IT Security for Cisco CCNA: 640-554 IINS
4.1 (16 ratings)
Instead of using a simple lifetime average, Udemy calculates a course's star rating by considering a number of different factors such as the number of ratings, the age of ratings, and the likelihood of fraudulent ratings.
532 students enrolled
Wishlisted Wishlist

Please confirm that you want to add IT Security for Cisco CCNA: 640-554 IINS to your Wishlist.

Add to Wishlist

IT Security for Cisco CCNA: 640-554 IINS

Define the management plane and identify practices that can be used to make it more secure.
4.1 (16 ratings)
Instead of using a simple lifetime average, Udemy calculates a course's star rating by considering a number of different factors such as the number of ratings, the age of ratings, and the likelihood of fraudulent ratings.
532 students enrolled
Created by LearnSmart LLC
Last updated 4/2015
English
Price: $80
30-Day Money-Back Guarantee
Includes:
  • 4.5 hours on-demand video
  • Full lifetime access
  • Access on mobile and TV
  • Certificate of Completion
What Will I Learn?
  • This series is designed to prepare you for the CCNA Security exam.
  • You will learn about basic network and information security principles, and will be able to define what AAA is and going over some of its design considerations.
  • ACLs mitigate threats against a network in a variety of ways; we will be covering some of these ways in this course. You will be able to define the management plane and identify practices that can be used to make it more secure.
  • Communicate with the instructor and openly ask questions that will be addressed within 48 hours.
  • Apply your knowledge througout the course with quick quizzes and be fully prepared for the Cisco exam with our final exam!
  • Download extra printable and saveable PPT Slides, flash cards, games, and other supplemental materials within each section in our course.
  • Participate in active discussions with other students & participants becoming Cisco Certified.
View Curriculum
Requirements
  • No prerequisites for this course -A computer with internet.
Description

Welcome to Cisco CCNA Security from LearnSmart.

Looking to become Cisco CCNA Security Certified? Preparing to take the Cisco Exam CCNA Security 640-554 IINS?

By the end of the course you'll demonstrate your proficiency in the principles, techniques, and tools involved in working with routers, networks, and switches. Be ready to prove to yourself, and others, that you are ready for Prove to yourself, and others, that you are ready for the Cisco Certified Network Associate in Security (640-554) certification exam.

If you're interested in becoming an accomplished Network Associate professional, this training will establish your understanding of all the fundamental concepts within CCNA routers, networks, and switches.

Course Overview:

These sections can be taken in any order, as a review of a particular concept or exam domain. However, if you are just becoming familiar with networking, it is recommended that you view the courses sequentially.

In this course become familiar with the fundamental topics and skills required to install, operate, and develop a small to medium size enterprise branch network in its security infrastructure.

Course Breakdown:

Section 1: In the pre-assessment quiz you'll face questions from all sections of this training. Test your current knowledge and know your strengths and weaknesses.

Section 2: Understand common security threats within a network and take a look at network and information security basics by learning some of the fundamental security principles. Learn how to secure the control, data and management planes on Cisco devices, including implementing security on Cisco routers.

Section 3: Take a look at the differences between TACACS and RADIUS by understanding what they offer as an authentication type, and how to configure each one. Review the examples of ways in which you can configure AAA, via the Command Line Interface and Cisco Configuration Professional, along with some verification commands.

Section 4: Access Control Lists (ACLs) help to mitigate threats against a network in a variety of ways. ACLs should be tested in a test environment prior to actually applying them and look at exactly what they are, what they do, and discuss the different types of ACLs and the role they play in security.

Section 5: Focus on securing the network management plane. Be able to define the management plane, and learn some best practices that can be used to make it more secure, such as strong passwords, AAA, Role Based Access Control, Syslog, and NTP. Then, you will learn to identify and study demonstrations of the different configurations that can be implemented on the management plane.

Section 6: Gain an in-depth understanding of these topics to determine how to best respond to layer 2 attacks.

Section 7: Cisco Firewall Technologies explains the different firewall technologies and the strengths and weaknesses that surround them.

Section 8: Cisco IPS discusses the differences between a Cisco IPS and Cisco IDS device, and some options that you have when deploying them in your network.

Section 9: Learn the basics of VPN technologies, and how IPSec works in a VPN tunnel setup. You will also look at the basics of cryptography in order to gain a better understanding of exactly what goes on behind the scenes of a VPN tunnel establishment. Finally, you will walk through different ways of implementing a site-to-site VPN and configured SSL VPN using the graphical device manager from an ASA.

Section 10: Demonstrate and prove to yourself, and others, that you are ready for Cisco's Implementing Cisco IOS Network Security certification exam. You'll demonstrate your proficiency in the principles, techniques, and tools involved in working with routers, networks, and switches.

*The content in this course aligns with from Cisco.

