CCIE Security
For network engineers who need to increase their value to employers and stay current with advances in networking knowledge and skills, the cisco CCIE course is designed to provide professionals with extensive networking expertise and knowledge to accomplish their day to day job and pass CCIE SECURITY Lab Exam.
CCIE Security
For network engineers who need to increase their value to employers and stay current with advances in networking knowledge and skills, the cisco CCIE course is designed to provide professionals with extensive networking expertise and knowledge to accomplish their day to day job and pass CCIE SECURITY Lab Exam.
Course Introduction
The Cisco Certified Internetwork Expert Security (CCIE Security) program recognizes individuals who have the knowledge and skills to implement, maintain and support extensive Cisco Network Security Solutions using the latest industry best practices and technologies. CCIE Security training covers (but is not limited to) the use of these topics: System Hardening and availability, Threat identification and mitigation, intrusion Prevention and content security, implement WCCP, Identity Management, Perimeter security and service, Cisco IOS Zone-based Firewall, confidentiality and secured access. Boot camp includes intensive CCIE-lab workshop to improve time-management & troubleshooting skills. At the end of the boot camp students are ready to attempt the CCIE lab exam at Cisco Systems.
Course Highlights
This 15 day (Weekdays – 5hrs.) OR 12-week (Sunday/Saturday) instructor led CCIE Security course is designed to provide professionals with extensive networking knowledge to accomplish their day to day job and CCIE Security certifications. The key to a high success rate is based on the program’s objectives as follows:
- Assigned project manager will manage this program. This person will drive the program from its registration stage to monitoring and tracking of the candidates performance.
- Curriculum is based on Cisco course outlines.
- The Instructor-led certified courses is designed for the Security candidates with an aim to build theoretical knowledge supplemented by ample hands-on lab exercises
- 12 week / module or 15 days / module, of intensive training + labs design.
- Courseware includes course kits and other reference material to enable students to prepare for CCIE Security certification exams.
- Optimal balance of theory classes and practical labs every week to ensure maximum absorption of technology by participants
- Customized tests at the end of course to be attempted by every participant.
- Stringent passing standards with progress report of each participant.
- Facility of Lab on cloud available.(based on booking).
- Fees Refund if you are not satisfied with training delivered.
- Dedicated Monitoring to evaluate and report candidates progress.
- Repeating of lectures allowed.
- Boot camp includes intensive CCIE-lab workshop to improve time-management & troubleshooting skills
- The course is customized keeping in mind the ultimate aim of achieving technology expertise and CCIE SECURITY lab Exam.
- Customized tests at the end of course to be attempted by every participant
- Project manager will track Progress and performance of the candidates for CCIE Labs.
Course Objectives
After you complete this course you will be able to:
- The Cisco CCIE® Security Lab Exam version 4.0 covers the skills and competencies of security professionals in terms of configuring and troubleshooting Cisco security products and solutions.
- Candidates also learn to perform implementation, optimization and troubleshooting actions in each of the exam topic sections.
- Content may include both IPv4 and IPv6 concepts and applications.
- Discuss the CCIE R&S Lab Program and its content and elaborate on approach to expertise technologies required to pass CCIE Lab exam
- Discuss your baseline status for Cisco CCIE lab readiness
- Expertise Cloud Computing Security, Wireless Security, VOIP Security, Network Security with ASA and Cisco IPS, Video Security, IPv6 Networking and IPv6 Security.
- Resolve expert-level core task in multi-protocol environment, analysis, configuration, and troubleshooting looping issue
- Resolve and configure expert-level IP / Network Services task, Monitor, analyse, configure, and troubleshoot issues related to IP / Network Services
- Resolve expert-level multi-protocol, multi-technology, multi-featured core and advanced issues. Monitor, analyse, configure, and troubleshoot issues
- Expertise the logic of controlling access to networks & devices, minimizing overhead traffic, select and configure the appropriate access list features.
- Understand and configure new IOS features in multi-protocol environment.
