Network Security (19)
- Implementing Cisco IOS Network Security (IINS)
- ASA Firewall /VPN Boot Camp (ASAFIRE)
- Deploying Cisco ASA Firewall Features (FIREWALL)
- Deploying Cisco ASA VPN Solutions (VPN)
- Implementing Cisco Intrusion Prevention System 7.0 (IPS 7)
- Securing Networks with Cisco Routers and Switches (SECURE)
- Implementing Cisco NAC Appliance (CANAC)
- Implementing Cisco Network Admission Control (NAC)
- Catalyst 6500 and Cisco 7600 Series Routers Firewall Services Module Deployment (FWSMD)
- Security Solutions for Systems Engineers v 3.0 (SSSE)
- Securing Networks with ASA Advanced (SNAA)
- Advanced Services - Building Enhanced Cisco Security Networks (BECSN)
- Managing Enterprise Security with Cisco Security Manager (SSECMGT)
- Implementing Cisco Identity Service Engine Secure Solutions (ISE)
- Introduction to 802.1X Operations for Cisco Security Professionals (802.1X)
- ISE Essentials (ISEE)
- Architecting, Deploying and Managing ISE in the Enterprise (ADISE)
- Implementing Cisco Secure Access Control System (ACS) v5.2 (ACS)
Implementing Cisco Secure Access Control System (ACS) v5.2 (ACS)
Written by HBFITES-AdminWho should attend
HBFITES Cisco Secure Access Control System (ACS) Version 5.2 course is a 3 day immersion into designing, implementing and troubleshooting Cisco's Secure ACS Solution.
The primary audience for this course is as follows:
Security professionals, Security Architects, Security Engineers, and Network administrators re-sponsible for securing their networks to assure authorized access only by authenticated users, with accounting of their activities.
The secondary audience for this course is as follows:
Cisco channel partners who sell, implement, and maintain Cisco ACS Solutions
Cisco engineers who support the sale of Cisco ACS solutions
Prerequisites
The knowledge and skills that a learner must have before attending this course are as follows:
Cisco Certified Network Associate (CCNA) certification or the equivalent in knowledge and expe-rience.
Working knowledge of the Microsoft Windows operating system.
Though not mandatory, students should also attend:
Implementing Cisco IOS Network Security (IINS) certification or the equivalent in knowledge and experience.
Course Objectives
Upon completing the ACS 5.2 Course, you will be able to meet these overall objectives:
Understand how the RADIUS and TACACS+ protocols operate and what purpose they serve
Be familiar with all present ACS Solutions, including ACS Express, ACS Enterprise, ACS on VMware and Appliances like the CSACS-1120 Series and CSACS-1121 Series Appliances
Main Components of ACS
How to install ACS 5.2
How to use a Setup Script
How Licensing works with the ACS
Understand how Attributes, Value Types and Predefined Values are used
The different types of AAA Clients and how they access Network Resources and AAA Clients
How to work with a Local Identity Store & Identity Store Sequence
Understand Users and Identity Stores
Configure an External Identity Store with LDAP
The fundamentals of LDAP
How to setup LDAP SSL
How to set up an External Identity Store with Active Directory
How to perform Authentication - Command Authorization - Accounting with TACACS
How to monitor and Troubleshoot ACS (AAA with TACACS+)
Replacing digital certificates self-signed by ACS using a local Certificate Authority
Introduction to IEEE 802.1x and EAP – Extensible Authentication Protocol
802.1x and Windows XP
Single Host Authentication
802.1x – Single Host Authentication
802.1x Troubleshooting
Course Content
This course teaches students how to provide secure access to network resources using the Cisco® Secure Access Control System (ACS) 5.2, interoperating with security features in Cisco’s IOS® Software. Students will gain a thorough understanding of the operation of the Cisco Secure ACS to control access to network services and devices. Course subjects include the principles of authentication, to restrict user access to networks, services, and devices; authorization, to restrict the functions users can perform on services and devices; and ac-counting, to track the activities of users. The RADIUS, TACACS+, Extensible Authentication Protocol (EAP), and 802.1x protocols are discussed in theory and practice as the basis of network security. Specific methods and configurations are shown that can be used in your production networks to achieve targeted and detailed restrictions. The course includes hands-on labs to provide personal experience in configuring Cisco ACS and Cisco network devices.
