Network Security Training

 

Network security training by Dot Com Systems introduces the importance of security in networks and helps you to understand the main components of a secured network. Network security training helps you examine the security related issues in networks and provides you with necessary preparation to secure the networks from attacks and exploits.

 

Network Security training

Who Could Benefit from Network Security Training?

If you are an IT professional who specialize in network security, you will benefit the presentations, examples, case studies, discussions, and individual activities upon the completion of the introduction to secure software engineering training and will prepare yourself for your career.

Dot Com Systems Network Security Training Methodology

Network security training will introduce a set of labs, workshops and group activities of real world case studies in order to prepare you for the real-world problems and to be able to tackle all the related network security challenges.

Audience

Network security training is a 3-days course designed for:

  • IT professionals in the area of information security and network security
  • Executives and managers of network security and system engineering areas
  • Information technology professionals, network engineers, security analysts, policy analysts
  • Security operation personnel, network administrators, system integrators and security consultants
  • Security traders to understand the network security, or web security.
  • Investors and contractors who plan to make investments in system engineering industry.
  • Technicians, operators, and maintenance personnel who are or will be working on network security projects
  • Managers, accountants, and executives of cyber security industry.

Training Objectives

Upon completion of the network security training course, the attendees are able to:

  • Improve your understanding of network security
  • Apply the knowledge of network security in design, develop or integrate the secure networks
  • Apply logic, mathematics and science in engineering concept for a network system
  • Learn principles of network system design and implementation
  • Understand the different types of attacks in networks
  • Explain the concept of wireless local area network (WLAN)
  • Tackle the security issues in WLAN
  • Learn the IP security and internet key exchange concepts
  • Understand the multi-protocol label switching security issues in networks
  • Design and test the networks for secure applications with identifying attacks

Training Outline

The network security training course consists of the following lessons, which can be revised and tailored to the client’s need:

 

Modern Network Security Threats

  • Rationale for network security
  • Data confidentiality, integrity, availability
  • Risks, threats, vulnerabilities and countermeasures
  • Methodology of a structured attack
  • Security model (McCumber cube)
  • Security policies, standards and guidelines
  • Selecting and implementing countermeasures
  • Network security design

Securing Network Devices

 

  • Discuss the aspects of router hardening
  • Describe how to configure a secure network perimeter
  • Demonstrate the configuration of secure router administration access
  • Describe how to enhance the security for virtual logins
  • Describe the steps to configure an SSH daemon for secure remote management
  • Configure secure administrative access and router resiliency
  • Describe the purpose and configuration of administrative privilege levels
  • Configure the role-based CLI access feature to provide hierarchical administrative access
  • Use the Cisco IOS resilient configuration feature to secure the Cisco IOS image and configuration files
  • Configure network devices for monitoring administrative access
  • Describe the factors to consider when securing the data that transmits over the network related to the network management and reporting of device activity
  • Configure syslog for network security
  • Configure SNMP for network security
  • Configure NTP to enable accurate time stamping between all devices
  • Describe the router services, interfaces, and management services that are vulnerable to network attacks and perform a security audit
  • Secure IOS-based Routers using automated features     
  • Lock down a router using AutoSecure
  • Lock down a router using SDM

Authentication, Authorization  and Accounting

  • Describe the importance of AAA as it relates to authentication, authorization, and accounting
  • Configure AAA authentication using a local database
  • Configure AAA using a local database in SDM
  • Troubleshoot AAA using a local database
  • Explain server-based AAA
  • Describe and compare the TACACS+ and RADIUS protocols
  • Describe the Cisco Secure ACS for Windows software
  • Describe how to configure Cisco Secure ACS for Windows as a TACACS+ server
  • Configure server-based AAA authentication on Cisco Routers using CLI
  • Configure server-based AAA authentication on Cisco Routers using SDM
  • Troubleshoot server-based AAA authentication using Cisco Secure ACS
  • Configure server-based AAA Authorization using Cisco Secure ACS
  • Configure server-based AAA Accounting using Cisco Secure AC