Recommendations:

Learn from others! Here are some reviews from the participants enrolled in this course (Click on reviews to see full list of reviews)

  • Smart method to learn - This course is helpful and using smart way to motivate thinking and understanding. The instructor has a professional delivery method, and the he materials are interesting and creative specially the flashcards and the exercises -- I.A.
  • Great intro to CCNA Security -- while this material can be pretty dry the instructor does a pretty good job of keeping the course interesting and informative. There is a lot of really good and easy to follow information. -- S.D
  • This course does an in depth coverage of the topics that you will need to know to pass the CCNA certification test -- I highly recommend that anyone who wants to learn the material to take and pass the exam, take this course. Those who master this course, will pass the exam on their first attempt. -- B.Z.
  • A Complete Jumpstart - What has impressed me the most is the depth of the content to this coarse. Each HD video is crystal clear in both the visual and audio, even including quality closed captioning (great for reading along with the lectures). I wasn't interested in the flashcards or the crossword puzzles when I started the program, but I've found them to be very useful in staying engaged in the class when away from home. This is everything you need to get started and have a classroom quality experience from home. Dive in and stay focused! -- P.C.
Who is the target audience?
  • Professional who would like to prepare themselves for the CCNA Security exam.
Students Who Viewed This Course Also Viewed
Curriculum For This Course
142 Lectures
04:32:55
+
Orientation Video
1 Lecture 01:13

This lecture contains a demonstration on how to access the supplemental materials.

Preview 01:13
+
Pre-Assessment
0 Lectures 00:00
Pre-Assessment
16 questions
+
Security and Cisco Routers
32 Lectures 01:00:47

Welcome to the course “Security and Cisco Routers”. In this course, we will discuss common security threats within a network and take a look at network and information security basics.

This lecture will introduce you to Security and Cisco Routers.

Topics Covered Include:
  • Topics Covered
Preview 01:12

Companies, government agencies, and home users should all have concern for security -- each one has important data, ranging from top-secret level clearance and patient health information, to credit card numbers and bank account login passwords. All of these must be secured on various types of networks.

This lecture will discuss the objectives of network safety.

Topics Covered Include:
  • Network Safety Objectives
Preview 02:21

A risk analysis audit should be completed in order to understand where security holes reside from outside and inside your network. From a risk analysis perspective, we can understand not only what to protect on our network, but from who.

This lecture will discuss the risk management analysis process.

Topics Covered Include:
  • Risk Management Analysis
Preview 04:26

Who exactly might potential threats be? First, and maybe the most obvious threats, are criminals and terrorists. There are always motives out there for criminals and terrorists to try and exploit as much information as they can, from a company's sensitive information to government classified secrets.

This lecture will discuss who may be a potential threat.

Topics Covered Include:
  • Potential Network Threats
Preview 01:24

There are many ways in which a threat can obtain information and an attack can take place. One way is through a reconnaissance attack on your network, which is a discovery process to find out everything possible about your network.

This lecture will discuss how an attack can take place.

Topics Covered Include:
  • How Attacks Happen
  • Reasons for an Attack
How do Attacks Take Place?
03:36

Attacks can be made in a variety of ways. The first type of attack is called a 'Man in the Middle' attack. This type of attack occurs when an attacker places themselves in between two devices that are communicating with each other.

This lecture will discuss the types of attacks that can accor.

Topics Covered Include:
  • Types of Attacks
Types of Attacks
04:17

Certain dangers will never fully disappear, but there are many methods in which IT groups and entities can protect against these dangers. One method includes the “Rule of Least Privilege”. This rule means that only a minimal amount of network resources and access is given to those that require it.

This lecture will discuss the ways to prevent an attack.

Topics Covered Include:
  • Attack Prevention
Attack Prevention
02:12

There are five phases of the lifecycle that never really end. They are: initiation, acquisition and development, implementation, operations and maintenance, and disposition. It's a circular cycle, and a new device can be added at any time.

This lecture will discuss the lifecycle of a network device.

Topics Covered Include:
  • Network Device Lifecycle
Network Device Lifestyle
02:25

When performing a risk analysis, a determination should be made regarding the financial impact of an attack, and what the total risk altogether would be. You can calculate risk by way of looking at your assets, the vulnerabilities that exist for these assets, and then ascertain the countermeasures in place in which to prevent an attack.

This lecture will discuss the Risk Value and the Impact.

Topics Covered Include:
  • Calculating Risk
Impact and Risk Value
01:43

In determining the risk and vulnerabilities, assessments are needed. The first assessment is called a “General Security Posture” assessment, which ascertains the security level of your network devices. This can range from servers to desktops.

This lecture will discuss the uses of a Security State Assessment against an attack.

Topics Covered Include:
  • Determining Risk and Vulnerability
  • Security Policy
Security State Assessment
03:02

After the risk analysis has been completed, with a determination of assets and their vulnerabilities, and security safeguards have been put into play, it is important to continue to pay attention to security on the network.

This lecture will discuss the importance of a Security Policy against an attacker and what to do even after it has been put in place.

Topics Covered Include:
  • Maintaining Network Security
  • Security Breaches
Security Policies
02:18

This lecture will ask some sample questions.

Chapter 1 Knowledge Check
01:06

This lecture will take you through some of the key points covered throughout the first portion of this section. Upon Completion of this section you will be prepared to move on to the second portion.

Summary
00:27

This lecture will discuss how to secure the control, data, and management planes on Cisco devices, including implementing some security on Cisco routers.

Topics Covered Include:
  • Introduction
Introduction
00:32

The Network Foundation Protection framework breaks down the functions of Cisco devices into three logical parts -- the Management Plane, the Control Plane and the Data Plane.

This lecture will discuss the functions within Network Foundation Protection (NFP).

