Cisco CCNA Security
Overview
Updated October 2012
Overview
1
Course Design
2
Instructor Training
3
For More Information
4
© 2012 Cisco and/or its affiliates. All rights reserved.
Cisco Public
2
© 2012 Cisco and/or its affiliates. All rights reserved.
Cisco Public
3
CCNA Security helps students:
• Understand core security concepts and how to
develop and implement security policies to
mitigate risks
• Acquire skills needed configure, monitor, and
troubleshoot network security
• Prepare for CCNA Security certification exam
• Start or advance a career in network security
• Differentiate themselves in the market with
specialized skills and expertise to achieve
success
© 2012 Cisco and/or its affiliates. All rights reserved.
Cisco Public
4
Upon completion of this course, students will be able to:
• Describe security threats facing modern network infrastructures
• Secure network device access
• Implement AAA on network devices
• Mitigate threats to networks using ACLs
• Implement secure network management and reporting
• Mitigate common Layer 2 attacks
• Implement the Cisco IOS firewall feature set
• Implement an adaptive security appliance (ASA)
• Implement the Cisco IOS Intrusion Prevention System
(IPS) feature set
• Implement site-to-site IP Sec VPNs
• Administer effective security policies
© 2012 Cisco and/or its affiliates. All rights reserved.
Cisco Public
5
• Aligns with updated CCNA Security certification exam (IINS 640-554)
• Cisco Adaptive Security Appliances (ASA) content added in a new
chapter (Chapter 10), including four ASA labs
• Cisco Configuration Professional (CP) replaced Security Device
Manager (SDM) throughout the course and labs
• Expanded content scope, including the following:
• Mitigating SNMP threats
• IPv6 ACLs and object groups
• Cisco IPS Global Correlation and Security Intelligence Operation (SIO)
• Bridge Protocol Data Unit (BPDU) filtering
• Cisco protected port feature (PVLAN edge)
• Cisco SecureX Architecture
• The Secure Copy (SCP) command
© 2012 Cisco and/or its affiliates. All rights reserved.
Cisco Public
6
End-of-Life Milestones for CCNA Security v1.0
End-of-Life
Announcement
Last Class
Start Date
Last Class
End Date
End-of-Support and
End-of-Availability
8-MAR-2012
31-May-2012
31-Aug-2012
31-Aug-2012
Cisco IINS Certification Exam Availability
Course
Exam Name
Exam Number
Availability
CCNA Security v1.0
IINS
640-553
Available through 30-Sept-2012
CCNA Security v1.1
IINS
640-554
Available from 28-Feb-2012
© 2012 Cisco and/or its affiliates. All rights reserved.
Cisco Public
7
• College and university-level students seeking career-oriented, entry-
level security specialist skills
• IT professionals wishing to broaden or add specialized skills to their
technology expertise
• Current CCNA Certification holders who wish to build on their CCNA
knowledge base
• Prerequisites: CCNA-level networking knowledge and skills
© 2012 Cisco and/or its affiliates. All rights reserved.
Cisco Public
8
ROUTE:
Implementing
IP Routing
Network
Fundamentals
SWITCH:
Implementing IP
Switched Networks
Working at a
Small-to-Medium
Business
or ISP
Routing Protocols
and Concepts
TSHOOT:
Troubleshooting
and Maintaining IP
Networks
Network
Associate
Introducing Routing
and Switching in the
Enterprise
LAN Switching
and Wireless
Network
Technician
Designing and
Supporting
Computer Networks
Accessing the
WAN
Networking for
Home and Small
Businesses
Network
Professional
Network
Specialist
IT Technician
IT Essentials:
PC Hardware
and Software
CCNA
Discovery
CCNA
Security
CCNP
CCNA
Security
CCNA
Exploration
IT
Essentials
Cisco Packet Tracer
Student Networking Knowledge and Skills
© 2012 Cisco and/or its affiliates. All rights reserved.
Cisco Public
9
Courses Align with Globally Recognized Certifications
CompTIA
A+
CCNA
CCENT
CCNA
CCNA
Security
CCNP
IT
Essentials
CCNA
Discovery
CCNA
Exploration
CCNA
Security
CCNP
Student Networking Knowledge and Skills
© 2012 Cisco and/or its affiliates. All rights reserved.
Cisco Public
10
Certification
Name
Years of
Experience
Job Role
Number of
Exams
CCNA Security
1–3
Network Security Specialist,
Security Administrator,
Network Security Support
Engineer
1
CCNP Security
3–5
Network Security Engineer
4
CCIE Security
7+
Network Security Engineer
2
© 2012 Cisco and/or its affiliates. All rights reserved.
