course verview - sunsetlearning.com · sunset learning institute cloud technology training provider...
TRANSCRIPT
SUNSET LEARNING INSTITUTE CLOUD TECHNOLOGY TRAINING PROVIDER - EDUCATE. INNOVATE. OPTIMIZE.
888.888.5251 | www.sunsetlearning.com
IMPLEMENTING CISCO EDGE NETWORK SECURITY SOLUTIONS
V1.0 (SENSS)
COURSE OVERVIEW: Implementing Cisco Edge Network Security Solutions (SENSS) v1.0 is a newly created five-day instructor-led training (vILT) course is part of the curriculum path leading to the Cisco Certified Network Professional Security (CCNP© Security) certification. Additionally, it is designed to prepare security engineers with the knowledge and hands-on experience to prepare them to configure Cisco perimeter edge security solutions utilizing Cisco Switches, Cisco Routers, and Cisco Adaptive Security Appliance (ASA) Firewalls. The goal of the course is to provide students with foundational knowledge and the capabilities to implement and managed security on Cisco ASA firewalls, Cisco Routers with the firewall feature set, and Cisco Switches. The student will gain hands-on experience with configuring various perimeter security solutions for mitigating outside threats and securing network zones. At the end of the course, students will be able to reduce the risk to their IT infrastructures and applications using Cisco Switches, Cisco ASA, and Router security appliance feature and provide detailed operations support for these products.
WHO WILL BENEFIT FROM THIS COURSE? Network Security Engineers
PREREQUISITES: To fully benefit from this course, students should have the following prerequisite skills and knowledge:
Cisco Certified Network Associate (CCNA®) certification
Cisco Certified Network Associate (CCNA®) Security certification
Knowledge of Microsoft Windows operating system
RELATED COURSES: SIMOS
SISAS
SITCS
COURSE OBJECTIVES: After completion of this course, students will be able to...
Understand current security threat landscape
Understanding and implementing Cisco modular Network Security Architectures such as
SecureX and TrustSec
Deploy Cisco Infrastructure management and control plane security controls
Configuring Cisco layer 2 and layer 3 data plane security controls
Implement and maintain Cisco ASA Network Address Translations (NAT)
Implement and maintain Cisco IOS Software Network Address Translations (NAT)
Designing and deploying Cisco Threat Defense solutions on a Cisco ASA utilizing access
policy and application and identity based inspection
Implementing Botnet Traffic Filters
Deploying Cisco IOS Zone-Based Policy Firewalls (ZBFW)
Configure and verify Cisco IOS ZBFW Application Inspection Policy
SUNSET LEARNING INSTITUTE CLOUD TECHNOLOGY TRAINING PROVIDER - EDUCATE. INNOVATE. OPTIMIZE.
888.888.5251 | www.sunsetlearning.com
COURSE OUTLINE:
Module 1: Cisco Secure Design Principles Lesson 1: Network Security Zoning This lesson defines how to identify the benefits of implementing a Cisco Zone based security architecture solution. Upon completing this lesson, the learner will be able to meet these objectives:
Describe the principles behind zone based security architecture Lesson 2: Cisco Module Network Architecture This lesson defines how why it is important to develop a modular security architecture. Upon completing this lesson, the learner will be able to meet these objectives:
Describe the various approaches to architecting a security solution based on access areas Lesson 3: Cisco SecureX Architecture This lesson defines how to identify the components and functions of a Cisco SecureX solution. Upon completing this lesson, the learner will be able to meet these objectives:
Describe Cisco SecureX network-centric approach
Understand the enforcement model
Align corporate business needs to network security policies
Integrate global intelligence with context-aware networking Lesson 4: Cisco TrustSec Solutions This lesson defines how to identify the components and functions of a Cisco TrustSec solution. Upon completing this lesson, the learner will be able to meet these objectives:
Describe the architecture and deployment options for a TrustSec solution
Understand the basics to identify based security control
Basics of Profiling and devices assessment
How Security Group Tagging (SGA) is integrated into the network
Module 2: Implement Network Infrastructure Protection Lesson 1: Introducing Cisco Network Infrastructure Architecture This lesson defines how to describe the basic concepts of why network infrastructure equipment should be protected. Upon completing this lesson, the learner will be able to meet these objectives:
Understand the threats and risks facing the network infrastructure Lesson 2: Deploying Cisco IOS Control Plane Security Controls This lesson defines how and why to configuring Cisco IOS security to limit access to the IOS control plane. Upon completing this lesson, the learner will be able to meet these objectives:
Describe how to implement Cisco IOS control plane security Lesson 3: Deploying Cisco IOS Management Plane Security Controls Upon completing this lesson, the learner will be able to meet these objectives:
Describe how to implement Cisco IOS management plane security Lesson 4: Deploying Cisco ASA Management Plane Security Controls Upon completing this lesson, the learner will be able to meet these objectives:
Describe how to implement Cisco ASA management plane security Lesson 5: Deploying Cisco Traffic Telemetry Methods Upon completing this lesson, the learner will be able to meet these objectives:
Understand how telemetry data such as NTP, logging, and NetFlow can improve network security posture
SUNSET LEARNING INSTITUTE CLOUD TECHNOLOGY TRAINING PROVIDER - EDUCATE. INNOVATE. OPTIMIZE.
