Course Datasheet
ProCurve Networking Security
v4.3 1
At a glance
The purpose of this course is to provide systems engineers with the knowledge and skills to
design, deploy and support secure networks. This course covers both infrasture device
management security and user-based network access security.
Format offered
 3-day, instructor-led course
 50% lecture with 50% hands-on labs
Audience
ProCurve Networking channel partner systems engineers, network engineers and network
specialists who design and deploy network security solutions.
Prerequisites

Adaptive EDGETM Fundamentals (AEF v4.11or higher), OR the former Building Proactive
Networks (BPN v5.0 or higher)
eLMS code
19546
Cost
US $500.00 / day. Cost may vary by region.
Certification
This course will prepare the participant for one of the required exams for ASE – ProCurve
Networking certification within the HP Certified Professional program. The exam number
for ProCurve Networking Security is HP0-757. For more information on ProCurve
Networking training and certification, go to http://www.hp.com/go/procurvetraining .
Benefits of attending the course
 Attendees will be able to sell and perform services which include design, deployment and
support of secure networks.
Student performance objectives
After completing the course, students will be able to:
 List the currently available ProCurve products and describe their basic security features
 Identify potential security issues in networking environments
 Outline the layered security approach as it applies to ProCurve environments
 Evaluate the effectiveness of physical security given a particular scenario
 List the basic requirements for physically securing ProCurve products
 List the different methods for securing ProCurve devices when performing management
 Explain the use of Authorized Managers
 Describe the effective use of a Management VLAN
 Configure local security on ProCurve switches
 Implement a Management VLAN
 Compare and contrast symmetric / asymmetric encryption schemes
 Describe how a hybrid cryptosystem works
 Illustrate the use of digital certificates
 Describe the use of SSH on ProCurve switches
 Describe the use of SSL on ProCurve switches
 List the features of SNMP v3 available for ProCurve switches
 Secure console sessions using SSH on ProCurve switches
 Secure web management sessions using SSL on ProCurve switches
 List the different user authentication methods available in a typical network
 Differentiate between the available authentication protocols
 Define EAP and its architecture
 Compare and contrast between a TACACS+ and a RADIUS authentication server
 Install and configure Internet Authentication Services on Windows 2003 Server
 Implement RADIUS authentication for ProCurve management
 Describe the use of port-based security
 Identify the limitations of port-based security
 Illustrate how 802.1X user authentication works
 Outline policy-based security and how it is used
 Explain how users can be authenticated and managed with the use of 802.1X and VLANs
 Describe and implement web-based user authentication
 Describe and implement MAC address authentication
 Identify alternative methods of using "edge" enforcement of policies
 Implement port-based security on ProCurve switches
 Perform user authentications with 802.1X security and assign users to VLANs
 Learn to troubleshoot network security problems
 Learn to design networks with a focus on network security
Topics covered
 Infrastructure Device Management Security
ProCurve switch physical security
ProCurve switch local passwords
TACACS+ and RADIUS management user authentication
SSH
SSL
SNMP v3
Management VLANs
 Security & Encryption Technologies
1.
2.
3.
4.
5.
6.
7.
 Network Access Security
1. VLANs and Access Control Lists (ACLs)
2. ProCurve swtich port security features
3. MAC-based port security
4. ProCurve Access Control Security Solution
5. ProCurve switch based IEEE 802.1X authentication
6. ProCurve Access Client supplicant software
7. ProCurve switch based web authentication
8. ProCurve switch based MAC authentication
9. 802.1X user authentication with OpenVLAN
10. 802.1X user authentictation with dynamic VLAN assignment
 Network Security Troubleshooting
 Network Design with security as key focus