Home > Cisco Certification > Cisco Firewall Specialist Training

Cisco Firewall Specialist Training

Product Description

Schedule our instructor led classroom training at your convenience and never miss another lecture or fall behind. You are in complete control. We invited the Best Trainers in the industry to help us develop the ultimate training & certification program which includes everything you will need to fully prepare for and succeed in securing network devices..

Cisco security certifications focus on the growing need for knowledgeable network professionals who can implement complete security solutions. Cisco Firewall Specialists focus on securing network access using Cisco IOS Software and Cisco PIX and Adaptive Security Appliance (ASA) Firewall Technologies.

Package Includes

Securing Cisco Network Devices (SCND) - Exam 642-552

Securing Networks with PIX and ASA (SNPA) Training for Exam 642-523

9 DVD-ROMs featuring live instructor-led classroom sessions with full audio, video and demonstration components

Interactive Hands-on-lab simulations

Printable Courseware

Proven technique- Actual Exam Secrets Review

Instructor

Kenneth Mayer - Certified CEH Trainer (CCSI, MCT, CCNP, CCDA)
Ken Mayer is a Microsoft Certified Trainer as well as a Certified Ethical Hacker Trainer and Security consultant. He started his career in computer technology in 1980s. He has offered a wide variety of IT training and high level consulting projects for Fortune 500 companies across the United States and Western Europe. He has achieved the Certified Cisco Systems Instructor certification. The CCSI certification involved a two-day lab and observation event held on Cisco in Paris, France Facility. This gave Ken the accreditation to be able to deliver Cisco Authorized Courses as a CCSI. He has taught the full line of Cisco CCNA, CCDA, CCNP, CCDP and CCIP course curriculums, including Cisco's security appliances such as PIX and IDS.

Course Outline

Cisco SCND (642-552) Securing Cisco Network Devices

Course Introduction
Course Introduction

Chapter 1 - Introduction to Network Security Policies
Building Cisco Self-Defending Networks
Threat Evolution
Port 80 Applications Blur the Network Perimeter
The SQL Slammer Worm: 30 Minutes After “Release”
Network Effects of the SQL Slammer Worm
Cisco Self-Defending Network Strategy
Evolving a Cisco Self-Defending Network
ATD Products, Services, and Architecture Example
Cisco Integrated Security Portfolio
Cisco Self-Defending Network

Chapter 1a Review
Understanding the Requirement for a Secure Network Policy
Closed Networks
Open Networks
Threat Capabilities - More Dangerous and Easier to Use
Size of the Problem
Network Security Challenge
E-Business Challenge
Converging Dynamics
Information Assurance - CIA
Information Assurance - Typical Network Architecture
Hackers, Motivations, and Classes of Attack
Integrity
The Human Aspect
Technology
Operations
Defense in Depth
Layered Approach
Network Security Design Factors
Secure the Network
Monitor Security
Test Security
Improve Security
Network Security Infrastructure

Chapter 1b Review
Introducing Network Attack Mitigation Techniques
Installation Risk Assessment
Common Threats to Physical Installations
Hardware Threat Mitigation
Environmental Threat Mitigation
Electrical Threat Mitigation
Maintenance - Related Threat Mitigation
Reconnaissance Attacks
Packet Sniffers
Packet Sniffer Attack Mitigation
Port Scans and Ping Sweeps
Port Scan and Ping Sweep Attack Mitigation
Internet Information Queries
Access Attacks
Password Attacks
Demo - Password Attacks
Password Attack Example
Password Attack Mitigation
Trust Exploitation
Trust Exploitation Attack Mitigation
Port Redirection
Buffer Overflow Attack Mitigation
Demo - Buffer Overflow
IP Spoofing
IP Spoofing - Technical Discussion
IP Spoofing - Types of Attack
Man-in-the-Middle Attacks
Demo - Man In The Middle
IP Spoofing Attack Mitigation
DoS Attacks
TCP SYN Flooding DoS Attack
DDoS Attacks
DDoS Example
DoS and DDoS Attack Mitigation
Worm, Virus, and Trojan Horse Attacks
Anatomy of a Worm Attack
Mitigating Worm Attacks
Containing Virus and Trojan Horse Attacks
Application Layer Attacks
Application Layer Attack Mitigation
Configuration Management
Configuration Management Recommendations
Management Protocols
Management Protocol Best Practices
Determining Network Vulnerabilities

