Configuring Layer 2 Data Plane Security Controls
  • Lab 2-4: Configuring Layer 3 Data Plane Security Controls
  • Lab 3-1: Configure Cisco ASA Network Address Translation
  • Lab 3-2: Configure Cisco IOS Software for Network Address Translation
  • Lab 4-1: Configuring Cisco ASA Access Control Features
  • Lab 4-2: Configuring Cisco Application Inspection Policy
  • Lab 4-3: Configuring Cisco Botnet Traffic Filtering
  • Lab 4-4: Configuring Cisco Identity Based Firewall
  • Lab 5-1: Configuring Cisco IOS Software with Basic Zone-Based Firewall
  • Lab 5-2: Configuring Cisco IOS Software with Basic Zone-Based Firewall

PreRequisites

Cisco Certified Network Associate (CCNA©_) certification
Cisco Certified Network Associate (CCNA©_) Security certification
Knowledge of Microsoft Windows operating system

Audience

The primary audience for this course is as follows:
Network Security Engineers
$3695.00 List Price

5 Days Course

Class Dates

Request a Date or a Private Class below.


MAX Educ. Savings
Categories: , Tags: ,
Loading ...