1 / 36

Security in the Cisco Academy

Security in the Cisco Academy. Gratitude Kudyachete EA-CATC AFRALTI April 2009. Agenda. Why Security? Security in IT E I Security in IT E II Security in CCNA-Discovery Security in CCNA-Exploration Security in CCNP – ISCW Network Security I & II

keaton-austin
Download Presentation

Security in the Cisco Academy

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Security in the Cisco Academy Gratitude Kudyachete EA-CATC AFRALTI April 2009

  2. Agenda • Why Security? • Security in IT E I • Security in IT E II • Security in CCNA-Discovery • Security in CCNA-Exploration • Security in CCNP – ISCW • Network Security I & II • Major points - current currilla and security • CCNA-Security • Q&A

  3. Why Security?? • If the security is compromised, serious consequences, such as loss of privacy, theft of information, legal liability… result • Types of potential threats to security are always evolving • E-business and Internet applications continue to grow- cannot avoid open networks • Security has moved to the forefront of network management and implementation – and this is evident in the Academy Curricula

  4. Security in IT E I • Mainly in chapters 9 & 16 • Major issues: • Security Threats – physical, data, internal vs external • Security procedures/techniques • Preventive maintenance techniques • Troubleshooting security IT Essentials

  5. Security in IT E – Security procedures WEP, WPA, WPA2(802.11i), LEAP, mac filtering, ssid broadcast, WTLS Password protection,data encryption, port protection,backup, file system security Access control, cable locks,security cages,RFID tags,lock rooms Identify: assets, threats Define:-incident handling,emergency ,allowed & prohibited behaviour,security framework, security techniques, ..

  6. Preventive maintenance on security • OS updates – automatic, notify, only download , off(no updates) • Antivirus & Antispyware – update signature files • Account maintenance • Terminate employee access • Guest access • Group by job functions • Data backup & access

  7. Security components & techniques • The following techniques & components are discussed: • Passwords - it is a minimum requirement • Logging & auditing • Encryption - encoding data for purposes such as • Hashing • Symetric encryption • Asymetric • Virtual private networks • Firewalls – hardware & software and could be • Packet filter • Proxy firewall • Stateful packet inspection • IDS • Security expense vs cost of loss help establish tradeoffs

  8. IT E II - unsupported • Mainly in chapters 5, 8,9,10,14 • Major issues • Remote Administration & Access Services • Firewalls • Directory & File permissions • Administrative accounts & login privileges • Security threats, Security implementation, patches & upgrades IT Essentials

  9. Security in CCNA Discovery • Module 1- chapters 2,7,8 • Module 2 – chapters 4,8 • Module 3 - chapters 1,2,3,4,5,6,7,8 • Module 4 chapters 1,5,7,8 • Major issues are: • Basic security – policy, threats, attacks, techniques • Patching OS and applications • Wireless LAN Security • ISP Security • VPNs, NAT/PAT, ACLs • Switch security, VLANs • Routing update and PPP authentication • Security from a design perspective CCNA Discovery

  10. Security in CCNA Exploration • Module 1-chapt 1 • Module 3- chapt 2,3,7 • Module 4 – chapters 2,4,5,6,7 • Issues covered include • Network security -threats,mitigation,policy • Security goals & measures • Switch security , router security • Wireless LAN Security • Ppp authentication • ACLs , VPNS , SDM , NAT/PAT CCNA Exploration

  11. Proving security • Security measures taken in a network should: • Prevent unauthorized disclosure or theft of information • Prevent unauthorized modification of information • Prevent Denial of Service • Means to achieve these goals include: • Ensuring confidentiality • Maintaining communication integrity • Ensuring availability

  12. Primary classes of attacks • Reconnaisance attacks – internet information queries, ping sweeps, port scans, packet sniffers • Access Attacks -– password, trust exploitation,port redirection, man in the middle attack • DOS – Ping of D, Syn flood, DDoS, … • Malicious Software – Virus, Worm, Trojan horse – worms require containment, inoculation , quarantining & treatment

  13. Securing Cisco Routers • routers provide gateways to other networks, they are obvious targets, and are subject to a variety of attacks.

  14. Secure Routing protocols • Major attacks: disrupt peer , falsify information • Can configure passive int., authentication R1(config)# router rip R1(config)# passive-interface default R1(config)#no passive-interface se0/0/0 R1(config)# key chain RIP_KEY R1(config-keychain)#key 1 R1(config-keychain-key)# key-string cisco R1(config)#int se0/0/0 R1(config-if)#ip rip authentication mode md5 R1(config-if)#ip rip authentication key-chain RIP_KEY Also EIGRP & OSPF authentication

  15. Security Device Manager – SDM • An easy-to-use, web-based device-management tool designed for configuring LAN, WAN, and security features on Cisco IOS software-based routers. • Firewall, VPN, IPS/IDS,NAT, router lockdown

  16. VPNs • VPNs - enable transportation of information in a private network over a public network – encapsulation(tunneling) & encryption typically used

  17. NAT/PAT • Adds a degree of privacy and security - hides internal IP addresses from outside networks. • ip nat inside source .. • ip nat inside • ip nat outside

