ccie security workbooks - cisco certification training series
DESCRIPTION
CCIETRANSCRIPT
1/22/2014 CCIE Security Workbooks - Cisco Certification Training Series
http://www.ine.com/self-paced/ccie-security/workbooks.htm 1/5
Bootcamps Self-Paced All Access Pass Resources CCIE Success
Sign Up for Our Newsletter & Special Offers!
Home | Corporate Training | Rack Rentals | About Us | Contact Us | 1-877-224-8987 | Members | My Cart | Live Chat
INE’s CCIE Security Technology Lab Online Workbook is an online interactive
compilation of hands-on lab scenarios that walk you through the technologies
used in Cisco’s SecureX Security Blueprint. Whether you are preparing for the CCIE
Security Lab Exam, have an upcoming implementation project with Cisco’s ASA
Firewalls, Web Security Appliances, IOS Routers and more, or simply want to gain
hands-on experience with these cutting-edge technologies, this workbook is for
you.
The tasks in this workbook are all individually focused advanced technology labs
that present topics in an easy-to-follow, goal-oriented, step-by-step approach.
Every scenario features detailed breakdowns and thorough verifications to help
you completely understand the technology. The workbook is divided into multiple
sections, covering each major technology area required by the CCIE Security Lab
Exam Blueprint.
In the tasks included in this workbook, you will gain in-depth knowledge of device
hardening, including routing protocol authentications, control and management
plane security mechanisms, controlling device access, flexible packet matching,
and other important aspects of hardening a Cisco device in your network. Topics
include the hardening of Cisco IOS 2800 and 2900 Series ISR routers. Layer 2
security topics include PVLANS, VLAN ACLs, STP security, and DHCP security.
You'll work with 3750 and 3750-X Series switches. You will also learn about the
prevention of various attacks through Cisco IOS routers, as well as all the
important aspects of ACS and ISE, including both wired and wireless
authentication. You will gain a deep understanding of perimeter security and
services with ASA firewalls and IOS devices, with various NAT/PAT, ACLs, object-
groups, identity firewall configurations with Active Directory, and more. Finally,
you will explore the various VPN technologies, including PKIs, LAN-2-LAN VPN,
GETVPN, DMVPN, FlexVPN, Easy VPN, and AnyConnect Remote Access VPN.
Click to see full outline »
Preventing ARP Spoofing Using DAI(Dynamic ARP Inspection)
CCIE Security V4 Technology LabOnline Workbook
$399.00
CCIE Security V4 Technology Lab Online Workbook
CCIE Security V4 Technology Lab Workbook Overviews
Security V4 Technology Lab Outline
Section 1: System Hardening and Availability
Section 1 Introduction
Routing Protocol Authentication with RIPv2
Routing Protocol Authentication with OSPF
Routing Protocol Authentication with EIGRP
Routing Protocol Authentication with BGP4
Route Filtering with EIGRP
Route Filtering with OSPF
Route Filtering with RIPv2
Control Plane Policing
Enter search query Search
VIEW SAMPLE
ADD TO CART
1/22/2014 CCIE Security Workbooks - Cisco Certification Training Series
http://www.ine.com/self-paced/ccie-security/workbooks.htm 2/5
Control Plane Protection
Management Plane Protection
Disabling Unnecessary Services
Controlling Device Access
CPU Protection Mechanisms
Selective Packet Discard
Controlling Device Services
Transit Traffic Control with Flexible Packet Matching
Congestion Management
IOS File System Security
Network Telemetry Identification and Classification of Security Events
BGP TTL Security Hack
IPv6 Selective Packet Discard
