security in the cisco academy n.
Download
Skip this Video
Loading SlideShow in 5 Seconds..
Security in the Cisco Academy PowerPoint Presentation
Download Presentation
Security in the Cisco Academy

Loading in 2 Seconds...

play fullscreen
1 / 36

Security in the Cisco Academy - PowerPoint PPT Presentation


  • 346 Views
  • Uploaded on

Security in the Cisco Academy. Gratitude Kudyachete EA-CATC AFRALTI April 2009. Agenda. Why Security? Security in IT E I Security in IT E II Security in CCNA-Discovery Security in CCNA-Exploration Security in CCNP – ISCW Network Security I & II

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about 'Security in the Cisco Academy' - keaton-austin


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
security in the cisco academy

Security in the Cisco Academy

Gratitude Kudyachete

EA-CATC

AFRALTI

April 2009

agenda
Agenda
  • Why Security?
  • Security in IT E I
  • Security in IT E II
  • Security in CCNA-Discovery
  • Security in CCNA-Exploration
  • Security in CCNP – ISCW
  • Network Security I & II
  • Major points - current currilla and security
  • CCNA-Security
  • Q&A
why security
Why Security??
  • If the security is compromised, serious consequences, such as loss of privacy, theft of information, legal liability… result
  • Types of potential threats to security are always evolving
  • E-business and Internet applications continue to grow- cannot avoid open networks
  • Security has moved to the forefront of network management and implementation – and this is evident in the Academy Curricula
security in it e i
Security in IT E I
  • Mainly in chapters 9 & 16
  • Major issues:
    • Security Threats – physical, data, internal vs external
    • Security procedures/techniques
    • Preventive maintenance techniques
    • Troubleshooting security

IT Essentials

security in it e security procedures
Security in IT E – Security procedures

WEP, WPA, WPA2(802.11i),

LEAP, mac filtering, ssid broadcast, WTLS

Password protection,data encryption, port protection,backup, file system security

Access control, cable locks,security cages,RFID tags,lock rooms

Identify: assets, threats

Define:-incident handling,emergency ,allowed & prohibited behaviour,security framework, security techniques, ..

preventive maintenance on security
Preventive maintenance on security
  • OS updates – automatic, notify, only download , off(no updates)
  • Antivirus & Antispyware – update signature files
  • Account maintenance
    • Terminate employee access
    • Guest access
    • Group by job functions
  • Data backup & access
security components techniques
Security components & techniques
  • The following techniques & components are discussed:
    • Passwords - it is a minimum requirement
    • Logging & auditing
    • Encryption - encoding data for purposes such as
      • Hashing
      • Symetric encryption
      • Asymetric
      • Virtual private networks
    • Firewalls – hardware & software and could be
      • Packet filter
      • Proxy firewall
      • Stateful packet inspection
    • IDS
  • Security expense vs cost of loss help establish tradeoffs
it e ii unsupported
IT E II - unsupported
  • Mainly in chapters 5, 8,9,10,14
  • Major issues
    • Remote Administration & Access Services
    • Firewalls
    • Directory & File permissions
    • Administrative accounts & login privileges
    • Security threats, Security implementation, patches & upgrades

IT Essentials

security in ccna discovery
Security in CCNA Discovery
  • Module 1- chapters 2,7,8
  • Module 2 – chapters 4,8
  • Module 3 - chapters 1,2,3,4,5,6,7,8
  • Module 4 chapters 1,5,7,8
  • Major issues are:
    • Basic security – policy, threats, attacks, techniques
    • Patching OS and applications
    • Wireless LAN Security
    • ISP Security
    • VPNs, NAT/PAT, ACLs
    • Switch security, VLANs
    • Routing update and PPP authentication
    • Security from a design perspective

CCNA Discovery

security in ccna exploration
Security in CCNA Exploration
  • Module 1-chapt 1
  • Module 3- chapt 2,3,7
  • Module 4 – chapters 2,4,5,6,7
  • Issues covered include
    • Network security -threats,mitigation,policy
    • Security goals & measures
    • Switch security , router security
    • Wireless LAN Security
    • Ppp authentication
    • ACLs , VPNS , SDM , NAT/PAT