Course Topics
SYSTEM HARDENING AND AVAILABILITY:
- Routing plane security features (protocol authentication route filtering)
- Control plane protection and management plane protection
- Broadcast control and switch port security
- Additional CPU protection mechanisms (options drop logging interval)
- Control device access (Telnet, HTTP, SSH, and privilege levels)
- Device services (SNMP, syslog, and NTP)
- Transit traffic control and congestion management
THREAT IDENTIFICATION AND MITIGATION:
- Identify and protect against fragmentation attacks, malicious IP option usage
- Identify and protect against network reconnaissance attacks
- Identify and protect against IP spoofing attacks, MAC spoofing, ARP spoofing
- Identify and protect against DoS, DDoS attacks, man-in-the-middle attacks
- Identify and protect against port redirection attacks
- Identify and protect against DHCP attacks, DNS attacks, MAC flooding attacks
- Identify and protect against VLAN hopping attacks
- Identify and protect against various Layer 2 and Layer 3 attacks
- NBAR, Net Flow, Capture and utilize packet captures
INTRUSION PREVENTION AND CONTENT SECURITY:
- Cisco IPS 4200 Series Sensor appliance and Cisco ASA appliance IPS module
- Initialize the sensor appliance
- Sensor appliance management
- Virtual sensors on the sensor appliance
- Implement security policies
- Promiscuous and inline monitoring on the sensor appliance
- Tune signatures on the sensor appliance
- Custom signatures on the sensor appliance
- Actions on the sensor appliance
- Signature engines on the sensor appliance
- Use Cisco IDM and Cisco IME to manage the sensor appliance
- Event action overrides and filters on the sensor appliance
- Event monitoring on the sensor appliance
IMPLEMENT WCCP :
- Active Directory integration
- Custom categories
- HTTPS configuration
- Services configuration (web reputation)
- Configure proxy bypass lists
- Web proxy modes
- Application visibility and control
IDENTITY MANAGEMENT:
- Identity-based AAA
- Cisco router and appliance AAA – RADIUS,TACACS+
- Device administration (Cisco IOS routers, Cisco ASA, and Cisco ACS5.x)
- Network access (TrustSec model) ,Authorization results for network access (ISE)
- IEEE 802.1X (Cisco ISE) ,VSAs (Cisco ASA, Cisco IOS, and Cisco ISE)
- Proxy authentication (Cisco ISE, Cisco ASA, and Cisco IOS)
- Cisco ISE – Profiling configuration (probes), Guest services, Posture assessment
- Client provisioning (CPP)
- Configure Microsoft Active Directory integration and identity sources
PERIMETER SECURITY AND SERVICES:
- Cisco ASA firewalls ,Basic firewall Initialization, Device management, Address translation
- ACLs, IP routing and route tracking, Object groups, VLANs, Configure EtherChannel
- High availability and redundancy
- Layer 2 transparent firewall, Security contexts (virtual firewall)
- Cisco Modular Policy Framework, Identity firewall services
- Configure Cisco ASA with ASDM, Context-aware services
- IPS capabilities, QoS capabilities
CISCO IOS ZONE-BASED FIREWALL :
- Network, secure group, and user-based policy
- Performance tuning – Network, protocol, and application inspection
- Perimeter security services
- Cisco IOS QoS and packet-marking techniques
- Traffic filtering using access lists
- Cisco IOS NAT , uRPF, Port to Application Mapping (PAM)
- Policy routing and route maps
CONFIDENTIALITY AND SECURE ACCESS:
- IKE (v1/v2), IPsec LAN-to-LAN (Cisco IOS and Cisco ASA)
- DMVPN, FlexVPN, GET VPN, Remote-access VPN
- Cisco EasyVPN Server (Cisco IOS and Cisco ASA)
- VPN Client 5.X, Clientless WebVPN, Cisco AnyConnect VPN
- Cisco EasyVPN Remote
- SSL VPN gateway, VPN high availability, QoS for VPN, VRF-aware VPN
- MACsec, Digital certificates (enrollment and policy matching), Wireless access
- EAP methods, WPA and WPA2, wIPS
Lab Topics
Not Available
Virtual Classroom
- Instructor led online training is an ideal vehicle for delivering training to individuals anywhere in the world at any time.
- This innovative approach presents live content with instructor delivering the training online.
- Candidates will be performing labs remotely on our labs on cloud in presence of an online instructor.
- Rstforum uses microsoft lync engine to deliver instructor led online training.
- Advances in computer network technology, improvements in bandwidth, interactions, chat and conferencing, and realtime audio and video offers unparalleled training opportunities.
- Instructor led online training can helps today’s busy professionals to perform their jobs and upgrade knowledge by integrating self-paced instructor led online training in their daily routines.
Miscellaneous
- Minimum batch size required for batch is 10 participants in the this course.
- The RST Forum reserves the right to cancel/postpone the class.
- Course schedule will be provided before commencement of the course.
- Certificate of participation will be awarded to participants with a minimum 90% attendance.
- All attendees are to observe the Copyright Law on intellectual properties such as software and courseware from respective vendors.
- The RST Forum reserves the right to include external participants in the program either for the entire course or individual courses.
- The RST Forum reserves the right to change/alter the sequence of courses. RST FORUM published Book would be given at 50% discounted rate to the forum students.