CCNA Security (210-260)

Overview

This section gives the overview for CCNA Security. It covers the topics like who is the intended audience, what the scope, and what are some specific topics that will be addressed.

Understand Common Security Principles

This section discusses fundamental security concepts. It covers the concepts like the CIA triad, security information management (SIM), security event management (SEM) as well as a blending of the two through security information and event management (SIEM). It also explains the concepts like assets, vulnerabilities, threats, risks and more.

Identify Common Security Threats

This section introduces to some common security threats to be able to identify them as they are encountered. It explores common attack types and motivations like financial gain, general disruption, and revenge. At the end it discusses the different Distributed Denial of Service(DDoS) attacks like Direct, Reflected, and Amplified.

Understand Basic Crypto Concepts

This section walks through the basics of cryptography concepts. It covers both symmetric and asymmetric encryption , Public Key Infrastructure(PKI), and Certificates. It also define hashing and describe how it’s used and how it’s different than encryption.

Secure Management Access

This section takes a look at securely managing access to Cisco equipment. It explains the difference between In-Band and Out-of-Band management.It also shows how to create and use a strong password. It demonstrate setting logins and passwords on the Console, AUX, and VTY of a Cisco router.

Implement AAA Security

This section introduces you to the service(s) known as Authentication, Authorization, and Accounting, or more simply AAA. It shows the difference between RADIUS and TACACS as an AAA solution in a Cisco network.

Describe 802.1x Authentication

This section describes and demonstrate the 802.1x authentication abilities at OSI Layer 2 to prevent unauthorized devices from gaining access to the network. It shows Authentication process and identify the 802.1x functions and components for the Supplicant, the Authenticator, and the Authentication Server.

Understand BYOD Management

This section walks through the basic concepts and considerations when implementing a Bring Your Own Device(BYOD) environment. It discusses BYOD fundamentals and describe the benefit of using Cisco’s on-premise and cloud-based Mobile Device Manager.

Describe VPN Concepts

This section introduces Virtual Private Networks(VPN). It covers wide range of VPN concepts and technologies including the purpose of VPNs, what types of encryptions are typically used (IPsec/SSL/MPLS), Remote Access vs. Site-to-Site, and VPN benefits. It also explains IPsec protocols and delivery modes.

Implement Remote Access VPN

This section explores remote access Virtual Private Networks(VPN). It demonstrates how to implement a basic Clientless SSL VPN using ASDM. It also explains how to create a VPN connection using the Cisco VPN client software called AnyConnect.

Implement Site-to-Site VPN

This section demonstrate how to implement a Site-to-Site VPN connection. It explains the purposes and concepts for the use of a Site-to-Site VPN. It also shows how to configure the Cisco devices to create the Site-to-Site split-tunnel.

Secure Cisco Router Operations

This section explores setting up secure access to a Cisco router. It covers setting up access by configuring multiple privilege levels as well as reviewing role-based access. It shows how to implement an resilient IOS configuration and how to recover from an accidental deletion using the backups.

Describe Layer 2 Attacks

This section describes some of the common OSI Layer 2 attacks. It explains about L2 attacks like attacks against Spanning-Tree, ARP spoofing, MAC spoofing, CAM Table overflow attacks, CDP/LLDP reconnaissance, VLAN hopping, and DHCP spoofing.

Configure Layer 2 Security

This section takes through the mitigation procedures and techniques against layer 2 attacks. It shows how to implement DHCP Snooping and Dynamic ARP Inspection to guard against DHCP starvation and Rogue DHCP attacks. It also covers how to implement Port Security to control what end device have access to a switch and how to implement BPDU Guard, Root Guard, and Loop Guard.

Describe VLAN Security

This section discusses how to implement VLAN security in a Cisco environment. It demonstrates the use of Private VLANs to further segment and isolate a network. It shows the security implications of using a Native VLAN and operations of the Native VLAN.

Describe Firewall Technologies

This section describe the operational strengths and weaknesses of the different firewall technologies. Different Firewalls covered include Proxy firewalls, Application firewalls, and Personal firewalls. It also delve into stateful vs. stateless firewalls.

Implement NAT on Cisco ASA 9x

This section demonstrate how to implement Network Address Translation(NAT) on a Cisco ASA 9.x. It explores the common types of NAT which includes Static NAT, Dynamic NAT, and Port Address Translation.It also explains the complex Policy NAT configuration.

Implement Zone-Based Firewalls

This section explain and demonstrate how to implement Zone-Based Firewalls. When there is a need to implement a stateful firewall, but don’t have the budget for an ASA, your current Cisco Router might be able to take on the job through implementing the Zone-Based firewall feature.

Configure ASA Management

This section walks through the basic initial setup for a Cisco ASA. It demonstrate configuring access Management with proper interface policies. It shows the set up of VLANs, DHCP, and routing to connect to the network.

Describe IPS Deployment Considerations

This section covers the basic knowledge of Intrusion Prevention Systems(IPS). It covers what exactly an IPS is and how it integrates into your network. It discusses the different modes of IPSs as well as placement in the network.

Content and Endpoint Security

This section dive into the world of endpoint security. It explains mitigation technology for email based and web based threats. It also covers blacklisting, URL filtering, malware scanning, TLS decryption, anti-malware/antivirus software, personal firewalls, and encryption.