CCNA Exploration

proving security
Proving security
  • Security measures taken in a network should:
    • Prevent unauthorized disclosure or theft of information
    • Prevent unauthorized modification of information
    • Prevent Denial of Service
  • Means to achieve these goals include:
    • Ensuring confidentiality
    • Maintaining communication integrity
    • Ensuring availability
primary classes of attacks
Primary classes of attacks
  • Reconnaisance attacks – internet information queries, ping sweeps, port scans, packet sniffers
  • Access Attacks -– password, trust exploitation,port redirection, man in the middle attack
  • DOS – Ping of D, Syn flood, DDoS, …
  • Malicious Software – Virus, Worm, Trojan horse – worms require containment, inoculation , quarantining & treatment
securing cisco routers
Securing Cisco Routers
  • routers provide gateways to other networks, they are obvious targets, and are subject to a variety of attacks.
secure routing protocols
Secure Routing protocols
  • Major attacks: disrupt peer , falsify information
  • Can configure passive int., authentication

R1(config)# router rip

R1(config)# passive-interface default

R1(config)#no passive-interface se0/0/0

R1(config)# key chain RIP_KEY

R1(config-keychain)#key 1

R1(config-keychain-key)# key-string cisco

R1(config)#int se0/0/0

R1(config-if)#ip rip authentication mode md5

R1(config-if)#ip rip authentication key-chain RIP_KEY

Also EIGRP & OSPF authentication

security device manager sdm
Security Device Manager – SDM
  • An easy-to-use, web-based device-management tool designed for configuring LAN, WAN, and security features on Cisco IOS software-based routers.
  • Firewall, VPN, IPS/IDS,NAT, router lockdown
slide16
VPNs
  • VPNs - enable transportation of information in a private network over a public network – encapsulation(tunneling) & encryption typically used
nat pat
NAT/PAT
  • Adds a degree of privacy and security - hides internal IP addresses from outside networks.
    • ip nat inside source ..
    • ip nat inside
    • ip nat outside
wireless security protocols
Wireless Security protocols
  • In 802.11i - WPA uses TKIP and WPA2 employs AES
security in ccnp iscw
Security in CCNP ISCW
  • IPSec VPNs
  • MPLS VPN Technology
  • Cisco Device Hardening
  • Cisco IOS threat defense features
network security i unsupported
Network Security I - unsupported
  • Vulnerabilities, Threats and Attacks
  • Security Planning and Policy
  • Security Devices
  • Trust and Identity Technology
  • Cisco Secure Access Control Server
  • Configure Trust and Identity at Layer 2 and 3
  • Configuring Filtering on a Router
  • Configuring Filtering on a PIX Security Appliance
  • Configuring Filtering on a Switch
network security ii unsupported
Network Security II - unsupported
  • Intrusion Detection and Prevention Technology and Implementation
  • Encryption and VPN Technology
  • Site-to-site VPNs with pre-shared keys
  • Site-to-site VPNs with digital certificates
  • Remote Access VPN
  • Security Network Architecture and Management
  • PIX Contexts, Failovers and Management
major points about security current curricula
Major points about Security & current curricula
  • It is evident that a lot of security concepts are covered
  • Most of the treatment is introductory
  • In Network Security I & II(unsupported) there is great depth & breath of coverage
  • CCNP (ISCW) – less breath than NS 1 & 2 but still depth on specific issues
  • There is need for curricula to build on what IT Essentials and CCNA gives
outline
Outline
  • CCNA Security Overview
  • Target Audience
  • Course Details
  • Equipment Requirements
  • Enrollment, Training and Support
  • Release Dates and Availability
  • Q&A
ccna security overview1
CCNA Security Overview
  • A new course that provides students with in-depth network security education and develop a comprehensive understanding of network security concepts
  • Provides students with knowledge and skills to design and support Network Security
  • Provides an experience-oriented course to prepare for entry-level specialist jobs in network security
  • Prepares students for CCNA Security certification (IINS 640-553 exam).
  • CCNA Security course IS NOT a replacement for the current Network Security 1 and Network Security 2 (NS1 and NS2) Courses
cisco networking academy curricula portfolio