888.888.5251 | www.sunsetlearning.com
Lesson 6: Deploying Cisco IOS Layer 2 Data Plane Security Controls Upon completing this lesson, the learner will be able to meet these objectives: Describe Lesson 7: Deploying Cisco IOS Layer 3 Data Plane Security Controls Upon completing this lesson, the learner will be able to meet these objectives:
Describe Cisco IOS Layer 3 Data Plane Security controls such as antispoofing ACLs, uRPF, and IP Source Guard.
Module 3: Deploying NAT on Cisco IOS and Cisco Adaptive Security Appliance (ASA) Lesson 1: Introducing Network Address Translation Understand the basics need for Network Address translation. Upon completing this lesson, the learner will be able to meet these objectives:
Review the fundamentals of Network Address Translation
Learn the different between PAT, Dynamic NAT, and Static NAT Lesson 2: Deploying Cisco ASA Network Address Translation Understand the requirements for setting up Network Address Translation on a Cisco ASA firewall. Upon completing this lesson, the learner will be able to meet these objectives:
Learn to configure NAT to support many use cases Lesson 3: Deploying Cisco IOS Software Network Address Translation Understand how to implement NAT on an IOS software device. Upon completing this lesson, the learner will be able to meet these objectives:
Learn how NAT functions on an IOS Software device
Configure both Static NAT and dynamic NAT
Module 4: Deploying Threat Controls on Cisco ASA Lesson 1: Introducing Cisco Threat Controls This lesson defines how to identify what features are available on the ASA to support threat control. Upon completing this lesson, the learner will be able to meet these objectives:
Understand the features and solutions for configuring ASA threat control Lesson 2: Deploying Cisco ASA Basic Access Controls This lesson defines how to configure Cisco ASA basic access policies. Upon completing this lesson, the learner will be able to meet these objectives:
Understand the configuration requirements and functionality of Cisco ASA access controls Lesson 3: Deploying Cisco ASA Application Inspection Policies Upon completing this lesson, the learner will be able to meet these objectives:
Setup and configure ASA with Application Inspections policies Lesson 4: Deploying Cisco ASA Botnet Traffic Filtering Upon completing this lesson, the learner will be able to meet these objectives:
Overview and Configuration of Cisco ASA Botnet Traffic Filter Lesson 5: Deploying Cisco ASA Identity Based Firewall Upon completing this lesson, the learner will be able to meet these objectives:
Overview and Configuration of Cisco Identity Based Firewall
Module 5: Deploying Threat Controls on Cisco IOS Software Lesson 1: Deploying Cisco IOS Software with Basic Zone-Based Firewall Policies This lesson provides an overview and configuration tasks of Cisco IOS Zone-Based Policy Firewall:
Overview and configuration of ZBPF Access Control Policies.
SUNSET LEARNING INSTITUTE CLOUD TECHNOLOGY TRAINING PROVIDER - EDUCATE. INNOVATE. OPTIMIZE.
888.888.5251 | www.sunsetlearning.com
Lesson 2: Deploying Cisco IOS Software Zone-Based Firewall with Application Inspection Policies Upon completing this lesson, the learner will be able to meet these objectives.
Describe how to implement ZBFW policy for certain application inspection rules
LABS: Lab 2-1: Configuring Cisco Control and Management Plane Security
Lab 2-2: Configuring Traffic Telemetry Methods
Lab 2-3: Configuring Layer 2 Data Plane Security Controls
Lab 2-4: Configuring Layer 3 Data Plane Security Controls
Lab 3-1: Configure Cisco ASA Network Address Translation
Lab 3-2: Configure Cisco IOS Software for Network Address Translation
Lab 4-1: Configuring Cisco ASA Access Control Features
Lab 4-2: Configuring Cisco Application Inspection Policy
Lab 4-3: Configuring Cisco Botnet Traffic Filtering
Lab 4-4: Configuring Cisco Identity Based Firewall
Lab 5-1: Configuring Cisco IOS Software with Basic Zone-Based Firewall
Lab 5-2: Configuring Cisco IOS Software with Basic Zone-Based Firewall
SUNSET LEARNING INSTITUTE (SLI) DIFFERENTIATORS: Sunset Learning Institute (SLI) has been an innovative leader in developing and delivering authorized technical training since 1996. Our goal is to help our customers optimize their cloud technology investments by providing convenient, high quality technical training that our customers can rely on. We empower students to master their desired technologies for their unique environments. What sets SLI apart is not only our immense selection of trainings options, but our convenient and consistent delivery system. No matter how complex your environment is or where you are located, SLI is sure to have a training solution that you can count on! Premiere World Class Instruction Team
All SLI instructors have a four-year technical degree, instructor level certifications and field
consulting work experience.
Sunset Learning has won numerous Instructor Excellence and Instructor Quality Distinction awards
since 2012
Enhanced Learning Experience
The goal of our instructors during class is ensure students understand the material, guide them
through our labs and encourage questions and interactive discussions.
Convenient and Reliable Training Experience
You have the option to attend at any of our established training facilities or from the convenience of
your home or office with the use of our HD-ILT network (High Definition Instructor Led Team)
All Sunset Learning Institute classes are guaranteed to run – you can count on us to deliver the
training you need when you need it!
Outstanding Customer Service
Dedicated account manager to suggest the optimal learning path for you and your team
Enthusiastic Student Services team available to answer any questions and ensure a quality training
experience during your week at Sunset Learning Institute