CCIE Security
0 STUDENTS ENROLLED
CCIE Security v.4 Course Content:
1.System Hardening and Availability
- Routing plane security features
- Control Plane Policing
- Control Plane Protection & Management Plane Protection
- Broadcast control and switchport security
- Additional CPU protection mechanisms
- Disable unnecessary services
- Control device access (e.g. Telnet, HTTP, SSH, Privileges )
- Device services (e.g. SNMP, Syslog, NTP)
- Transit Traffic Control and Congestion Management
2.Threat Identification and Mitigation
- Identify and protect against fragmentation attacks
- Identify and protect against malicious IP option usage
- Identify and protect against network reconnaissance attacks
- Identify and protect against IP spoofing attacks
- Identify and protect against MAC spoofing attacks
- Identify and protect against ARP spoofing attacks
- Identify and protect against Denial of Service (DoS) attacks
- Identify and protect against Distributed Denial of Service attacks
- Identify and protect against Man-in-the-Middle (MiM) attacks
- Identify and protect against port redirection attacks
- Identify and protect against DHCP attacks
- Identify and protect against DNS attacks
- Identify and protect against MAC Flooding attacks
- Identify and protect against VLAN hopping attacks
- Identify and protect against various Layer2 & Layer3 attacks
- NetFlow
- Capture and utilize packet captures
3.Intrusion Prevention and Content Security
- IPS 4200 Series Sensor Appliance
- Initialize the Sensor Appliance
- Sensor Appliance management
- Virtual Sensors on the Sensor Appliance
- Implementing security policies
- Promiscuous and inline monitoring on the Sensor Appliance
- Tune signatures on the Sensor Appliance
- Custom signatures on the Sensor Appliance
- Actions on the Sensor Appliance
- Signature engines on the Sensor Appliance
- Use IDM/IME to the Sensor Appliance
- Event action overrides/filters on the Sensor Appliance
- Event monitoring on the Sensor Appliance
- VACL/SPAN & RSPAN on Cisco switches
4.Ironport/WSA
- Implementing WCCP
- Active Dir Integration
- Custom Categories
- HTTPS Config
- Services Configuration (Web Reputation)
- Configuring Proxy By-pass Lists
- Web proxy modes
- App visibility and control
- Identity Management
- Identity Based Authentication/Authorization/Accounting
- Cisco Router/Appliance AAA
- RADIUS
- (c)TACACS+
- Device Admin (Cisco IOS Routers, ASA, ACS5.x)
5.Network Access (TrustSec Model)
- Authorization Results for Network Access (ISE)
- 1X (ISE)(c)VSAs (ASA / Cisco IOS / ISE)
- Proxy-Authentication (ISE/ASA/Cisco IOS)
- Cisco Identity Services Engine (ISE)
- Profiling Configuration (Probes)
- Guest Services
- Posture Assessment
- Client Provisioning (CPP)
- Config AD Integration/Identity Sources
6.Perimeter Security and Services
- Cisco ASA Firewall
- Basic firewall Initialization
- Device management
- Address translation (nat, global, static)
- Access Control Lists
- IP routing/Route Tracking
- Object groups
- VLANs
- Configuring Ether channel
- High Availability and Redundancy
- Layer 2 Transparent Firewall
- Security contexts (virtual firewall)
- Modular Policy Framework
- Identity Firewall Services
- Configuring ASA with ASDM
- Context-aware services
- IPS capabilities
- QoS capabilities
7.Cisco IOS Zone Based Firewall
- Network, Secure Group
- Performance Tuning
- Network, Protocol & App Inspection
- Perimeter Security Services
- Cisco IOS QoS and Packet marking
- Traffic Filtering using Access-Lists
- (c)Cisco IOS NAT
- PAM – Port to Application Mapping
- Policy Routing and Route Maps
8.Confidentiality and Secure Access
- IKE (V1/V2)
- IPsec LAN-to-LAN (Cisco IOS/ASA)
- Dynamic Multipoint VPN (DMVPN)
- Group Encrypted Transport (GET) VPN
- Remote Access VPN
- Easy VPN Server (Cisco IOS/ASA)
- VPN Client 5.X
- Clientless WebVPN
- AnyConnect VPN
- EasyVPN Remote
- SSL VPN Gateway
- VPN High Availability
- QoS for VPN
- VRF-aware VPN
- MacSec
- Digital Certificates (Enrolment & Policy)
Course Reviews
No Reviews found for this course.
Write a Review