Network Security

Network Security (19)

Who should attend

HBFITES Cisco Secure Access Control System (ACS) Version 5.2 course is a 3 day immersion into designing, implementing and troubleshooting Cisco's Secure ACS Solution.

The primary audience for this course is as follows:

    Security professionals, Security Architects, Security Engineers, and Network administrators re-sponsible for securing their networks to assure authorized access only by authenticated users, with accounting of their activities.

The secondary audience for this course is as follows:

    Cisco channel partners who sell, implement, and maintain Cisco ACS Solutions
    Cisco engineers who support the sale of Cisco ACS solutions

Prerequisites

The knowledge and skills that a learner must have before attending this course are as follows:

    Cisco Certified Network Associate (CCNA) certification or the equivalent in knowledge and expe-rience.
    Working knowledge of the Microsoft Windows operating system.

Though not mandatory, students should also attend:

    Implementing Cisco IOS Network Security (IINS) certification or the equivalent in knowledge and experience.

Course Objectives

Upon completing the ACS 5.2 Course, you will be able to meet these overall objectives:

    Understand how the RADIUS and TACACS+ protocols operate and what purpose they serve
    Be familiar with all present ACS Solutions, including ACS Express, ACS Enterprise, ACS on VMware and Appliances like the CSACS-1120 Series and CSACS-1121 Series Appliances
    Main Components of ACS
    How to install ACS 5.2
    How to use a Setup Script
    How Licensing works with the ACS
    Understand how Attributes, Value Types and Predefined Values are used
    The different types of AAA Clients and how they access Network Resources and AAA Clients
    How to work with a Local Identity Store & Identity Store Sequence
    Understand Users and Identity Stores
    Configure an External Identity Store with LDAP
    The fundamentals of LDAP
    How to setup LDAP SSL
    How to set up an External Identity Store with Active Directory
    How to perform Authentication - Command Authorization - Accounting with TACACS
    How to monitor and Troubleshoot ACS (AAA with TACACS+)
    Replacing digital certificates self-signed by ACS using a local Certificate Authority
    Introduction to IEEE 802.1x and EAP – Extensible Authentication Protocol
    802.1x and Windows XP
    Single Host Authentication
    802.1x – Single Host Authentication
    802.1x Troubleshooting

Course Content

This course teaches students how to provide secure access to network resources using the Cisco® Secure Access Control System (ACS) 5.2, interoperating with security features in Cisco’s IOS® Software. Students will gain a thorough understanding of the operation of the Cisco Secure ACS to control access to network services and devices. Course subjects include the principles of authentication, to restrict user access to networks, services, and devices; authorization, to restrict the functions users can perform on services and devices; and ac-counting, to track the activities of users. The RADIUS, TACACS+, Extensible Authentication Protocol (EAP), and 802.1x protocols are discussed in theory and practice as the basis of network security. Specific methods and configurations are shown that can be used in your production networks to achieve targeted and detailed restrictions. The course includes hands-on labs to provide personal experience in configuring Cisco ACS and Cisco network devices.

Students attending this course will be exposed to designing, implementing and troubleshooting “Triple A” services (authentication, authorization and accounting services) using Cisco’s ACS and IOS technology. The benefits of this course are to be found in its real-world approach, putting the students in the shoes of the consultant implementing these services. By the end of the course, students will feel like they didn’t just take a class, they participated in the design, deployment and management of an ACS 5.2 solution. Many engineers will benefit from this course when they use the implementation plan and checklists included in this course during their own projects.

Who should attend

The primary audience for this course is as follows:

    Network Security Engineers involved in the selection of secrutiy technology and solutions for enterprises
    Cisco Partner SEs and consulting engineers designing and troubleshooting ISE Solutions

The secondary audience for this course is as follows:

    Any individual involved in implementation and verification of ISE deployments in the enterprise networks

Prerequisites

Prior to attending this class, students should meet the following requirements:

    Attend ISE Essentials or have equivalent knowledge
    802.1X fundamental understanding and knowledge
    CCNA Wireless certification or equivalent in experience
    CCNA Security certification or equivalent in experience

Course Objectives

By the end of this course, students will be able to design, configure and manage ISE deployments in a large enterprise, addressing the following topics:

    Posture
    SGA
    MACsec
    Advanced profiling
    High Availability
    Enterprise ISE design concepts
        Centralized vs. distributed
        Enforcement points in the Enterprise
        Integrating ISE and AD-
        HA Design Methodologies and Options
        Enterprise level Guest Services
        Enterprise Backup and Restore Operations
        Fail safe issues
        Flex Auth
    Advanced troubleshooting
    Integrating ISE in a Windows AD network
    Dealing with multiple sites (HQ and branch offices)

Sunday, 22 January 2012 03:43

ISE Essentials (ISEE)

Written by

Cisco's Identity Services Engine (ISE) combines the capabilities of Cisco's Network Admissions Control (NAC) and Access Control System (ACS) technology into one system. It is a next-generation identity and access control policy platform that enables enterprises to enforce compliance, enhance infrastructure security, and streamline their service operations. This course is an essential introduction to this technology, providing attendees with the knowledge and skills to deploy and manage ISE for wired and wireless systems.