Building Scalable Internetworks

Implementing Secured Converged Wide-Area Networks

Building MultilayerSwitched Networks

Optimizing Converged Networks

Networking for Home and Small Businesses

Working at a Small-to-Medium Business or ISP

Introducing Routing and Switching in the Enterprise

Designing and Supporting Computer Networks

Network Fundamentals

Routing Protocols and Concepts

LAN Switching and Wireless

Accessing the WAN

CCNA

Security

IT Essentials: PC Hardware and Software

Cisco Networking Academy Curricula Portfolio

Network Professional

CCNP

Security

CCNA Exploration

CCNA Discovery

IT Essentials

Packet Tracer

IT Technician

Student Networking Knowledge and Skills

security certifications
Security Certifications

Associate-level

Professional-level

Revised

CCSP Certification

CCNA Security

Certification

Cisco Certified Security Professional (CCSP) Certification

CCNA Security Course

SND

IINS

(640-553)

Network Security 1 & 2 (NS1/NS2) Courses

SNRS

SNRS

CCNA certification is a pre-requisite for CCNA Security certification

SNAF

SNPA

IPS

IPS

Elective Exam

Elective Exam

ccna security target audience
CCNA Security Target Audience
  • Career starters seeking career-oriented, entry-level Security specialist skills
  • Working professionals looking to enhance or change their careers
  • Students in degree programs at colleges or universities
  • Higher Education institutions and Universities
course details
Course Details

One semester long (~70-hr) course format

Enabled for both ILT and Blended Distance Learning (BDL)

Delivered in the same Graphical User Interface (GUI) as the CCNA Discovery and CCNA Exploration curricula

9 Chapters

One complex hands-on lab per chapter and Packet Tracer activities

Provided as separate .zip files downloaded from AC; not packaged within the GUI

9 end of chapter exams

1 final exam

Available in English only, no translated versions are planned

equipment requirements
Goal is to minimize equipment costs

Uses CCNA Discovery/Exploration equipment bundle and topology

NetLab compatible topology—enabled for remote operation

Additional investment required for memory upgrade and Advanced IOS images

Equipment Requirements
enrollment training support
Enrollment, Training & Support
  • Student Enrollment Pre-requisite: CCNA-level knowledge required
  • Instructor Training Guidelines
    • CCNA-level knowledge required
    • Required for new CCNA Security instructors; Fast track possible with evidence of CCNA Security or higher certification or industry experience
    • Recommended for existing NS1, NS2 and CCNP: ISCW instructors
    • Existing NS1, NS2 and CCNP: ISCW instructors allowed to teach CCNA Security course
  • Instructor Training
    • BDL format with 3-day in-person preferred; Can also be delivered 100% remote
    • BDL Best Practices guide developed to provide guidelines on how to deliver course in a BDL environment
  • Training Support Model – similar to CCNP model; Cisco Networking Academy Global Support Desk will provide day-to-day technical support
ccna security release dates and availability
CCNA SecurityRelease Dates and Availability

Early January 2009

Draft Scope and Sequence

  • Mid-April 2009
  • Beta Release of student course:
    • For instructor training and preview purposes
  • End of July 2009
  • General Availability (GA) Release—student and instructor materials:
    • Released at same time with Packet Tracer v5.2 GA
    • Use for teaching student classes

End of Jun 2009

Virtual SMT for GA Release

Mar 2009

Virtual SMT for Beta Release

Jan

Jul

Mar

Apr

Jun

2009

communications
Communications
  • Announcements sent via email to all instructors:
    • New CCNA Security Course announced – Sep 2008
    • Current NS1 and NS2 courses move to unsupported – Sep 2008
    • CCNA Security course availability announced – Oct 2008
    • Preliminary CCNA Security Scope & Sequence available – Jan 2009
    • FAQs