Chapter 1c Review
Thinking Like a Hacker
Step 1: Footprinting and Fingerprinting
Defeat Footprinting
Step 2: Enumeration
Step 3: Social Engineering
Step 4: Privilege Information
Step 5: Gather Additional Passwords and Secrets
Step 6: Maintaining Access
Step 7: Leverage the Compromised System
Best Practices to Defeat Hackers

Chapter 1d Review
Designing a Secure Network Life - Cycle Model
Secure Network Design Factors
Typical Business Goals
Secure Network Life Cycle
PDIOO Applied to the Secure Network Life Cycle
Secure Network Planning Phase
Secure Network Design Phase
Secure Network Implement Phase
Secure Network Operation Phase
Secure Network Optimize Phase
Disposal of Secure Network Components
Principles of Secure Network Design
Selected Principles for IT Security

Chapter 1e Review
Developing a Comprehensive Security Policy
What are the Assets?
Why Do You Need a Security Policy?
What Does a Security Policy Do?
Who Uses the Security Policy?
Comprehensive Security Policy
Governing Policy Comes from the Top
Technical and User Policies
Types of Technical Policies
Security Policy Development
Developing a Security Policy Plan Phase
Developing a Security Policy Design Phase
Assigning Risk to Network Components
Identify Types of Users
Security Analysis Matrix
Developing a Security Policy - Implement Phase
Developing a Security Policy - Operate Phase
Operate Phase Security Monitoring
Operate Phase Incident Response
Developing a Security Policy Optimize Phase
Managing Security Changes
What Makes a Good Security Policy?

Chapter 1f Review

Chapter 2 - Securing the Perimeter
Applying a Security Policy for Cisco Routers
Role of Routers in Networks
Threats to and Attacks on Routers
Router Security Principles
How Routers Enforce Perimeter Security Policy
Filtering Packets with a Router
Local and Remote Administrative Access
Keeping Up-to-date
Logging
Conceptual Basis for a Router Security Policy
Creating a Security Policy for a Router
Applying Cisco IOS Security Features

Chapter 2a Review
Introducing Cisco SDM
Cisco SDM Overview
Starting Cisco SDM
Files Required to Run Cisco SDM from a Router
Launching Cisco SDM Express
Launching Cisco SDM
Navigating the Cisco SDM Interface
Cisco SDM Wizards in Configuration Mode
Configuration Mode Advanced Configuration
Monitor Mode

Chapter 2b Review
Configuring AAA Functions on the Cisco IOS Router
AAA Model - Network Security Architecture
Implementing Cisco AAA
Implementing Authentication Using Local Services
Implementing Authentication Using External Servers
TACACS+ and RADIUS AAA Protocols
Authentication Methods and Ease of Use
Authentication - Remote PC Username and Password
Authentication - Token Cards and Servers
AAA Example - Authentication via PPP Link
Authenticating Router Access
Router Local Authentication Configuration Process
Enable AAA Globally Using the aaa new - model Command
aaa authentication Commands
aaa authentication login Command
aaa authentication ppp Command
aaa authentication enable default Command
Authentication for Lines and Commands
aaa authorization Command
aaa accounting Command
Troubleshooting AAA Using debug Commands
Troubleshooting AAA Using the debug aaa Command
Troubleshooting AAA Using tdebug aaa accounting
Configuring AAA with Cisco SDM
Demo - Authentication

Chapter 2c Review
Disabling Unused Cisco Router Network Services and Interfaces
Vulnerable Router Services and Interfaces
What You Need to Do
Management Service Vulnerabilities
Locking Down a Router with Cisco AutoSecure
Locking Down a Router with Cisco SDM
Limitations and Cautions
Demo - Auto Secure

Chapter 2d Review
Implementing Secure Management and Reporting
Considerations for Secure Management and Reporting
Architecure of Secure Management and Reporting
In-Band Management Considerations
Secure Management and Reporting
Implementing Log Messaging for Security
Syslog Systems
Cisco Log Severity Levels
Log Message Format
Using Logs to Monitor Network Security
SNMPv1 and SNMPv2 Architecture
Community Strings
SNMP Security Models and Levels
SNMPv3 Architecture
SNMPv3 Operational Model
Configuring an SSH Server for Security
Enabling Syslog Logging With Cisco SDM
Enabling SNMP with Cisco SDM
Enabling NTP with Cisco SDM
Enabling SSH with Cisco SDM
Demo - SSH

