ISCW Implementing Secure Cisco WANs Preview CIS 186 ISCW Rick Graziani Fall 2007
ISCWImplementing Secure Cisco WANs
Preview
CIS 186 ISCW
Rick Graziani
Fall 2007
Rick Graziani [email protected] 2
My Web Site
Rick Graziani [email protected] 3
On-line curriculum
Rick Graziani [email protected] 4
Labs and NetLab
Rick Graziani [email protected] 5
ISCW Exam Certification Guide
Rick Graziani [email protected] 6
Review Questions: On-line curriculum and ISCW Exam Cert Book
Rick Graziani [email protected] 7
Description and Chapters
This course will teach advanced skills required to secure and enhance services in enterprise networks for teleworkers and remote sites.
It will focus on securing remote access, VPN client configuration and other topics including Mulit-Protocol Label Switching (MPLS), IPsec, Cisco device hardening, IOS firewall features, and IOS threat defense features.
1. Remote Network Connectivity Requirements2. Teleworker Connectivity (Simulation)3. IPsec VPNs (Labs)4. Frame Mode MPLS Implmentation (One lab)5. Cisco Device Hardening (Labs)6. Cisco IOS Threat Defense Features (Labs)
Rick Graziani [email protected] 8
Chapter 1 Remote Network Connectivity Requirements
• Enterprise Networking
• Hierarchical Model
• Cisco Enterprise Architecture
• Remote Connection Requirements in a Converged Network
• Remote Connection Considerations
• Intelligent Information Network
• Cisco SONA Framework
Rick Graziani [email protected] 9
Hierarchical Network Model
Rick Graziani [email protected] 10
Cisco Enterprise Architecture
Rick Graziani [email protected] 11
Remote Connection Considerations
Rick Graziani [email protected] 12
Cisco SONA Framework
Rick Graziani [email protected] 13
Chapter 2 Teleworker Connectivity
• Describing Remote Connection Topologies for Teleworkers
• Describing Cable Technology
• Deploying Cable System Technology
• Describing DSL Technology
• Deploying ADSL
• Configuring the CPE as the PPPoE or PPPoA Client
• Troubleshooting Broadband ADSL Configurations
• PPPoE Simulation Practice
Rick Graziani [email protected] 14
Remote Connection Topologies for the Teleworker
Rick Graziani [email protected] 15
Components of the Teleworker Solution
Rick Graziani [email protected] 16
What is a Cable System?
Rick Graziani [email protected] 17
Describing Cable Technology
Rick Graziani [email protected] 18
Deploying Cable System Technology
Rick Graziani [email protected] 19
Describing DSL Technology
Rick Graziani [email protected] 20
Deploying ADSL
Rick Graziani [email protected] 21
Configuring the CPE as the PPPoE or PPPoA Client
Rick Graziani [email protected] 22
Troubleshooting Broadband ADSL Configurations
Rick Graziani [email protected] 23
PPPoE Simulation Practice
Rick Graziani [email protected] 24
Chapter 3 IPsec VPNs
• Introducing VPN Technology
• Understanding IPsec Components and IPsec VPN Features
• Implementing Site-to-Site IPsec VPN Operations
• Configuring IPsec Site-to-Site VPN Using SDM
• Configuring GRE Tunnels over IPsec
• Configuring High-Availability VPNs
• Introducing Cisco Easy VPN
• Configuring Easy VPN Server using Cisco SDM
• Implementing the Cisco VPN Client
• IPsec VPN Lab Exercises
Rick Graziani [email protected] 25
Introducing VPN Technology
Rick Graziani [email protected] 26
Understanding IPsec Components and IPsec VPN Features
Rick Graziani [email protected] 27
Implementing Site-to-Site IPsec VPN Operations
Rick Graziani [email protected] 28
Configuring IPsec Site-to-Site VPN Using SDM
Rick Graziani [email protected] 29
Configuring GRE Tunnels over IPsec
Rick Graziani [email protected] 30
Configuring High-Availability VPNs
Rick Graziani [email protected] 31
Introducing Cisco Easy VPN
Rick Graziani [email protected] 32
Configuring Easy VPN Server using Cisco SDM
Rick Graziani [email protected] 33
Implementing the Cisco VPN Client
Rick Graziani [email protected] 34
Lab 3.1 Configuring SDM on a Router
Rick Graziani [email protected] 35
Lab 3.2 Configuring a Basic GRE Tunnel
Rick Graziani [email protected] 36
Lab 3.3 Configuring Wireshark and SPAN