Who should attend

The primary audience for this course are Cisco Customers, Partner SEs and consultants that need to understand how to deploy, configure and manage the Cisco Identity Services Engine (ISE)

Prerequisites

The knowledge and skills that a learner must have before attending this course are as follows:

    Knowledge and skill level equal to Cisco CCNA certification
    Basic Understanding of 802.1X; students that do not have experience with 802.1X will have access before class to our online learning portal, complete with over 8 hours of elearning on 802.1x, and its adviseable that this is viewed prior to class.

Course Objectives

Upon completing this course, the learner will be able to meet these overall objectives:

    Gain familiarity with the ISE user interface
    Understand the requirements for deploying ISE
    Configure ISE to manage access control through authentication and authorization
    Deploy ISE guest services
    Deploy ISE profiling services
    Understand the full range of related ISE management tasks
    Configure network devices as enforcement points for ISE

Course Content

This in-depth course provides students with the essential background information and hands-on training on ISE and related technology in order to successfully implement, configure and troubleshoot an ISE deployment. Students gain valuable experience installing and configuring ISE to provide Guest services, profiling services and configuring network devices in support of the ISE solution.

The goal of the course is to provide students with foundational knowledge in the capabilities and functions of the IEEE 802.1x protocol and the ability to configure the Cisco Identity Services Engine (ISE) for 802.1x operation.

The course will introduce the architecture, components and features of an identity based network designed around the IEEE 802.1x and RADIUS protocols. The student will gain hands-on experience with configuring a network for 802.1x-based network services using the Cisco Identity Services Engine (ISE), Cisco Catalyst switches and Cisco wireless products.

Who should attend

This course is intended for Cisco Partner Sales Engineers and Field engineers supporting customers with 802.1x solutions. The primary audience for this course is as follows:

    Cisco Channel Partner SEs and FEs that are seeking to meet the education requirements to attain ATP authorization to sell Cisco ISE.

The secondary audience for this course is as follows:

    Security architects, design engineers, and others seeking hands-on experience with Cisco TrustSec 802.1X deployments with Cisco ISE

Prerequisites

This section lists the skills and knowledge that learners must possess to benefit fully from the course. This section includes recommended Cisco learning offerings that the learners may complete to benefit fully from this course, including the following:

    Cisco Certified Network Associate (CCNA)
    Attendance of Securing Networks with Routers and Switches (SNRS) or equivalent knowledge
    Knowledge of Microsoft Windows Server 2008 Active Directory
    Knowledge of Cisco Wireless LAN Controllers and Lightweight Access Points
    Knowledge of basic command-line configuration of Cisco Catalyst switches

Course Objectives

Upon completion of this course, the learner should be able to:

    Describe Cisco TrustSec concepts
    Describe IEEE 802.1X concepts, architecture, and requirements for deployment
    Describe how the RADIUS authentication protocol is used for Cisco TrustSec
    Configure ISE for 802.1x operation
    Describe IEEE 802.1X supplicants for Microsoft, Apple and Cisco
    Configure IEEE 802.1X for a wired network
    Configure IEEE 802.1X for a wireless network
    Describe how to provide secure guest access in a Cisco TrustSec network
    Build a high level design of a Cisco TrustSec network using IEEE 802.1X

Course Content

Introduction to 802.1X Operations for Cisco Security Professionals (802.1X) v1.0 is a 3-day instructor-led training course designed to prepare Cisco Channel Partners, systems engineers, and implementers with the knowledge and hands-on experience to prepare them to configure Cisco TrustSec solutions based on Cisco Identity Services Module, Cisco Catalyst Switches, and Cisco Wireless LAN Controllers.

The goal of the course is to provide students with foundational knowledge in the capabilities and functions of the IEEE 802.1X protocol and the ability to configure the Cisco Identity Services Engine (ISE) for 802.1X operation. The course introduces the architecture, components, and features of a Cisco TrustSec network designed around the IEEE 802.1X and RADIUS protocols.

