ISCW Implementing Secure Cisco WANs Preview

CIS 186 ISCW Rick Graziani Fall 2007

My Web Site

Rick Graziani graziani@cabrillo.edu

On-line curriculum

Rick Graziani graziani@cabrillo.edu

Labs and NetLab

Rick Graziani graziani@cabrillo.edu

ISCW Exam Certification Guide

Rick Graziani graziani@cabrillo.edu

Review Questions: On-line curriculum and ISCW Exam Cert Book

Rick Graziani graziani@cabrillo.edu

Description and Chapters

This course will teach advanced skills required to secure and enhance services in enterprise networks for teleworkers and remote sites. It will focus on securing remote access, VPN client configuration and other topics including Mulit-Protocol Label Switching (MPLS), IPsec, Cisco device hardening, IOS firewall features, and IOS threat defense features. 1. Remote Network Connectivity Requirements 2. Teleworker Connectivity (Simulation) 3. IPsec VPNs (Labs) 4. Frame Mode MPLS Implmentation (One lab) 5. Cisco Device Hardening (Labs) 6. Cisco IOS Threat Defense Features (Labs)
Rick Graziani graziani@cabrillo.edu 7

Chapter 1 Remote Network Connectivity Requirements

Enterprise Networking Hierarchical Model Cisco Enterprise Architecture Remote Connection Requirements in a Converged Network Remote Connection Considerations Intelligent Information Network Cisco SONA Framework

Rick Graziani graziani@cabrillo.edu

Hierarchical Network Model

Rick Graziani graziani@cabrillo.edu

Cisco Enterprise Architecture

Rick Graziani graziani@cabrillo.edu

10

Remote Connection Considerations

Rick Graziani graziani@cabrillo.edu

11

Cisco SONA Framework

Rick Graziani graziani@cabrillo.edu

12

Chapter 2 Teleworker Connectivity

Describing Remote Connection Topologies for Teleworkers Describing Cable Technology Deploying Cable System Technology Describing DSL Technology Deploying ADSL Configuring the CPE as the PPPoE or PPPoA Client Troubleshooting Broadband ADSL Configurations PPPoE Simulation Practice

Rick Graziani graziani@cabrillo.edu

13

Remote Connection Topologies for the Teleworker

Rick Graziani graziani@cabrillo.edu

14

Components of the Teleworker Solution

Rick Graziani graziani@cabrillo.edu

15

What is a Cable System?

Rick Graziani graziani@cabrillo.edu

16

Describing Cable Technology

Rick Graziani graziani@cabrillo.edu

17

Deploying Cable System Technology

Rick Graziani graziani@cabrillo.edu

18

Describing DSL Technology

Rick Graziani graziani@cabrillo.edu

19

Deploying ADSL

Rick Graziani graziani@cabrillo.edu

20

Configuring the CPE as the PPPoE or PPPoA Client

Rick Graziani graziani@cabrillo.edu

21

Troubleshooting Broadband ADSL Configurations

Rick Graziani graziani@cabrillo.edu

22

PPPoE Simulation Practice

Rick Graziani graziani@cabrillo.edu

23

Chapter 3 IPsec VPNs

Introducing VPN Technology Understanding IPsec Components and IPsec VPN Features Implementing Site-to-Site IPsec VPN Operations Configuring IPsec Site-to-Site VPN Using SDM Configuring GRE Tunnels over IPsec Configuring High-Availability VPNs Introducing Cisco Easy VPN Configuring Easy VPN Server using Cisco SDM Implementing the Cisco VPN Client IPsec VPN Lab Exercises

Rick Graziani graziani@cabrillo.edu

24

Introducing VPN Technology

Rick Graziani graziani@cabrillo.edu

25

Understanding IPsec Components and IPsec VPN Features

Rick Graziani graziani@cabrillo.edu

26

Implementing Site-to-Site IPsec VPN Operations

Rick Graziani graziani@cabrillo.edu

27

Configuring IPsec Site-to-Site VPN Using SDM

Rick Graziani graziani@cabrillo.edu

28

Configuring GRE Tunnels over IPsec

Rick Graziani graziani@cabrillo.edu

29

Configuring High-Availability VPNs

Rick Graziani graziani@cabrillo.edu

30

Introducing Cisco Easy VPN

Rick Graziani graziani@cabrillo.edu

31

Configuring Easy VPN Server using Cisco SDM

Rick Graziani graziani@cabrillo.edu

32

Implementing the Cisco VPN Client

Rick Graziani graziani@cabrillo.edu

33

Lab 3.1 Configuring SDM on a Router

Rick Graziani graziani@cabrillo.edu

34

Lab 3.2 Configuring a Basic GRE Tunnel

Rick Graziani graziani@cabrillo.edu

35

Lab 3.3 Configuring Wireshark and SPAN

Rick Graziani graziani@cabrillo.edu

36

Lab 3.4 Configuring Site-to-Site IPsec VPNs with SDM

Rick Graziani graziani@cabrillo.edu

37

Lab 3.5 Configuring Site-to-Site IPsec VPNs with the IOS CLI

Rick Graziani graziani@cabrillo.edu

38

Lab 3.6 Configuring a Secure GRE Tunnel with SDM

Rick Graziani graziani@cabrillo.edu

39

Lab 3.7 Configuring a Secure GRE Tunnel with the IOS CLI

Rick Graziani graziani@cabrillo.edu

40

Lab 3.8 Configuring IPsec VTIs

Rick Graziani graziani@cabrillo.edu

41

Lab 3.9 Configuring Easy VPN with SDM

Rick Graziani graziani@cabrillo.edu

42

Lab 3.10 Configuring Easy VPN with the IOS CLI

Rick Graziani graziani@cabrillo.edu

43

Chapter 4 Frame Mode MPLS

Introducing MPLS Networks Assigning MPLS Labels to Packets Implementing Frame Mode MPLS Describing MPLS VPN Technology MPLS Lab Exercises