Rick Graziani [email protected] 37
Lab 3.4 Configuring Site-to-Site IPsec VPNs with SDM
Rick Graziani [email protected] 38
Lab 3.5 Configuring Site-to-Site IPsec VPNs with the IOS CLI
Rick Graziani [email protected] 39
Lab 3.6 Configuring a Secure GRE Tunnel with SDM
Rick Graziani [email protected] 40
Lab 3.7 Configuring a Secure GRE Tunnel with the IOS CLI
Rick Graziani [email protected] 41
Lab 3.8 Configuring IPsec VTIs
Rick Graziani [email protected] 42
Lab 3.9 Configuring Easy VPN with SDM
Rick Graziani [email protected] 43
Lab 3.10 Configuring Easy VPN with the IOS CLI
Rick Graziani [email protected] 44
Chapter 4 Frame Mode MPLS
• Introducing MPLS Networks
• Assigning MPLS Labels to Packets
• Implementing Frame Mode MPLS
• Describing MPLS VPN Technology
• MPLS Lab Exercises
Rick Graziani [email protected] 45
Introducing MPLS Networks
Rick Graziani [email protected] 46
Assigning MPLS Labels to Packets
Rick Graziani [email protected] 47
Implementing Frame Mode MPLS
Rick Graziani [email protected] 48
Describing MPLS VPN Technology
Rick Graziani [email protected] 49
Lab 4.1 Configuring Frame Mode MPLS
Rick Graziani [email protected] 50
Lab 4.2 Challenge Lab: Implementing MPLS VPNs (Optional)
Rick Graziani [email protected] 51
Chapter 5 Cisco Device Hardening
• Thinking Like a Hacker • Mitigating Network Attacks • Network Attacks Using Intelligence • Disabling Unused Cisco Router Network Services and
Interfaces• Securing Cisco Router Administrative Access• Configuring Role-Based CLI • Mitigating Threats and Attacks with Access Lists• Securing Management and Reporting Features • Configuring SNMP • Configuring the NTP Client • Configuring AAA on Cisco Routers • Cisco Device Hardening Lab Exercises
Rick Graziani [email protected] 52
Thinking Like a Hacker
Rick Graziani [email protected] 53
Mitigating Network Attacks
Rick Graziani [email protected] 54
Network Attacks Using Intelligence
Rick Graziani [email protected] 55
Disabling Unused Cisco Router Network Services and Interfaces
Rick Graziani [email protected] 56
Securing Cisco Router Administrative Access
Rick Graziani [email protected] 57
Configuring Role-Based CLI
Rick Graziani [email protected] 58
Mitigating Threats and Attacks with Access Lists
Rick Graziani [email protected] 59
Securing Management and Reporting Features
Rick Graziani [email protected] 60
Configuring SNMP
Rick Graziani [email protected] 61
Configuring the NTP Client
Rick Graziani [email protected] 62
Configuring AAA on Cisco Routers
Rick Graziani [email protected] 63
Lab 5.1 Using SDM One-Step Lockdown
Rick Graziani [email protected] 64
Lab 5.2 Securing a Router with Cisco AutoSecure
Rick Graziani [email protected] 65
Lab 5.3 Disabling Unneeded Services
Rick Graziani [email protected] 66
Lab 5.4 Enhancing Router Security
Rick Graziani [email protected] 67
Lab 5.5 Configuring Logging
Rick Graziani [email protected] 68
Lab 5.6 Configuring AAA Authentication
Rick Graziani [email protected] 69
Lab 5.7 Configuring Role-Based CLI Views
Rick Graziani [email protected] 70
Lab 5.8 Configuring NTP
Rick Graziani [email protected] 71
Chapter 6 Cisco IOS Threat Defense Features
• Introducing the Cisco IOS Firewall
• Configuring Cisco IOS Firewall from the CLI
• Basic and Advanced Firewall Wizards
• Introducing Cisco IOS IPS
• Configuring Cisco IOS IPS
• Threat Defense Lab Exercises
Rick Graziani [email protected] 72
Introducing the Cisco IOS Firewall
Rick Graziani [email protected] 73
Configuring Cisco IOS Firewall from the CLI
Rick Graziani [email protected] 74
Basic and Advanced Firewall Wizards
Rick Graziani [email protected] 75
Introducing Cisco IOS IPS
Rick Graziani [email protected] 76
Configuring Cisco IOS IPS
Rick Graziani [email protected] 77
Lab 6.1 Configuring a Cisco IOS Firewall Using SDM
Rick Graziani [email protected] 78
Lab 6.2 Configuring CBAC
Rick Graziani [email protected] 79
Lab 6.3 Configuring IPS with SDM
Rick Graziani [email protected] 80
Lab 6.4 Configuring IPS with CLI
ISCWImplementing Secure Cisco WANs
Preview
CIS 186 ISCW
Rick Graziani
Fall 2007