Topics Covered Include:
  • Network Foundation Protection (NFP)
Network Foundation Protection (NFP)
01:19

There are many things that you can do to properly secure Management Plane traffic. This is important, because without proper authentication and passwords set up on the device, you could be susceptible to an attack.

This lecture will discuss the importance of a security management plan and how it assists to protect against an attack.

Topics Covered Include:
  • Securing Management Plane Traffic
Management Plan Security
02:36

One way to implement security on the Control Plane includes running “Control Plane Policing”, or CoPP. CoPP helps filter traffic heading towards an IP on the router. You can limit the size and the amount coming towards the router to instill a denial of service attack, which drains out all device resources.

This lecture will discuss how to use the CoPP to carry out a denial of service attack.

Topics Covered Include:
  • Securing the Control Plane
Control Plane Security
01:04

The data plane is the plane in which traffic is traversing your device to reach a particular destination. There are many ways in which to manipulate many devices in order to protect against attacks.

This lecture will discuss the Data Plane Security and how to use it to protect against an attack.

Topics Covered Include:
  • Data Plane Security
Data Plane Security
03:22

Cisco has a GUI tool called the Cisco Security Manager that connects to and can manage and monitor devices on your network. Security Manager helps configure countermeasures in a graphical user interface format.

This lecture will discuss the Cisco Security Manager and how it assists to protect against an attack.

Topics Covered Include:
  • Cisco Security Manager
Cisco Security Manager
01:38

This lecture will ask some sample questions.

Chapter 2 Knowledge Check
01:02

This lecture will take you through some of the key points covered throughout the second portion of this section. Upon Completion of this section you will be prepared to move on to the third portion.

Summary
00:30

IPv6 is becoming more popular, simply because there aren't any new addresses available to give out. Many companies and entities are entrenched in their IPv4 network scheme that it would be very difficult for them to change.

This lecture will introduce the concept of IPv4 and IPv6.

Topics Covered Include:
  • Introduction
Introduction
01:02

By default, there are many protocols that have been affected by IPv6. When IPv6 was first introduced, certain protocols had to be updated for compatibility. For example, OSPFv3 was released, as was ICMPv6. ARP was replaced by NDP, or Neighbor Discovery Protocol.

This lecture will discuss the components that go into IPv6.

Topics Covered Include:
  • IPv6 Overview
  • Protocols Impacted
Overview of IPv6
03:06

Addressing for IPv6 uses hexadecimal, 8 sets of 4 hex digits to be exact. Each set is separated by a colon, instead of a period like in IPv4. IPv6 came out with the option of abbreviating the addresses to make it easier to read.

This lecture will discuss addressing for IPv6 and the protocols to do so.

Topics Covered Include:
  • IPv6 Addressing
IPv6 Addressing
03:11

IPv6 also has types of addresses, just like IPv4. They are referred to as Global Unicast and Unique Local. Global Unicast functions similarly to a public IPv4 address. An entity can request a registered IPv6 address block, but they can only use those specific addresses.

This lecture will discuss the Global Unicast Addresses for IPv6.

Topics Covered Include:
  • Global Unicast Addresses
Global Unicast Addresses
01:27

Unique Local Unicast addresses act as private IPv6 addresses, just like IPv4 has a group of private addresses. They do have similarities to Global Unicast in how to subnet, but they are not registered with I-A-N-A, and they can be used internally.

This lecture will discuss the Unique Local Unicast Addresses within IPv6.

Topics Covered Include:
  • Unique Local Unicast Addresses
Unique Local Unicast Addresses
01:05

Link-local addresses are not used for normal traffic. They are used for protocols to communicate with each other and for routing purposes. Packets that are sent to a link-local address do not leave the subnet.

This lecture will discuss the Link-Local Addresses for IPv6.

Topics Covered Include:
  • Link-Local Addresses
  • Creating Link-Local Addresses
Link-Local Addresses
01:36

EUI64 stands for Extended Unique Identifier, which is an option to create and configure a stable and predictable IPv6 interface address. The MAC address is a part of this interface ID, and is easily recognizable because there is an FFFE hex group added to the address.

This lecture will discuss the uses of EUI-64 for IPv6.

Topics Covered Include:
  • EUI-64
  • EUI-64 Examples
EUI-64
01:09

Now, let's talk about IPv6 auto-configuration, in which NDP Route Solicitation and Route Advertisement messages are sent out in order to identify IPv6 neighbors. Route Solicitation messages ask routers to identify themselves.

This lecture will discuss the IPv6 Auto-Configuration and the role it plays for IPv6.

Topics Covered Include:
  • IPv6 Auto-Configuration
IPv6 Auto-Configuration
00:56

IPv6 multicast is used by protocols and applications in order to communicate. Multicasting is better than broadcasting due to the fact that we do not want to flood traffic out to hosts that need it.

This lecture will discuss the IPv6 Multicast and what role it plays for IPv6.

Topics Covered Include:
  • IPv6 Multicast
  • Important Multicast Addresses
IPv6 Multicast
02:47

This lecture will ask some sample questions.

Chapter 3 Knowledge Check
00:49

This lecture will take you through some of the key points covered throughout the third portion of this section. Upon Completion of this section you will be prepared to move on to the next Section: AAA on Cisco Devices.