Rick Graziani graziani@cabrillo.edu

44

Introducing MPLS Networks

Rick Graziani graziani@cabrillo.edu

45

Assigning MPLS Labels to Packets

Rick Graziani graziani@cabrillo.edu

46

Implementing Frame Mode MPLS

Rick Graziani graziani@cabrillo.edu

47

Describing MPLS VPN Technology

Rick Graziani graziani@cabrillo.edu

48

Lab 4.1 Configuring Frame Mode MPLS

Rick Graziani graziani@cabrillo.edu

49

Lab 4.2 Challenge Lab: Implementing MPLS VPNs (Optional)

Rick Graziani graziani@cabrillo.edu

50

Chapter 5 Cisco Device Hardening

Thinking Like a Hacker Mitigating Network Attacks Network Attacks Using Intelligence Disabling Unused Cisco Router Network Services and
Interfaces Securing Cisco Router Administrative Access Configuring Role-Based CLI Mitigating Threats and Attacks with Access Lists Securing Management and Reporting Features Configuring SNMP Configuring the NTP Client Configuring AAA on Cisco Routers Cisco Device Hardening Lab Exercises
51

Rick Graziani graziani@cabrillo.edu

Thinking Like a Hacker

Rick Graziani graziani@cabrillo.edu

52

Mitigating Network Attacks

Rick Graziani graziani@cabrillo.edu

53

Network Attacks Using Intelligence

Rick Graziani graziani@cabrillo.edu

54

Disabling Unused Cisco Router Network Services and Interfaces

Rick Graziani graziani@cabrillo.edu

55

Securing Cisco Router Administrative Access

Rick Graziani graziani@cabrillo.edu

56

Configuring Role-Based CLI

Rick Graziani graziani@cabrillo.edu

57

Mitigating Threats and Attacks with Access Lists

Rick Graziani graziani@cabrillo.edu

58

Securing Management and Reporting Features

Rick Graziani graziani@cabrillo.edu

59

Configuring SNMP

Rick Graziani graziani@cabrillo.edu

60

Configuring the NTP Client

Rick Graziani graziani@cabrillo.edu

61

Configuring AAA on Cisco Routers

Rick Graziani graziani@cabrillo.edu

62

Lab 5.1 Using SDM One-Step Lockdown

Rick Graziani graziani@cabrillo.edu

63

Lab 5.2 Securing a Router with Cisco AutoSecure

Rick Graziani graziani@cabrillo.edu

64

Lab 5.3 Disabling Unneeded Services

Rick Graziani graziani@cabrillo.edu

65

Lab 5.4 Enhancing Router Security

Rick Graziani graziani@cabrillo.edu

66

Lab 5.5 Configuring Logging

Rick Graziani graziani@cabrillo.edu

67

Lab 5.6 Configuring AAA Authentication

Rick Graziani graziani@cabrillo.edu

68

Lab 5.7 Configuring Role-Based CLI Views

Rick Graziani graziani@cabrillo.edu

69

Lab 5.8 Configuring NTP

Rick Graziani graziani@cabrillo.edu

70

Chapter 6 Cisco IOS Threat Defense Features

Introducing the Cisco IOS Firewall Configuring Cisco IOS Firewall from the CLI Basic and Advanced Firewall Wizards Introducing Cisco IOS IPS Configuring Cisco IOS IPS Threat Defense Lab Exercises

Rick Graziani graziani@cabrillo.edu

71

Introducing the Cisco IOS Firewall

Rick Graziani graziani@cabrillo.edu

72

Configuring Cisco IOS Firewall from the CLI

Rick Graziani graziani@cabrillo.edu

73

Basic and Advanced Firewall Wizards

Rick Graziani graziani@cabrillo.edu

74

Introducing Cisco IOS IPS

Rick Graziani graziani@cabrillo.edu

75

Configuring Cisco IOS IPS

Rick Graziani graziani@cabrillo.edu

76

Lab 6.1 Configuring a Cisco IOS Firewall Using SDM

Rick Graziani graziani@cabrillo.edu

77

Lab 6.2 Configuring CBAC

Rick Graziani graziani@cabrillo.edu

78

Lab 6.3 Configuring IPS with SDM

Rick Graziani graziani@cabrillo.edu

79

Lab 6.4 Configuring IPS with CLI

Rick Graziani graziani@cabrillo.edu

80

ISCW Implementing Secure Cisco WANs Preview

CIS 186 ISCW Rick Graziani Fall 2007