The student will gain hands-on experience with configuring a network for 802.1X-based network services using the Cisco ISE, Cisco Catalyst switches, and Cisco wireless products.
This course is a prerequisite for Cisco Channel Partners to attend the newly developed 5-day Implementing Cisco Identity Services Engine Secure Solutions (ISE) v1.0 course. Only certified ATPs (Authorized Technology Partners) can sell ISE/802.1x Cisco solutions at this time.

Cisco Identity Services Engine (ISE) is a next-generation identity and access control policy platform that enables enterprises to enforce compliance, enhance infrastructure security, and streamline their service operations. ISE includes the functionality of Cisco Access Control System (ACS) as well as the Network Admissions Control (NAC) Appliance, providing a single solution for AAA services as well as profiling services, posture services and more.

Who should attend

The primary audience for this course is as follows:

    Cisco Channel Partner SEs and FEs that are seeking to meet the education requirements to attain ATP authorization to sell Cisco ISE.

The secondary audience for this course is as follows:

    Partner security architects, design engineers, and others seeking hands-on experience with Cisco ISE. Note that Cisco customers are best served by attending our ISE Essentials (ISEE) or Architecting, Deploying and Managing ISE in the Enterprise (ADISE) courses.

Prerequisites

The prerequisite for Cisco Channel Partners to attend the Implementing Cisco Identity Services Engine Secure Solutions (ISE) v1.0 course is the Introduction to 802.1X Operations for Cisco Security Professionals

This section lists the skills and knowledge that learners must possess to benefit fully from the course. This section includes recommended Cisco learning offerings that the learners may complete to benefit fully from this course, including the following:

Required:

    CCNA certification or equivalent level of experience with the configuration of Cisco routers and switches.
    Introduction to 802.1X Operations for Cisco Security Professionals

Recommended:

    CCNP certification or equivalent level of experience.
    CCSP, CCNP Security certification or equivalent level of experience.
    Base level of knowledge and understanding of the NAC appliance and Cisco ACS server version 5.X.

Course Objectives

Upon completing this course, the learner will be able to meet these overall objectives:

    Describe the TrustSec 2.0 solution architecture and deployment methodologies using the ISE platform.
    Configure the ISE platform in a network that includes Microsoft Active Directory.
    Configure the Cisco ISE software for wired and wireless 802.1X.
    Deploy firewall-based VPN services using the Cisco ASA and Inline Posture.
    Configure the ISE for classification and policy enforcement.
    Deploy ISE-based profiling, posture, and guest services.
    Troubleshoot user authentication and policy enforcement problems based on configuration error or network issue.
    Create a Low-level design for the ISE platform deployment methodology, scaling requirements, and platform resiliency

Course Content

Implementing Cisco Identity Service Engine Secure Solutions (ISE) is a course designed to provide students with hands-on lab configuration of Cisco’s Identity Services Engine running software version 1.0. The ISE platform takes the place of the Cisco ACS and NAC servers typically used in today’s identity-based networks. The students will implement 802.1X-based network services using Cisco Catalyst and Nexus switches and Cisco wireless products. The course also addresses solution design, sizing, resiliency, and platform troubleshooting.

Who should attend

Network security engineers that are working in the enterprise sector.

Prerequisites

    Cisco CCNP® Security certification:
        Securing Networks with Cisco Routers and Switches (SECURE)
        Deploying Cisco ASA Firewall Features (FIREWALL)
        Deploying Cisco ASA VPN Solutions (VPN)
        Implementing Cisco Intrusion Prevention System 7.0 (IPS 7)
    Understanding of networking and routing (on the CCNP level, but no certification is required).
    Understanding of different VPN technologies (such as DMVPN, GET VPN, and SSL VPN).
    Working knowledge of the Microsoft Windows operating system.

Course Objectives

The Managing Enterprise Security with Cisco Security Manager (SSECMGT) v4.0 course is a five-day instructor-led course that is aimed at providing network security engineers with the knowledge and skills that are needed to configure and deploy Cisco Security Manager. The course also provides an overview of network security technologies, and includes case studies that are useful for deployment scenarios.