Summary
01:07

Section Quiz
5 questions
+
AAA on Cisco Devices
12 Lectures 20:42

Welcome to the course “AAA on Cisco Devices”. In this course, we will focus on describing TACACS (TACK-ACKS) and RADIUS. We'll take a look at the differences between them regarding what they offer as an authentication type, and how to configure each one.

This lecture will introduce you to AAA on Cisco Devices.

Topics Covered Include:
  • Topics Covered
Introduction
00:51

Terminal Access Control Access Control Server, or TACACS, is a protocol used by a device in order to communicate to an authenticating server configured for TACACS. TACACS is a Cisco proprietary protocol that is a Layer 4 TCP protocol.

This lecture will discuss TACACS and how it play a role within AAA on Cisco Devices.

Topics Covered Include:
  • TACACS+
  • TACACS Best Practices
TACACS+
01:44

RADIUS, or Remote Authentication Dial-In User Service, is a protocol that is used to communicate between a device and an authenticating server. RADIUS is an open standard, and is currently used across multiple vendors.

This lecture will discuss the role RADIUS plays for AAA on Cisco Devices.

Topics Covered Include:
  • RADIUS
RADIUS
01:12

You should use a centralized authentication server -- either RADIUS or TACACS. Using a centralized authentication server can provide you with a centralized database of all accounts. From here, you can provide a Separation of Duties using groups.

This lecture will discuss how to Authenticate Cisco Devices.

Topics Covered Include:
  • Best Practices for Authenticating Devices
  • Cisco Access Control System (ACS)
Authentication of Devices
03:50

This lecture will ask some sample questions.

Chapter 1 Knowledge Check
00:56

This lecture will take you through some of the key points covered throughout the first portion of this section. Upon Completion of this section you will be prepared to move on to the second portion.

Summary
00:29

This lecture will take some time to discuss AAA -- what it is and how exactly we need to implement it, using both the command line and Cisco Configuration Professional.

Topics Covered Include:
  • Introduction
Introduction
00:19

AAA stands for Authentication, Authorization, and Accounting. AAA helps secure the Management Plane of the devices in your network. It does this by referencing a database of users and processing what each of those users are authorized to do.

This lecture will give a brief overview of AAA.

Topics Covered Include:
  • AAA
  • Access Control System (ACS)
Overview of AAA
03:05

You can configure AAA via the command line or the Cisco Configuration Professional program. The AAA new-model command starts the AAA configuration on a device.

This lecture will discuss the configuration of AAA.

Topics Covered Include:
  • AAA Configuration
AAA Configuration
01:38

Some helpful verification commands include the debug TACACS or debug RADIUS command. Here, you can show logging information regarding a TACACS or RADIUS attempting to authenticate the client. Show running-config will provide you with the current configuration of AAA on the router.

This lecture will discuss verifying AAA.

Topics Covered Include:
  • AAA Configuration
AAA Verification
04:45

This lecture will ask some sample questions.

Chapter 2 Knowledge Check
01:07

This lecture will take you through some of the key points covered throughout the second portion of this section. Upon Completion of this section you will be prepared to move on to the next Section: IOS ACLs.

Summary
00:46

Section Quiz
3 questions
+
IOS ACLs
11 Lectures 20:10

Welcome to the course, “IOS ACLs”. This course will focus on providing you with an overview of Access Control Lists, or ACLs. We will take a look at exactly what they are, what they do, and discuss the different types of ACLs and the role they play in security.

This lecture will introduce you to IOS ACLs.

Topics Covered Include:
  • Introduction
Introduction
00:29

ACLs are a very powerful aspect of networking. If they are not applied in the correct way, they can prevent a network component or a user from connecting to the network by way of a protocol, port number, or IP address.

This lecture will give a brief overview of IOS ACLs.

Topics Covered Include:
  • ACL Uses
  • ACL Functions
Overview of ACLs
02:12

There are many types of access lists, including a standard, extended and named access list. A standard access list matches only source traffic, and the numbering scheme is 1 through 99 and 1300 through 1999.

This lecture will discuss the different types of ACLs.

Topics Covered Include:
  • Types of ACLs
  • Using ACLs
Types of ACLs
01:58

When deploying standard access lists, they should be placed near the destination, as it can only match a packet's source IP address. You do this so you do not unintentionally discard packets that shouldn't be discarded.

This lecture will discuss the the list of standard access for ACLs.

Topics Covered Include:
  • Deploying Standard Access Lists
Standard Access Lists
00:46

With an extended access list, you can do more in-depth filtering at both layer 3 and layer 4. Extended ACLs have the same rules and deployment methods as standard ACLs, like matching all aspects in the line and the implicit deny at the end.

This lecture will discuss the lists of extended access for ACLs.

Topics Covered Include:
  • Extended Access Lists
  • Denying Both Source and Destination IP
  • Deploying Extended Access
Extended Access Lists
02:04

Named access lists have just a few differences compared to standard access lists. Naming your access list ensures a cleaner and clearer configuration. When you have multiple access lists groups, naming them can keep the management side of things more clean and clear for everyone involved, and help you to avoid mistakes.

This lecture will discuss the lists of Names Access for ACLs.