Students attending this course will be exposed to designing, implementing and troubleshooting “Triple A” services (authentication, authorization and accounting services) using Cisco’s ACS and IOS technology. The benefits of this course are to be found in its real-world approach, putting the students in the shoes of the consultant implementing these services. By the end of the course, students will feel like they didn’t just take a class, they participated in the design, deployment and management of an ACS 5.2 solution. Many engineers will benefit from this course when they use the implementation plan and checklists included in this course during their own projects.
Architecting, Deploying and Managing ISE in the Enterprise (ADISE)
Written by HBFITES-AdminWho should attend
The primary audience for this course is as follows:
Network Security Engineers involved in the selection of secrutiy technology and solutions for enterprises
Cisco Partner SEs and consulting engineers designing and troubleshooting ISE Solutions
The secondary audience for this course is as follows:
Any individual involved in implementation and verification of ISE deployments in the enterprise networks
Prerequisites
Prior to attending this class, students should meet the following requirements:
Attend ISE Essentials or have equivalent knowledge
802.1X fundamental understanding and knowledge
CCNA Wireless certification or equivalent in experience
CCNA Security certification or equivalent in experience
Course Objectives
By the end of this course, students will be able to design, configure and manage ISE deployments in a large enterprise, addressing the following topics:
Posture
SGA
MACsec
Advanced profiling
High Availability
Enterprise ISE design concepts
Centralized vs. distributed
Enforcement points in the Enterprise
Integrating ISE and AD-
HA Design Methodologies and Options
Enterprise level Guest Services
Enterprise Backup and Restore Operations
Fail safe issues
Flex Auth
Advanced troubleshooting
Integrating ISE in a Windows AD network
Dealing with multiple sites (HQ and branch offices)
Cisco's Identity Services Engine (ISE) combines the capabilities of Cisco's Network Admissions Control (NAC) and Access Control System (ACS) technology into one system. It is a next-generation identity and access control policy platform that enables enterprises to enforce compliance, enhance infrastructure security, and streamline their service operations. This course is an essential introduction to this technology, providing attendees with the knowledge and skills to deploy and manage ISE for wired and wireless systems.
Who should attend
The primary audience for this course are Cisco Customers, Partner SEs and consultants that need to understand how to deploy, configure and manage the Cisco Identity Services Engine (ISE)
Prerequisites
The knowledge and skills that a learner must have before attending this course are as follows:
Knowledge and skill level equal to Cisco CCNA certification
Basic Understanding of 802.1X; students that do not have experience with 802.1X will have access before class to our online learning portal, complete with over 8 hours of elearning on 802.1x, and its adviseable that this is viewed prior to class.
Course Objectives
Upon completing this course, the learner will be able to meet these overall objectives:
Gain familiarity with the ISE user interface
Understand the requirements for deploying ISE
Configure ISE to manage access control through authentication and authorization
Deploy ISE guest services
Deploy ISE profiling services
Understand the full range of related ISE management tasks
Configure network devices as enforcement points for ISE
Course Content
This in-depth course provides students with the essential background information and hands-on training on ISE and related technology in order to successfully implement, configure and troubleshoot an ISE deployment. Students gain valuable experience installing and configuring ISE to provide Guest services, profiling services and configuring network devices in support of the ISE solution.
Introduction to 802.1X Operations for Cisco Security Professionals (802.1X)
Written by HBFITES-AdminThe goal of the course is to provide students with foundational knowledge in the capabilities and functions of the IEEE 802.1x protocol and the ability to configure the Cisco Identity Services Engine (ISE) for 802.1x operation.
The course will introduce the architecture, components and features of an identity based network designed around the IEEE 802.1x and RADIUS protocols. The student will gain hands-on experience with configuring a network for 802.1x-based network services using the Cisco Identity Services Engine (ISE), Cisco Catalyst switches and Cisco wireless products.
Who should attend
This course is intended for Cisco Partner Sales Engineers and Field engineers supporting customers with 802.1x solutions. The primary audience for this course is as follows:
Cisco Channel Partner SEs and FEs that are seeking to meet the education requirements to attain ATP authorization to sell Cisco ISE.
