Post on 18-May-2021
CCNASECURITY
CURRICULUM
1.1 Describe common security threats 1.1.a Common threats to the physical installationl�
1.1.b Mitigation methods for common network attacksl�
1.1.c Email-based threatsl�
1.1.d Web-based attacksl�
1.1.e Mitigation methods for Worm, Virus, and Trojan Horse attacksl�
1.1.f Phases of a secure network lifecyclel�
1.1.g Security needs of a typical enterprise with a comprehensive security policyl�
1.1.h Mobile/remote securityl�
1.1.i DLPl�
2.0 Security and Cisco Routers2.1 Implement Security on Cisco routers 2.1.a CCP Security Audit featurel�
2.1.b CCP One-Step Lockdown featurel�
2.1.c Secure router access using strong encrypted passwords, and using IOS login l�
enhancements, IPV6 security 2.1.d Multiple privilege levelsl�
2.1.e Role-Based CLIl�
2.1.f Cisco IOS image and configuration filesl�
2.2 Describe securing the control, data and management planel�
2.3 Describe CSMl�
2.4 Describe IPv4 to IPv6 transitionl�
2.4.a Reasons for IPv6l�
2.4.b Understanding IPv6 addressingl�
2.4.c Assigning IPv6 addressesl�
2.4.d Routing considerations for IPv6l�
3.0 AAA on Cisco Devices3.1 Implement authentication, authorization, and accounting (AAA) 3.1.a AAA using CCP on routersl�
3.1.b AAA using CLI on routers and switchesl�
3.1.c AAA on ASAl�
3.2 Describe TACACS+ l�
3.3 Describe RADIUSl�
3.4 Describe AAAl�
3.4.a Authenticationl�
3.4.b Authorizationl�
3.4.c Accountingl�
3.5 Verify AAA functionalityl�
4.0 IOS ACLs4.1 Describe standard, extended, and named IP IOS ACLs to filter packets 4.1.a IPv4l�
4.1.b IPv6l�
4.1.c Object groupsl�
4.1.d ACL operationsl�
4.1.e Types of ACLs (dynamic, reflexive, time-based ACLs)l�
4.1.f ACL wild card maskingl�
4.1.g Standard ACLsl�
4.1.h Extended ACLsl�
4.1.i Named ACLsl�
4.1.j VLSMl�
4.2 Describe considerations when building ACLs 4.2.a Sequencing of ACEsl�
4.2.b Modification of ACEsl�
4.3 Implement IP ACLs to mitigate threats in a networkl�
4.3.a Filter IP trafficl�
4.3.b SNMPl�
4.3.c DDoS attacksl�
4.3.d CLIl�
4.3.e CCPl�
4.3.f IP ACLs to prevent IP spoofingl�
4.3.g VACLsl�
5.0 Secure Network Management and Reporting5.1 Describe secure network management 5.1.a In-bandl�
5.1.b Out of bandl�
5.1.c Management protocolsl�
5.1.d Management enclavel�
5.1.e Management planel�
5.2 Implement secure network management 5.2.a SSHl�
5.2.b syslogl�
5.2.c SNMPl�
5.2.d NTPl�
5.2.e SCPl�
5.2.f CLIl�
5.2.g CCPl�
5.2.h SSLl�
6.0 Common Layer 2 Attacks 6.1 Describe Layer 2 security using Cisco switches 6.1.a STP attacksl�
6.1.b ARP spoofingl�
6.1.c MAC spoofingl�
6.1.d CAM overflowsl�
6.1.e CDP/LLDPl�
6.2 Describe VLAN Security 6.2.a Voice VLANl�
6.2.b PVLANl�
6.2.c VLAN hoppingl�
6.2.d Native VLANl�
6.3 Implement VLANs and trunking 6.3.a VLAN definitionl�
6.3.b Grouping functions into VLANsl�
6.3.c Considering traffic source to destination pathsl�
6.3.d Trunkingl�
6.3.e Native VLANl�
6.3.f VLAN trunking protocolsl�
6.3.g Inter-VLAN routingl�
6.4 Implement Spanning Tree 6.4.a Potential issues with redundant switch topologiesl�
6.4.b STP operationsl�
6.4.c Resolving issues with STPl�
7.0 Cisco Firewall Technologies7.1 Describe operational strengths and weaknesses of the different firewall technologies 7.1.a Proxy firewallsl�
7.1.b Packet and stateful packetl�
7.1.c Application firewalll�
7.1.d Personal firewalll�
7.1.e CDP/LLDPl�
7.2 Describe stateful firewalls 7.2.a Operationsl�
7.2.b Function of the state tablel�
7.3 Describe the types of NAT used in firewall technologies 7.3.a Staticl�
7.3.b Dynamicl�
7.3.c PATl�
7.4 Implement Zone Based Firewall using CCP 7.4.a Zone to zonel�
7.4.b Self zonel�
7.5 Implement the Cisco Adaptive Security Appliance (ASA) 7.5.a NATl�
7.5.b ACLl�
7.5.c Default MPFl�
7.5.d Cisco ASA sec levell�
7.6 Implement NAT and PAT 7.6.a Functions of NAT, PAT, and NAT Overloadl�
7.6.b Translating inside source addressesl�
7.6.c Overloading Inside global addressesl�
8.0 Cisco IPS8.1 Describe IPS deployment considerations 8.1.a SPANl�
8.1.b IPS product portfoliol�
8.1.c Placementl�
8.1.d Caveatsl�
8.2 Describe IPS technologies 8.2.a Attack responsesl�
8.2.b Monitoring optionsl�
8.2.c Syslogl�
8.2.d SDEEl�
8.2.e Signature enginesl�
8.2.f Signaturesl�
8.2.g Global correlation and SIOl�
8.2.h Network-basedl�
8.2.i Host-basedl�
Partners :
PITAMPURA (DELHI)NOIDAA-43 & A-52, Sector-16,
GHAZIABAD1, Anand Industrial Estate, Near ITS College, Mohan Nagar, Ghaziabad (U.P.)
GURGAON1808/2, 2nd floor old DLF,Near Honda Showroom,Sec.-14, Gurgaon (Haryana)
SOUTH EXTENSION
www.facebook.com/ducateducation
Java
Plot No. 366, 2nd Floor, Kohat Enclave, Pitampura,( Near- Kohat Metro Station)Above Allahabad Bank, New Delhi- 110034.
Noida - 201301, (U.P.) INDIA 70-70-90-50-90 +91 99-9999-3213 70-70-90-50-90 70-70-90-50-90
70-70-90-50-90
70-70-90-50-90
D-27,South Extension-1New Delhi-110049
+91 98-1161-2707
(DELHI)
8.3 Configure Cisco IOS IPS using CCP 8.3.a Loggingl�
8.3.b Signaturesl�
9.0VPN Technologies9.1 Describe the different methods used in cryptography 9.1.a Symmetricl�
9.1.b Asymmetricl�
9.1.c HMACl�
9.1.d Message digestl�
9.1.e PKIl�
9.2 Describe VPN technologies 9.2.a IPsecl�
9.2.b SSLl�
9.3 Describe the building blocks of IPSec 9.3.a IKEl�
9.3.b ESPl�
9.3.c AHl�
9.3.d Tunnel model�
9.3.e Transport model�
9.4 Implement an IOS IPSec site-to-site VPN with pre-shared key authentication 9.4.a CCPl�
9.4.b CLIl�
9.5 Verify VPN operations
9.6 Implement SSL VPN using ASA device manager 9.6.a Clientlessl�
9.6.b AnyConnectl