Implementing Firewall Technologies

  • Implement ACLs
  • Standard and extended ACLs 
  • Applications of standard and extended ACLs 
  • The relationship between topology and flow for ACLs and the proper selection of ACL types for particular topologies (ACL design methodology)  
  • How to implement ACLs with SDM 
  • The usage and syntax for complex ACLs
  • The usage and syntax for dynamic ACLs
  • Interpret the output of the show and debug commands used to verify and troubleshoot complex ACL implementations
  • How to mitigate common network attacks with ACLs 
  • Describe the purpose and operation of firewall technologies
  • The purpose of firewalls and where they reside in a modern network 
  • The various types of firewalls 
  • Design considerations for firewalls and the implications for the network security policy 
  • Implement CBAC
  • The role of CBAC in a modern network 
  • The underlying operation of CBAC 
  • The configuration of CBAC 
  • The verification and troubleshooting of CBAC  
  • Zone-based Policy Firewall using SDM and CLI
  • The role of Zone-Based Policy Firewall in a modern network
  • The underlying operation of Zone-Based Policy Firewall
  • The implementation of Zone-Based Policy Firewall with CLI
  • The implementation of Zone-Based Policy Firewall with manual SDM
  • The implementation of Zone-Based Policy Firewall with the SDM Wizard
  • The verification and troubleshooting of Zone-Based Policy Firewall

Securing the Local Area Network

  • Describe endpoint vulnerabilities and protection methods
  • Endpoint security and the enabling technologies
  • Cisco IronPort is used to ensure endpoint security
  • Cisco NAC products are used to ensure endpoint security
  • Cisco Security Agent is used to ensure endpoint security
  • The primary considerations for securing the Layer 2 infrastructure
  • Describe basic Catalyst switch vulnerabilities
  • MAC address spoofing attacks and MAC address spoofing attack mitigation
  • MAC Address table overflow attacks and MAC Address table overflow attack mitigation
  • STP manipulation attacks and STP manipulation attack mitigation
  • LAN Storm attacks and LAN Storm attack mitigation
  • VLAN attacks and VLAN attack mitigation
  • Configure and verify switch security features, including port security and storm control
  • How to configure port security
  • How to verify port security
  • How to configure and verify BPDU Guard and Root Guard
  • How to configure and verify storm control
  • Describe and configure Cisco SPAN
  • Describe and configure Cisco RSPAN
  • The best practices for Layer 2 security
  • Describe the fundamental security considerations of Wireless, VoIP, and SANs
  • The fundamental aspects of enterprise security for advanced technologies
  • The fundamental aspects of wireless security and the enabling technologies
  • wireless security solutions
  • The fundamental aspects of VoIP security and the enabling technologies   Reference: CIAG course on VoIP security.
  • VoIP security solutions
  • The fundamental aspects of SAN security and the enabling technologies
  • SAN security solutions

Cryptographic Systems

  • Describe the mechanisms used to ensure data confidentiality
  • How encryption algorithms provide confidentiality
  • The function of the DES algorithms
  • The function of the 3DES algorithm
  • The function of the AES algorithm
  • The function of the Software Encrypted Algorithm (SEAL) and the Rivest ciphers (RC) algorithm
  • The function of the DH algorithm and its supporting role to DES, 3DES, and AES
  • Describe the mechanisms used to ensure data confidentiality and authentication using a public key
  • Explain the differences and their intended applications
  • Explain the functionality of digital signatures
  • The function of the RSA algorithm
  • The principles behind a public key infrastructure (PKI)
  • The various PKI standards
  • The role of CAs and the digital certificates that they issue in a PKI
  • The characteristics of digital certificates and CAs

Implementing Virtual Private Networks

  • Describe the purpose and operation of VPN types
  • The purpose and operation of VPNs
  • Differentiate between the various types of VPNs
  • Identify the Cisco VPN product line and the security features of these products
  • Describe the components and operations of IPsec VPNs
  • Configure a site-to-site VPN GRE tunnel
  • The IPSec protocol and its basic functions
  • Differentiate between AH and ESP
  • The IKE protocol and modes
  • The five steps of IPSec operation
  • How to prepare IPSec by ensuring that ACLs are compatible with IPSec
  • Configure and verify a site-to-site IPsec VPN with pre-shared key authentication using CLI
  • Configure IKE policies using the CLI
  • Configure the IPSec transform sets using the CLI
  • Configure the crypto ACLs using the CLI
  • Configure and apply a crypto map using the CLI
  • Configure and verify a Remote Access VPN
  • How to verify and troubleshoot the IPSec configuration
  • How an increasing number of organizations are offering telecommuting options to their employees
  • Differentiate between Remote Access IPSec VPN solutions and SSL VPNs
  • How SSL is used to establish a secure VPN connection
  • The Cisco Easy VPN feature
  • Configure a VPN Server using SDM
  • Connect a VPN client using the Cisco VPN Client software