Expert Level

Expert Level
CCIE Security Version 4.0 - Router and Switch Security

  • Control Plane Management
  • System Hardening
  • Threat Identification and Mitigation
  • IOS QoS and Packet Marking Techniques
  • Traffic Filtering Using Access Lists
  • IOS NAT
  • uRPF
  • Port Application Mapping (PAM)
  • Policy Routing and Route Maps

Intrusion Prevention and Content Security (IPS)

  • Initializing the Sensor
  • Virtual Sensors
  • SPAN/RSPAN
  • Promiscuous Mode
  • Inline Mode
  • Signature Tuning
  • Custom Signatures
  • Signature Actions on the Sensor
  • Sensor Tuning (Even overrides/event filters)
  • Event Monitoring

Web Security Appliance (WSA) - Ironport

  • Implementing WCCP
  • Active Directory Integration
  • Custom Categories
  • HTTPS Config
  • Services Configuration
  • Configuring Proxy By-pass
  • Web Proxy Modes
  • App Visibility and Control

Identity Management – ACS 5.x & ISE

  • Management AAA
  • Identity Based AAA using RADIUS & TACACS+
  • Device Admin (Routers/Switches/Firewalls)
  • Telnet/SSH/HTTP AAA
  • Network Access (TrustSec Model)
  • 802.1x
  • VSAs
  • Proxy Authentication
  • Cisco Identity Services Engine (ISE)
  • Profiling Configuration (Probes)
  • Guest Services
  • Posture Assessment
  • Client Provisioning
  • Configuring AD Integration/Identity Sources

Perimeter Security Using Firewalls

  • Cisco ASA Firewall
  • Basic Initialization
  • Device Management
  • NAT / PAT Translation
  • Access Control Lists
  • IP Routing / Route Tracking
  • Object Groups
  • VLANs
  • Configuring Etherchannel
  • High Availability & Redundancy
  • Layer 2 Transparent Firewall
  • Security Contexts
  • Modular Policy Firewall
  • Identity Firewall Services
  • Configuring ASA with ASDM
  • Context-aware services
  • IPS Capabilities
  • QoS Capabilities
  • Cisco IOS Zone-based Firewall
  • Network, Secure Group and User based policy
  • Performance Tuning
  • Network, Protocol and Application Inspection

Virtual Private Networks (VPN)

  • IPSec LAN-to-LAN (Router / Firewall)
  • DMVPN
  • GET VPN
  • Remote Access VPN
  • EZVPN (Router / Firewall)
  • Web VPN
  • SSL VPN
  • High Availability VPN
  • QoS VPN
  • VRF-Aware VPN
  • MacSecurity
  • Digital Certificates (CA Server)