CIT 2251-002 CCNA Security

INSTRUCTOR
Joanne Wagner
Professor
CCAI, CCNA, CCNA Security, CCNP, CCSP
Computer and Internetworking Technologies (CIT)
Open Campus Center OCC1113b
Phone: 630/942-2692
E-Mail: wagnerjo@cod.edu
Office Hours:
Tuesday/Thursday 8:00 a.m. to 1:00 p.m.
COURSE INFORMATION
Division: Computer and Internetworking Technologies (CIT)
Course Name: Networking Basics
Code: CIT-2251-001
Evenings: Thusday/Thursday
Time: 6:30 p.m. to 10:20 p.m.
Room: IC2K
DESCRIPTION

Provides the knowledge and hands-on skills required to install, troubleshoot, and monitor Cisco
security network devices. Students who complete this course will be prepared to sit for the Cisco
Certified Networking Associate (CCNA) Security Certification exam which is a stepping stone
for job roles such as network security specialist and network security administrator. CCNA
Security certification is a prerequisite for becoming a Cisco Certified Security Professional
(CCSP).
PREPARATION FOR

The 640-553 Implementing Cisco IOS Network Security (IINS) exam is associated with the
CCNA Security certification. This exam tests a candidate's knowledge of securing Cisco routers
and switches and their associated networks. It leads to validated skills for installation,
troubleshooting, and monitoring of network devices to maintain integrity, confidentiality and
availability of data and devices and develops competency in the technologies that Cisco uses in
its security infrastructure.
PREREQUISITE

CIT1124 with a grade of "C" or better, or CCNA Certification or Consent of Instructor

TEXT AND LAB MANUAL
CCNA Security Course Booklet, Version 1.0 by Cisco Networking Academy; ISBN-10:
1587132486 (published date of 8/15/2009)
CCNA Security Lab Manual by Cisco Networking Academy; ISBN-10: 1587132494
CCNA Security Cisco Academy On-Line Curriculum (you will get access on the first evening of
class)

Topical Outline:
1. Understanding network security concepts
*. Security operations and planning; risk management
*. Network security information processing;
*. Network security education and training
2. Developing a secure network
*. Security planning; evaluation; training; and measures.
*. Developed and review network security policies
*. Roles and responsibilities
3. Defending the perimeter
*. Public vs. private
4. Configuring Authentication, authorization, and accounting (AAA)
5. Securing the router
6. Constructing a secure infrastructure
7. Implementing endpoint security
8. Providing Storage-Area Network (SAN) security
9. Securing voice solutions
10. Using Cisco IOS firewalls to defend the network
11. Extending security and availability with cryptography and Virtual Private Networks (VPNs)
12. Implementing digital signatures
13. Exploring Public Key Infrastructure (PKI) and asymmetric encryption
14. Building a site-to-site Internet Protocol Security (IPSec) VPN solution
COURSE OBJECTIVES
Describe the security threats facing modern network infrastructures
Describe network security policies
Describe and list mitigation methods for common network attacks
Describe and list mitigation methods for Worm, Virus, and Trojan Horse attacks
Describe the Cisco Self Defending Network architecture
Secure Cisco routers
Secure Cisco routers using the SDM Security Audit feature
Use the One-Step Lockdown feature in SDM to secure a Cisco router
Secure administrative access to Cisco routers by setting strong encryption passwords, exec
timeout, login failure rate and using IOS login enhancements
Secure administrative access to Cisco routers by configuring multiple privilege levels
Secure administrative access to Cisco routers by configuring role based CLI
Secure the Cisco IOS image and configuration file
Implement Authentication, Authorization, and Accounting (AAA) on Cisco routers using Cisco Secure
Access Control Server (ACS)
Explain the functions and importance of AAA
Describe the features of TACACS+ and RADIUS AAA protocols
Configure AAA authentication
Configure AAA authorization
Configure AAA accounting
Mitigate threats to Cisco routers and networks using ACLs
Explain the functionality of standard, extended, and named IP ACLs used by routers to filter
packets

Configure and verify IP ACLs to mitigate given threats (filter IP traffic destined for Telnet,
SNMP, and DDoS attacks) in a network using CLI
Configure IP ACLs to prevent IP address spoofing using CLI
Discuss the caveats to be considered when building ACLs
Implement secure network management and reporting
Use CLI and SDM to configure SSH on Cisco routers to enable secured management access
Use CLI and SDM to configure Cisco routers to send Syslog messages to a Syslog server
Mitigate common Layer 2 attacks
Describe how to prevent Layer 2 attacks by configuring basic Catalyst switch security features
Implement the Cisco IOS firewall feature set using Secure Device Manager (SDM)
Describe the operational strengths and weaknesses of the different firewall technologies
Explain stateful firewall operations and the function of the state table
Implement Zone Based Firewall using SDM
Implement the Cisco IOS Intrusion Prevention System (IPS) feature set using SDM
Define network based vs. host based intrusion detection and prevention
Explain IPS technologies, attack responses, and monitoring options
Enable and verify Cisco IOS IPS operations using SDM
Implement site-to-site Virtual Private Networks (VPNs) on Cisco Routers using SDM
Explain the different methods used in cryptography
Explain Internet Key Exchange (IKE) protocol functionality and phases
Describe the building blocks of IPSec and the security functions it provides
Configure and verify an IPSec site-to-site VPN with pre-shared key authentication using SDM
Managing a Secure Network
TOPICAL OUTLINE
Modern Network Security Threats
Securing Network Devices
Authentication, Authorization, and Accounting
Implementing Firewall Technologies
Implementing Intrusion Prevention
Securing the Local Area Network
Cryptographic Systems
Implementing Virtual Private Networks
Managing a Secure Network
METHODS OF EVALUATION

Point Distribution
On-Line Quizzes (33%)
Labs/Skills Final (33%)
On-Line Final (33%)

Accumulated Points/Grade
90-100 A
80-89 B
70-79 C
60-69 D
59 and below F
No Incompletes given in this course
CLASS POLICY
COD Student Code of Conduct.pdf

ADDITIONAL COURSE INFORMATION

Cisco site for on-line curriculum, labs, and tests: http://cisco.netacad.net
Blog Site: http://www.joannewagnersblog.blogspot.com
WEEKLY SCHEDULE
Prior to Coming to Class, read:
o Chapter 1 Modern Network Security Threats.ppt
Week 1: 10/19 & 10/21

Chapter 2 Securing Network Devices.ppt

Week 2: 10/26 & 10/28

Chapter 3 AAA.ppt

Week 3: 11/2 & 11/4

Chapter 4 Implementing Firewall Technologies.ppt

Week 4: 11/9 & 11/11

Chapter 5 Intrustion Prevention System.ppt

Week 5: 11/16 & 11/18

Chapter 6 Securing the Local Area Network.ppt

Week 6: 11/30 & 12/2

Chapter 7 Cryptographic Systems.ppt

Chapter 8 Implementing Virtual Private Networks.ppt

Week 7: 12/7 & 12/9

Chapter 9 Managing a Secure Network.ppt

Week 8: 12/14 & 12/16

Skills Final
On-Line Final