• 
• 
• 
• 

Cisco CCNA Security: 640-553 (IINS)

Trainer: Koren Archibald

Number of Videos: 20
Total series run time: Over 11 hours!

Cisco (640-553)Implementing Cisco IOS Network Security (IINS)

To be an effective Network Engineer, learning the skills necessary to become a CCNA is a great start but it's not enough. Today's environment requires an understanding of security, the threats that exist and how to prevent or combat them. Our Cisco CCNA Security training series will fully prepares you for the 640-553 Implementing Cisco IOS Network Security (IINS) exam. More importantly, it gives you the skills necessary to build upon your CCNA knowledge and utilize the technologies Cisco uses in their security infrastructure.

If you're an existing CCNA, this course is for you. If you're someone looking to get into the field of network engineering, this course is also for you but keep in mind you must first acquire your Cisco CCNA certification before you can take the Cisco Security (640-553) exam. Additionally, Cisco CCNA Security certification is a prerequisite if your interested in pursuing CCSP certification (Cisco Certified Security Professional).

Top 10 IT Certifications for 2009 and Beyond

Cisco CCNA Security gives you the knowledge to enter one of the hottest areas in the IT industry - Security. What does this mean for you? It means with a Cisco CCNA Security certification you can be assured you have achieved recognition throughout the industry as someone who can secure a company's networks and protect their sensitive and confidential data. This translates into more job opportunities, and more opportunities for advancement.

With our CCNA Security training videos you'll learn from an award-winning, recognized expert. Koren Archibald is a Cisco Expert trainer and real-world consultant who has helped thousands of people around the world achieve various Cisco certifications. She has also consulted with companies ranging from small companies to large corporate enterprises. Her clients include Fortune 150 companies as well as top-secret U.S. government agencies.

Cisco CCNA Security Training Video Series Outline

Video 1 -Specific Network Attack Mechanisms

Exam Objectives Addressed

• Describe and list mitigation methods for common network attacks
• Describe and list mitigation methods for Worm, Virus, and Trojan Horse attacks

Topics

• The Attacker
• Types of Attacks
• Motives
• Attack Terminology
• Brute Force, DoS, Trojan Horse, Reconnaissance, IP Spoofing
• Ping Sweeps and Port Scans
• Malware, Netbots, and Viruses
• Internal Threats
• Mitigation Techniques

 

Video 2 - Security Considerations – Understanding Network Threats

Exam Objectives Addressed

• Describe and list mitigation methods for common network attacks
• Describe and list mitigation methods for Worm, Virus, and Trojan Horse attacks
• Describe the Cisco Self Defending Network architecture

Topics

• Introduction to the Five Phases of the SDLC
• Vulnerability Scanners
• Packet Sniffers
• Intrusion Detection Systems
  • Netcats
• Vulnerability Exploitation Tools
• Packet Crafting Tools
• Wireless Tools
• Password Crackers
• Web Vulnerability Scanners
• Security Policies
• Self Defending Network Architecture

 

Video 3 - Planning for Security

Exam Objectives Addressed

• Describe and list mitigation methods for common network attacks
• Describe and list mitigation methods for Worm, Virus, and Trojan Horse attacks
• Describe the Cisco Self Defending Network architecture

Topics

• Explanation of the Five Phases of the SDLC
• Security Policy Components
• Governing Policy
• Technical Policies
• End-User Policies
• Standards (ex.  Protocol usage)
• Guidelines (ex. Best practices)
• Procedures (ex. Steps for configuring specific devices)
• Best Practices for Security
• Risks and Mitigation Techniques
• Self Defending Network Architecture
• Cisco Security Management Suite

 

Video 4 - Configuring Basic Security

Exam Objectives Addressed

• Secure administrative access to Cisco routers by setting strong encrypted passwords, exec timeout, login failure rate and using IOS login enhancements
• Secure administrative access to Cisco routers by configuring multiple privilege levels
• Secure administrative access to Cisco routers by configuring role based CLI
• Secure the Cisco IOS image and configuration file
• Use CLI and SDM to configure Cisco routers to send Syslog messages to a Syslog server

Topics

• Configuring Passwords
• Configuring Enable Password
• Minimum Length Password Policy
• Complex Passwords
• Protection against Brute Force Attacks
• Securing Console and Telnet Lines
• Service Password Encryption
• Password Crackers – Cain and Able
• Configuring Usernames and Passwords on the Local Device
• Configuring a Syslog Server and Messaging
• Security Authentication Failure Logging
• IOS login enhancements
• Setting Login Inactivity Timers – Exec Timeout
• Configuring Privilege Levels

