CISCO

Cisco Certified Internetwork Expert (Security)

The CCIE Security Programs recognizes individuals who have the knowledge and skills to implement, maintain and support extensive Cisco Network Security Solutions using the latest industry best practices and technologies.

Course Outline

• Firewall - PIX and ASA Firewall
  • Basic Initialization
  • Access Management
  • Address Translation
  • ACLs
  • IP Routing
  • Object Groups
  • VLANs
  • AAA
  • VPNs
  • Filtering
  • Failover
  • Layer 2 Transparent Firewall
  • Security Contexts (Virtual Firewall)
  • Modular Policy Framework
  • Application-Aware Inspection
  • High Availability Scenarios
  • QoS Policies
  • Other Advanced Features

  
  
• Firewall - IOS Firewall
  • CBAC
  • Audit
  • Auth Proxy
  • PAM
  • Access Control
  • Performance Tuning
  • Advanced Features

  
  
• VPN
  • IPSec LAN-to-LAN
  • SSL VPN
  • DMVPN
  • CA (PKI)
  • Remote Access VPN
  • VPN3000 Concentrator
  • VPN3000 IP Routing
  • Unity Client
  • WebVPN
  • EzVPN Hardware Client
  • XAuth, Split-tunnel, RRI, NAT-T
  • High Availability
  • QoS for VPN
  • GRE, mGRE
  • L2TP
  • PPTP
  • Advanced VPN Features

  
  
• Intrusion Prevention System (IPS)
  • IPS 4200 Series Sensor Appliance
  • Basic Initialization
  • Sensor Configuration
  • Sensor Management
  • Promiscuous and Inline Monitoring
  • Signature Tuning
  • Custom Signatures
  • Blocking
  • TCP Resets
  • Rate Limiting
  • Signature Engines
  • IDM
  • Event Action
  • Event Monitoring
  • IOS IPS
  • PIX IDS
  • SPAN, RSPAN
  • Advanced Features

  
  
• Identity Management
  • Security Protocols (RADIUS and TACACS+)
  • Cisco Secure ACS Configuration
  • Access Management (Telnet, SSH, Pwds, Priv Levels)
  • Proxy Authentication
  • Service Authentication (FTP, Telnet, HTTP, other)
  • Network Admission Control (NAC Framework solution)
  • 802.1x
  • Advanced Features

  
  
• Advanced Security
  • Mitigation Techniques
  • Packet Marking Techniques
  • Security RFCs (RFC1918, RFC2827, RFC2401)
  • Service Provider Security
  • Black Holes, Sink Holes
  • RTBH Filtering (Remote Triggered Black Hole)
  • Traffic Filtering using Access-lists
  • NAT
  • TCP Intercept
  • uRPF
  • CAR
  • NBAR
  • NetFlow
  • Flooding
  • Spoofing
  • Policing
  • Fragmentation
  • Sniffer Traces
  • Catalyst Management and Security
  • Traffic Control and Congestion Management
  • Catalyst Features and Advanced Configuration
  • IOS Security Features

  
  
• Network Attacks
  • Network Reconnaissance
  • IP Spoofing Attacks
  • MAC Spoofing Attacks
  • ARP Spoofing Attacks
  • Denial of Service (DoS)
  • Distributed Denial of Service (DDoS)
  • Man-in-the-Middle (MiM) Attacks
  • Port Redirection Attacks
  • DHCP Attacks
  • DNS Attacks
  • Fragment Attacks
  • Smurf Attacks
  • SYN Attacks
  • MAC Attacks
  • VLAN Hopping Attacks
  • Other Layer2 and Layer3 Attacks

  
  

Back to top