  18. Wireless Security protocols • In 802.11i - WPA uses TKIP and WPA2 employs AES

  19. Security in CCNP ISCW • IPSec VPNs • MPLS VPN Technology • Cisco Device Hardening • Cisco IOS threat defense features

  20. Network Security I - unsupported • Vulnerabilities, Threats and Attacks • Security Planning and Policy • Security Devices • Trust and Identity Technology • Cisco Secure Access Control Server • Configure Trust and Identity at Layer 2 and 3 • Configuring Filtering on a Router • Configuring Filtering on a PIX Security Appliance • Configuring Filtering on a Switch

  21. Network Security II - unsupported • Intrusion Detection and Prevention Technology and Implementation • Encryption and VPN Technology • Site-to-site VPNs with pre-shared keys • Site-to-site VPNs with digital certificates • Remote Access VPN • Security Network Architecture and Management • PIX Contexts, Failovers and Management

  22. Major points about Security & current curricula • It is evident that a lot of security concepts are covered • Most of the treatment is introductory • In Network Security I & II(unsupported) there is great depth & breath of coverage • CCNP (ISCW) – less breath than NS 1 & 2 but still depth on specific issues • There is need for curricula to build on what IT Essentials and CCNA gives

  23. CCNA Security Overview

  24. Outline • CCNA Security Overview • Target Audience • Course Details • Equipment Requirements • Enrollment, Training and Support • Release Dates and Availability • Q&A

  25. CCNA Security Overview • A new course that provides students with in-depth network security education and develop a comprehensive understanding of network security concepts • Provides students with knowledge and skills to design and support Network Security • Provides an experience-oriented course to prepare for entry-level specialist jobs in network security • Prepares students for CCNA Security certification (IINS 640-553 exam). • CCNA Security course IS NOT a replacement for the current Network Security 1 and Network Security 2 (NS1 and NS2) Courses

  26. Building Scalable Internetworks Implementing Secured Converged Wide-Area Networks Building MultilayerSwitched Networks Optimizing Converged Networks Networking for Home and Small Businesses Working at a Small-to-Medium Business or ISP Introducing Routing and Switching in the Enterprise Designing and Supporting Computer Networks Network Fundamentals Routing Protocols and Concepts LAN Switching and Wireless Accessing the WAN CCNA Security IT Essentials: PC Hardware and Software Cisco Networking Academy Curricula Portfolio Network Professional CCNP Security CCNA Exploration CCNA Discovery IT Essentials Packet Tracer IT Technician Student Networking Knowledge and Skills

  27. Security Certifications Associate-level Professional-level Revised CCSP Certification CCNA Security Certification Cisco Certified Security Professional (CCSP) Certification CCNA Security Course SND IINS (640-553) Network Security 1 & 2 (NS1/NS2) Courses SNRS SNRS CCNA certification is a pre-requisite for CCNA Security certification SNAF SNPA IPS IPS Elective Exam Elective Exam

  28. CCNA Security Target Audience • Career starters seeking career-oriented, entry-level Security specialist skills • Working professionals looking to enhance or change their careers • Students in degree programs at colleges or universities • Higher Education institutions and Universities

  29. Course Details One semester long (~70-hr) course format Enabled for both ILT and Blended Distance Learning (BDL) Delivered in the same Graphical User Interface (GUI) as the CCNA Discovery and CCNA Exploration curricula 9 Chapters One complex hands-on lab per chapter and Packet Tracer activities Provided as separate .zip files downloaded from AC; not packaged within the GUI 9 end of chapter exams 1 final exam Available in English only, no translated versions are planned

  30. Goal is to minimize equipment costs Uses CCNA Discovery/Exploration equipment bundle and topology NetLab compatible topology—enabled for remote operation Additional investment required for memory upgrade and Advanced IOS images Equipment Requirements

  31. CCNA Security Course Outline

  32. Enrollment, Training & Support • Student Enrollment Pre-requisite: CCNA-level knowledge required • Instructor Training Guidelines • CCNA-level knowledge required • Required for new CCNA Security instructors; Fast track possible with evidence of CCNA Security or higher certification or industry experience • Recommended for existing NS1, NS2 and CCNP: ISCW instructors • Existing NS1, NS2 and CCNP: ISCW instructors allowed to teach CCNA Security course • Instructor Training • BDL format with 3-day in-person preferred; Can also be delivered 100% remote • BDL Best Practices guide developed to provide guidelines on how to deliver course in a BDL environment • Training Support Model – similar to CCNP model; Cisco Networking Academy Global Support Desk will provide day-to-day technical support

  33. CCNA SecurityRelease Dates and Availability Early January 2009 Draft Scope and Sequence • Mid-April 2009 • Beta Release of student course: • For instructor training and preview purposes • End of July 2009 • General Availability (GA) Release—student and instructor materials: • Released at same time with Packet Tracer v5.2 GA • Use for teaching student classes End of Jun 2009 Virtual SMT for GA Release Mar 2009 Virtual SMT for Beta Release Jan Jul Mar Apr Jun 2009

  34. Communications • Announcements sent via email to all instructors: • New CCNA Security Course announced – Sep 2008 • Current NS1 and NS2 courses move to unsupported – Sep 2008 • CCNA Security course availability announced – Oct 2008 • Preliminary CCNA Security Scope & Sequence available – Jan 2009 • FAQs

  35. Q and A

More Related