Description

Studies have shown that over recent years there have been increases in the number of network attacks and the number of simplified tools available to carry out such attacks. Although the number of attacks has increased, the skill required to launch network attacks has decreased. For this reason, the need to secure corporate networks has grown exponentially. Building Enhanced Cisco Security Networks Version 2.0 focuses on securing access to the enterprise network and on securing the data that flows through it. Students who attend the course will configure Layer 2 network security; Layer 3 network security; IP Security (IPsec) VPNs for Cisco® IOS® Software routers; Cisco Secure PIX®; Cisco ASA 5500 Series Adaptive Security Appliances (ASAs); Cisco Catalyst® 6500 Series Firewall Services Modules (FWSMs); Cisco Network Admission Control (NAC); IPsec VPNs using Cisco firewalls and Cisco VPN concentrators; Secure Sockets Layer (SSL) VPNs on Cisco ASAs using the Cisco Adaptive Security Device Manager (ASDM); Cisco intrusion prevention system (IPS) network devices; and Cisco Security Monitoring, Analysis, and Response System (MARS).

Objectives

Upon completion of this course, you should be able to:

• Describe common network security threats to a given enterprise network at Layer 2, Layer 3, and Layer 7
• Identify components of and configure Cisco Catalyst Integrated Security Features (CISF) throughout the Layer 2 infrastructure
• Describe and deploy Layer 3 network security methods
• Deploy NAC using the Cisco Clean Access platform
• Configure IPsec to secure communications on a network infrastructure that also utilizes Network Address Translation (NAT)
• Deploy Dynamic Multipoint VPN (DMVPN) using routing protocol methods and Next Hop Resolution Protocol (NHR)P to provide a dynamic encryption framework
• Deploy SSL VPNs using the Cisco ASA 5520 Adaptive Security Appliance
• Use the Cisco firewall platforms to secure enterprise network segments and provide VPN network termination
• Deploy Cisco IPS network platforms in the given network environment and make sure the device is deployed using Cisco best practices
• Deploy Cisco Security MARS for the given enterprise network and tie in Cisco routers, switches, firewalls, and IPS network platforms for monitoring and correlation

Prerequisites

Knowledge about the following is prerequisite for this course:

• Basic routing and switching principles
• Network security best practices
• Cisco firewall products
• IPsec technology and practice

Who Should Attend

This course is for technical professionals who:

• Deploy end-to-end network security for the corporate infrastructure
• Troubleshoot core network security components and platforms
• Maintain coexistence between Cisco security technologies

• Chapter 1: Course Overview
• Chapter 2: Network Security Overview
• Chapter 3: Layer 2 Network Security
• Chapter 4: Layer 3 Network Security
• Chapter 5: Cisco Firewalls for Enterprise Networks
• Chapter 6: NAC for Enterprise Networks
• Chapter 7: IPsec and NAT Coexistence for IOS Routers and Cisco Firewalls
• Chapter 8 (Review): DMVPN
• Chapter 9: Deploying SSL VPNs Using ASDM with the Cisco ASA
• Chapter 10: Managing Network Threats with Cisco IPS and Cisco Security MARS