Cisco Academy
CCNA Security
The Cisco® Networking Academy® CCNA® Security course provides a next step for individuals who want to enhance their CCNA-level skill set and help meet the growing demand for network security professionals. The curriculum provides an introduction to the core security concepts and skills needed for the installation, troubleshooting, and monitoring of network devices to maintain the integrity, confidentiality, and availability of data and devices.
CCNA Security is a hands-on, career-oriented e-learning solution with an emphasis on practical experience to help students develop specialized security skills, along with critical thinking and complex problem solving skills. The curriculum helps prepare students for entry-level security career opportunities and the globally recognized Cisco CCNA Security certification, which helps students differentiate themselves in the marketplace with specialist skills to advance their careers.
Features
CCNA Security provides an in-depth, theoretical, and hands-on introduction to network security, in a logical sequence driven by technologies. CCNA Security includes the following features:
• Students develop an in-depth, theoretical understanding of network security principles as well as the tools and configurations available.
• The courses emphasize the practical application of skills needed to design, implement, and support network security.
• Hands-on labs help students develop critical thinking and complex problem-solving skills.
• Packet Tracer simulation-based learning activities promote the exploration of networking security concepts and allow students to experiment with network behavior and ask “what if” questions.
• Innovative assessments provide immediate feedback to support the evaluation of knowledge and acquired skills.
Prerequisites
CCNA Security has no Networking Academy course prerequisites. Students should have the following skills and knowledge:
• Basic PC skills such as typing, mouse, and desktop navigation skills
• Basic Internet navigation skills
• CCNA-level networking concepts and skills
While there are no required course prerequisites, students are encouraged to complete the CCNA Discovery or CCNA Exploration curricula to acquire the fundamental CCNA-level routing and switching skills needed for success in this course.
Course Description
CCNA Security aims to develop an in-depth understanding of network security principles as well as the tools and configurations available. The course covers the following concepts:
• Protocol sniffers/analyzers
• TCP/IP and common desktop utilities
• Cisco IOS® Software
• Cisco VPN client
• Packet Tracer
• Web-based resources
Various types of hands-on labs provide practical experience, including procedural and troubleshooting labs, skills integration challenges, and model building. The curriculum also includes Packet Tracer-based skills integration challenges that build throughout the course and lead to an “exam-like” culminating activity in the last chapter.
Upon completion of the CCNA Security course, students will be able to perform the following tasks:
• Describe the security threats facing modern network infrastructures
• Secure network device access
• Implement AAA on network devices
• Mitigate threats to networks using ACLs
• Implement secure network management and reporting
• Mitigate common Layer 2 attacks
• Implement the Cisco IOS firewall feature set
• Implement the Cisco IOS IPS feature set
• Implement site-to-site IPSec VPNs
• Administer effective security policies
CCNA Security Outline
This course teaches students the skills needed to obtain entry-level security specialist jobs. It provides a hands-on introduction to network security. Instructors are encouraged to provide outside-the-classroom learning experiences.
| Chapter/Section | Objectives |
| Chapter 1. Modern Network Security Threats |
Explain network threats, mitigation techniques, and the basics of securing a network |
| 1.1 Fundamental Principles of a Secure Network |
Describe the fundamental principles of securing a network |
| 1.2 Worms, Viruses and Trojan Horses |
Describe the characteristics of worms, viruses, and Trojan horses and mitigation methods |
| 1.3 Attack Methodologies |
Describe common network attack methodologies and mitigation techniques such as Reconnaissance, Access, Denial of Service, and DDoS |
| Chapter 2. Securing Network Devices |
Secure administrative access on Cisco routers |
| 2.1 Securing Device Access and Files |
Configure secure administrative access and router resiliency |
| 2.2 Privilege Levels and Role-Based CLI |
Configure command authorization using privilege levels and role-based CLI |
| 2.3 Monitoring Devices | Configure network devices for monitoring |
| 2.4 Using Automated Features |
Secure IOS-based routers using automated features |
| Chapter 3. Authentication, Authorization and Accounting | Secure administrative access with AAA |
| 3.1 Purpose of AAA |
Describe the purpose of AAA and the various implementation techniques |
| 3.2 Configuring Local AAA | Implementing AAA using the local database |
| 3.3 Configure Server-Based AAA |
Implementing AAA using TACACS+ and RADIUS protocols |
| Chapter 4. Implementing Firewall Technologies |
Implement firewall technologies to secure the network perimeter |
| 4.1 Access Control Lists |
Implement ACLs |
| 4.2 Firewall Technologies |
Describe the purpose and operation of firewall technologies |
| 4.3 Context-Based Access Control | Implement CBAC |
| 4.4 Zone-Based Policy Firewall |
Implement Zone-based policy Firewall using SDM and CLI |
| Chapter 5. Implementing Intrusion Prevention |
Configure IPS to mitigate attacks on the network |
| 5.1 IPS Technologies |
Describe the purpose and operation of networkbased and host-based Intrusion Prevention Systems |
| 5.2 Implementing IPS | Implemen |
| Chapter 6. Securing the Local Area Network |
Describe LAN security considerations and implement endpoint and Layer 2 security features |
| 6.1 Endpoint Security Considerations |
Describe endpoint vulnerabilities and protection methods |
| 6.2 Layer 2 Security Considerations |
Describe basic Catalyst switch vulnerabilities such as VLAN attacks, STP manipulation, CAM table overflow attacks, and MAC address spoofing attacks |
| 6.3 Wireless, VoIP and SAN Security Considerations |
Describe the fundamentals of Wireless, VoIP and SANs, and the associated security considerations |
| 6.4 Configuring Switch Security |
Configure and verify switch security features, including port security and storm control |
| 6.5 SPAN and RSPAN |
Describe Switched Port Analyzer (SPAN) and Remote SPAN (RSPAN) |
| Chapter 7: Cryptography |
Describe methods for implementing data confidentiality and integrity |
| 7.1 Cryptographic Services |
Describe how different types of encryption, hashes, and digital signatures work together to provide confidentiality, integrity, and nonrepudiation |
| 7.2 Hashes and Digital Signatures and authentication |
Describe the mechanisms to ensure data integrity |
| 7.3 Symmetric and Asymmetric Encryption |
Describe the mechanisms used to ensure data confidentiality |
| Chapter 8. Implementing Virtual Private Networks | Implement secure virtual private networks |
| 8.1 VPNs | Describe the purpose and operation of VPN types |
| 8.2 IPSec VPN Components and Operation |
Describe the components and operations of IPSec VPNs |
| 8.3 Implementing Site-to-Site IPSec VPNs |
Configure and verify a site-to-site IPSec VPN with pre-shared key authentication using SDM and CLI |
| 8.4 Implementing a Remote Access VPN | Configure and verify a remote access VPN |
| 8.5 Implementing SSL VPNs | Configure and verify SSL VPNs |
| Chapter 9. Managing a Secure Network |
Given the security needs of an enterprise, create and implement a comprehensive security policy |
| 9.1 Secure Network Lifecycle | Describe the secure network lifecycle |
| 9.2 Self-Defending Network |
Describe the components of a self-defending network and business continuity plans |
| 9.3 Building a Comprehensive Security Policy |
Establish a comprehensive security policy to meet the security needs of a given enterprise |
