LearnKey Training

Cisco® VPN Specialist


LearnKey delivers authorized Cisco® training as a Sponsored Organization of Tech 2000, a Cisco Learning Solutions Partner.
Cisco VPN Specialist


Cisco® VPN Specialist

9 Sessions –
27 Hours of Interactive Training
The Cisco® VPN Specialist series from LearnKey includes the two courses needed to help prepare you for Cisco® VPN Specialist certification, Securing Cisco® IOS Networks (SECUR) and Cisco® Secure Virtual Private Networks (CSVPN). LearnKey training courses for Cisco® certifications meet or exceed Cisco® exam objectives. At the conclusion of this series you’ll be prepared to pass the two exams required for Cisco® VPN Specialist certification.
About The Author
For the past 16 years, Michael Storm has managed the design, security and implementation of enterprise networks for Fortune 100 companies around the globe. As the founder of Brainstorm International, Inc., Storm specializes in InfoSec Security and Internetwork Solutions Architectures. He is currently the Director of Network Engineering and Security Officer for Interface Technical Training of Phoenix, AZ and creator of the Immersion Learning System™, used by countless Cisco® and Microsoft Professionals for achieving technical mastery. Storm holds many IT certifications, including the Cisco® CCIE® Security, CCNP®, CCSP™, CCDP®, NSA/CNSS CISSP, MCSE and MCT.
Cisco® VPN Security
Session 1

Section A: Introduction
· CD Tour
· Prerequisites
· Certification Paths

Section B: VPN Basics
· What is a VPN?
· Three Scenarios
· Components
· Protocols

Section C: IPSec Technologies
· What is IPSec?
· Cisco Devices
· IPSec Standards
· IKE
· IPSec Modes
· Using IPSec Modes

Section D: IPSec Operations
· Operation Phases
· Interesting Traffic
· IKE Phase 1
· IKE Preshared Key
· RSA
· IKE Main Mode
· IKE Aggressive Mode

Section E: IPSec Operations (cont.)
· IKE Phase 2
· Quick Mode
· Forward Secrecy
· Encrypted Tunnel
· Tunnel Termination
· Security Associations
· Cisco IPSec Flowchart

Section F: Product Family
· VPN 3000 Series
· VPN 3005
· VPN 3015
· VPN 3030
· VPN 3060
· VPN 3080
· Concentrator Front LED
· Client Support

Section G: IOS VPN Preparation
· Solutions
· Configuring Steps
· Prepare for IPSec
· Determine IKE Policy
· Determine IPSec Policy
· IPSec Policy Parameter
· Verify

Section H: IOS VPN Configuration
· Configuring IKE
· Create IKE Policies
· Preshared Keys Config
· Configure IPSec
· Crypto Access Lists
· Crypto Maps
· Map Configuration
· Test/Verify IPSec

Session 2

Section A: IOS IPSec Lab
· Prepare for IPSec
· Configure IKE Policy
· Configure IPSec
· Create Crypto ACL/Map
· Assign Interface/Test

Section B: Certificate Authorities
· CA Process
· Contents/Operation
· Benefits/RAs
· Scaling IPSec VPNs
· Supported CA Servers
· Configuring IPSec VPNs
· CA Configuration

Section C: IPSec on PIX®
· Topologies
· IKE Policy Example
· IPSec Config Example
· Crypto Map Example

Section D: PIX® IPSec Lab
· Create Crypto ACL
· Verify IKE Protocol
· Create Crypto Map
· Verify VPN Tunnel

Section E: PIX® CA Support
· Scaling PIX® VPNs
· PIX® CA Config

Section F: IPSec on VPN 3000
· VPN Types
· VPN 3000 Functions
· Client-to-LAN VPNs
· VPN 3000 Client
· Using Preshared Keys
· Concentrator Config

Section G: Concentrator 3000 Lab
· Concentrator Manager
· Create Groups/Users
· IPSec Parameters
· Create VPN Users
· Install VPN Client
· Create Connection
· Verify/Test

Section H: VPN Client Firewall
· Client Firewall Features
· Firewall Policy
· General Status
· Statistics/Firewall
· Set Up Client FW Policy

Section I: VPN Concentrator CA
· CA Process
· Certificate Validation
· Loading Process
· Concentrator Certificates


Session 3

Section A: VPN 3002 Hardware Client
· Client Features
· Usage
· Client Mode
· Split Tunnel Option
· Network Extension Mode