 

Video 5 - Configuring Secure Administrative Access

Exam Objectives Addressed

• Secure administrative access to Cisco routers by setting strong encrypted passwords, exec timeout, login failure rate and using IOS login enhancements
• Secure administrative access to Cisco routers by configuring multiple privilege levels
• Secure administrative access to Cisco routers by configuring role based CLI
• Secure the Cisco IOS image and configuration file
• Use CLI and SDM to configure Cisco routers to send Syslog messages to a Syslog server

Topics

• Role-based CLI views
• Troubleshooting Role-based CLI views
• AAA Authorization Requirement for Role-Based Views
• Commands to Protect Router Files
• Securing IOS Image Files
• Securing Configuration Files
• IOS Login Enhancements
• The “login” Commands
• Enhancements for Virtual Connections
• Creating and Using Banners

 

Video 6 - The Router and Security Device Manager

Exam Objectives Addressed

• A large percentage of the exam objectives require the use of the Security Device Manager

Topics

• What Is It and Why Do We Need It?
• SDM Ready Devices vs. Non-SDM Ready Devices
• Installation of the SDM on the PC
• Installation of the SDM on the Router
• Running SDM from the Router vs. Running SDM from the PC
• Configurations Needed on the Router to Support SDM
• Files Needed In Flash to Support Running SDM from the Router
• Testing SDM Connectivity
• Introduction the Basic Feature Set of the SDM
• Editing Configurations
• Differences between the CLI and SDM
• User Preferences in the SDM
• Previewing Commands
• Helpful Websites

Video 7 - The Cisco Secure ACS

Exam Objectives Addressed

Developing a good understanding of ACS although it is not mentioned specifically in the exam objectives

Topics

• TACACS+ and RADIUS Protocols
• AAA Support
• Remote Access Support
• Remote Access Policies
• Backdoors
• Control and Consistency
• Tools for Wireless Access Support
• Network Admission Control
• Various Versions of ACS
• Internal vs. Windows Based AAA Database
• Using ACS for Dynamic VLAN Assignment
• Setting Up ACS as RADIUS Server
• Adding and AAA Client on ACS
• Configuring a device as a RADIUS Client
• Adding a User or Group to ACS
• Pointing ACS to a Windows Database for Authentication
• Configuring Access Restrictions
• Setting up Machine Authentication
• Monitoring
• Reports and Activity

Video 8 – AAA Part 1 – AAA Concepts

Exam Objectives Addressed

• Explain the functions and importance of AAA
• Describe the features of TACACS+ and RADIUS AAA protocols
• Configure AAA authentication
• Configure AAA authorization
• Configure AAA accounting

Topics

• Authentication
• Authorization
  Accounting
• features of TACACS+ and RADIUS AAA protocols
• Components of AAA
• When Do AAA Events Occur?
• Command Keywords Used in AAA Command Set
• Authentication Choices
• Setting Enable Secret Password
• Steps for Configuring AAA

 

Video 9 – AAA Part 2 – Authentication

Exam Objectives Addressed

• Explain the functions and importance of AAA
• Describe the features of TACACS+ and RADIUS AAA protocols
• Configure AAA authentication
• Configure AAA authorization
• Configure AAA accounting

Topics

• Enabling AAA – aaa new-model
• Configuring Authentication
• Configuring AAA for Local Authentication
• Populating the Device with Local Usernames and Passwords
• Configuring Login Authentication
• Configuring Enable Authentication
• Configuring PPP Authentication
• Configuring a TACACS+ Server in ACS
• Configuring the device to be a TACACS+ Client
• Configuring a device to use a TACACS+ Server for Authentication

 

Video10 – AAA Part 3 – Authorization

Exam Objectives Addressed

• Explain the functions and importance of AAA
• Describe the features of TACACS+ and RADIUS AAA protocols
• Configure AAA authentication
• Configure AAA authorization
• Configure AAA accounting

Topics

• Comparison of TACAC+ and RADIUS protocols
• Using the CLI to Trigger Authorization Events
• aaa authorization exec
• aaa authorization commands
• Configuring the device to use a TACACS+ Server for authorization
• Configuring ACS for Authorization
• Shell Command Authorization Sets
  
