CCNP Security Training and Certification

Our Training in CCNP – Security - Implementing Cisco Edge Network Security (SENSS) (300-206) gives you the knowledge to configure and implement security on Cisco networks perimeter edge devices such as a Cisco switch, Cisco router, and Cisco ASA firewall.

Course content for SENSS-300-206

Threat Defense

Implement firewall (ASA or IOS depending on which supports the implementation)

• Learn how to implement ACLs
• Learn how to implement static/dynamic NAT/PAT
• Learn how to implement object groups
• Describe threat detection features
• Implement botnet traffic filtering
• Configure application filtering and protocol inspection
• Describe ASA security contexts
• Job and placement

Implement Layer 2 Security

• Configure DHCP snooping
• Describe dynamic ARP inspection
• Describe storm control
  • Configure port security
  • Describe common Layer 2 threats and attacks and mitigation
  • Describe MACSec
  • Configure IP source verification

Configure device hardening per best practices

• Routers
• Switches
• Firewalls

Cisco Security Devices GUIs and Secured CLI Management

Implement SSHv2, HTTPS, and SNMPv3 access on the network devices

Implement RBAC on the ASA/IOS using CLI and ASDM

• Describe Cisco Prime Infrastructure
• Functions and use cases of Cisco Prime
• Device Management

Describe Cisco Security Manager (CSM)

• Functions and use cases of CSM
• Device Management

Implement Device Managers

• Implement ASA firewall features using ASDM

Management Services on Cisco Devices

• Configure NetFlow exporter on Cisco Routers, Switches, and ASA
• Implement SNMPv3
• Learn to create views, groups, users, authentication, and encryption

• Implement logging on Cisco Routers, Switches, and ASA using Cisco best practices
• Implement NTP with authentication on Cisco Routers, Switches, and ASA

Describe CDP, DNS, SCP, SFTP, and DHCP

• Describe security implications of using CDP on routers and switches
• Need for dnssec

Troubleshooting Monitoring and Reporting Tools

• Monitor firewall using analysis of packet tracer, packet capture, and syslog
• Analyze packet tracer on the firewall using CLI/ASDM
• Configure and analyze packet capture using CLI/ASDM
• Analyze Syslog events generated from ASA

    Threat Defense Architectures

Design a Firewall Solution

• High-availability
• Basic concepts of security zoning
• Transparent & Routed Modes
• Security Contexts

 Layer 2 Security Solutions

• Implement defenses against MAC, ARP, VLAN hopping, STP, and DHCP rogue attacks
• Describe best practices for implementation
• Describe how PVLANs can be used to segregate network traffic at Layer 2

Security Components and Considerations

Describe security operations management architectures

• Single device manager vs. multi-device manager

 Describe Data Center security components and considerations

• Virtualization and Cloud security

 Describe Collaboration security components and considerations

• Basic ASA UC Inspection features

 Describe common IPv6 security considerations

• Unified IPv6/IPv4 ACL on the ASA

Our training in Cisco SISAS will impart knowledge of the components and architecture of secure access by utilizing 802.1X and Cisco TrustSec, including the Cisco Identity Services Engine (ISE) architecture, solution, and components as an overall network threat mitigation and endpoint control solution.

Course content for SISAS-300-208

Identity Management/Secure Access

• Implement device administration
• Compare and select AAA options
• TACACS+
• RADIUS
• Describe Native AD and LDAP

 Describe identity management

• Describe features and functionality of authentication and authorization
• Describe identity store options (i.e., LDAP, AD, PKI, OTP, Smart Card, local)
• Learn about accounting implementation

 Implement wired/wireless 802.1X

• Describe RADIUS flows
• AV pairs
• EAP types
• Describe supplicant, authenticator, and server
• Supplicant options
• 802.1X phasing (monitor mode, low impact, closed mode)
• AAA server
• Network access devices

 Implement MAB

• Describe the MAB process within an 802.1X framework
• Flexible authentication configuration
• ISE authentication/authorization policies
• ISE endpoint identity configuration
• Verify MAB Operation

