CCNA Security

CCNA SecurityThe Cisco® Networking Academy® CCNA® Security course provides a next step for individuals who want to enhance their CCNA-level skill set and help meet the growing demand for network security professionals. The curriculum provides an introduction to the core security concepts and skills needed for the installation, troubleshooting, and monitoring of network devices to maintain the integrity, confidentiality, and availability of data and devices.
CCNA Security is a hands-on, career-oriented e-learning solution with an emphasis on practical experience to help students develop specialized security skills, along with critical thinking and complex problem solving skills. The curriculum helps prepare students for entry-level security career opportunities and the globally recognized Cisco CCNA Security certification, which helps students differentiate themselves in the marketplace with specialist skills to advance their careers.


CCNA Security provides an in-depth, theoretical, and hands-on introduction to network security, in a logical sequence driven by technologies. CCNA Security includes the following features:
Students develop an in-depth, theoretical understanding of network security principles as well as the tools and configurations available.
The courses emphasize the practical application of skills needed to design, implement, and support network security.
Hands-on labs help students develop critical thinking and complex problem-solving skills.
Packet Tracer simulation-based learning activities promote the exploration of networking security concepts and allow students to experiment with network behavior and ask “what if” questions.
Innovative assessments provide immediate feedback to support the evaluation of knowledge and acquired skills.


CCNA Security has no Networking Academy course prerequisites. Students should have the following skills and knowledge:
Basic PC skills such as typing, mouse, and desktop navigation skills
Basic Internet navigation skills
CCNA-level networking concepts and skills
While there are no required course prerequisites, students are encouraged to complete the CCNA Discovery or CCNA Exploration curricula to acquire the fundamental CCNA-level routing and switching skills needed for success in this course.

Course Description

CCNA Security aims to develop an in-depth understanding of network security principles as well as the tools and configurations available. The course covers the following concepts:
Protocol sniffers/analyzers
TCP/IP and common desktop utilities
Cisco IOS® Software
Cisco VPN client
Packet Tracer
Web-based resources


Various types of hands-on labs provide practical experience, including procedural and troubleshooting labs, skills integration challenges, and model building. The curriculum also includes Packet Tracer-based skills integration challenges that build throughout the course and lead to an “exam-like” culminating activity in the last chapter.

Upon completion of the CCNA Security course, students will be able to perform the following tasks:

Describe the security threats facing modern network infrastructures
Secure network device access
Implement AAA on network devices
Mitigate threats to networks using ACLs
Implement secure network management and reporting
Mitigate common Layer 2 attacks
Implement the Cisco IOS firewall feature set
Implement the Cisco IOS IPS feature set
Implement site-to-site IPSec VPNs
Administer effective security policies

CCNA Security Outline

This course teaches students the skills needed to obtain entry-level security specialist jobs. It provides a hands-on introduction to network security. Instructors are encouraged to provide outside-the-classroom learning experiences.

 Chapter/Section Objectives
Chapter 1. Modern Network Security Threats

Explain network threats, mitigation techniques, and the basics of securing a network
1.1 Fundamental Principles of a Secure Network

Describe the fundamental principles of securing a network
1.2 Worms, Viruses and Trojan Horses

Describe the characteristics of worms, viruses,
and Trojan horses and mitigation methods
1.3 Attack Methodologies

Describe common network attack methodologies and mitigation techniques such as Reconnaissance, Access, Denial of Service, and DDoS
Chapter 2.  Securing Network Devices
Secure administrative access on Cisco routers
2.1 Securing Device Access and Files

Configure secure administrative access and router resiliency
2.2 Privilege Levels and Role-Based CLI

Configure command authorization using privilege levels and role-based CLI
2.3 Monitoring Devices Configure network devices for monitoring
2.4 Using Automated Features

Secure IOS-based routers using automated
Chapter 3.  Authentication, Authorization and Accounting Secure administrative access with AAA

3.1 Purpose of AAA

Describe the purpose of AAA and the various implementation techniques
3.2 Configuring Local AAA Implementing AAA using the local database
3.3 Configure Server-Based AAA

Implementing AAA using TACACS+ and RADIUS protocols
Chapter 4. Implementing Firewall Technologies

Implement firewall technologies to secure the network perimeter
4.1 Access Control Lists
Implement ACLs
4.2 Firewall Technologies

Describe the purpose and operation of firewall
4.3 Context-Based Access Control Implement CBAC
4.4 Zone-Based Policy Firewall

Implement Zone-based policy Firewall using SDM and CLI
Chapter 5. Implementing Intrusion Prevention
Configure IPS to mitigate attacks on the network
5.1 IPS Technologies

Describe the purpose and operation of networkbased
and host-based Intrusion Prevention Systems
5.2 Implementing IPS Implemen
Chapter 6.  Securing the Local Area Network

Describe LAN security considerations and
implement endpoint and Layer 2 security features
6.1 Endpoint Security Considerations

Describe endpoint vulnerabilities and protection
6.2 Layer 2 Security Considerations

Describe basic Catalyst switch vulnerabilities such as VLAN attacks, STP manipulation, CAM table overflow attacks, and MAC address spoofing attacks
6.3 Wireless, VoIP and SAN Security Considerations

Describe the fundamentals of Wireless, VoIP and SANs, and the associated security considerations
6.4 Configuring Switch Security

Configure and verify switch security features,
including port security and storm control
6.5 SPAN and RSPAN

Describe Switched Port Analyzer (SPAN) and Remote SPAN (RSPAN)
Chapter 7:  Cryptography

 Describe methods for implementing data
confidentiality and integrity
7.1 Cryptographic Services

Describe how different types of encryption, hashes, and digital signatures work together to provide confidentiality, integrity, and nonrepudiation
7.2 Hashes and Digital Signatures and authentication
Describe the mechanisms to ensure data integrity
7.3 Symmetric and Asymmetric Encryption

Describe the mechanisms used to ensure data
Chapter 8. Implementing Virtual Private Networks Implement secure virtual private networks
8.1 VPNs Describe the purpose and operation of VPN types
8.2 IPSec VPN Components and Operation

Describe the components and operations of IPSec VPNs
8.3 Implementing Site-to-Site IPSec VPNs

Configure and verify a site-to-site IPSec VPN with pre-shared key authentication using SDM and CLI
8.4 Implementing a Remote Access VPN Configure and verify a remote access VPN
8.5 Implementing SSL VPNs Configure and verify SSL VPNs
Chapter 9. Managing a Secure Network

Given the security needs of an enterprise, create and implement a comprehensive security policy
9.1 Secure Network Lifecycle Describe the secure network lifecycle
9.2 Self-Defending Network

Describe the components of a self-defending network and business continuity plans
9.3 Building a Comprehensive Security Policy

Establish a comprehensive security policy to meet the security needs of a given enterprise