CCNA Security Certification Training Course

Important Facts About CCNA Security

Network threats are existent and ever-growing Companies are exposed to constant external & internal attacks Security professionals form pillar of the network infrastructure CCNA Security certification is the stepping stone for a career in security

Network Infrastructure Challenges

Network Security is at the heart of all the challenges. CCNA Security Training is the basic network security training which will help students to understand the advanace level training quickly.


All Courses Idea

CCNA Security is available in Horizon Computers Vashi, Vile Parle, Pune
Session Topic Sub-TopicContents
1 Security Concepts Common security principles
  • Describe confidentiality, integrity, availability (CIA)
  • Describe SIEM technology
  • Identify common security terms
  • Identify common network security zones
Common security threats
  • Identify common network attacks
  • Describe social engineering
  • Identify malware
  • Classify the vectors of data loss/exfiltration
Cryptography concepts
  • Describe key exchange
  • Describe hash algorithm
  • Compare and contrast symmetric and asymmetric encryption
  • Describe digital signatures, certificates, and PKI
Describe network topologies
  • Campus area network (CAN)
  • Cloud, wide area network (WAN)
  • Data center
  • Small office/home office (SOHO)
  • Network security for a virtual environment
2 Secure Access Secure management
  • Compare in-band and out-of band
  • Configure secure network management
  • Configure and verify secure access through SNMP v3 using an ACL
  • Configure and verify security for NTP
  • Use SCP for file transfer
AAA concepts
  • Describe RADIUS and TACACS+ technologies
  • Configure administrative access on a Cisco router using TACACS+
  • Verify connectivity on a Cisco router to a TACACS+ server
  • Explain the integration of Active Directory with AAA
  • Describe authentication and authorization using ACS and ISE
802.1X authentication
  • Identify the functions 802.1X components
BYOD
  • Describe the BYOD architecture framework
  • Describe the function of mobile device management (MDM)
3 VPN VPN concepts
  • Describe IPsec protocols and delivery modes (IKE, ESP, AH, tunnel mode,transport mode)
  • Describe hairpinning, split tunneling, always-on, NAT traversal
Remote access VPN
  • Implement basic clientless SSL VPN using ASDM
  • Verify clientless connection
  • Implement basic AnyConnect SSL VPN using ASDM
  • Verify AnyConnect connection
  • Identify endpoint posture assessment
Site-to-site VPN
  • Implement an IPsec site-to-site VPN with pre-shared key authentication on Cisco
  • routers and ASA firewalls
  • Verify an IPsec site-to-site VPN
4 Secure Routing and Switching Security on Cisco routers
  • Configure multiple privilege levels
  • Configure Cisco IOS role-based CLI access
  • Implement Cisco IOS resilient configuration
Securing routing protocols
  • Implement routing update authentication on OSPF
Securing the control plane
  • Explain the function of control plane policing
Common Layer 2 attacks
  • Describe STP attacks
  • Describe ARP spoofing
  • Describe MAC spoofing
  • Describe CAM table (MAC address table) overflows
  • Describe CDP/LLDP reconnaissance
  • Describe VLAN hopping
  • Describe DHCP spoofing
Mitigation procedures
  • Implement DHCP snooping
  • Implement Dynamic ARP Inspection
  • Implement port security
  • Describe BPDU guard, root guard, loop guard
  • Verify mitigation procedures
VLAN security
  • Describe the security implications of a PVLAN
  • Describe the security implications of a native VLAN
Security on Cisco routers
  • Configure multiple privilege levels
  • Configure Cisco IOS role-based CLI access
  • Implement Cisco IOS resilient configuration
5 Cisco Firewall Technologies VPN concepts
  • Proxy firewalls
  • Application firewall
  • Personal firewall
Compare stateful vs. stateless firewalls
  • Operations
  • Function of the state table
Implement NAT on Cisco ASA 9.x
  • Static
  • Dynamic
  • PAT
  • Policy NAT
  • Verify NAT operations
Implement zone-based firewall
  • Zone to zone
  • Self zone
Firewall features on the Cisco Adaptive Security Appliance (ASA) 9.x
  • Configure ASA access management
  • Configure security access policies
    • Configure Cisco ASA interface security levels
    • Configure default Cisco Modular Policy Framework (MPF)
    • Describe modes of deployment (routed firewall, transparent firewall)
    • Describe methods of implementing high availability
    • Describe security contexts
    • Describe firewall services
6 IPS Describe IPS deployment considerations
  • Network-based IPS vs. host-based IPS
  • Modes of deployment (inline, promiscuous - SPAN, tap)
  • Placement (positioning of the IPS within the network)
  • False positives, false negatives, true positives, true negatives
Describe IPS technologies
  • Rules/signatures
  • Detection/signature engines
  • Trigger actions/responses (drop, reset, block, alert, monitor/log, shun)
  • Blacklist (static and dynamic)
7 Content and Endpoint Security Describe mitigation technology for email-based threats
  • SPAM filtering, anti-malware filtering, DLP, blacklisting, email encryption
Describe mitigation technology for web-based threats
  • Local and cloud-based web proxies
  • Blacklisting, URL filtering, malware scanning, URL categorization, web
  • application filtering, TLS/SSL decryption
Describe mitigation technology for endpoint threats
  • Anti-virus/anti-malware
  • Personal firewall/HIPS
  • Hardware/software encryption of local data
1 Configuring Secure SSH
2 Using ACL for Telnet and SSH access
3 HTTP and HTTPS configuration/td>
4 Security Audit using SDM
5 Auto Secure command
6 Configuring Privilege levels
7 Role Based CLI configuration with Super Views
8 Login attack prevention
9 Using AAA for Local Authentication
10 Configuring Tacacs+ Server for IOS Authentication
11 Configuring Anti-Spoofing ACL
12 ACL limitation Lab
13 Static MAC address on Switch
14 Port Security Lab
15 Implementing DOT1x on Switch and Radius server
16 SPAN and RSPAN lab
17 Configuring Syslog on IOS
18 NTP lab using 3 ISR routers
19 Site-to-Site VPN implementation using 3 Routers setup
20 CBAC configuration Lab
21 Configuring Zone-Based Firewall using CLI & SDM
22 Implement Static NAT on Cisco ASA 9.x
23 Implement Dynamic NAT on Cisco ASA 9.x
24 Implement PAT NAT on Cisco ASA 9.x
25 Implement Policy NAT on Cisco ASA 9.x
26 Verify NAT operations on Cisco ASA 9.x
27 Configure ASA access management on the Cisco Adaptive Security Appliance (ASA) 9.x.
28 Configure security access policies on the Cisco ASA 9.x
29 Configure Cisco ASA interface security levels on the Cisco ASA 9.x
30 Configure default Cisco Modular Policy Framework (MPF) on the Cisco ASA 9.x
31 Final Project of Implementing Double Firewall in Two ISP
32 Scenario.

You can now request for a free Demo Session before enrolling yourself for CCNA security training courses. This will ensure that the responsibility of uplifting your career is in the right hands. All CCNA security Labs written and designed by Chandan Sharma

Horizon Computers specializes in providing industry level CCNA Security Certification to help candidate get networking jobs. Our CCNA Security training institute in Pune, Mumbai and Navi Mumbai believes in providing unmatched practical exposure to the candidates. The CCNA Security courses conducted by experts are best in the industry level and job oriented. Contact us for CCNA Security classes today and get ready to work in top IT companies.