Chapter 2e Review
Defending the Network Perimeter with Cisco Products
Cisco IOS Router Security
Cisco Secure ACS
Cisco Secure ACS Product Summary

Chapter 2f Review

Chapter 3 - Securing LAN and WLAN Devices
Applying Security Policies to Network Switches
Why Worry About Layer 2 Security?
Domino Effect
Switches Are Targets
Securing Network Access at Layer 2
Protecting Administrative Access
Password Encryption
Password Guidelines
Protecting the Management Port
Turning Off Unused Network Services
Shutting Down Interfaces

Chapter 3a Review
Mitigating Layer 2 Attacks
VLAN Hopping by Switch Spoofing
VLAN Hopping by Double Tagging
Mitigating VLAN Hopping Network Attacks
STP Attack
bpdu-guard and guard root Commands
Spoofing the DHCP Server
DHCP Snooping
ARP Spoofing: Man-in-the-Middle Attacks
Mitigating Man-in-the-Middle Attacks with DAI
DAI in Action
MAC Learning
CAM Learns MAC B Is on Port 2
CAM Table Is Updated Flooding Stops
Intruder Launches macof Utility
The CAM Table Overflows
MAC Address Spoofing Attack
Using Port Security to Mitigate Attacks
Port Security Fundamentals
Port Security Configuration
Port Security Defaults
Configuring Port Security on a Cisco Catalyst Switch
Port Security Configuration Script
Verify the Configuration
Layer 2 Best Practices
Demo - Switch Port Security

Chapter 3b Review
Using Cisco Catalyst Switch Security Features
Switching Infrastructure and Security
Identity - Based Networking Services
VLAN ACL
Private VLAN
Notification of Intrusions
Rate Limiting
Switched Port Analyzer
Management Encryption

Chapter 3c Review
Securing Wireless LANs
Wireless LANs Extend Wired LANs
Comparing WLANs with LANs
WLAN Characteristics
Typical WLAN Components and Topologies
Cisco Unified Wireless Network
Threats to WLANs
Evolution of WLAN Security
Open Access Phase - SSID
Initial Phase -WEP
802.11 Open Authentication
802.11 Shared Key Authentication
Basic 802.11 Security Issues
Exploits of 802.11 Security Vulnerabilities
Enhanced 802.11 Security
Interim Phase -WPA
Present Phase - WPA2
802.1x for WLANs
802.1x EAP Deployment Comparison
802.1x Advantages for WLANs
“Present” Phase - WLAN IDS
Demo - Private VLANs

Chapter 3d Review

Chapter 4 - Configuring a Cisco IOS Firewall
Introducing Firewall Technologies
What Is a Firewall?
Evolution of Firewall Technologies
Static Packet Filtering Firewalls
Static Packet Filtering Example
Pros and Cons of Packet Filters
Circuit Level Firewall
Application Layer Firewall
Application Layer Proxy Firewall
Application Level Proxy Firewall
Proxy Server Communication Process
Limitations and Uses of Application Layer Firewalls
Stateful or Dynamic Packet Filtering
Stateful Filtering
Limitations and Uses of Stateful Firewalls
Cut-Through Proxy Firewall Communication Process
Implementing NAT on a Firewall
Network Address Translation
Port Address Translation
Configuring NAT with Cisco SDM
Limitations and Uses of NAT
Application Inspection Firewall
Application Inspection Firewall Operation
Application Inspection Firewalls
Content Filtering Using Websense
Firewalls in a Layered Defense Strategy

Chapter 4a Review
Building Static Packet Filters with Cisco ACLs
Access Control Lists
Standard and Extended ACLs
Identifying ACLs
Enable Turbo ACLs
Guidelines for Developing ACLs
Applying ACLs to Inbound and Outbound Interfaces
Applying ACLs to Interfaces
Traffic Filtering with ACLs
Reference Network Topology
vty Filtering
SNMP Service Filtering
RIPv2 Route Filtering
IP Address Spoof Mitigation Inbound
IP Address Spoof Mitigation Outbound
DoS TCP SYN Attack Mitigation Blocking External Access
DoS Smurf Attack Mitigation
Filtering ICMP Messages Inbound
Filtering ICMP Messages Outbound
Filtering UDP Traceroute Messages
Basics of DDoS Attacks
DDoS Attack Mitigation Trin00
DDoS Attack Mitigation Stacheldraht
DDoS Attack Mitigation Trinity v3
DDoS Attack Mitigation SubSeven
Combining Access Functions
ACL Caveats