Section 2: Threat Identification and Mitigation
Section 2 Introduction
Disabling DTP on All Non-Trunking Access Ports
Port Security on a Switch
Storm Control on a Switch
Port Blocking on a Switch
PVLAN (Private VLAN) on a Switch
Private VLAN (PVLAN) Configuration Propagation
Port ACL (PACL) on a Switch
MAC ACL on a Switch
VLAN ACL (VACL) on a Switch
Preventing STP Attacks Using BPDU Guard
Preventing STP Reconnaissance Attacks Using BPDU Filter
Preventing STP Attacks Using Root Guard
Preventing STP Loops Using Loop Guard
Preventing DHCP Spoofing Attacks Using DHCP Snooping
Preventing DHCP Spoofing Attacks Using DHCP Snooping with Port-Security
Preventing ARP Spoofing Using DAI (Dynamic ARP Inspection)
Configuring IP Source Guard
Preventing VLAN Hopping Attacks
Implementing RFC 1918 Anti-Spoofing Filtering
Implementing RFC 2827 Anti-Spoofing Filtering
Implementing RFC 3330 Anti-Spoofing Filtering
Enabling TCP Intercept on a Router
Enabling TCP Intercept Watch Mode on a Router
Enabling TCP Intercept on the Cisco ASA Security Appliance
FPM (Flexible Packet Matching) and Configuration of Nested Policy Maps
Classification Using NBAR
Understanding and Enabling NetFlow on a Router
Preventing an ICMP Attack Using ACLs
Preventing an ICMP Attack Using NBAR
Preventing an ICMP Attack Using Policing
Preventing an ICMP Attack Using MPF
Preventing a SYN Attack Using ACLs
Preventing a SYN Attack Using Policing
Preventing a SYN Attack Using CBAC
Preventing a SYN Attack Using CAR
Preventing Application Protocol–Specific Attacks Using MPF
Preventing IP Spoofing Attacks Using uRPF
Preventing Fragment Attacks Using ACLs
Section 3: Intrusion Prevention and Content Security
Section 3 Introduction
IPS Initial Setup
Configuring an Inline Interface Pair
Creating a Custom Signature
Event Counting
Inline Blocking
IPS VLAN Groups and Virtual Sensors
Promiscuous Mode
1/22/2014 CCIE Security Workbooks - Cisco Certification Training Series
http://www.ine.com/self-paced/ccie-security/workbooks.htm 3/5
IPS Event Summarization
IPS Event Processing and Blocking
IPS Rate-Limiting
IPS Application Inspection and Control
IPS META Engine
IPS Anomaly Detection
IOS IPS
WSA Initialization
Active Directory Integration
Access Policies and Identities
User Authentication with WSA
Custom URL Categories
HTTPS Proxy
Section 4: Identity Management
Section 4 Introduction
Initializing Cisco Secure ACS
Configuring AAA Clients
User and Local Identity Stores
ACS Active Directory Integration
Command Authorization
Installing ACS Certificates
802.1x Authentication with Cisco ACS
VLAN Control
802.1x VLAN Assignments
HTTP Authentication
ISE Initial Configuration
ISE Certificates and Admin Access
AD Integration
ISE and MAB
802.1X With ISE and Windows 7
Wired Local Web Authentication with ISE
Wireless 802.1x with ISE
Section 5: Perimeter Security and Services - ASA Firewalls
Section 5 Introduction
VLANs and IP Addressing
RIPv2
OSPF
EIGRP
Advanced Routing
IP Access-Lists
Object Groups
Administrative Access
ICMP Traffic
URL Filtering
Dynamic NAT and PAT
Static NAT and PAT
Policy NAT and PAT
Static Policy NAT and PAT on ASA1
Static Identity NAT
Outside Dynamic NAT
DNS Doctoring Using “Alias”
DNS Doctoring Using “Static”
Fragmented Traffic
IDENT Issues
BGP across the Firewall
Stub Multicast Routing
PIM Multicast Routing
Network Time Protocol
System Logging
Filtering System Logs
SNMP Monitoring
DHCP Server
1/22/2014 CCIE Security Workbooks - Cisco Certification Training Series
http://www.ine.com/self-paced/ccie-security/workbooks.htm 4/5
HTTP Traffic Inspection
FTP Traffic Inspection
SMTP Traffic Inspection
TCP Inspection
RADIUS Accounting for GPRS Traffic Inspection
