CCNA Security

Things you should know before you Begin!

I About the Free CCNA Security Workbook

II CCNA Security Workbook Hardware/Software Requirements

IIIThis or That – The Stub Lab or GNS3

Section 1 – Securing Layer 2

Lab 1-1Configuring Native VLAN on a Trunk Links

Lab 1-2Disabling Dynamic Trunking Protocol (DTP)

Lab 1-3Preventing Layer 2 Loops with BPDU Guard

Lab 1-4Protecting the Root Bridge using STP Root Guard

Lab 1-5Protecting the CAM Table using Port Security

Lab 1-6Preventing DHCP Rogue Servers by using DHCP Snooping

Lab 1-7Preventing Spoofed ARP via Dynamic ARP Inspection

Lab 1-8Preventing IP Spoofs using IP Source Guard

Section 2 – Securing the Control Plane

Lab 2-1Configuring Local User Authentication via AAA

Lab 2-2Configuring SSH and HTTPS Management Access

Lab 2-3Configuring Console, Local and Remote System Logging (SYSLOG)

Lab 2-4Configuring Secure NTP (Network Time Protocol)

Lab 2-5Configuring Secure SNMPv2c

Lab 2-6Configuring Secure SNMPv3

Lab 2-7Protecting the Cisco IOS File(s)

Lab 2-8Configuring Control Plane Policing (CPP)

Lab 2-9Configuring Role-Based User Access Control

Section 3 – Securing the Forwarding Plane

Lab 3-1Securing RIP advertisements using MD5 Authentication

Lab 3-2Securing EIGRP Neighbors using MD5 Authentication

Lab 3-3Securing OSPF Neighbors using MD5 Authentication

Lab 3-4Configuring Reflexive Access Control Lists

Lab 3-5Configuring Cisco IOS ACL Object-Groups

Lab 3-6Configuring Time Based Access Control Lists

Lab 3-7Configuring Bogon Access Control Lists

Section 4 – Cisco IOS Firewall Technologies

Lab 4-1Configuring Dynamic NAT (Many to One)

Lab 4-2Configuring Static NAT (One to One)

Lab 4-3Configuring Static PAT (IP Port to IP Port)

Lab 4-4Configuring Cisco IOS Firewall

Lab 4-5Configuring Cisco IOS Firewall Exceptions

Lab 4-6Configuring Basic Cisco IOS Zone Based Firewall

Lab 4-7Configuring Cisco IOS Zone Based Firewall Exceptions

Section 5 – Cisco IOS VPN Technologies

Lab 5-1Understanding VPN Technologies

Lab 5-2Configuring ISAKMP Policies

Lab 5-3Configuring Site to Site IPSEC VPN

Lab 5-4Configuring an IPSEC GRE Tunnel

Section 6 – Cisco IOS IPS/IDS

Lab 6-1Configuring Basic Cisco IOS IPS/IDS

Lab 6-2Installing new IPS/IDS Signature Libraries

Lab 6-3Managing Cisco IPS/IDS Signatures

Lab 6-4Configuring Cisco IOS Signature Based IPS/IDS

Lab 6-5Configuring Cisco IOS Policy Based IPS/IDS

Section 7 – Cisco Adaptive Security Appliances

Lab 7-1Overview of the Cisco ASA (Adaptive Security Appliances)

Lab 7-2Configuring ASA Enable and Username Authentication

Lab 7-3Configuring Login and MOTD Banners

Lab 7-4Configuring Interface Addressing, Names and Security Levels

Lab 7-5Configuring Static Routes on the ASA

Lab 7-6Configuring DHCP Services on the Cisco ASA

Lab 7-7Configuring Dynamic Routing on the Cisco ASA

Lab 7-8Configuring SSH and Telnet Remote Management Access

Lab 7-9Configuring ASDM Remote Management Access

Lab 7-10Configuring RADIUS & TACACS+ on the Cisco ASA

Lab 7-11Configuring Cisco ASA Objects, Object Groups and Access Lists

Lab 7-12Configuring Cisco ASA Dynamic NAT (Many to One)

Lab 7-13Configuring Cisco ASA Static NAT (One to One)

Lab 7-14Configuring Cisco ASA Static PAT (AKA: Port Forwarding)

Lab 7-15Configuring Network Address Translation (NAT) Pooling

Lab 7-16Configuring Twice NAT, Previously Known as NAT Exemption

Lab 7-17Configuring Redundant ISP’s on the Cisco ASA

Lab 7-18Configuring a L2L (LAN to LAN) IPSEC VPN Tunnel

Lab 7-19Configuring NAT for traffic traversing a L2L Tunnel

Lab 7-20Configuring Client Based Remote Access SSL VPN using AnyConnect Client

Lab 7-21Configuring Clientless SSL VPN Services

Lab 7-22Configuring NTP for Time Accuracy

Lab 7-23Configuring SNMP for Remote Monitoring and Management

Lab 7-24Configuring a Cisco ASA Packet Capture

Lab 7-25Configuring Stateful Failover on the Cisco ASA

Lab 7-26Configuring Multiple Context(s) on the Cisco ASA

Lab 7-27Configuring Transparent Cisco ASA Firewall(s)

Lab 7-28Understanding the Flow of Traffic using Packet Tracer

Section 8 – Cisco Access Control Server 5.x

Lab 8-1Installing Cisco ACS 5.x on VMWare Workstation

Lab 8-2Configuring User Accounts on Cisco ACS 5.x

Lab 8-3Configuring ACS Device Profiles

Lab 8-4Configuring Radius and TACACS+ Servers on Cisco IOS

Lab 8-5Configuring Named AAA Server Group List

Lab 8-6Configuring Cisco IOS AAA Authentication List

Lab 8-7Configuring Cisco ACS Server 5.x Group Based Authentication Policies

Lab 8-8Configuring Cisco IOS AAA Authorization List

Lab 8-9Configuring Cisco ACS Server 5.x Group Based Authorization Policies

Lab 8-10Configuring Cisco IOS AAA Accounting List

Lab 8-11Configuring Cisco ACS Server 5.x Accounting Policies

Lab 8-12Viewing Cisco ACS Server 5.x Accounting Logs

CCNA Security Pratice Exam(s)

Exam 1CCNA Security Practice Exam #1 (60 Questions)