Topics Covered Include:
  • Named Access Lists
  • Using ACLs
  • Configuring Named ACLs
Named Access Lists
02:07

This lecture will ask some sample questions.

Chapter 1 Knowledge Check
00:42

When it comes to a more in-depth look at security with ACLs, there are many options in which to use them to safeguard against threats. Access lists can be used in IOS class maps and inspect class maps. In such policies, access lists are referenced by the class map to either filter or classify traffic.

This lecture will discuss the security within ACLs.

Topics Covered Include:
  • Access List Uses
ACLs and Security
01:23

There are many types of attacks that we are preventing when implementing access lists. First, is IP address spoofing. We can prevent packets coming into a device with a source IP address that is internal to the company.

This lecture will discuss the different types of attacks against ACLs.

Topics Covered Include:
  • Attack Demonstration
Types of Attacks
06:18

This lecture will ask some sample questions.

Chapter 2 Knowledge Check
01:18

This lecture will take you through some of the key points covered throughout the second portion of this section. Upon Completion of this section you will be prepared to move on to the next Section: Secure Network Management.

Summary
00:53

Section Quiz
3 questions
+
Secure Network Manangment
11 Lectures 22:24

Welcome to the course “Secure Network Management.” In this course, we will focus on securing the management plane. We will start off by defining the management plane, and identify some best practices that can be used when making it more secure.

This lecture will introduce you to the importance of secure network management.

Topics Covered Include:
  • Introduction
Introduction
00:55

The management plane is composed of maintenance traffic that hits an intended device so it can be configured for management purposes. In other words, this is the traffic that consists of not only your configurations, but also the messages to and from Cisco devices that maintain and report status.

This lecture will discuss the management plane traffic.

Topics Covered Include:
  • Management Plane Traffic
Management Plane Traffic
01:48

One of the first and easiest best practices is to use strong, complex passwords. Dictionary words should not be used in creating passwords for your management accounts, as they can be susceptible to dictionary attacks.

This lecture will discuss the wiseness of using strong passwords to protect against attacks.

Topics Covered Include:
  • Password Best Practices
  • Password Cracking Demonstration
Strong Passwords
03:40

Another best practice is being familiar with how to implement user authentication on a router or switch for management traffic. In addition to passwords, usernames should be required for all access to the device.

This lecture will discuss the importance of using AAA to protect with strong passwords.

Topics Covered Include:
  • User Authentication/AAA Best Practices
AAA
02:21

Another best practice includes instituting role based access control, which limits access to particular roles within administration. Every administrator may not need the same access; therefore, you can lower the access levels for particular users.

This lecture will discuss RBAC and the management protocols.

Topics Covered Include:
  • Role Based Access Control (RBAC)
  • Management Protocols
RBAC and Management Protocols
01:24

Cisco devices monitor and report on many events that occur throughout a time period. They range from very important to very irrelevant, depending on what you are trying to look for. You can see these messages come up on the output in real time.

This lecture will discuss the importance of logging and monitoring a system.

Topics Covered Include:
  • Logging
  • Logging Commands
Logging
02:52

Simple Network Management Protocol, or SNMP, is communications between a manager and agents, which is defined. A manager is a network management server that monitors and manages groups of hosts and devices.

This lecture will discuss the importance of the Simple Network Management Protocol (SNMP) to protect against an attack.

Topics Covered Include:
  • Simple Network Management Protocol (SNMP)
  • Management Information Base (MIB)
  • Cisco Prime
Simple Network Management Protocol (SNMP)
01:40

SNMP comes in three versions. Versions 2 and 3 are presently the most popular formats, but there are some stark differences between SNMP Version 2 and SNMP Version 3. Version 2 utilizes community strings that are used to authenticate to device agents. SNMP Version 3 added security to the protocols.

This lecture will discuss the difference between SNMPv2 and SNMPv3 and the components within each.

Topics Covered Include:
  • SNMP Versions
  • Demonstration
SNMPv3
02:53

Using NTP version 3 ensures that timestamps are equal across all devices, which ensures accurate timekeeping. This can help in troubleshooting security breaches and certain issues that may arise on the network.

This lecture will discuss NTP and securing the system files.

Topics Covered Include:
  • NTPv3
  • Securing System Files
  • Demonstration
NTP and Securing System Files
03:01

This lecture will ask some sample questions.

Knowledge Check
01:05

This lecture will take you through some of the key points covered throughout this section. Upon Completion of this section you will be prepared to move on to the next Section: Common Layer 2 Attacks.

Summary
00:45

Section Quiz
3 questions
+
Common Layer 2 Attacks
23 Lectures 49:12

Welcome to the course, 'Common Layer 2 Attacks'. In this course, we are going to begin by taking a look at VLANs, or Virtual Local Area Networks. After we take some time to define VLANs and describe their purpose, we will discuss VTP, which is the VLAN Trunking Protocol.

This lecture will introduce you the Common Layer 2 Attacks and the components that it entails.

Topics Covered Include:
  • Introduction
Introduction
01:02

A Virtual Local Area Network, or VLAN, is a way to logically segment networks into separate broadcast domains. That's a very important fact to remember -- it's logical, not physical.

This lecture will discuss the ways to define and configure VLANs.