The secondary audience for this course is as follows:
Security architects, design engineers, and others seeking hands-on experience with Cisco TrustSec 802.1X deployments with Cisco ISE
Prerequisites
This section lists the skills and knowledge that learners must possess to benefit fully from the course. This section includes recommended Cisco learning offerings that the learners may complete to benefit fully from this course, including the following:
Cisco Certified Network Associate (CCNA)
Attendance of Securing Networks with Routers and Switches (SNRS) or equivalent knowledge
Knowledge of Microsoft Windows Server 2008 Active Directory
Knowledge of Cisco Wireless LAN Controllers and Lightweight Access Points
Knowledge of basic command-line configuration of Cisco Catalyst switches
Course Objectives
Upon completion of this course, the learner should be able to:
Describe Cisco TrustSec concepts
Describe IEEE 802.1X concepts, architecture, and requirements for deployment
Describe how the RADIUS authentication protocol is used for Cisco TrustSec
Configure ISE for 802.1x operation
Describe IEEE 802.1X supplicants for Microsoft, Apple and Cisco
Configure IEEE 802.1X for a wired network
Configure IEEE 802.1X for a wireless network
Describe how to provide secure guest access in a Cisco TrustSec network
Build a high level design of a Cisco TrustSec network using IEEE 802.1X
Course Content
Introduction to 802.1X Operations for Cisco Security Professionals (802.1X) v1.0 is a 3-day instructor-led training course designed to prepare Cisco Channel Partners, systems engineers, and implementers with the knowledge and hands-on experience to prepare them to configure Cisco TrustSec solutions based on Cisco Identity Services Module, Cisco Catalyst Switches, and Cisco Wireless LAN Controllers.
The goal of the course is to provide students with foundational knowledge in the capabilities and functions of the IEEE 802.1X protocol and the ability to configure the Cisco Identity Services Engine (ISE) for 802.1X operation. The course introduces the architecture, components, and features of a Cisco TrustSec network designed around the IEEE 802.1X and RADIUS protocols.
The student will gain hands-on experience with configuring a network for 802.1X-based network services using the Cisco ISE, Cisco Catalyst switches, and Cisco wireless products.
This course is a prerequisite for Cisco Channel Partners to attend the newly developed 5-day Implementing Cisco Identity Services Engine Secure Solutions (ISE) v1.0 course. Only certified ATPs (Authorized Technology Partners) can sell ISE/802.1x Cisco solutions at this time.
Implementing Cisco Identity Service Engine Secure Solutions (ISE)
Written by HBFITES-AdminCisco Identity Services Engine (ISE) is a next-generation identity and access control policy platform that enables enterprises to enforce compliance, enhance infrastructure security, and streamline their service operations. ISE includes the functionality of Cisco Access Control System (ACS) as well as the Network Admissions Control (NAC) Appliance, providing a single solution for AAA services as well as profiling services, posture services and more.
Who should attend
The primary audience for this course is as follows:
Cisco Channel Partner SEs and FEs that are seeking to meet the education requirements to attain ATP authorization to sell Cisco ISE.
The secondary audience for this course is as follows:
Partner security architects, design engineers, and others seeking hands-on experience with Cisco ISE. Note that Cisco customers are best served by attending our ISE Essentials (ISEE) or Architecting, Deploying and Managing ISE in the Enterprise (ADISE) courses.
Prerequisites
The prerequisite for Cisco Channel Partners to attend the Implementing Cisco Identity Services Engine Secure Solutions (ISE) v1.0 course is the Introduction to 802.1X Operations for Cisco Security Professionals
This section lists the skills and knowledge that learners must possess to benefit fully from the course. This section includes recommended Cisco learning offerings that the learners may complete to benefit fully from this course, including the following:
Required:
CCNA certification or equivalent level of experience with the configuration of Cisco routers and switches.
Introduction to 802.1X Operations for Cisco Security Professionals
Recommended:
CCNP certification or equivalent level of experience.
CCSP, CCNP Security certification or equivalent level of experience.
Base level of knowledge and understanding of the NAC appliance and Cisco ACS server version 5.X.
Course Objectives
Upon completing this course, the learner will be able to meet these overall objectives:
Describe the TrustSec 2.0 solution architecture and deployment methodologies using the ISE platform.
Configure the ISE platform in a network that includes Microsoft Active Directory.
Configure the Cisco ISE software for wired and wireless 802.1X.
Deploy firewall-based VPN services using the Cisco ASA and Inline Posture.
Configure the ISE for classification and policy enforcement.
Deploy ISE-based profiling, posture, and guest services.
Troubleshoot user authentication and policy enforcement problems based on configuration error or network issue.