 Implement network authorization enforcement

• dACL
• Dynamic VLAN assignment
• Describe SGA
• Named ACL
• CoA

 Implement Central Web Authentication (CWA)

• Describe the function of CoA to support web authentication
• Configure authentication policy to facilitate CWA
• URL redirect policy
• Redirect ACL
• Customize web portal
• Verify central web authentication operation

 Implement profiling

• Enable the profiling services
• Network probes
• IOS Device Sensor
• Feed service
• Profiling policy rules
• Utilize profile assignment in authorization policies
• Verify profiling operation

 Implement guest services

• Managing sponsor accounts
• Sponsor portals
• Guest portals
• Guest Policies
• Self-registration
• Guest activation
• Differentiated secure access
• Verify guest services operation

 Implement posture services

• Describe the function of CoA to support posture services
• Agent options
• Client provisioning policy and redirect ACL
• Posture policy
• Quarantine/remediation
• Verify posture service operation

 Implement BYOD access

• Describe elements of a BYOD policy
• Device registration
• What is my devices portal
• Describe supplicant provisioning

Threat Defense

• Describe TrustSec Architecture
• SGT Classification - dynamic/static
• SGT Transport - inline tagging and SXP
• SGT Enforcement - SGACL and SGFW
• MACsec

• Troubleshooting, Monitoring and Reporting Tools
• Troubleshoot identity management solutions
• Identify issues using authentication event details in Cisco ISE
• Troubleshoot using Cisco ISE diagnostic tools
• Troubleshoot endpoint issues
• Use debug commands to troubleshoot RADIUS and 802.1X on IOS switches and wireless controllers
• Troubleshoot backup operations

Threat Defense Architectures

• Design highly secure wireless solution with ISE
• Identity Management
• 802.1X
• MAB
• Network authorization enforcement
• CWA
• Profiling
• Guest Services
• Posture Services
• BYOD Access

Identity Management Architecture

• Device administration
• Identity Management
• Profiling
• Guest Services
• Posturing Services
• BYOD Access

This course is designed to for you to gain knowledge and skills required to protect data navigated by public or shared infrastructure such as the Internet by implementing and maintaining Cisco VPN solutions. You will learn about configuration and trouble - shooting remote access and site to site VPN solutions using Cisco ASA adaptive security appliances and Cisco IOS routers.

Course content for SIMOS-300-209

Secure Communications

• Site-to-site VPNs on routers and firewalls
• Describe GETVPN
• Implement IPsec (with IKEv1 and IKEv2 for both IPV4 & IPV6)
• Implement DMVPN (hub-Spoke and spoke-spoke on both IPV4 & IPV6)
• Implement FlexVPN (hub-Spoke on both IPV4 & IPV6) using local AAA

 Implement remote access VPNs

• Implement AnyConnect IKEv2 VPNs on ASA and routers
• Implement AnyConnect SSLVPN on ASA and routers
• Implement clientless SSLVPN on ASA and routers
• Implement FLEX VPN on routers

Troubleshooting, Monitoring and Reporting Tools

• Troubleshoot VPN using ASDM & CLI
• Troubleshoot IPsec
• Troubleshoot DMVPN
• Troubleshoot FlexVPN
• Troubleshoot AnyConnect IKEv2 and SSL VPNs on ASA and routers
• Troubleshoot clientless SSLVPN on ASA and routers

Secure Communication Architecture

• Design site-to-site VPN solutions
• Identify functional components of GETVPN, FlexVPN, DMVPN, and IPsec
• VPN technology considerations based on functional requirements
• What is high availability considerations
• Identify VPN technology based on configuration output

 Design remote access VPN solutions

• Identify functional components of FlexVPN, IPsec, and Clientless SSL
• Learn VPN technology considerations based on functional requirements
• What is high availability considerations
• Identify VPN technology based on configuration output
• Identify AnyConnect client requirements
• Clientless SSL browser and client considerations/requirements
• Identify split tunneling requirements