• Restricting and Permitting the Use of Specific Commands
• Assigning Commands for Privileges to Users or Groups in ACS
• Testing Authorization Configurations
• Caveats of the Authentication and Authorization
• The Importance of the aaa authorization console Command

 

Video 11 – AAA Part 4 – Accounting

Exam Objectives Addressed

• Explain the functions and importance of AAA
• Describe the features of TACACS+ and RADIUS AAA protocols
• Configure AAA authentication
• Configure AAA authorization
• Configure AAA accounting

Topics

• Using the CLI to Trigger Accounting Events
• Logging Interface in ACS
• Logging Configuration in ACS
• Related Logs in ACS
• Reports and Activity
  
• Viewing Accounting Events
• Debug aaa authentication
• Debug aaa authorization
• Review of AAA Components and Configuration Steps

 

Video 12 – Locking Down Router Services and Features

Exam Objectives Addressed

Secure Cisco routers using the SDM Security Audit feature
Use the One-Step Lockdown feature in SDM to secure a Cisco router

Topics

• IOS Services That May Need To Be Disabled
• Description of AutoSecure
  
• AutoSecure vs. One-Step Lockdown
  
• What Does It Disable?
  
• Other Recommended Security Practices
  
  • auto secure full
    
• Reviewing running-config after Auto Secure
  
  • show login
• Filtering the show running-config output
  
• Output Modifiers with show run
  
• Using the One-Step Lockdown Feature
  
• The Security Audit Feature
  
• Investigating some of the commands implemented
  
• Differences Between Auto Secure and the One Step Lockdown

 

Video 13 – Mitigating Threats to Cisco Routers and Networks using ACLs

Exam Objectives Addressed

• Explain the functionality of standard, extended, and named IP ACLs used by routers to filter packets
• Configure and verify IP ACLs to mitigate given threats (filter IP traffic destined for Telnet, SNMP, and DDoS attacks) in a network using CLI
• Configure IP ACLs to prevent IP address spoofing using CLI
• Discuss the caveats to be considered when building ACLs

Topics

• Types of Attacks
• Programs Known to be Associated with DDoS Attacks
• Steps in a DDoS Attack
• The Uses of ACLs to Protect you from DDoS Attacks
• Other Uses of ACLs
• Important ACL Rules
• Standard, Extended, and Named IP ACLs
• Editing ACLs (Using Text Editor and TFTP)
• Commands to Create an ACL
• Commands to Apply an ACL
• Explanation of the Terms “Inbound” and “Outbound”
• Applying and ACL to a VTY Line
• IP Spoofing ACL
• Filtering IP Traffic Destined for:
  • Telnet
  • SNMP
  • Caveats of ACLs

 

Video 14 – Firewall Technologies – Part 1

Exam Objectives Addressed

• Describe the operational strengths and weaknesses of the different firewall technologies
• Explain stateful firewall operations and the function of the state table
• Implement Zone Based Firewall using SDM

Topics

• Application Layer Firewalls
• Proxy Servers
• Static Packet Filtering Firewalls
  
• Turbo ACLs
• Stateful Firewalls
• Stateful Firewall Operations
• Inspection and Dynamic Policies
• Putting Firewalls in Perspective – How Do They Fit in to a Secure Environment?

 

Video 15 – Firewall Technologies – Part 2

Exam Objectives Addressed

• Describe the operational strengths and weaknesses of the different firewall technologies
• Explain stateful firewall operations and the function of the state table
• Implement Zone Based Firewall using SDM

Topics

• Terminology
• Inside /Outside
• Trusted/Untrusted
  
• Private/Public
  
• Zone-based Firewall
  
• Zone Pair
  
• In-zone
  
• Out-Zone
  
• Self
  
• Class-map
  
• Policy-map
  
• Inspection
  
• Creating a Zone Based Firewall Using the SDM
  
• Security Risks Posed by Messaging and Peer-to-Peer Traffic
  
• Editing a Firewall Policy
  
• Traffic Classification
  
• Actions
  
• Dissecting the Rules and Policies Created by the Firewall
  
• Verifying Stateful Firewall Inspection Policies

 

Video 16 – Mitigating Against Layer 2 Attacks – Part 1

Exam Objectives Addressed

• Describe how to prevent layer 2 attacks by configuring basic Catalyst switch security features

