CCIE Security

CCIE Security


    CCIE Security v.4 Course Content:

    1.System Hardening and Availability

    • Routing plane security features
    • Control Plane Policing
    • Control Plane Protection & Management Plane Protection
    • Broadcast control and switchport security
    • Additional CPU protection mechanisms
    • Disable unnecessary services
    • Control device access (e.g. Telnet, HTTP, SSH, Privileges )
    • Device services (e.g. SNMP, Syslog, NTP)
    • Transit Traffic Control and Congestion Management

    2.Threat Identification and Mitigation

    • Identify and protect against fragmentation attacks
    • Identify and protect against malicious IP option usage
    • Identify and protect against network reconnaissance attacks
    • Identify and protect against IP spoofing attacks
    • Identify and protect against MAC spoofing attacks
    • Identify and protect against ARP spoofing attacks
    • Identify and protect against Denial of Service (DoS) attacks
    • Identify and protect against Distributed Denial of Service attacks
    • Identify and protect against Man-in-the-Middle (MiM) attacks
    • Identify and protect against port redirection attacks
    • Identify and protect against DHCP attacks
    • Identify and protect against DNS attacks
    • Identify and protect against MAC Flooding attacks
    • Identify and protect against VLAN hopping attacks
    • Identify and protect against various Layer2 & Layer3 attacks
    • NetFlow
    • Capture and utilize packet captures

    3.Intrusion Prevention and Content Security

    • IPS 4200 Series Sensor Appliance
    • Initialize the Sensor Appliance
    • Sensor Appliance management
    • Virtual Sensors on the Sensor Appliance
    • Implementing security policies
    • Promiscuous and inline monitoring on the Sensor Appliance
    • Tune signatures on the Sensor Appliance
    •  Custom signatures on the Sensor Appliance
    • Actions on the Sensor Appliance
    • Signature engines on the Sensor Appliance
    • Use IDM/IME to the Sensor Appliance
    • Event action overrides/filters on the Sensor Appliance
    • Event monitoring on the Sensor Appliance
    • VACL/SPAN & RSPAN on Cisco switches


    • Implementing WCCP
    •  Active Dir Integration
    • Custom Categories
    • HTTPS Config
    • Services Configuration (Web Reputation)
    • Configuring Proxy By-pass Lists
    • Web proxy modes
    • App visibility and control
    • Identity Management
    • Identity Based Authentication/Authorization/Accounting
    • Cisco Router/Appliance AAA
    • RADIUS
    • (c)TACACS+
    • Device Admin (Cisco IOS Routers, ASA, ACS5.x)

    5.Network Access (TrustSec Model)

    • Authorization Results for Network Access (ISE)
    • 1X (ISE)(c)VSAs (ASA / Cisco IOS / ISE)
    • Proxy-Authentication (ISE/ASA/Cisco IOS)
    • Cisco Identity Services Engine (ISE)
    • Profiling Configuration (Probes)
    • Guest Services
    • Posture Assessment
    • Client Provisioning (CPP)
    • Config AD Integration/Identity Sources

    6.Perimeter Security and Services

    • Cisco ASA Firewall
    • Basic firewall Initialization
    • Device management
    • Address translation (nat, global, static)
    • Access Control Lists
    • IP routing/Route Tracking
    • Object groups
    • VLANs
    • Configuring Ether channel
    • High Availability and Redundancy
    • Layer 2 Transparent Firewall
    • Security contexts (virtual firewall)
    • Modular Policy Framework
    • Identity Firewall Services
    • Configuring ASA with ASDM
    • Context-aware services
    • IPS capabilities
    • QoS capabilities

    7.Cisco IOS Zone Based Firewall

    • Network, Secure Group
    • Performance Tuning
    • Network, Protocol & App Inspection
    • Perimeter Security Services
    • Cisco IOS QoS and Packet marking
    • Traffic Filtering using Access-Lists
    • (c)Cisco IOS NAT
    • PAM – Port to Application Mapping
    • Policy Routing and Route Maps

    8.Confidentiality and Secure Access

    • IKE (V1/V2)
    • IPsec LAN-to-LAN (Cisco IOS/ASA)
    • Dynamic Multipoint VPN (DMVPN)
    • Group Encrypted Transport (GET) VPN
    • Remote Access VPN
    • Easy VPN Server (Cisco IOS/ASA)
    • VPN Client 5.X
    • Clientless WebVPN
    • AnyConnect VPN
    • EasyVPN Remote
    • SSL VPN Gateway
    • VPN High Availability
    • QoS for VPN
    • VRF-aware VPN
    • MacSec
    • Digital Certificates (Enrolment & Policy)

    Write a Review

    Your email address will not be published. Required fields are marked *

    Course Reviews


    • 5 stars0
    • 4 stars0
    • 3 stars0
    • 2 stars0
    • 1 stars0

    No Reviews found for this course.

    • 1 month, 1 week

    Drop us a query

    Job Support

    Course Features

    Live Instructor-led Classes

    This isn't canned learning. Its dynamic, its interactive, its effective

    Expert Educators

    Only the best or they're out. We are constantly evaluating our trainers

    24&7 Support

    We never sleep. Need something answered at 3 am? No Problem

    Flexible Schedule

    You don't learn as per our calendar. We work according to yours.

    Customized Training's

    The most part self-managed and adaptable to suit a person's particular adapting technology needs

    Priority Based Training's

    Real-time Scenario based Assignments and Case Studies


    This web site or team is not associated with SAP AG or any other product. We are providing this service absolutely for Education and Training purpose only. We charge for the support services only, not for the actual SAP System access. All SAP Systems operate under INITIAL evaluation license. All trademarks mentioned on this web site belongs to their owners. We do not share or distribute ANY personal information we collect on this web site. For any additional information


    +91 9989754807