|
Describe Security
Threats
|
|
Describe and list
mitigation methods for common network attacks
|
|
Describe and list
mitigation methods for Worm, Virus, and Trojan Horse attacks
|
|
Describe the Cisco
Self Defending Network architecture
|
|
|
Secure Cisco Routers
|
|
Secure Cisco routers
using the SDM Security Audit feature
|
|
Use the One-Step
Lockdown feature in SDM to secure a Cisco router
|
|
Secure
administrative access to Cisco routers by setting strong encrypted passwords,
exec timeout, login failure rate and using IOS login enhancements
|
|
Secure
administrative access to Cisco routers by configuring multiple privilege
levels
|
|
Secure
administrative access to Cisco routers by configuring role based CLI
|
|
Secure the Cisco IOS
image and configuration file
|
|
|
AAA on Cisco Routers
|
|
Explain the
functions and importance of AAA
|
|
Describe the
features of TACACS+ and RADIUS AAA protocols
|
|
Configure AAA
authentication
|
|
Configure AAA
authorization
|
|
Configure AAA
accounting
|
|
|
Cisco Routers and ACLs
|
|
Explain the
functionality of standard, extended, and named IP ACLs used by routers to
filter packets
|
|
Configure and verify
IP ACLs to mitigate given threats (filter IP traffic destined for Telnet,
SNMP, and DDoS attacks) in a network using CLI
|
|
Configure IP ACLs to
prevent IP address spoofing using CLI
|
|
Discuss the caveats
to be considered when building ACLs
|
|
|
Secure Network
Management
|
|
Use CLI and SDM to
configure SSH on Cisco routers to enable secured management access
|
|
Use CLI and SDM to
configure Cisco routers to send Syslog messages to a Syslog server
|
|
|
Mitigate Layer 2
Attacks
|
|
Describe how to
prevent layer 2 attacks by configuring basic Catalyst switch security
features
|
|
|
Implement Firewalls
With SDM
|
|
Describe the
operational strengths and weaknesses of the different firewall technologies
|
|
Explain stateful
firewall operations and the function of the state table
|
|
Implement Zone Based
Firewall using SDM
|
|
|
Implement IPS With SDM
|
|
Define network based
vs. host based intrusion detection and prevention
|
|
Explain IPS technologies,
attack responses, and monitoring options
|
|
Enable and verify
Cisco IOS IPS operations using SDM
|
|
|
Implement VPNs With
SDM
|
|
Explain the
different methods used in cryptography
|
|
Explain IKE protocol
functionality and phases
|
|
Describe the building
blocks of IPSec and the security functions it provides
|
|
Configure and verify
an IPSec site-to-site VPN with pre-shared key authentication using SDM
|
Lab Certification Kits
