Candidates that need to acquire their CCIE Security certificate.
Network engineers/designers that need to raise their knowledge to an expert-level.
The CCIE Security program is a program intended to recognize the Cisco network security experts who have the necessary skills to test, deploy, configure, maintain, and troubleshoot Cisco network security appliances and Cisco IOS Software devices that establish the security posture of the network.CISCO Exam Covered: CCIE Security Lab Exam v.4Course Delivery Method:This boot camp is a combination of lecture and hands-on labs.Students Will Receive: Advanced CCIE Security Workbook v4 (Technology Focused)Boot Camp Hours: Monday – Friday 9:30 AM – 9:00 PMFollow On Certification: There is no follow on Certification
System Hardening and AvailabilityRouting plane security features (e.g. protocol authentication, route filtering)Control Plane PolicingControl Plane Protection and Management Plane ProtectionBroadcast control and switchport securityAdditional CPU protection mechanisms (e.g. options drop, logging interval)Disable unnecessary servicesControl device access (e.g. Telnet, HTTP, SSH, Privilege levels)Device services (e.g. SNMP, Syslog, NTP)Transit Traffic Control and Congestion ManagementThreat Identification and MitigationIdentify and protect against fragmentation attacksIdentify and protect against malicious IP option usageIdentify and protect against network reconnaissance attacksIdentify and protect against IP spoofing attacksIdentify and protect against MAC spoofing attacksIdentify and protect against ARP spoofing attacksIdentify and protect against Denial of Service (DoS) attacksIdentify and protect against Distributed Denial of Service (DDoS) attacksIdentify and protect against Man-in-the-Middle (MiM) attacksIdentify and protect against port redirection attacksIdentify and protect against DHCP attacksIdentify and protect against DNS attacksIdentify and protect against MAC Flooding attacksIdentify and protect against VLAN hopping attacksIdentify and protect against various Layer2 and Layer3 attacksNBARNetFlowCapture and utilize packet capturesIntrusion Prevention and Content SecurityIPS 4200 Series Sensor ApplianceInitialize the Sensor ApplianceSensor Appliance managementVirtual Sensors on the Sensor ApplianceImplementing security policiesPromiscuous and inline monitoring on the Sensor ApplianceTune signatures on the Sensor ApplianceCustom signatures on the Sensor ApplianceActions on the Sensor ApplianceSignature engines on the Sensor ApplianceUse IDM/IME to the Sensor ApplianceEvent action overrides/filters on the Sensor ApplianceEvent monitoring on the Sensor ApplianceVACL/SPAN & RSPAN on Cisco switchesWSAImplementing WCCPActive Dir IntegrationCustom CategoriesHTTPS ConfigServices Configuration (Web Reputation)Configuring Proxy By-pass ListsWeb proxy modesApp visibility and controlIdentity ManagementIdentity Based Authentication/Authorization/AccountingCisco Router/Appliance AAARADIUSTACACS+Device Admin (Cisco IOS Routers, ASA, ACS5.x)Network Access (TrustSec Model)Authorization Results for Network Access (ISE)802.1X (ISE)VSAs (ASA / Cisco IOS / ISE)Proxy-Authentication (ISE/ASA/Cisco IOS)Cisco Identity Services Engine (ISE)Profiling Configuration (Probes)Guest ServicesPosture AssessmentClient Provisioning (CPP)Configuring AD Integration/Identity SourcesPerimeter Security and ServicesCisco ASA FirewallBasic firewall InitializationDevice managementAddress translation (nat, global, static)Access Control ListsIP routing/Route TrackingObject groupsVLANsConfiguring EtherchannelHigh Availability and RedundancyLayer 2 Transparent FirewallSecurity contexts (virtual firewall)Modular Policy FrameworkIdentity Firewall ServicesConfiguring ASA with ASDMContext-aware servicesIPS capabilitiesQoS capabilitiesCisco IOS Zone Based FirewallNetwork, Secure Group and User Based PolicyPerformance TuningNetwork, Protocol and Application InspectionPerimeter Security ServicesCisco IOS QoS and Packet marking techniquesTraffic Filtering using Access-ListsCisco IOS NATuRPFPAM – Port to Application MappingPolicy Routing and Route MapsConfidentiality and Secure AccessIKE (V1/V2)IPsec LAN-to-LAN (Cisco IOS/ASA)Dynamic Multipoint VPN (DMVPN)FlexVPNGroup Encrypted Transport (GET) VPNRemote Access VPNEasy VPN Server (Cisco IOS/ASA)VPN Client 5.XClientless WebVPNAnyConnect VPNEasyVPN RemoteSSL VPN GatewayVPN High AvailabilityQoS for VPNVRF-aware VPNMacSecDigital Certificates (Enrollment and Policy Matching)Wireless AccessEAP methodsWPA/WPA-2WIPS
Not available. Please contact.