Section B: VPN 3002 HC Configuration
· Site-to-Site
· Group Set Up
· Add User to Group
· Configure 3002 HC
· IPSec/Preshared Key
· Monitor Tunnel

Section C: VPN 3002 HC Authentication
· Unit Authentication
· User Authentication
· Monitor User Statistics

Section D: 3002 Redundancy
· Server Features
· Load Balancing
· Virtual Cluster
· Reverse Route Injection

Section E: VPN Redundant Configuration
· Configure Backup Server
· Cluster Configuration
· Device Configuration
· Config Dynamic Protocol
· ID Reverse Route Injection
· Site-to-Site Configuration

Section F: Update 3000/3002
· Configure 3002 Client
· Update Process
· Standard Update
· Update 3000 Concentrator
· Auto Update
· Monitoring

Section G: Scaling VPN
· Cisco® Solutions
· Dynamic Crypto Maps
· PIX® Firewall
· PIX® Site-to-Site
· Extended Authentication
· PIX® VPN Client Access


Cisco® SECUR
Session 1

Section A: Introduction
· Tour
· Overview
· Cisco® Certifications
· Advanced Certification

Section B: Security Weaknesses
· Network Security
· Primary Security Issue
· Security Issues
· Technology Weaknesses
· TCP/IP Weaknesses
· OS / Network Weaknesses
· Configuration Weaknesses
· Policy Weaknesses

Section C: Cisco®SECUR Products
· PIX® Firewall
· Integrated Software
· VPN Client
· Access Control Server
· Cisco®SECUR Scanner
· IDS
· Consulting Services

 



Cisco® VPN Specialist continued

Section D: Cisco®'s Security Approach
· 12 Basic Security Rules
· Rules 1-2
· Rules 3-4
· Rules 5-6
· Rules 7-9
· Rules 10-12
· Cisco® Security Solution

Section E: Network Intrusion
· Know Your Enemy
· Internal/External Threats
· Intruder Profile
· Intrusion Concepts

Section F: Threat Types
· Categories
· Reconnaissance Types
· Target Discovery
· Ping Sweeps/Port Scans
· Eavesdropping
· Counter-reconnaissance

Section G: Unauthorized Access
· Gain Privileged Access
· Password Attacks
· Gain Secondary Access
· Unsecured IP Applications
· Countermeasures
· Examples
· Attack Prevention


Session 2

Section A: Denial of Service
· Resource Overload Attack
· Out-of-band Data Attack
· Other DoS Attacks
· Countermeasures

Section B: Data Manipulation
· Spoofing
· Session Replay / Hijacking
· Session Replay Exploit
· Rerouting Exploit

Section C: World Athletics Case Study
· Background Information
· Project Scope
· Security Goals
· Dial-up Access
· Internet Access
· Departments
· Proposed Secure Design

Section D: Network Security Policy
· Evaluate Policy
· Evaluate Costs
· Evaluation Tool
· SPA Phases
· Policy Rules
· Policy Specifications
· Policy Contents

Section E: Auditing & Policies
· Applying a Policy
· Monitor Network Security
· Test Security
· Auditing Tools
· Random Auditing
· Improve Security Posture

Section F: Internal Security Threats
· Potential Threats
· Common Vulnerabilities
· Protection Types
· Physical Devices
· Administrative Interface
· Secure Router
· Encrypt Passwords
· Control Telnet Access

Section G: Securing SNMP
· Control SNMP Access
· SNMP Agent Functions
· SNMP Agent Configuration
· Configuration Example
· Traps & Informs


Session 3

Section A: Router-to-Router Security
· Plaintext Authentication
· MD5 Authentication
· Configuration Files
· Route Updates
· Filter Updates
· Inside-out Network Filter
· HTTP Control

Section B: Securing Ethernet Switches
· Password Options
· Telnet & SNMP Access
· Switch Port Security

Section C: Configure DMZ Router
· Security Requirements
· Campus Network
· Router Communications
· Secure SNMP
· Secure Telnet Access
· View Configuration

Section D: AAA Authentication
· AAA Security Architecture
· AAA Technology
· Protect Access with AAA
· Authentication Methods
· S/Key Authentication
· S/Key Server Component
· Token Card Authentication
· PAP / CHAP Authentication

Section E: AAA Security
· Authorization Methods
· Accounting Methods
· AAA Security Servers
· TACACS
· TACACS+
· RADIUS
· Kerberos Version 5