Chapter 4b Review
Configuring a Cisco IOS Firewall with the Cisco SDM Wizard
Choosing the Type of Firewall You Need
SDM Firewall Wizard Help Screens
Step-by-Step Help Screens
Basic Firewall
Creating an Advanced Firewall
Configuring Firewall Inspection Rules
Application Security Configuration
Advanced Firewall Configuration Summary
Delivering the Commands to the Router
Editing a Firewall Policy
Editing the Application Security Policy
Editing Firewall Global Settings

Chapter 4c Review
Defending Your Network with the Cisco Firewall Product Family
Cisco Firewall Product Family
Cisco IOS Firewall Features
When to Use a Cisco IOS Firewall
Cisco PIX 500 Series Security Appliances
Cisco PIX 500 Series Security Appliances Features
Cisco Catalyst 6500 Series Firewall Services Module
Cisco ASA 5500 Series Adaptive Security Appliances
Adaptive Solution with Converged Security Services
Migrating from Cisco PIX to Cisco Security Appliance
Best Practices for Firewall Policy Development
Demo - Access List

Chapter 4d Review

Chapter 5 - Securing Networks with Cisco IOS IPS
Introducing IDS and IPS
Defining IDS and IPS
IDS and IPS Common Characteristics
IDS and IPS Operational Differences
Comparing IDS and IPS Solutions
Placement of IDS and IPS Sensors
Types of IDS and IPS Sensors
Cisco IOS IPS Attack Responses
Event Monitoring and Management
Security - MARS IPS Monitoring System
HIPS Features
HIPS Operation Details
Cisco HIPS Deployment
NIPS Features
Cisco NIPS Deployment
Comparing HIPS and Network IPS
HIPS and Network IPS Monitoring
IPS Signature Operational Characteristics
Attack Methods, IPS Signature Types, and Capabilities
Signature Definition Files
Memory Requirements of Pre-Built SDFs
Distributed Threat Mitigation with Intrusion Prevention System
Benefits of DTM with Cisco IOS IPS Software
Signature Micro-Engines
Supported Signature Micro-Engines
Signature Micro-Engine and SDF Build Failures
Cisco Signature Alarm Types
Support for SDEE and Syslog
Viewing SDEE Alarm Messages
Implementing Alarms in Signatures

Chapter 5a Review
Configuring Cisco IOS IPS
Cisco IOS IPS Intrusion Detection Technology
Primary Benefits of the Cisco IOS IPS Solution
Cisco IOS IPS Signature Features
Using Cisco SDM to Configure Cisco IOS IPS
Using Cisco SDM GUI to Create IPS Rules
Using Cisco SDM GUI to Edit Existing IPS Rules
Launching the IPS Rule Wizard
Confirming IOS IPS on Interfaces
Configuring Signatures Using Cisco SDM
Importing Signature Definition Files
Configuring Global Settings
Saving the Cisco IOS IPS Configuration

Chapter 5b Review
Defending Your Network with the Cisco IPS Product Family
Cisco IPS Platforms
Throughput on Cisco IOS Routers
Performance and Limitations of Platforms
Performance and Limitations of Cisco ASA 5500 Series
Relative Positioning of Cisco IPS Sensors
Cisco IPS Management Software
CSA Architecture
Application, Kernel, and Interceptors
CSA Interceptors
CSA Features
Cisco IPS Selection Considerations
IPS Configuration Best Practices
Accommodating Network Growth
Scaling HIPS Systems

Chapter 5c Review

Chapter 6 - Building IPsec VPNs
Introducing IPsec VPNs
Introducing Ipsec
Internet Key Exchange
IKE Communication Negotiation Phases
IKE: Other Functions
ESP and AH Header
Transport and Tunnel Mode
Message Authentication and Integrity Check Using Hash
MD5 and SHA-1
Symmetric vs. Asymmetric Encryption Algorithms
Symmetrical Key Encryption Algorithms
DH and RSA Asymmetric Encryption Algorithms
PKI Certificates
PKI Message Exchange
PKI Credentials