Cisco Public
11
• Verifies an individual’s skills in the following roles:
• Network Security Specialist
• Security Administrator
• Network Security Support Engineer
• Prerequisite for CCNP Security certification
• Potential employers can feel confident that candidates
have the skills needed to install, troubleshoot, and
monitor Cisco security technologies.
• The U.S. National Security Agency (NSA) and the
Committee on National Security Systems (CNSS)
recognizes that the Cisco CCNA Security courseware
meets the CNSS 4011 training standard (learn more).
© 2012 Cisco and/or its affiliates. All rights reserved.
Cisco Public
12
© 2012 Cisco and/or its affiliates. All rights reserved.
Cisco Public
13
• Same GUI as CCNA Discovery and CCNA Exploration curricula
• 10 chapters and chapter exams
• 10 Cisco Packet Tracer activities
• 16 hands-on labs
• One Packet Tracer Practice skills-based assessment
• One final exam and one skills-based assessment
• Balance of theory, hands-on practice, and application
• Available in English only, no translated versions are planned
• Enabled for both in-person and blended learning environments
© 2012 Cisco and/or its affiliates. All rights reserved.
Cisco Public
14
• Leverages CCNA Discovery/Exploration equipment bundle and topology and is identical to
v1.0 equipment list with the addition of a Cisco ASA (Model 5505)
• NDG NETLAB+ can be enabled for remote lab equipment operation.
• The required Advanced IP Services feature set (ISR G1) and the Security (SEC)
technology package license are available for academies that are part of Networking
Academy Maintenance
Minimum System Requirements
Curriculum requirements:
1 Student PC per student
1 local curriculum server
Lab bundle requirements :
3 Cisco routers, 2 with the SEC technology package
3 two-port serial WAN interface cards
3 Cisco switches
1 Cisco Adaptive Security Appliance (ASA)
Assorted Ethernet and Serial cables and hubs
Detailed equipment information is available in the Instructor
Lab Manual and the CCNA Security Equipment List located in
the CCNA Security resources folder on Cisco NetSpace and
in the Equipment Information area on Academy Connection.
© 2012 Cisco and/or its affiliates. All rights reserved.
Cisco Public
15
Course Chapters and Goals
Chapter 1
Modern Network Security Threats
Chapter 2
Securing Network Devices
Chapter 3
Authentication, Authorization and Accounting
Chapter 4
Implementing Firewall Technologies
Chapter 5
Implementing Intrusion Prevention
Chapter 6
Securing the Local Area Network
Chapter 7
Cryptographic Systems
Chapter 8
Implementing Virtual Private Networks
Chapter 9
Managing A Secure Network
Chapter 10
Implementing the Cisco Adaptive Security Appliance (ASA)
Goal: Explain network threats, mitigation techniques, and the basics of securing a network.
Goal: Secure administrative access on Cisco routers.
Goal: Secure administrative access with AAA.
Goal: Implement firewall technologies to secure the network perimeter.
Goal: Configure IPS to mitigate attacks on the network.
Goal: Describe LAN security considerations and implement endpoint and Layer 2 security features.
Goal: Describe methods for protecting data confidentiality and integrity.
Goal: Implement secure virtual private networks.
Goal: Create and implement a comprehensive security policy to meet the security needs of an enterprise.
© 2012 Cisco and/or its affiliates. All rights reserved.
Goal: Implement firewall technologies using the ASA to secure the network perimeter.
Cisco Public
16
© 2012 Cisco and/or its affiliates. All rights reserved.
Cisco Public
17
• All instructors should have CCNA-level
networking knowledge and skills
• Instructor training is required for new CCNA
Security instructors
• Fast track option available with evidence of
CCNA Security or higher certification or
industry experience
• Instructor training is delivered by Instructor
Training Centers (ITCs)
• 40-hour training: in-person, blended, or
remote delivery formats
© 2012 Cisco and/or its affiliates. All rights reserved.
Cisco Public
18
• The CCNA Security
v1.1 Instructor
Resource Site
provides best
practices, tips for
classroom
management and
discussions, and
teaching analogies
http://lms.netacad.net/
index.php
© 2012 Cisco and/or its affiliates. All rights reserved.
Cisco Public
19
© 2012 Cisco and/or its affiliates. All rights reserved.
Cisco Public
20
• Latest documents are posted in the CCNA Security resources area,
which can be accessed through the Offerings menu on NetSpace, or
in the Course Catalog on Academy Connection:
• CCNA Security Scope and Sequence
• CCNA Security FAQs
• CCNA Security Datasheet
• CCNA Security At-a-Glance
• CCNA Security Overview Presentation
• Visit the CCNA Security v1.1 Instructor Resource Site
• Visit the CCNA Security certification page
© 2012 Cisco and/or its affiliates. All rights reserved.
Cisco Public
21
Thank you.