Topics Covered Include:
  • Defining and Configuring VLANs
  • Steps to Configure VLANs
  • Demonstration
Defining and Configuring VLANs
04:13

VLAN Trunking Protocol, known as VTP, when configured on a switch, will advertise its VLAN configuration information to neighboring switches. This ability enables all switches in the network to learn the VLAN information dynamically, as opposed to statically configuring it on each switch.

This lecture will discuss the VTP and what it does for a system.

Topics Covered Include:
  • VLAN Trunking Protocol (VTP)
  • Important VTP Settings
  • VTP Update Process
VLAN Trunking Protocol (VTP)
05:35

VLAN trunking enables a switch or a router to send traffic for multiple VLANs across a link. The VLAN number is placed into the Ethernet frame in order to identify which VLAN it belongs to when it traverses the trunk link. This is often referred to as a VLAN tag.

This lecture will discuss the steps to VLAN Trunking.

Topics Covered Include:
  • VLAN Trunking
  • Trunk Types
  • Dynamic Trunking Protocol (DTP)
VLAN Trunking
05:40

If all of your departments are on separate VLANs, there needs to be a way for them to share data if a user needs access to a particular file share that is not on their subnet. There are a few ways in which to accomplish this. The first option being to have multiple links to interfaces on a router.

This lecture will discuss how to communicate between VLANs and the InterVLAN Routing.

Topics Covered Include:
  • InterVLAN Routing
InterVLAN Routing
01:36

To configure an instance of InterVLAN routing, you need to create subinterfaces on the router to represent each VLAN that is configured on the switch. An SVI, or switch virtual interface, is also created on the switch to represent each VLAN with an IP address.

This lecture will discuss the InterVLAN Routing Configuration and Verification.

Topics Covered Include:
  • InterVLAN Routing Configuration
  • InterVLAN Routing Configuration and Verification
  • Demonstration
InterVLAN Routing Configuration and Verification
02:07

Port security can help protect against unauthorized access to switchports, either on access ports or trunk ports. When it's enabled on a switchport, and a voice VLAN is configured, it can fall under the switchport security settings.

This lecture will discuss the importance of Port Security.

Topics Covered Include:
  • Port Security
  • Port Security Modes
  • Switchport Security Configuration
Port Security
03:46

In order to configure port security, you must first statically enable switchport mode access on the switchport. To enable switchport security, enter the command switchport port-security. You can configure the maximum number of MAC address allowed on the interface to be more than one.

This lecture will discuss the ways to configure port security.

Topics Covered Include:
  • Configuring Port Security
Configuring Port Security
01:20

There are different verification checks that can be performed to be able to troubleshoot port security issues. Show running-config will provide you with your base configuration and show the switchports. The switchport configuration will show the MAC addresses that were retained if you are using sticky configuration.

This lecture will discuss the ways to verify port security.

Topics Covered Include:
  • InterVLAN Routing Configuration and Verification
  • Demonstration
Port Security Verification
03:38

This lecture will ask some sample questions.

Chapter 1 Knowledge Check
00:54

When you receive a new Cisco device, you have a variety of options when it comes to securing it. One option is to provide enable password access, to restrict who can use privileged commands to configure the router.

This lecture will discuss the options that are available for Switch Security.

Topics Covered Include:
  • Switch Security Options
Switch Security Options
01:29

When it comes to authenticating users to the terminal lines, which are classified as vty 04 on your Cisco device, in order to allow Telnet and SSH access to your device, you have a few options.

This lecture will discuss the ways to provide device security.

Topics Covered Include:
  • Device Security
  • Device Security Best Practices
  • Configure Basic Terminal Access via SSH
Device Security
02:38

On Cisco devices, there are services that are turned on by default that may not be the most secure or advantageous, especially if you are not using them. Most people don't even know these services are turned on. Hackers target these services as ways to gain access to the device.

This lecture will discuss the ways to disable the IOS Services that were implemented automatically when the device was turned on.

Topics Covered Include:
  • Securing Cisco Devices
  • Demonstration
Disabling IOS Services
01:55

Telnet should not be allowed on your device, but you can at least limit IP ranges to Telnet if you need to. When configuring line vty, the transport input command will help disable one or more input protocols. Telnet will not be permitted if you only specify SSH.

This lecture will discuss the limits and potential threat of Telnet as well as the uses of SSH Access.

Topics Covered Include:
  • Telnet/SSH Access
  • Demonstration
Telnet/SSH Access
00:35

There is always going to be a certain amount of switchport maintenance performed on switches. First, it's recommended to shutdown unused switchports for security purposes. It is also recommended to disable trunking from occurring on ports you know will never trunk.

This lecture will discuss the ways to correctly maintain switchports.

Topics Covered Include:
  • Switchport Maintenance
  • Switchport Security Configuration
Switchport Maintenance
02:17

This lecture will ask some sample questions.

Chapter 2 Knowledge Check
01:05

Spanning tree, IEEE standard 802.1d, is a loop prevention protocol used on Layer 2 LANs. This protocol communicates STP messages between switches in order to stabilize the network into a logical loop free topology.

This lecture will discuss the Spanning Tree Protocol - 802.1d and the components within it.