Topics

• Spanning Tree Protocol Review
  
• Problems Related to Loops in Switched Environments
  
• Loop Avoidance
  
• Making the Case for STP
  
• Root Bridge Selection
  
• Bridge ID
  
• Priority
  
• Bridge Protocol Data Units
  
• STP Port States
  
• Rogue Switch Attacks
  
• Superior BPDUs
  
• Root Guard
  
• PortFast
  
• BPDU Guard
  
• Root Inconsistent State (Root Guard)
  
• Disabled Port Requires Administrator Intervention to Recover (BPDU Guard)

 

Video 17 – Mitigating Against Layer 2 Attacks – Part 2

Exam Objectives Addressed

• Describe how to prevent layer 2 attacks by configuring basic Catalyst switch security features

Topics

• DHCP Based Attacks
  
• DHCP Spoofing
  
• DHCP Snooping Commands
  
• Trusted and Untrusted Port Configuration
  
• Binding Tables
  
• Limiting DHCP Traffic Rate
  
• Dynamic ARP Inspection
  
• Port Security
  
• Protection for VLANs
  
• VLAN Access Control Lists (VACLs)
  
• Protecting Trunk Links
  
• Private VLANs
  
• Primary VLANs
  
• Secondary VLANs
  
• Promiscuous Ports
  
• Isolated Ports
  
• Community Ports
  

Video 18 – Secure Network Management and Reporting

Exam Objectives Addressed

• Use CLI and SDM to configure SSH on Cisco routers to enable secured management access
• Use CLI and SDM to configure Cisco routers to send Syslog messages to a Syslog server

Topics

• Implement SSH Using the CLI
  
• Implement SSH Using the SDM
  
• Configure Syslog Messaging Using the CLI
  
• Configure Syslog Messaging Using the SDM
  
• Generating Encryption Keys for SSH
  
• Exposing the Weaknesses of Telnet Using a Packet Sniffer
  
• Using the Kiwi® Syslog Server

 

Video 19 – The IPS Feature Set

Exam Objectives Addressed

• Define network based vs. host based intrusion detection and prevention
  
• Explain IPS technologies, attack responses, and monitoring options
  
• Enable and verify Cisco IOS IPS operations using SDM

Topics

• What is IPS?
  
• Detection of Inline Attacks
  
• Detecting Threats Based on Signatures
  
• Types of Signatures
  
• Exploits
  
  • Connection
    
  • String
    
  • DoS
    
• Placement of IPS within Infrastructure
  
• Host Based IPS Software (HIPS)
  
• Signature Firing
  
• Possible Actions
  
• Syslog and SDEE Messaging for IPS
  
• Creating IPS Using the SDM
  
• Signature Definition Files
  
• Finding in Flash
  
• Updating
  
• Reviewing Commands Issued to Device after Implementing IPS
  
• Global IPS Settings
  
• Managing Signatures
  
• Signature Tuning
  
• Reviewing SDEE Messages Related to IPS Events
  
• Understanding IPS Rules/Filtering
  
• Enable Deny Action on IPS Interface
  
• Deploying Signatures

 

Video 20 – Site-to-Site VPNs

Exam Objectives Addressed

• Explain the different methods used in cryptography
• Explain IKE protocol functionality and phases
  
• Describe the building blocks of IPSec and the security functions it provides
  
• Configure and verify an IPSec site-to-site VPN with pre-shared key authentication using SDM

Topics

• Cryptanalysis Attacks
  
• Terminology of VPNs
  
• Encryption Algorithms
  
• Symmetric
  
• Asymmetric
  
  • PKI
    
  • RSA Asymmetric Algorithm
    
  • Public Key to Encrypt Data or Verify Digital Signature
    
  • Private Key to Decrypt Data or to Give Digital Signature
    
• Cryptographic Hash 
  
• MD5
  
• SHA-1
  
• Diffie-Hellman Algorithm
  
• Establishing, Maintaining, and Tearing Down and IPSEC Site-to-Site VPN
  
• ISAKMP Tunnel
  
• IPSEC Tunnel
  
• Using the SDM to Configure the Site-to-Site VPN with Pre-Shared Key Authentication
  
• Crypto map
  
• Transform Sets

Free IT Certification Training Videos

Don't forget, you can also watch several free IT Certification Training Videos from each of our training series and see why our trainers have helped people all over the world quickly become certified, expand their careers and increase their job satisfaction.