- By Keith Barker
- Jun 22, 2012
From the author of
Cisco routers and switches
- Understanding common threats, including blended threats, and how to mitigate them.
- Describe the life cycle approach for a security policy.
- Understand and implement network foundation protection for the control, data, and management planes
- Understand, implement and verify AAA (authentication, authorization, and accounting) including the details of TACACS+ and RADIUS.
- Understand and implement basic rules inside of Cisco Access Control Server (ACS) version 5.x, including configuration of both ACS and a router for communications with each other.
- Standard, extended, and named access control lists used for packet filtering as well as for the classification of traffic
- Understand and implement protection against layer 2 attacks including CAM table overflow attacks, and VLAN hopping
Cisco firewall technologies
- Understand describe the various methods for filtering implemented by firewalls, including stateful filtering, including their strengths and weaknesses.
- Understand the methods that a firewall may use to implement network address translation (NAT) and port address translation.
- Understand, implement, and interpret a zone-based firewall policy through Cisco Configuration Professional (CCP)
- Understand and describe the characteristics and defaults for interfaces, security levels and traffic flows on the Adaptive Security Appliance (ASA).
- Implement, and interpret a firewall policy on an Adaptive Security Appliance (ASA), through the GUI tool named the ASA Security Device Manager (ASDM).
Intrusion Prevention System
- Compare and contrast IPS versus IDS, including the pros and cons of each and the methods used by these systems for identifying malicious traffic.
- Describe the concepts involved with IPS included True/False Positives/Negatives.
- Configure and verify IOS-based IPS using Cisco configuration professional (CCP)
- Understand and describe the building blocks used for VPNs today, including the concepts of symmetrical, asymmetrical, encryption, hashing, IKE, PKI, authentication, Diffie-Hellman, certificate authorities, etc.
- Implement and verify IPsec VPNs on IOS using CCP and the command line interface (CLI).
- Implement and verify SSL VPNs on the ASA firewall, using ASDM