Topics Covered Include:
  • Spanning Tree Protocol 802.1d
  • Spanning Tree Topology Port States
  • Spanning Tree Convergence
Spanning Tree Protocol – 802.1d
03:19

A switch is a root bridge when all ports are in the forwarding state. This is determined based on an election in which BPDUs are sent out to determine the superior switch. A BPDU, or a bridge protocol data unit, are messages exchanged between switches with important information.

This lecture will discuss the root bridge.

Topics Covered Include:
  • Root Bridge
Root Bridge
01:00

A Root port is a port on all remaining switches with the least cost path back to the root. The root port is determined once the remaining switches that were not elected as the root port determine the lowest cost path back to the root.

This lecture will discuss the difference between a root port and a designated port.

Topics Covered Include:
  • Root Port and Designated Port
Root Port and Designated Port
00:28

There are different IEEE costs for a speed of an Ethernet link. These costs are valuable when you are designing your network or attempting to make your link more stable when determining the root bridge.

This lecture will discuss the importance of understanding STP Path Costs and how to best defend against an attack.

Topics Covered Include:
  • STP Timers
STP Path Costs
01:13

There are several ways to optimize spanning tree. Convergence takes up to 50 seconds on default settings. 50 seconds could be detrimental, especially on a network that needs constant uptime.

This lecture will discuss the ways of Optimizing Spanning Tree.

Topics Covered Include:
  • Optimizing Spanning Tree
Optimizing Spanning Tree
01:40

This lecture will ask some sample questions.

Chapter 3 Knowledge Check
00:45

This lecture will take you through some of the key points covered throughout the this section. Upon Completion of this section you will be prepared to move on to the next Section: Cisco Firewall Technologies.

Summary
00:57

Section Quiz
5 questions
+
Cisco Firewall Technologies
29 Lectures 48:53

In this course, we will be discussing different firewall technologies, and looking at the strengths and weaknesses that surround them. We will review the concept of a stateful firewall, and exactly what this means when it comes to protecting your network.

This lecture will introduce you to Cisco Firewall Technologies.

Topics Covered Include:
  • Introduction
Introduction
00:52

Cisco breaks firewall technologies down into two types. There are IOS devices that perform security and firewall services. Then, there are specific devices dedicated to being a firewall, which is purposely designed for security.

This lecture will discuss the different types of Firewall technologies and how they are used to protect against an attack.

Topics Covered Include:
  • Types of Firewall Technologies
Types of Firewall Technologies
01:49

Firewalls are in place to provide access control to a network. They are set up to not allow traffic from an untrusted interface to a trusted interface, or from the outside to the inside. All traffic flows that exit a network and enter a network should traverse a firewall.

This lecture will discuss the properties that a Firewall Policy should contain.

Topics Covered Include:
  • Firewall Policy Properties
  • Firewall Justifications
Firewall Policy Properties
01:43

The default firewall configuration provides protection immediately. The ASA line of devices can immediately protect an entity from attacks when they are first plugged in and given an IP address. Keep in mind, a device is only as good as the person who is configuring it.

This lecture will discuss the best ways to configure a Firewall.

Topics Covered Include:
  • Firewall Limitations
Configuring Firewalls
02:13

There are different options on a firewall that can keep the network safe. The first option is called static packet filtering. Static packet filtering is knowing exactly what specific traffic you want to permit and deny on your network.

This lecture will discuss the static packet filtering within a Firewall.

Topics Covered Include:
  • Static Packet Filtering
Static Packet Filtering
01:02

Proxy firewalls work on the layer 3 level and look very deep into traffic. They sit as an intermediary between the sender of the information and the destination. Logging can be very detailed, however, it is very hardware intensive because it requires a lot of processing.

This lecture will discuss the Firewalls within Proxies.

Topics Covered Include:
  • Proxy Firewalls
Proxy Firewalls
00:31

Stateful packet filtering is one of the most important options on firewalls. The word stateful is used because the firewall remembers the state of sessions established through a firewall. A stateful database is constructed based upon the source IP address information that is passing through the firewall.

This lecture will discuss the filtering for Stateful Packets.

Topics Covered Include:
  • Stateful Packet Filtering
Stateful Packet Filtering
01:13

An application inspection firewall can analyze protocols within the traffic stream. It can see deep into conversations and can prevent types of attacks other than just filtering.

This lecture will discuss the ways a Firewall inspect an application.

Topics Covered Include:
  • Application Inspection Firewall
Application Inspection Firewall
00:29

Transparent firewalls are another option which uses stateful filtering. The firewall is not given an IP address -- only management -- and the firewall is placed in the middle of a traffic flow. Traffic is forced through it and the data is analyzed.

This lecture will discuss the transparent Firewalls and how they are operated.

Topics Covered Include:
  • Transparent Firewalls
Transparent Firewalls
00:37

There are some best practices to keep in mind when designing and implementing firewalls. Firewalls should be placed at the edge of networks and at the edge of security boundaries. An edge of a security boundary includes when different trust levels are implemented, from inside to outside.

This lecture will discuss the ways to design and implement a Firewall.

Topics Covered Include:
  • Firewall Best Practices
Firewall Design and Implementation
01:19

This lecture will ask some sample questions.

Knowledge Check
01:01

This lecture will take you through some of the key points covered throughout the first portion of this section. Upon Completion of this section you will be prepared to move on to the second portion.