Section F: Cisco®SECUR ACS
· Windows NT
· UNIX
· Cisco®SECUR GRS

Section G: : Securing Dial-in Access
· Configure NAS for AAA
· Secure Access Ports
· Globally Enable AAA
· Modes & Methods
· Authentication Profile
· AAA Authorization
· AAA Accounting
· Debug / Log


Session 4

Section A: Using Cisco®SECUR ACS
· CSNT
· CSUNIX Features
· ACS Interface
· User Setup
· Group Setup
· Configuration Options

Section B: Secure Internet Connection
· Perimeter Routers
· IOS Router Feature Set
· IOS Firewall Feature Set
· Perimeter Components
· Firewall Implementations
· Firewall Products

Section C: Perimeter Router Attacks
· IOS Built-in Prevention
· Control TCP/IP Services
· Packet Filtering
· Lock-and-Key
· Prevent DoS Attacks
· Control SYN Attack
· Network Layer Encryption

Section D: Manage IP Addressing
· Address Management
· NAT/PAT Translations
· Dynamic NAT
· Logging Events
· Secure Perimeter Router
· Perimeter Requirements
· View Perimeter Config
· Access Control Lists

Section E: IOS Firewall
· Intrusion Detection
· Configure IOS
· IOS Firewall Planning
· CBAC
· CBAC Restrictions
· CBAC Configuration

Section F: PIX® Firewall
· PIX® Features
· Additional Features


Session 5

Section A: Basic PIX® Operations
· Basic Concepts
· ASA
· ASA Advantages
· ASA Example
· ASA Operation

Section B: Conduits & Routes
· Conduits & Static
· Static & Conduit Example
· Route Command
· Cut-through Proxy

Section C: PIX® Firewall Models
· Higher PIX® Models
· Lower PIX® Models
· Configure PIX® Firewall
· PDM Configuration
· Command-line Config

Section D: Basic PIX® Configuration
· PIX® Interface Security
· Built-in Security Rules
· Additional Configuration
· Firewall Translations
· Test Basic Config
· Case Study
· Complete Basic Config

Section E: Advanced PIX® Configuration
· NAT
· NAT Commands
· NAT Example
· Required Configuration

Section F: More PIX® Configuration
· Multimedia Applications
· PIX® Mail Guard
· Other Protocols
· Syslog Output
· Other Useful Commands

Section G: PIX® Management Functions
· PIX® AAA Support
· PIX AAA Configuration
· Outbound Access Control
· Outbound Examples
· URL Filtering

Section H: SNMP
· SNMP on the PIX
· Configure SNMP
· Failover Option
· Failover Configuration


Session 6

Section A: PIX® Advanced Lab
· Requirements
· PIX® Configuration
· More PIX® Config

Section B: PIX® Legacy VPN
· VPN Features
· Legacy VPN Environment
· PPTP Support
· Policy Manager
· PIX® Maintenance

Section C: Encryption Technology
· Encryption Benefits
· Encryption Components
· Encryption Types
· DES Encryption
· MD5 Message Hashing
· DSS Encryption
· Diffie-Hellman

 



Cisco® VPN Specialist continued

Section D: Implementing CET
· CET Operation
· Configure CET
· Crypto Maps
· Test & Verify
· Diagnose Encryption
· CET Implementation

Section E: IPSec Basics
· VPN Protocols
· Security Associations
· IKE
· IPSec Transforms
· IPSec Modes
· IPSec Protection
· Scale IPSec Networks

Section F: Configuring IPSec
· Configuration Phases
· Preparation
· Preparing Substeps
· IKE Policy
· IPSec Policy
· Final Prep Steps - IPSec

Section G: Finalize IPSec Configuration
· Create Peer Policy
· Configure Preshared Keys
· Verify IKE Policy
· Configure IPSec
· Transform Sets / Lifetimes
· Crypto ACL/Maps
· Test/Verify IPSec
· PIX Firewall

Section H: Scaling IPSec
· Using CA
· Sample CA Configuration
· Verify/Update CA
· Use Dynamic Crypto Map
· VPN Lab Configuration
· Check IPSec Configuration

CCDA, CCDP, CCIE, CCIP, CCNA, CCNP, Cisco, Cisco IOS, Cisco Systems, the Cisco Systems logo, and Networking Academy are registered trademarks or trademarks of Cisco Systems, Inc. and/or its affiliates in the U.S. and certain other countries. All other trademarks mentioned in this web site are the property of their respective owners.