Upon completing this course, the learner will be able to meet these overall objectives:

    Present an overview of the Cisco Security Manager product, describe the main product features, and introduce the basic deployment tasks
    Manage configuration of Cisco ASA adaptive security appliances and Cisco FWSM firewall devices, and explain firewall event management and device configuration correlation
    Describe the most commonly used VPN topologies and their deployment
    Examine the configuration of intrusion prevention mechanisms on the Cisco IOS platform, modules, and standalone appliances, as well as explain the Cisco IPS event and configuration correlation
    Explain how Cisco Security Manager works with Cisco IOS devices, including the new Cisco ISR G2 routers
    Describe the FlexConfig functionality of Cisco Security Manager, the workflow mode of operation, and administrative tasks and integration with Cisco Secure ACS

Course Content

CSM Overview

    Using CSM
    Managing Devices
    Managing Policies
    Managing Objects
    Using Map View

Firewall Policy Management

    Managing Firewall Services
    Managing Firewall Devices
    Event Monitoring and Rule Correlation for Firewalls

VPN Policy Configuration

    Managing VPNs
    Managing Remote Access IPsec VPNs
    Configuring Client-Based SSL VPNs
    Configuring Clientless SSL VPNs
    Configuring Advanced VPN Configurations
    Deploying Advanced VPN Technologies

Cisco IPS Solutions Management

    Managing Cisco IPS Services
    Managing Cisco IPS Devices
    Managing Cisco IPS Events

Cisco IOS Device Provisioning

    Managing Routers
    Using the Cisco Catalyst 6500 Series Switch and Cisco 7600 Series Router Device Manager

Management, Deployment, and Administration of FlexConfigs in CSM

    Managing FlexConfigs
    Managing Activities and Workflow Deployments
    Implementing Integration Between CSM and Cisco Secure ACS
    Backing Up and Restoring CSM Databases
    Using Monitoring, Troubleshooting, and Diagnostic Tools

Who should attend

This course is intended for network professionals including designers, implementers and support staff who design security networks and deploy networks using Cisco security products including end-to-end Cisco security services.

Prerequisites

• Experience using the IOS Command Line Interface (CLI)
• Routing fundamentals and IP addressing
• Experience using Cisco Secure Products including PIX Firewalls, VPN Concentrators, and Intrusion Prevention Systems (Recommended)
• Experience using Cisco Aironet Wireless LANs (Recommended)

Course Objectives

• Develop and document a comprehensive security policy that fulfills all requirements of a network assessment
• Based on a set of threat management criteria, document a threat response procedure
• Configure a site-to-site IP Security (IPSec) VPN to the corporate core network
• Configure split tunneling to send unencrypted traffic to the Internet so that users are capable of loading a Web page outside of the IPSec tunnel
• Configure context-based access control (CBAC) on a router to secure the remote VPN connection
• Identify the path maximum transmission unit (MTU) for the established site-to-site IPSec tunnel
• Configure Cisco VPN Routers for IPSec-HA and verify their correct operation by using a failover sequence and reverse route injection
• Configure a Cisco router to be a Next Hop Resolution Protocol (NHRP) client by having it register with the NHRP hub in the core network
• Connect a NHRP client router to a peer pod client router through the dynamic multipoint VPN (DMVPN) network
• Configure the Cisco Wireless Application Protocol (WAP) for 802.1x port-based authentication and verify its accuracy with a successful RADIUS login to a student pod Cisco Secure Access Control Server
• Configure an access edge router to support Simple Network Management Protocol Version 2 (SNMP v2) with SNMP access control lists (ACLs) for remote administration
• Configure Cisco Intrusion Detection System components to respond to active internal and external network threats using CiscoWorks VPN/Security Management Solution 2.2
• Configure a Cisco PIX firewall to respond to active and internal and external networks
• Configure Cisco routers to respond to active internal and external networks

Course Content

    Developing a Network Security Policy
    Configuring Split Tunneling for Remote Access
        Configuring IPSec
        Configuring Split Tunneling
    Fragmentation, Path MTU Discovery, and Recursive Routing
        Avoiding Fragmentation with TCP MSS
        PMTUD
        Modifying Path MTU for IPSec Site-to-Site VPNs
    IPSec High Availability (IPSec-HA)
        Configuring IPSec-HA
        Verifying IPSec-HA
    Dynamic Multipoint VPN (DMVPN)
        DMVPN Benefits
        Configuring and Verifying DMVPN
    Identity Based Networking Services (IBMS)
        802.11 Security
        IBMS Overview
        Configuring and Verifying IBNS for Wireless Networks
    Securing Network Management
        Network Management Overview
        SNMP
        Securely Managing Network Devices
        CiscoWorks VMS 2.2
        Managing IDS with CiscoWorks
        Monitoring IDS Sensors with Security Monitor
    Network Attacks
        Network Attack Overview
        Network Attack Mitigation
    Network Implementation Package

Sunday, 22 January 2012 03:37

Securing Networks with ASA Advanced (SNAA)

Written by

Who should attend

The primary audience for this course is as follows:

    Cisco customers who implement and maintain Cisco ASA security appliances

The secondary audience for this course is as follows:

    Cisco channel partners who sell, implement, and maintain ASA security appliances
    Cisco engineers who support the sale of ASA security appliances

Prerequisites

The knowledge and skills that a learner must have before attending this course are as follows:

    Cisco CCNA certification or the equivalent knowledge
    Basic knowledge of the Microsoft Windows operating system
    Familiarity with networking and security terms and concepts

Course Objectives

Upon completing this course, the learner will be able to meet these overall objectives:

    Configure policy NAT based on traffic type
    Describe the layer 7 modular policy framework for the security appliance and how it is configured
    Describe the layer 7 advanced protocol handling capabilities of modular policy frame and how it is configured
    Identify the steps need to configure the security appliance to segment traffic with VLANs
    Identify the steps need to configure the security appliance to configure the ASA for dynamic routing.
    Explain the components of IPsec and the functionality of IPsec and explain what digital certificates are and how they are used
    Identify the steps needed to configure the security appliance to establish LAN-to-LAN tunnels with the digital certificate
    Identify the necessary steps to configure the IPSec VPN Client using digital certificates
    Identify the necessary steps to configure the security appliance for remote access using digital certificates
    Explain the advanced remote access features of the ASA
    Determine the necessary configuration for the ASA 5505 to be a VPN hardware client
    Identify the steps to configure QoS for VPN traffic
    List the steps needed to configure the WebVPN functionality of the security appliance
    Identify the basic clientless SSL VPN features of the security appliance
    Configure full network access SSL VPNs using the AnyConnect Client
    List the feature and functionality of the Cisco Secure Desktop
    Configure CSD and DAP for SSL VPN connections on the Cisco ASA
    Identify and list the characteristics of the services modules for the ASA
    Identify the steps needed to configure, inspect, and filter traffic with the Content Security and Control SSM
    Identify the steps needed to configure the security appliance to identify, alert, and defend against attacks

Course Content

This five-day, instructor-led, lab-intensive course, which will be delivered by HBFITES. This task-oriented course teaches the knowledge and skills needed advanced configuration, maintenance, and operation Cisco ASA 5500 Series Adaptive Security Appliances.

The Security Solutions for System Engineers (SSSE) v3.0 course is recommended for system engineers, network designers, and security professionals designing security solutions in enterprise environments. The course provides an introduction to security design best practices for both host- and network-centric security controls. The course includes a systematic overview of modern threats, controls, and defensive architectures for a variety of common business scenarios, and enables the learner to choose the optimal architecture and Cisco products to satisfy business risk management requirements. The course also includes practice labs, which demonstrate the application of security technologies used in the case studies within the course.

Who should attend

    Employees
    Channel Partner
    Resellers

Certifications

This course is part of the following Certifications:

    Cisco Security Solutions and Design Specialist (CSSDS)

Prerequisites

Valid CCDA Certification

Course Objectives

Upon completing this course, the student will be able to meet these overall objectives:

    Recognize modern threats to enterprise business processes.
    Recognize modern security controls.
    Choose appropriate controls for specific threats and environments.
    Apply basic security design guidelines.
    Recognize basic customer requirements and environment limitations, and build an optimal solution based on them.
    Position Cisco security products in basic customer scenarios.

Course Content

This 5-days ILT course covers claims and evidence identified for the new Advanced Security SE Specialization. The Security Solutions for Systems Engineers training is part of the Channel SE program. The SSSE course will form the basis for the Cisco Security Solutions and Design Specialist.

High-Level Outline:

    Module 1: The Threat Landscape and Goals of Security Engineering
    Module 2: Overview of Security Controls
    Module 3: Network Infrastructure Protection Solutions
    Module 4: Enterprise Internet Access Solutions
    Module 5: Solutions for Exposed Enterprise Services and Data Centers
    Module 6: Unified Communications Protection Solutions
    Module 7: Secure WAN Solutions
    Module 8: Secure Remote Access Solutions
    Module 9: Enterprise Wireless Security Solutions
    Module 10: Enterprise Security Management Solutions

Page 1 of 2

Network Security

 
 

Unified Communications

 
 

Contact Center

 
 

Data Center

 
 
   
You are here: Home Cisco Specialization Network Security Network Security

Get in touch

Give us a call at
+91 9886 77 0046

Email us at
This email address is being protected from spambots. You need JavaScript enabled to view it.

Bengaluru

HRS Chambers, 3rd Floor 
91, Richmond Road,
Bengaluru, 560025
Karnataka - INDIA

Facilitation Centers

India - Pune, Mumbai, Delhi
UAE - Dubai, Abu Dhabi
Oman - Muscat
Saudi - Riyadh