Chapter 6a Review
Building a Site-to-Site IPsec VPN Operation
Site-to-Site IPsec VPN
Site-to-Site IPsec Configuration
Site-to-Site IPsec Configuration - Phase 1
Site-to-Site IPsec Configuration - Phase 2
Site-to-Site IPsec - Apply VPN Configuration
Site-to-Site IPsec - Interface Access List

Chapter 6b Review
Configuring IPsec Site-to-Site VPN Using Cisco SDM
Introducing the Cisco SDM VPN Wizard Interface
Site-to-Site VPN Components
Launching the Site-to-Site VPN Wizard
Quick Setup
Step-by-Step Setup
Connection Settings
IKE Proposals
Transform Set
Option 1: Single Source and Destination Subnet
Option 2: Using an ACL
Review the Generated Configuration
Test Tunnel Configuration and Operation
Monitor Tunnel Operation
Advanced Monitoring
Troubleshooting

Chapter 6c Review
Building Remote Access VPNs
Cisco Easy VPN Components
Remote Access Using Cisco Easy VPN
Cisco Easy VPN Remote Connection Process
Cisco Easy VPN Tasks for the Cisco Easy VPN Server Wizard
Starting the Cisco Easy VPN Server Wizard
Choosing an Interface for Terminating IPsec
Configuring IKE Policies
Configuring IPsec Transform Sets
Configuring a Group Policy Local Router Configuration
Configuring a Group Policy External Location via RADIUS
Configuring a Local User Database: User Authentication
Configuring Local Group Policies
Configuring Local Group Policy Parameters
Confirming Configuration Settings
Testing the Cisco Easy VPN Server Configuration
Managing Cisco Easy VPN Server Connections
Editing, Cloning, or Deleting Group Policies
Creating or Editing a Local Pool for IP Addresses
Cisco VPN Client Software
Configuring Cisco Easy VPN Remote
Managing Cisco Easy VPN Remote Connections

Chapter 6d Review
Course Closure

Cisco SNPA (642-523) Securing Cisco Networks with PIX and ASA

Chapter 1 - The Cisco Security Appliance
The Cisco Security Appliance
What is a Firewall?
Firewall Technologies
Packet Filtering
Proxy Server
Stateful Packet Filtering
Security Appliances: What Are They?
Proprietary Operating System
Stateful Packet Inspection
Cut-Through Proxy Operation
Application-Aware Inspection
Modular Policy
Virtual Private Network
Security Context (Virtual Firewall)
Failover Capabilities: Active/Standby, Active/Active, and Stateful Failover
Transparent Firewall
Web-Based Management Solutions
Chapter 1 Review

Chapter 2 - Cisco PIX Security Appliance and ASA Adaptive
Security Appliance Families
Cisco PIX Security Appliance and ASA Adaptive Security Appliance Families
PIX Firewall Security Appliance Family
ASA Adaptive Security Appliance Family
Cisco ASA 5510 Adaptive Security Appliance
Cisco ASA 5520 Adaptive Security Appliance
Cisco ASA 5540 Adaptive Security Appliance
ASA 5500 Series: Front and Back Panels
ASA 5500 Series: Connectors
Security Services Module
PIX Firewall Security Appliance Licensing
PIX License Types
VPN Encryption License
PIX Firewall Security Context Licenses
PIX 515E, 525, and 535 Licensing
ASA Adaptive Security Appliance Licensing
ASA Security Context Licenses
ASA 5510, 5520, and 5540 Licensing
Cisco Firewall Services Module
FWSM
FWSM in Catalyst 6500 Switch and Cisco 7600 Internet Router
Chapter 2 Review

Chapter 3 - Getting Started with Cisco Security Appliances
Getting Started with Cisco Security Appliances
User Interface
Security Appliance Access Modes
Access Privilege Mode
Access Configuration Mode: Configure Terminal Command
Help Command
File Management
Viewing and Saving Your Configuration
Clearing Running Configuration
Clearing Startup Configuration
Reload the Configuration: reload Command
File System
Displaying Stored Files: System and Configuration
Selecting Boot System File
Verifying the Startup System Image
Security Appliance Security Levels
Functions of the Security Appliance: Security Algorithm
Security Level Example
Basic Security Appliance Configuration
Hostname and CLI Prompt Configuration
Basic CLI Commands
interface Configuration
Naming the Interface
Assign Interface IP Address
DHCP-Assigned Address
Assign a Security Level
Speed and Duplex Commands
ASA Management Interface
NAT
Enable NAT Control
nat Command
global Command
Demo - Basic CLI Commands
Configuring a Static Route
Static Host Command
Configuration Example
Examining Security Appliance Status
show Commands
show memory Command
show cpu usage Command
show version Command
show ip address Command
show interface Command
show nameif Command
show run nat Command
show run global Command
show xlate Command
ping Command
show route Command
Setting Time and Using NTP Support
clock Command
Setting DST
ntp Command
Syslog Configuration
Using a Syslog Server
Logging Options
Logging Levels
Configure Message Output to a Syslog Server
Syslog Output Example
Customize Syslog Output
show logging Command
Demo - More Commands
Chapter 3 Review

