Cisco CCNA Security Overview Updated October 2012 Overview 1 Course Design 2 Instructor Training 3 For More Information 4 © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 2 © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 3 CCNA Security helps students: • Understand core security concepts and how to develop and implement security policies to mitigate risks • Acquire skills needed configure, monitor, and troubleshoot network security • Prepare for CCNA Security certification exam • Start or advance a career in network security • Differentiate themselves in the market with specialized skills and expertise to achieve success © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 4 Upon completion of this course, students will be able to: • Describe security threats facing modern network infrastructures • Secure network device access • Implement AAA on network devices • Mitigate threats to networks using ACLs • Implement secure network management and reporting • Mitigate common Layer 2 attacks • Implement the Cisco IOS firewall feature set • Implement an adaptive security appliance (ASA) • Implement the Cisco IOS Intrusion Prevention System (IPS) feature set • Implement site-to-site IP Sec VPNs • Administer effective security policies © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 5 • Aligns with updated CCNA Security certification exam (IINS 640-554) • Cisco Adaptive Security Appliances (ASA) content added in a new chapter (Chapter 10), including four ASA labs • Cisco Configuration Professional (CP) replaced Security Device Manager (SDM) throughout the course and labs • Expanded content scope, including the following: • Mitigating SNMP threats • IPv6 ACLs and object groups • Cisco IPS Global Correlation and Security Intelligence Operation (SIO) • Bridge Protocol Data Unit (BPDU) filtering • Cisco protected port feature (PVLAN edge) • Cisco SecureX Architecture • The Secure Copy (SCP) command © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 6 End-of-Life Milestones for CCNA Security v1.0 End-of-Life Announcement Last Class Start Date Last Class End Date End-of-Support and End-of-Availability 8-MAR-2012 31-May-2012 31-Aug-2012 31-Aug-2012 Cisco IINS Certification Exam Availability Course Exam Name Exam Number Availability CCNA Security v1.0 IINS 640-553 Available through 30-Sept-2012 CCNA Security v1.1 IINS 640-554 Available from 28-Feb-2012 © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 7 • College and university-level students seeking career-oriented, entry- level security specialist skills • IT professionals wishing to broaden or add specialized skills to their technology expertise • Current CCNA Certification holders who wish to build on their CCNA knowledge base • Prerequisites: CCNA-level networking knowledge and skills © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 8 ROUTE: Implementing IP Routing Network Fundamentals SWITCH: Implementing IP Switched Networks Working at a Small-to-Medium Business or ISP Routing Protocols and Concepts TSHOOT: Troubleshooting and Maintaining IP Networks Network Associate Introducing Routing and Switching in the Enterprise LAN Switching and Wireless Network Technician Designing and Supporting Computer Networks Accessing the WAN Networking for Home and Small Businesses Network Professional Network Specialist IT Technician IT Essentials: PC Hardware and Software CCNA Discovery CCNA Security CCNP CCNA Security CCNA Exploration IT Essentials Cisco Packet Tracer Student Networking Knowledge and Skills © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 9 Courses Align with Globally Recognized Certifications CompTIA A+ CCNA CCENT CCNA CCNA Security CCNP IT Essentials CCNA Discovery CCNA Exploration CCNA Security CCNP Student Networking Knowledge and Skills © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 10 Certification Name Years of Experience Job Role Number of Exams CCNA Security 1–3 Network Security Specialist, Security Administrator, Network Security Support Engineer 1 CCNP Security 3–5 Network Security Engineer 4 CCIE Security 7+ Network Security Engineer 2 © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 11 • Verifies an individual’s skills in the following roles: • Network Security Specialist • Security Administrator • Network Security Support Engineer • Prerequisite for CCNP Security certification • Potential employers can feel confident that candidates have the skills needed to install, troubleshoot, and monitor Cisco security technologies. • The U.S. National Security Agency (NSA) and the Committee on National Security Systems (CNSS) recognizes that the Cisco CCNA Security courseware meets the CNSS 4011 training standard (learn more). © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 12 © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 13 • Same GUI as CCNA Discovery and CCNA Exploration curricula • 10 chapters and chapter exams • 10 Cisco Packet Tracer activities • 16 hands-on labs • One Packet Tracer Practice skills-based assessment • One final exam and one skills-based assessment • Balance of theory, hands-on practice, and application • Available in English only, no translated versions are planned • Enabled for both in-person and blended learning environments © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 14 • Leverages CCNA Discovery/Exploration equipment bundle and topology and is identical to v1.0 equipment list with the addition of a Cisco ASA (Model 5505) • NDG NETLAB+ can be enabled for remote lab equipment operation. • The required Advanced IP Services feature set (ISR G1) and the Security (SEC) technology package license are available for academies that are part of Networking Academy Maintenance Minimum System Requirements Curriculum requirements: 1 Student PC per student 1 local curriculum server Lab bundle requirements : 3 Cisco routers, 2 with the SEC technology package 3 two-port serial WAN interface cards 3 Cisco switches 1 Cisco Adaptive Security Appliance (ASA) Assorted Ethernet and Serial cables and hubs Detailed equipment information is available in the Instructor Lab Manual and the CCNA Security Equipment List located in the CCNA Security resources folder on Cisco NetSpace and in the Equipment Information area on Academy Connection. © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 15 Course Chapters and Goals Chapter 1 Modern Network Security Threats Chapter 2 Securing Network Devices Chapter 3 Authentication, Authorization and Accounting Chapter 4 Implementing Firewall Technologies Chapter 5 Implementing Intrusion Prevention Chapter 6 Securing the Local Area Network Chapter 7 Cryptographic Systems Chapter 8 Implementing Virtual Private Networks Chapter 9 Managing A Secure Network Chapter 10 Implementing the Cisco Adaptive Security Appliance (ASA) Goal: Explain network threats, mitigation techniques, and the basics of securing a network. Goal: Secure administrative access on Cisco routers. Goal: Secure administrative access with AAA. Goal: Implement firewall technologies to secure the network perimeter. Goal: Configure IPS to mitigate attacks on the network. Goal: Describe LAN security considerations and implement endpoint and Layer 2 security features. Goal: Describe methods for protecting data confidentiality and integrity. Goal: Implement secure virtual private networks. Goal: Create and implement a comprehensive security policy to meet the security needs of an enterprise. © 2012 Cisco and/or its affiliates. All rights reserved. Goal: Implement firewall technologies using the ASA to secure the network perimeter. Cisco Public 16 © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 17 • All instructors should have CCNA-level networking knowledge and skills • Instructor training is required for new CCNA Security instructors • Fast track option available with evidence of CCNA Security or higher certification or industry experience • Instructor training is delivered by Instructor Training Centers (ITCs) • 40-hour training: in-person, blended, or remote delivery formats © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 18 • The CCNA Security v1.1 Instructor Resource Site provides best practices, tips for classroom management and discussions, and teaching analogies http://lms.netacad.net/ index.php © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 19 © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 20 • Latest documents are posted in the CCNA Security resources area, which can be accessed through the Offerings menu on NetSpace, or in the Course Catalog on Academy Connection: • CCNA Security Scope and Sequence • CCNA Security FAQs • CCNA Security Datasheet • CCNA Security At-a-Glance • CCNA Security Overview Presentation • Visit the CCNA Security v1.1 Instructor Resource Site • Visit the CCNA Security certification page © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 21 Thank you.