Create a Low-level design for the ISE platform deployment methodology, scaling requirements, and platform resiliency
Course Content
Implementing Cisco Identity Service Engine Secure Solutions (ISE) is a course designed to provide students with hands-on lab configuration of Cisco’s Identity Services Engine running software version 1.0. The ISE platform takes the place of the Cisco ACS and NAC servers typically used in today’s identity-based networks. The students will implement 802.1X-based network services using Cisco Catalyst and Nexus switches and Cisco wireless products. The course also addresses solution design, sizing, resiliency, and platform troubleshooting.
Managing Enterprise Security with Cisco Security Manager (SSECMGT)
Written by HBFITES-AdminWho should attend
Network security engineers that are working in the enterprise sector.
Prerequisites
Cisco CCNP® Security certification:
Securing Networks with Cisco Routers and Switches (SECURE)
Deploying Cisco ASA Firewall Features (FIREWALL)
Deploying Cisco ASA VPN Solutions (VPN)
Implementing Cisco Intrusion Prevention System 7.0 (IPS 7)
Understanding of networking and routing (on the CCNP level, but no certification is required).
Understanding of different VPN technologies (such as DMVPN, GET VPN, and SSL VPN).
Working knowledge of the Microsoft Windows operating system.
Course Objectives
The Managing Enterprise Security with Cisco Security Manager (SSECMGT) v4.0 course is a five-day instructor-led course that is aimed at providing network security engineers with the knowledge and skills that are needed to configure and deploy Cisco Security Manager. The course also provides an overview of network security technologies, and includes case studies that are useful for deployment scenarios.
Upon completing this course, the learner will be able to meet these overall objectives:
Present an overview of the Cisco Security Manager product, describe the main product features, and introduce the basic deployment tasks
Manage configuration of Cisco ASA adaptive security appliances and Cisco FWSM firewall devices, and explain firewall event management and device configuration correlation
Describe the most commonly used VPN topologies and their deployment
Examine the configuration of intrusion prevention mechanisms on the Cisco IOS platform, modules, and standalone appliances, as well as explain the Cisco IPS event and configuration correlation
Explain how Cisco Security Manager works with Cisco IOS devices, including the new Cisco ISR G2 routers
Describe the FlexConfig functionality of Cisco Security Manager, the workflow mode of operation, and administrative tasks and integration with Cisco Secure ACS
Course Content
CSM Overview
Using CSM
Managing Devices
Managing Policies
Managing Objects
Using Map View
Firewall Policy Management
Managing Firewall Services
Managing Firewall Devices
Event Monitoring and Rule Correlation for Firewalls
VPN Policy Configuration
Managing VPNs
Managing Remote Access IPsec VPNs
Configuring Client-Based SSL VPNs
Configuring Clientless SSL VPNs
Configuring Advanced VPN Configurations
Deploying Advanced VPN Technologies
Cisco IPS Solutions Management
Managing Cisco IPS Services
Managing Cisco IPS Devices
Managing Cisco IPS Events
Cisco IOS Device Provisioning
Managing Routers
Using the Cisco Catalyst 6500 Series Switch and Cisco 7600 Series Router Device Manager
Management, Deployment, and Administration of FlexConfigs in CSM
Managing FlexConfigs
Managing Activities and Workflow Deployments
Implementing Integration Between CSM and Cisco Secure ACS
Backing Up and Restoring CSM Databases
Using Monitoring, Troubleshooting, and Diagnostic Tools
Advanced Services - Building Enhanced Cisco Security Networks (BECSN)
Written by HBFITES-AdminWho should attend
This course is intended for network professionals including designers, implementers and support staff who design security networks and deploy networks using Cisco security products including end-to-end Cisco security services.