Chapter 4 - Translations and Connections
Translations and Connections
Transport Protocols
Sessions in an IP World
TCP
TCP from Inside to Outside
UDP
Network Address Translation
Addressing Scenarios
Access Through the Security Appliance
Inside Address Translation
Dynamic Inside NAT
Two Interfaces with NAT
Three Interfaces with NAT
Port Address Translation
PAT Example
PAT Using Egress Address
Mapping Subnets to PAT Addresses
Backing Up PAT Addresses by Using Multiple PATs
Augmenting a Global Pool with PAT
Identity NAT
Identity NAT: nat 0 Command
Demo - Dynamic NAT
Static Command
Global NAT and Static NAT
static Command: Parameters
static Command: Web Server
static Command: FTP Server
Net Static
Static PAT: Port Redirection
static pat Command
TCP Intercept and Connection Limits
Connection Limits
TCP Three-Way Handshake
TCP Intercept
SYN Cookies
Embryonic Connection Limit
UDP Maximum Connection Limit
Connections and Translations
Connections Versus Translations
show conn Command
show conn detail Command
show local-host Command
show xlate Command
show xlate detail Command
Security Appliance NAT Philosophy
Matching Outbound Packet Addresses
Configuring Multiple Interfaces
Additional Interface Support
Configuring Three Interfaces
Configuring Four Interfaces
Demo - Static NAT
Chapter 4 Review

Chapter 5 - ACLs and Content Filtering
ACLs and Content Filtering
ACLs
Security Levels Revisited
ACL Configuration
ACL Usage Guidelines
Inbound Traffic to DMZ Web Server
Create a Static Translation for Web Server
access-list Command
access-group Command
show access-list Command
clear access-list counters Command
Time Range Configuration
Time-Range Submode
Time-based ACL
Time-based ACL Example
ACL Logging
access-list deny-flow-max & alert-interval Commands
ACL Line Number and Comments
Inbound HTTP Access Solution
Inbound HTTPS Access Solution
icmp Command
nat 0 Plus acl Command
Policy NAT: nat Plus acl Command
Other Commands Plus acl
Malicious Active Code Filtering
Java Applet Filtering
ActiveX Blocking
ActiveX filter Command
URL Filtering
HTTP URL Filtering
Designate the URL-filtering Server
Enable HTTP URL Filtering
HTTPS and FTP Filtering
URL-filtering Configuration Example
Demo - ACL Configuration
About the CSC SSM
Deploying the Security Appliance with CSC SSM
CSC SSM Traffic Flow
CSC SSM Deployment Scenario
Chapter 5 Review

Chapter 6 - Object Grouping
Object Grouping
Overview of Object Grouping
Using Object Groups in ACLs
Grouping Objects
Grouping Objects of Similar Types
Getting Started with Object Groups
Configuring and Using Object Groups
Configuring Network Object Groups
Configuring Service Object Groups
Adding Object Groups to an ACL
Configuring ICMP-Type Object Groups
Nested Object Groups
Configuring Nested Object Groups
Nested Object Group Example
group-object Command Example
Object Group Services Example
Apply Nested Object Group to ACL
Multiple Object Groups in ACLs
Displaying Configured Object Groups
Removing Configured Object Groups
Demo - Object Groups
Chapter 6 Review