 Describe encryption, hashing, and Next Generation Encryption (NGE)

• Compare and contrast Symmetric and asymmetric key algorithms
• Identify and describe the cryptographic process in VPNs – Diffie-Hellman, IPsec – ESP, AH, IKEv1, IKEv2, hashing algorithms MD5 and SHA, and authentication methods
• Describe PKI components and protection methods
• Describe Elliptic Curve Cryptography (ECC)
• Compare and contrast SSL, DTLS, and TLS

The Implementing Cisco Threat Control Solutions (SITCS) course helps you to learn about advanced concepts of firewall architecture and configuration with next generation the Cisco next-generation firewall. Our training course will also help you to clear the 300-210 SITCS exam.

Course content for SITCS-300-210

Content security

• Cisco Cloud Web Security (CWS)
• Describe the features and functionality of CWS
• IOS and ASA connectors implementation
• The Cisco AnyConnect web security module implementation
• Web usage control implementation
• Learn about AVC implementation
• Learn about antimalware implementation
• Learn about decryption policies implementation

 Cisco Web Security Appliance (WSA)

• Describe the features and functionality
• Learn about data security implementation
• Learn about WSA identity and authentication, including transparent user identification implementation
• Learn about Web usage control implementation
• Learn about decryption policy implementation
• Understand about Traffic redirection and capture methods (explicit proxy vs. transparent proxy)
• Understand about Cisco Email Security Appliance
• Describe the features and functionality of email security appliance
• Understand about email encryption implementation
• Learn about anti-spam policy implementation
• Learn about virus outbreak filter implementation
• Learn about DLP policy implementation
• Understand how to implement inbound and outbound mail policies and authentication
• Learn to implement traffic redirection and capture methods
• Learn to implement ESA GUI for message tracking

 Network threat Defense

• Cisco Next-Generation Firewall (NGFW) Security Services
• Implement application awareness
• Implement access control policies (URL-filtering, reputation based, file filtering)
• Implement Cisco AMP for Networks

 Cisco Advanced Malware Protection (AMP)

• Describe cloud detection technologies
• Compare and contrast AMP architectures (public cloud, private cloud)
• Configure AMP endpoint deployments
• Describe analysis tools
• Describe incident response functionality
• Describe sandbox analysis
• Describe AMP integration

 Cisco FirePOWER Next-Generation IPS (NGIPS)

• Configurations
• Describe preprocessors and detection engines
• Learn about event actions and suppression threshold implementation
• Understand about correlation policy implementation
• Describe SNORT rules
• Understand about SSL decryption policy implementation

 Deployments

• Learn to deploy inline or passive modes
• Learn to deploy NGIPS as appliance, virtual appliance, or module within an ASA
• Describe the need for traffic symmetry
• Compare inline modes: inline interface pair and inline tap mode

  Security Architecture

• Design a web security solution
• Compare and contrast Cisco FirePOWER NGFW, WSA, and CWS
• Compare and contrast physical WSA and virtual WSA
• Describe the available CWS connectors

 Design an email security solution

• Compare and contrast physical ESA and virtual ESA
• Describe hybrid mode

 Design Cisco FirePOWER solutions

• Configure the virtual routed, switched, and hybrid interfaces
• Configure the physical routed interfaces

Troubleshooting, Monitoring, and Reporting Tools

• Design a web security solution
• Compare and contrast FirePower NGFW, WSA, and CWS
• Compare and contrast physical WSA and virtual WSA
• Describe the available CWS connectors

 Cisco Web Security Appliance (WSA)

• Implement the WSA Policy Trace tool
• Describe WSA reporting functionality
• Troubleshoot using CLI tools

 Cisco Email Security Appliance (ESA)

• Implement the ESA Policy Trace tool
• Describe ESA reporting functionality
• Troubleshoot using CLI tools

 Cisco FirePOWER

• Describe the Cisco FirePower Management Center dashboards and reports
• Understand about health policy implementation
• Configure email, SNMP, and Syslog alerts
• Troubleshoot NGIPS using CLI tools