Official Course Description:  MCCCD Approval: 6-23-2009
CNT175  2009 Fall – 2011 Summer II	L+L  4.0 Credit(s)  6.0 Period(s)  5.4  Load  Occ
Cisco Certified Network Associate Security
Associate-level knowledge and skills required to secure Cisco networks. Development of a security infrastructure, identification of threats and vulnerabilities to networks. Mitigation of security threats. Core security technologies. Installation, troubleshooting and monitoring of network devices to maintain integrity, confidentiality and availability of data and devices.  Competency in the technologies that Cisco uses in its security structure. Prerequisites: CNT170 or CNT170AA or Certified Cisco Networking Associate (CCNA) certification or permission of Instructor.

Go to Competencies   Go to Outline

MCCCD Official Course Competencies:
CNT175  2009 Fall – 2011 Summer II	Cisco Certified Network Associate Security

 

1.         Describe the security threats facing modern network infrastructures. (I)

2.         Demonstrate how to secure Cisco routers. (II)

3.         Demonstrate implementation of Authentication, Authorization and Accounting (AAA) on Cisco routers using local router database and external Access Control Server (ACS). (III)

4.         Describe and demonstrate mitigation of threats to Cisco routers and networks using Access Control Lists (ACLs). (IV)

5.         Describe and demonstrate the implementation of  secure network management and reporting. (V)

6.         Demonstrate the mitigation of common Layer 2 attacks. (VI)

7.         Demonstrate the implementation of the Cisco Internetwork Operation System (IOS) firewall feature set using Security Device Manager (SDM). (VII)

8.         Demonstrate the implementation of the Cisco IOS Intrusion Prevention System (IPS) feature set using SDM. (VIII)

9.         Describe and demonstrate the implementation of site-to-site Virtual Private Networks (VPNs) on Cisco Routers using SDM. (IX)

 

Go to Description   Go to top of Competencies

MCCCD Official Course Outline:
CNT175  2009 Fall – 2011 Summer II	Cisco Certified Network Associate Security

 

I.          Security Threats Facing Modern Network Infrastructures

            A.        Mitigation Methods for Common Network Attacks

            B.        Mitigation Methods for Worm, Virus, and Trojan Horse Attacks

            C.        Cisco Self Defending Network Architecture

II.        Securing Cisco Routers

            A.        Cisco Routers Using the SDM Security Audit Feature

            B.        One-Step Lockdown Feature in SDM to Secure a Cisco Router

            C.        Administrative Access to Cisco Routers by Setting Strong Encrypted Passwords, Exec Timeout, Login Failure Rate and Using IOS Login Enhancements

            D.        Administrative Access to Cisco Routers by Configuring Multiple Privilege Levels

            E.         Administrative Access to Cisco Routers by Configuring Role Based Command Line Interface (CLI)

            F.         Cisco IOS Image and Configuration File

III.       AAA on Cisco Routers using Local Router Database and External ACS

            A.        Functions and Importance of AAA

            B.        Features of Terminal Access Controller Access-Control System (TACACS+) and Remote Authentication Dial In User Service (RADIUS) AAA Protocols

            C.        Configuration of AAA Authentication

            D.        Configuration of AAA Authorization

            E.         Configuration of AAA Accounting

IV.       Threats to Cisco Routers and Networks Using ACLs

            A.        Functionality of Standard, Extended, and Named Internet Protocol (IP) ACLs Used by Routers to Filter Packets

            B.        IP ACLs to Mitigate Given Threats (Filter IP Traffic Destined for Telnet, Simple Network Management Protocol (SNMP), and Distributed Denial of Service (DDoS) Attacks) in a Network Using CLI

            C.        IP ACLs to Prevent IP Address Spoofing Using CLI

            D.        Caveats to be Considered When Building ACLs

V.        Secure Network Management and Reporting

            A.        CLI and SDM to Configure Secure Shell (SSH) on Cisco Routers to Enable Secured Management Access

            B.        CLI and SDM to Configure Cisco Routers to Send Syslog Messages to a Syslog Server

VI.       Mitigation of Common Layer 2 Attacks

            A.        Prevention of Layer 2 Attacks by Configuring Basic Catalyst Switch Security Features

VII.     Implementation of the Cisco IOS Firewall Feature Set Using SDM

            A.        Operational Strengths and Weaknesses of the Different Firewall Technologies

            B.        Stateful Firewall Operations and the Function of the State Table

            C.        Zone Based Firewall Using SDM

VIII.    Implementation of the Cisco IOS IPS Feature Set Using SDM

            A.        Network Based versus Host Based Intrusion Detection and Prevention

            B.        IPS Technologies, Attack Responses, and Monitoring Options

            C.        Enablement and Verification of Cisco IOS IPS Operations Using SDM

IX.       Implementation of Site-to-Site VPNs on Cisco Routers Using SDM

            A.        Different Methods Used in Cryptography

            B.        Internet Key Exchange (IKE) Protocol Functionality and Phases

            C.        Building Blocks of Internet Protocol Security (IPSec) and the Security Functions it Provides

            D.        Configuration and Verification of an IPSec Site-to-Site VPN with Pre-Shared Key Authentication Using SDM