Chapter 7 - Authentication, Authorization, and Accounting
Authentication, Authorization, and Accounting
Introduction
Types of Authentication
Types of Authorization
Types of Accounting
Installation of Cisco Secure ACS for Windows 2000
Installation Wizard
ACS Network Configuration
Security Appliance Access Authentication Configuration
Methods of Device Access
Configuring Authentication
Specify an AAA Server Group
AAA Server Group Subcommand
Designate an Authentication Server
Authentication of Console Access
How to Add Users to Cisco Secure ACS
How to Add Users to the LOCAL Database
Maximum Failed Attempts
Show Local Users
How to Change the Authentication Prompts
How to Change the Authentication Timeouts
Cut-Through Proxy Authentication Configuration
Cut-Through Proxy Operation
Configuring Cut-Through Authentication
Enable authentication match
aaa authentication match
Enable authentication include | exclude
Show Authentication
show aaa-server Command: TACACS+ Server
Authentication of Non-Telnet, -FTP, -HTTP, or -HTTPS Traffic
Virtual Telnet
Virtual HTTP
Configuration of Virtual HTTP Authentication
Tunnel Access Authentication Configuration
Tunnel User Authentication
VPN Tunnel Group Policy
Authorization Configuration
Security Appliance User Authorization
TACACS+ Authorization Configuration
Enable authorization match
Enable authorization include | exclude
Authorization Rules Allowing Specific Services
Allowing Specific Services to Specific Hosts
Authorization of Non-Telnet, -FTP, -HTTP, or -HTTPS Traffic
Downloadable ACLs
Downloadable ACL Authorization
Downloadable ACLs (Cont.)
Configuring Downloadable ACLs
Assigning the ACL to the User or Group
Show Downloaded ACLs
Show Authentication (Cont.)
RADIUS
Per-User Override
Example: Per-User Override
Accounting Configuration
AAA
Enable accounting match
Enable accounting include | exclude
How to View Accounting Information
Accounting of Non-Telnet, -FTP, or -HTTP Traffic
Admin Accounting
Viewing RADIUS Admin Access Accounting Information
Command Accounting
Viewing TACACS+ Admin Command Accounting
Demo - ACS Server
Chapter 7 Review

Chapter 8 - Switching and Routing
Switching and Routing
VLANs
Creating Logical and Physical Interfaces
Assigning VLAN Names and Security Levels
Assigning VLAN IP Addresses
VLAN Configuration
Maximum Number of Interfaces
Static and Dynamic Routing
Static Routes
Dynamic RIP Routes
OSPF
Configuring OSPF
Enabling OSPF Routing
Defining OSPF Networks
Two OSPF Processes
Configuring Two OSPF Areas
Multicasting

Multimedia Training DVD Course Features:

Main Menu
Move through hours of in-depth content - quickly and easily due to the efficient and organized structure.

PowerPoint
Utilizing PowerPoint presentations enhances the delivery by displaying a variety of visual information to the user. This type of representation allows the user to better interpret the material through charts, definitions, graphs, and more...

Exclusive Learning Zone
Train around the clock, around the world. Our certified online instructors are located at global support centers in the U.S., U.K., Australia, and Singapore to provide real-time answers to technology- and soft-skill-related questions 24x7. This means access to a live subject matter expert no matter where you are - day or night. This level of student/instructor interaction provides real-time training specific support and extends training beyond content and instructor-led solutions by providing flexibility to accommodate individual needs and schedules.

Controls
Move forward, back, and repeat entire topics or just a section. A progress bar illuminates as you advance through exercises.

Full Motion Video
All courses feature full-motion videos of instructors teaching the information as if they are speaking directly to you. Our unique delivery simulates a one-on-one classroom environment creating a more personal lesson and learning experience.

Study Guides
Printable study guides for the entire course are available. This allows all material to be viewed, reviewed, and printed for viewing at a later date.

Review Exercises
Each section has a review quiz to aid in the learning process by validating the comprehension of the material covered before moving on to a new section.

Resume
All courses are resumed to where you left off last session allowing you to learn when it is convenient for you without the hassle of remembering where you where.

Live Demonstrations
Demonstrations are a way for the instructor to show and tell the user how to perform a task by actually doing it on screen in front of them. In this format it gives the user the power to see things done by a professional in the intended environment as many times as they would like.

Certificate of Completion
Planetlearn's Career Academy is recognized worldwide for its technology-based IT training curriculums. Upon successful completion of our program, you will be receiving a Career Academy Distance Education Certificate of Completion.

"Training Desktop Users, IT, and Business Professionals since 1997."

Yahoo has awarded us with the Top Service Star! "Those with a star are the best of the best, with at least 95% positive ratings."