Beskrivelse
Kurset fokuserer på at give netværks sikkerhedsansvarlige den nødvendige viden og kvalifikationer til at skabe sikkerhed om data, der florerer i offentlige eller delte infrastrukturer og miljøer.
Virtuelt kursus
Dette virtuelle kursus foregår på din egen computer live via GoToMeeting med en engelsktalende underviser. Under kurset har du mulighed for at stille spørgsmål, deltage i diskussioner, se whiteboard på din skærm og lave lab øvelser.
Securing data in shared infrastructures.
Implementing Cisco Secure Mobility Solutions (SIMOS) v1.0 is a newly created five-day instructor-led training course that is part of the curriculum path leading to the Cisco Certified Network Professional Security (CCNP© Security) certification. This course is designed to prepare network security engineers with the knowledge and skills they need to protect data traversing a public or shared infrastructure such as the Internet by implementing and maintaining Cisco VPN solutions. You will gain hands-on experience with configuring and troubleshooting remote access and site-to-site VPN solutions, using Cisco ASA adaptive security appliances and Cisco IOS routers.
Prerequisites
Cisco Certified Network Associate (CCNA®) certification
Cisco Certified Network Associate (CCNA®) Security certification [*Knowledge of Microsoft Windows operating ...
%%%
... system]
Target Audience
This course is intended for:
Network Security Engineers
Prerequisites
Content
At the end of this course you will be able to:
Describe the various VPN technologies and deployments as well as the cryptographic algorithms and protocols that provide VPN security.
Implement and maintain Cisco site-to-site VPN solutions.
Implement and maintain Cisco FlexVPN in point-to-point, hub-and-spoke, and spoke-to-spoke IPsec VPNs.
Implement and maintain Cisco clientless SSL VPNs.
Implement and maintain Cisco AnyConnect SSL and IPsec VPNs.
Implement and maintain endpoint security and dynamic access policies (DAP)
A brief overview of the course:
Module 1: The Role of VPNs in Network Security
VPN Definition
Key Threats to WANs and Remote Access
Cisco Modular Network Architecture and VPNs
VPN Types
VPN Components
Secure Communication and Cryptographic Services
Cryptographic Algorithms
Cryptography and Confidentiality
Module 2: Deploying Secure Site-to-Site Connectivity Solutions
Site-to-Site VPN Topologies
Site-to-Site VPN Technologies
Internet Key Exchange v1 and v2
Encapsulating Security Payload
Dynamic Multipoint VPN
Cisco IOS FlexVPN
Configure IKE Policy
Configure PSKs
Choose Transform Set and VPN Peer
Choose Traffic for VPN
Configuring Site-to-Site VPN with Connection Profiles Menu
Verify and Troubleshoot Basic Point-to-Point Tunnels on the Cisco ASA
Lab 2-1 Implement Site to Site Secure Connectivity on Cisco ASA
Overview of Cisco IOS VTIs
Configure Static VTI Point-to-Point Tunnels
DMVPN Solution Components
DMVPN Operations
Types of Authentication
Configure DMVPN on Hub
Configure DMVPN on Spoke
Configure Routing in DMVPN
Module 3: Deploying Cisco IOS Site-to-Site FlexVPN Solutions
FlexVPN Overview
Public Key Infrastructure (PKI)
Site-to-Site VPN Topologies
FlexVPN Architecture
IKEv2 vs. IKEv1 Overview
IKEv2 Message Exchange
IKEv2 DoS Prevention
FlexVPN Use Cases
Negotiating IKEv2 Proposals
Point-to-Point VPN Scenario with IPv4 Static Routes
Configure and Verify Point-to-Point VPN with IPv4 Static Routes
Point-to-Point VPN Scenario with OSPFv3
Configure a Spoke in a Hub-and-Spoke Scenario
Configure a Hub in a Hub-and-Spoke Scenario
Configuration Exchange
Verify and Troubleshoot Hub-and-Spoke FlexVPN
Lab 3-2: Implement Hub-to-Spoke Secure Connectivity Using Cisco IOS Flex VPN
Spoke-to-Spoke Shortcut Scenario
Troubleshoot Spoke-to-Spoke Shortcut Switching (just flowchart and important show/debug command output)
Lab 3-3: Implement Spoke-to-Spoke Secure Connectivity Using Cisco IOS Flex VPN
Module 4: Deploying SSL VPNs
Configure ASA gateway
Configure basic authentication
Configure access control (including URL entry and bookmarks)
Verify basic clientless SSL VPN
Troubleshoot basic clientless SSL VPN
Lab 4-1 Objective: Implement Basic Cisco Clientless SSL VPN on Cisco ASA
Deploying Application Access options (plug-ins, smart tunnels)
Lab 4-2 Objective: Application Access clientless SSL
Advanced Authentication in Cisco Clientless SSL VPN Solution Components
Lab 4-3 Objective: Advanced AAA Clientless SSL
Module 5: Deploying Cisco AnyConnect VPNs
IP Address assignment
Split Tunneling
Verify and Troubleshoot Basic Cisco AnyConnect SSL VPN
Lab 5-1 Objective: Implement Basic Cisco AnyConnect SSL VPN on Cisco ASA
DTLS Overview
Parallel DTLS and TLS Tunnels
Configure, Verify, and Troubleshoot Cisco AnyConnect Start Before Logon and Cisco AnyConnect Trusted Network Detection
Lab 5-2: Implement Advanced Cisco AnyConnect SSL VPN on Cisco ASA
AnyConnect Support for IPSec/IKEv2
Configure a Cisco AnyConnect IPsec/IKEv2 VPNs on a Cisco ASA Adaptive Security Appliance
Verify and Troubleshoot Cisco AnyConnect IPsec/IKEv2 VPNs on Cisco ASA
Lab 5-3: Configure Cisco AnyConnect IPsec/IKEv2 VPNs on Cisco ASA
Cisco AnyConnect Advanced Authentication Scenarios
Configure SCEP Proxy
Lab 5-3: Configure Cisco AnyConnect IPsec/IKEv2 VPNs on Cisco ASA
Lab 5-4: Implement Advanced Cisco AnyConnect SSL VPN on Cisco ASA
Module 6: Endpoint Security and Dynamic Access Policies
Cisco HostScan Overview
Cisco HostScan Prelogin Assessment
Install Cisco HostScan
Verifying and Troubleshooting DAP
Lab 6-1: Configure Hostscan and DAP for AnyConect SSL VPNs
Læs mere om vores virtuelle kurser og se svar på dine spørgsmål (FAQ).
Søgte du et andet virtuelt kursus? Vi tilbyder virtuelle kurser inden for mange forskellige områder. Kontakt os på tlf. 72203000 eller kurser@teknologisk.dk, så vi kan hjælpe med at imødekomme dit behov.