Prerequisites
Course Objectives
Course Content
Developing a Network Security Policy
Configuring Split Tunneling for Remote Access
Configuring IPSec
Configuring Split Tunneling
Fragmentation, Path MTU Discovery, and Recursive Routing
Avoiding Fragmentation with TCP MSS
PMTUD
Modifying Path MTU for IPSec Site-to-Site VPNs
IPSec High Availability (IPSec-HA)
Configuring IPSec-HA
Verifying IPSec-HA
Dynamic Multipoint VPN (DMVPN)
DMVPN Benefits
Configuring and Verifying DMVPN
Identity Based Networking Services (IBMS)
802.11 Security
IBMS Overview
Configuring and Verifying IBNS for Wireless Networks
Securing Network Management
Network Management Overview
SNMP
Securely Managing Network Devices
CiscoWorks VMS 2.2
Managing IDS with CiscoWorks
Monitoring IDS Sensors with Security Monitor
Network Attacks
Network Attack Overview
Network Attack Mitigation
Network Implementation Package
Who should attend
The primary audience for this course is as follows:
Cisco customers who implement and maintain Cisco ASA security appliances
The secondary audience for this course is as follows:
Cisco channel partners who sell, implement, and maintain ASA security appliances
Cisco engineers who support the sale of ASA security appliances
Prerequisites
The knowledge and skills that a learner must have before attending this course are as follows:
Cisco CCNA certification or the equivalent knowledge
Basic knowledge of the Microsoft Windows operating system
Familiarity with networking and security terms and concepts
Course Objectives
Upon completing this course, the learner will be able to meet these overall objectives:
Configure policy NAT based on traffic type
Describe the layer 7 modular policy framework for the security appliance and how it is configured
Describe the layer 7 advanced protocol handling capabilities of modular policy frame and how it is configured
Identify the steps need to configure the security appliance to segment traffic with VLANs
Identify the steps need to configure the security appliance to configure the ASA for dynamic routing.
Explain the components of IPsec and the functionality of IPsec and explain what digital certificates are and how they are used
Identify the steps needed to configure the security appliance to establish LAN-to-LAN tunnels with the digital certificate
Identify the necessary steps to configure the IPSec VPN Client using digital certificates
Identify the necessary steps to configure the security appliance for remote access using digital certificates
Explain the advanced remote access features of the ASA
Determine the necessary configuration for the ASA 5505 to be a VPN hardware client
Identify the steps to configure QoS for VPN traffic
List the steps needed to configure the WebVPN functionality of the security appliance
Identify the basic clientless SSL VPN features of the security appliance
Configure full network access SSL VPNs using the AnyConnect Client
List the feature and functionality of the Cisco Secure Desktop
Configure CSD and DAP for SSL VPN connections on the Cisco ASA
Identify and list the characteristics of the services modules for the ASA
Identify the steps needed to configure, inspect, and filter traffic with the Content Security and Control SSM
Identify the steps needed to configure the security appliance to identify, alert, and defend against attacks
Course Content
This five-day, instructor-led, lab-intensive course, which will be delivered by HBFITES. This task-oriented course teaches the knowledge and skills needed advanced configuration, maintenance, and operation Cisco ASA 5500 Series Adaptive Security Appliances.
Security Solutions for Systems Engineers v 3.0 (SSSE)
Written by HBFITES-AdminThe Security Solutions for System Engineers (SSSE) v3.0 course is recommended for system engineers, network designers, and security professionals designing security solutions in enterprise environments. The course provides an introduction to security design best practices for both host- and network-centric security controls. The course includes a systematic overview of modern threats, controls, and defensive architectures for a variety of common business scenarios, and enables the learner to choose the optimal architecture and Cisco products to satisfy business risk management requirements. The course also includes practice labs, which demonstrate the application of security technologies used in the case studies within the course.
Who should attend
Employees
Channel Partner
Resellers
Certifications
This course is part of the following Certifications:
Cisco Security Solutions and Design Specialist (CSSDS)
Prerequisites
Valid CCDA Certification
Course Objectives
Upon completing this course, the student will be able to meet these overall objectives:
Recognize modern threats to enterprise business processes.
Recognize modern security controls.
Choose appropriate controls for specific threats and environments.
Apply basic security design guidelines.
Recognize basic customer requirements and environment limitations, and build an optimal solution based on them.
Position Cisco security products in basic customer scenarios.
Course Content
This 5-days ILT course covers claims and evidence identified for the new Advanced Security SE Specialization. The Security Solutions for Systems Engineers training is part of the Channel SE program. The SSSE course will form the basis for the Cisco Security Solutions and Design Specialist.
High-Level Outline:
Module 1: The Threat Landscape and Goals of Security Engineering
Module 2: Overview of Security Controls
Module 3: Network Infrastructure Protection Solutions
Module 4: Enterprise Internet Access Solutions
Module 5: Solutions for Exposed Enterprise Services and Data Centers
Module 6: Unified Communications Protection Solutions
Module 7: Secure WAN Solutions
Module 8: Secure Remote Access Solutions
Module 9: Enterprise Wireless Security Solutions
Module 10: Enterprise Security Management Solutions
Please wait...
Cisco