Cisco Certified Network Associate Security (CCNA Security) validates associate-level knowledge and skills required to secure Cisco networks. With a CCNA Security certification, a network professional demonstrates the skills required to develop a security infrastructure, recognize threats and vulnerabilities to networks, and mitigate security threats.

The CCNA Security Certification is the next step after the CCNA R&S to enhance your associate level skill set in network security. It prepares you for entry-level security career opportunities to meet the growing demand of network for network security professionals

Course Outline

  • Module 1 : Common Security Threats
    • Describe common security threats
    • Common threats to the physical installation
    • Mitigation methods for common network attacks
    • Email-based threats
    • Web-based attacks
    • Mitigation methods for Worm, Virus, and Trojan Horse attacks
    • Phases of a secure network lifecycle
    • Security needs of a typical enterprise with a comprehensive security policy
    • Mobile/remote security
    • DLP
  • Module 2 : Authentication, Authorization & Accounting (AAA)
    • What is AAA?
    • TACAS+ vs. RADIUS
    • TACAS+ and RADIUS Configuration
    • Authentication Configuration
    • AAA Login
    • Using AAA for Privileged EXEC Mode and PPP
    • Accounting
    • Authorization
    • Configuring AAA with SDM
    • Configuring AAA with CLI router and Switches
    • Configuring AAA with ASA
  • Module 3 : Layer 2 Security
  • 3.1 Describe Layer 2 security using Cisco switches
    • STP attacks
    • ARP spoofing
    • MAC spoofing
    • CAM overflows
    • CDP/LLDP
  • 3.2 Describe VLAN security
    • Voice VLAN
    • PVLAN
    • VLAN hopping
    • Native VLAN
  • 3.3 Implement VLANs and trunking
    • VLAN definition
    • Grouping functions into VLANs
    • Considering traffic source to destination paths
    • Trunking
    • Native VLAN
    • VLAN Trunking Protocols
    • Inter-VLAN Routing
    • Private-vlan
  • 3.4 Configuring Port-Security
    • Preventing CAM Overflow Attacks with Port Security
    • Port Security
    • Configuring Port Security
    • Misconfiguring Port Security
    • Aging Time for Secure Addresses
    • Sticky Addresses
    • Configuring MAC Table Event Notification
    • Dot1x Port-Based Authentication
  • 3.5 Implement spanning tree
    • Potential issues with redundant switch topologies
    • STP operations
    • Resolving issues with STP - RootGuard , BpduGuard, Bpdufilter
  • 3.6 Basic L2 Security Features
    • Cisco Password
    • Cisco Lightweight Extensible Authentication Protocol (LEAP)
    • Extensible Authentiaction Protocol-Flexible Authentication via Secure Tunneling (EAP-FAST)
    • Local SPAN Configuration
    • Remote SPAN Configuration
    • VACL
    • PACL
  • Module 4 : Layer 3 Security
  • 4.1 Basic Security
    • Configuring Enable Password
    • Privileged Level Password vs. Privleged Level Secret
    • Encrypting Passwords
    • Creating and Testing Minimum Length Password Policy
    • Telnet and SSH
    • exec-timeout Command
  • 4.2 Access-list Control - ACL
    • IPv4
    • IPv6
    • Object groups
    • ACL operations
    • Types of ACLs (dynamic, reflexive, time-based ACLs)
    • ACL wild card masking
    • Standard ACLs
    • Extended ACLs
    • Named ACLs
    • VLSM
  • 4.3 Network Time Protocol (NTP)
    • Configuring NTP Master Time Source
    • Configuring Peering with NTP Peers Command
    • Creating Banners
    • Different Types of Network Attacks
  • 4.4 Attacks
    • Denial of Services (DoS) Attack and SYN Flooding Attack
    • TCP Intercept Defense
    • ICMP (Ping) Sweep, Port Scan and Port Sweep
    • Smurf Attacks
    • IP Spoofing
    • IP Source Routing
    • Packet Sniffers and Queries
    • Password Attacks
    • Salami Attack
    • Other Network Attacks Types - Trust Exploitation
    • Superviews - Role-Based CLI Views
    • AutoSecure
    • One-Step Lockdown.
    • Security Audit
  • Module 5 : Describe Intrusion Prevention System (IPS) deployment considerations
    • SPAN
    • IPS product portfolio
    • Placement
    • Caveats
  • 5.2 Describe IPS technologies
    • Attack responses
    • Monitoring options
    • Syslog
    • SDEE
    • Signature engines
    • Signatures
    • Global correlation and SIO
    • Network-based
    • Host-based
  • 5.3 Configure Cisco IOS IPS using CCP
    • Logging
    • Signatures
  • Module 6 : Firewalls
  • 6.1 Describe operational strengths and weaknesses of the different firewall technologies
    • Proxy firewalls
    • Packet and stateful packet
    • Application firewall
    • Personal firewall
  • 6.2 Describe stateful firewalls
    • Operations
    • Function of the state table
  • 6.3 Describe the types of NAT used in firewall technologies
    • Static
    • Dynamic
    • PAT
    • Translation (PAT)
    • Functions of NAT, PAT, and NAT Overload
    • Translating Inside Source addresses
    • Overloading Inside global addresses
  • 6.4 Implement zone based policy firewall using CCP
    • Zone to zone
    • Self zone
  • Module 7 : VPN (Virtual Private Network)
  • 7.1 Cryptography and Virtual Private Networks (VPNs)
    • Symmetric
    • Asymetric
    • HMAC
    • Message digest (VTP)
    • PKI
  • 7.2 Describe the building blocks of IPSec
    • IKE
    • ESP
    • AH
    • Tunnel mode
    • Transport mode
    • IPsec
    • SSL
  • 7.3 Implement an IOS IPSec site-to-site VPN with pre-shared key authentication
    • CCP
    • CLI
  • 7.4 Implement SSL VPN using ASA device manager
    • Clientless
    • AnyConnect
  • Module 8 : Introduction to Voice and SAN Security
    • Voice Over IP Overview
    • Gateways and Gatekeepers
    • VoIP Protocols
    • Typical VoIP Attacks and Precautions
    • Introduction to Storage Area Networking (SAN)
    • SAN Transport Technologies and Protocols
    • SAN Security - LUNS and LUN Masking
    • SAN Zones
    • Virtual SANs (VSANs)
    • FCAP and FCPAP

We_They, located in Dubai, UAE, was established in the year 1993, focusing on IT skillset building for Emiratis and expatriates in the region.  We are a well-established IT skills training institute and have been training a diverse range of students in entire UAE successfully for nearly two decades. Our focus is on IT Networking and Security training  and we conduct courses leading to certifications from the World class vendors like Cisco, EC Council, Microsoft, etc. The methodology of our training implies that a candidate is capable of working on and implementing projects on any technology and vendor. We have proven our expertise in this domain by entitling large numbers of CCIEs by achieving highest success rate.

See all Emtech Computer Institute courses

Networking and Security Related Questions

Contact information not available.

Courses you can instantly connect with... CCNA (ROUTING AND SWITCHING) Al Khawarizmi International College CCNA NLP Tech CCNA/NETWORKING Syscoms College

Is this the right course for you?

Rate our content

Didn't find what you were looking for ?

or