ICMP Traffic Inspection
Threat Detection
Un-Stealthing the Firewall
Get Title
Low Latency Queuing
Traffic Shaping
Hierarchical Queuing
Transparent Firewall
ARP Inspection
Ethertype Access-Lists
Transparent Firewall NAT
Firewall Contexts
Firewall Contexts Routing
Firewall Contexts Classification
Resource Management
Active-Standby Failover
Active-Active Failover
ASA Redundant Interface and Etherchannel
ASA Enhanced Object Groups
Identity Firewall
Section 6: Perimeter Security and Services - IOS Firewalls
Section 6 Introduction
IOS Access-Lists
Dynamic ACLs
Reflexive ACLs
Context-Based Access Control
Port-to-Application Mapping (PAM)
IOS Firewall and Stateful Failover
IOS Firewall Performance Improvements
CBAC Connection Tuning and TCP Intercept
uRPF
Zone-Based Policy Firewall
Zone-Based Firewall HA
Simple Cisco IOS NAT
Section 7: Confidentiality and Secure Access
Section 7 Introduction
PKI Infrastructure Overview
Certificate Authority on Cisco ASA
RSA Key Management on Cisco IOS Routers
Certificate Authority on Cisco IOS Routers
Certificate Authority High Availability on Cisco IOS Routers
PC Enrollment with ASA CA
PC Enrollment with IOS CA
Static LAN-to-LAN IKEv1 IPsec between IOS Routers with Crypto-Maps and PSK
Static LAN-to-LAN IKEv1 IPsec between IOS Routers with Crypto-Maps and PKI
Dynamic LAN-to-LAN IKEv1 IPsec between IOS Routers with Crypto-Map and PSK
Dynamic LAN-to-LAN IKEv1 IPsec between IOS Routers with Crypto-Map and ISAKMP Profile
Static LAN-to-LAN IKEv1 IPsec between IOS Routers with SVTI and PSK
Static LAN-to-LAN IKEv1 IPsec between IOS Routers with SVTI and PKI
Static LAN-to-LAN IKEv1 IPsec between IOS and ASA with PSK in Main Mode
Static LAN-to-LAN IKEv1 IPsec between IOS and ASA with PSK in Aggressive Mode
Static LAN-to-LAN IKEv1 IPsec between IOS and ASA with PKI
Static LAN-to-LAN IKEv1 IPsec between IOS and ASA with PKI and Certificate Map
GRE over IPsec Using Crypto Maps with PSK
GRE over IPsec Using IPsec Profiles with PSK
VRF-Aware IPsec Using Crypto Maps and Global FVRF
VRF-Aware IPsec Using Crypto Maps and Custom FVRF
1/22/2014 CCIE Security Workbooks - Cisco Certification Training Series
http://www.ine.com/self-paced/ccie-security/workbooks.htm 5/5
^back to top
VRF-Aware IPsec Using IPsec Profiles and Global FVRF
VRF-Aware IPsec Using IPsec Profiles and Custom FVRF
VPN High Availability Using IPsec Backup Peers
VPN High Availability Using Loopback Peers
VPN High Availability Using Crypto Maps and RRI
VPN High Availability Using GRE over IPsec
VPN High Availability Using Crypto-Maps and SSO
VPN High Availability Using GRE over IPsec and SSO
IOS EzVPN Server with Crypto-Maps and PSK
IOS EzVPN Server with Crypto-Maps, ISAKMP Profiles, and PSK
IOS EzVPN Server with DVTI and PSK
IOS EzVPN Server with Group Lock
IOS EzVPN Remote Client Mode with PSK
IOS EzVPN Remote Network Extension Plus Mode with PSK
IOS EzVPN Remote with DVTI and PSK
IOS EzVPN Remote with DVTI and Digital Certificates
ASA EzVPN Server with PSK
ASA EzVPN Server DHCP Address Allocation
DMVPN Phase1 with PSK
DMVPN Phase2 with PSK
DMVPN Phase3 with PSK
DMVPN Behind NAT with PSK
GET VPN Unicast Rekey with PSK
DMVPN and GET VPN Integration
GET VPN Key Server Redundancy
ASA Clientless SSL VPN
ASA Clientless SSL VPN Port Forwarding
ASA Clientless SSL VPN Smart Tunnel
ASA AnyConnect SSL VPN with PSK
ASA AnyConnect SSL VPN with Digital Certificates
IOS AnyConnect SSL VPN with PSK
IOS Clientless SSL VPN
IOS Clientless SSL VPN Port Forwarding
Sitemap | INE Media | Success Stories | Free Resources | IEOC Online Community | INE Blog | Privacy Policy | Terms & Conditions | © 2013 INE Inc., All Rights Reserved