- Home
- Training
- Training
- Apple
- Apple Macintosh Training
- Cisco Systems
- Cisco® Training
- Cisco® Career Certification
- Cisco® Service Provider Training
- Cisco® Advanced Services Training
- CCIE® Training
- Cisco® Boot Camps
- Audium Training
- EVDO Wireless Training
- Additional Training
- Cisco® Learning Credits
- Sales Force Training
- Inspired Training
- Harmony Training
- IT Service Management
- ITIL Training
- Cisco® Channel Patner Program University
- Train The Trainer
- On-site Training
- Customized Courseware
- Training Policies
- Classroom Environment
- Locations
- e-Learning
- Development
- Partners
- About Us
- Contact
Training > Cisco® Training > BECSN
Got Cisco® Learning Credits? Redeem them HERE.
Building Enhanced Cisco® Security Networks (BECSN)
Length: 5-day Workshop
Network security has become increasingly important because of the increased number of network threats from worms and easy-to-use distributed-denial-of-service (DDoS) tools. Companies can no longer deal with network security in a reactionary mode because of the potential for severe financial and intellectual property loss. For that reason, companies are investing in the security of their networks to provide a safe environment for their employees and customers.
The Cisco® Building Enhanced Cisco® Security Networks Boot Camp teaches students how to create a network security policyan often overlooked but vital part of any network security deployment-as well as how to deploy several emerging security technologies. In hands-on labs, students build a dynamic multipoint VPN (DMVPN), set up high availability for IP Security (IPSec-HA), configure Cisco® Secure VPN concentrators and Cisco® Secure PIX® firewalls for remote access management, modify a site-to-site VPN for split tunneling, secure network management, and set up identity-based network services (IBNS) for a wireless environment. The final phase of the class will be a test of the students' understanding of the course material by providing a network attack section that will employ various tools to attempt to gain access to their networks.
You will learn to:
- Given a network topology and network assessment from Cisco®, develop and document a comprehensive security policy that fulfills all requirements of the network assessment
- Given the security policy developed at the beginning of the class and a set of threat management criteria, document a threat response procedure that fulfills the requirements of the threat management criteria
- Given a remote office network, configure a site-to-site IP Security (IPSec) VPN to the corporate core network
- Given a remote office network and an access edge router, configure split tunneling to send unencrypted traffic to the Internet so that the users are capable of loading a Web page outside of the IPSec tunnel
- Given a remote office network and access edge router, configure context-based access control (CBAC) on the router to secure the remote VPN connection
- Given a remote access edge router, identify the path maximum transmission unit (MTU) for the established site-to-site IPSec tunnel
- Given a remote office and a redundant pair of Cisco® 2600 VPN routers, configure the VPN routers for IPSec-HA and verify using the failover sequence and reverse route injection
- Given a core student pod and an edge VPN router, configure the router to be a Next Hop Resolution Protocol (NHRP) client router by having it register with the NHRP hub in the core network
- Given a NHRP client router, successfully connect to the peer pod client routers through the dynamic multipoint VPN (DMVPN) network
- Given a remote office, configure the Cisco® Wireless Application Protocol (WAP) for 802.1X port-based authentication and verify with a successful RADIUS login to a student pod Cisco Secure Access Control Server
- Given a remote student pod, configure the access edge router for Secure Shell (SSH) Protocol and log in using the SSH client on the student PC
- Given a remote student pod, configure the access edge router for Cisco® Simple Network Management Protocol Version 2 (SNMP v2) with SNMP access control lists (ACLs) for remote administration
- Given a core student network, configure Cisco® Intrusion Detection System (IDS) components to respond to active internal and external network threats using CiscoWorks VPN/Security Management Solution 2.2
- Given a core student network, configure a Cisco® PIX® firewall to respond to active internal and external networks
- Given a core student network, configure Cisco® routers to respond to active internal and external networks
Recommended for:
- Individuals who design security networks based on Cisco® security products
- Individuals who implement end-to-end Cisco® security services
- Individuals who deploy networks using Cisco® security services
Prerequisites:
- Cisco IOS® routers, routing fundamentals, and IP addressing knowledge (required), as covered in the Interconnecting Cisco® Networking Devices (ICND) course, or CCNA® certification (preferred), or equivalent experience.
- Managing Cisco® Network Security 3.0 or equivalent experience with Cisco IOS® Software-based security products (recommended)
- Cisco® Secure PIX® Firewall Advanced 3.1 or equivalent experience with the configuration of Cisco® Secure PIX® Firewalls (recommended)
- Cisco® Secure Intrusion Detection System 3.0 or equivalent experience configuring Cisco® Secure IDS products (recommended)
- Cisco® Secure VPN 3.1 or equivalent experience configuring Cisco® Secure VPN products (recommended)
- Cisco® Aironet® Wireless LAN Fundamentals 3.0 or equivalent experience configuring Cisco® wireless products (recommended)
More Information
Training Policies • Classroom Environment • Training Locations