Summary
00:20

Zone based firewalls are implementations on Cisco routers that act as a firewall device. Interfaces are put into zones, using names to identify them. For example, names are generally inside, outside and DMZ. Policies are then specified as to what type of traffic can traverse these zones.

This lecture will give a brief overview of Zone-Based Firewalls.

Topics Covered Include:
  • Zone-Based Firewalls
Overview of Zone-Based Firewalls
01:17

There are many features of a zone-based firewall, including stateful inspection, application inspection, packet filtering, which uses ACLs in order to filter traffic, and URL filtering, which is the ability to prevent particular web address and URL information from being sent and received.

This lecture will discuss the features of a Zone-Based Firewall and what they all accomplish.

Topics Covered Include:
  • Zone-Based Firewall Features
Features of Zone-Based Firewalls
01:02

There are some general rules when it comes to zone based firewalls. By default, traffic between different zones is not permitted, unless a zone pair exists between them. Traffic is allowed by default between members of the same zone.

This lecture will discuss the rules involved with a Zone-Based Firewall.

Topics Covered Include:
  • Common Classification Policy Language
  • Class Maps
Rules for Zone-Based Firewalls
01:35

Policy maps reference the class map and take action on the traffic that is singled out. Policy maps can have multiple sections and are processed in order.

This lecture will discuss the Policy Map for Firewalls.

Topics Covered Include:
  • Policy Map Actions
Policy Maps
00:33

Service policies are applied to the zone pair and signify which zone should be actively trying to match traffic. Only one service policy can be applied to a zone pair. These zone pairs are uni-directional, meaning they will only treat traffic going in one direction, from inside to outside, or vice-versa.

This lecture will discuss the policies that serve a Firewall.

Topics Covered Include:
  • Service Policies
  • Demonstration
Service Policies
04:56

The Adaptive Security Appliance, or ASA, is Cisco's firewall appliance line. It replaced the Pix firewall appliance line years ago, and has leveraged some new features. There are many flavors of the ASA, including the new ASA-X line of firewall appliances that has just begun to come on to the market.

This lecture will give a brief overview of the adaptive security appliance.

Topics Covered Include:
  • Adaptive Security Appliance (ASA)
Overview of Adaptive Security Appliance
01:32

One of the features of the ASA is packet filtering. Access control lists are a part of regular configurations on ASAs. Stateful filtering is done by default on ASAs as well. Without any configuration on an ASA, it can be implemented into a network and provide protection immediately.

This lecture will discuss the features of an Adaptive Security Appliance.

Topics Covered Include:
  • ASA Features
Adaptive Security Appliance Features
01:59

Interfaces on an ASA are given a trust security level, ranging from 0 to 100. The higher the trust level, the more trusted the interface is. For example, the inside interface would be put at 100 if you knew it was connected to your internal network. The outside interface would be given a trust level of 0.

This lecture will discuss the fundamentals that come from ASA.

Topics Covered Include:
  • ASA Fundamentals
  • Demonstration
Adaptive Security Appliance Fundamentals
09:22

This lecture will ask some sample questions.

Knowledge Check
00:50

This lecture will take you through some of the key points covered throughout the second portion of this section. Upon Completion of this section you will be prepared to move on to the third portion.

Summary
00:22

NAT is essentially used to translate an IP address to another IP. Most of the time it's used to translate an internal, private IP address to a public IP address usable for the internet.

This lecture will discuss the purpose of NAT and how it is implemented.

Topics Covered Include:
  • Network Access Translation (NAT)
Purpose of NAT
01:23

There are several variations of NAT that can be used. First is static NAT. This doesn't help with the IPv4 depletion issue, but it does help translate local private IP addresses, called inside local, to public ones, which are called inside global. Static NAT essentially translates one IP address to another.

This lecture will discuss the uses of Static NAT.

Topics Covered Include:
  • Static NAT
  • Configuring NAT
Static NAT
01:58

The next type of NAT is dynamic NAT translation, which does a one-to-one NAT translation, but dynamically. A defined pool of translated addresses is created, called inside global IP's. Then, an access list is created to define addresses that should be translated to this pool.

This lecture will discuss the uses of Dynamic NAT.

Topics Covered Include:
  • Dynamic NAT Translation
  • Configuring Dynamic NAT
Dynamic NAT
01:41

Dynamic NAT won't be able to help if you have a company of 500 users, and they all need internet access. In this case, you can use Overloading NAT with PAT, or Port Address Translation. Since the company does not have 500 external IP addresses, you can use overloading.

This lecture will discuss the circumstances in which to use PAT.

Topics Covered Include:
  • Port Address Translation (PAT)
Overloading NAT with PAT
01:26

Policy NAT and Policy PAT is based on a set of rules that have been configured. A specific source IP address that is designated for a certain destination address or specific ports will be translated to a specific address.

This lecture will discuss the NAT/PAT policies and how they are used.

Topics Covered Include:
  • Policy NAT/PAT
  • Demonstration
Policy NAT/PAT
04:11

This lecture will ask some sample questions.

Knowledge Check
00:50

This lecture will take you through some of the key points covered throughout the third portion of this section. Upon Completion of this section you will be prepared to move on to the next Section: Cisco IPS.

Summary
00:47

Section Quiz
4 questions
+
Cisco IPS
8 Lectures 15:49

In this course, we will discuss the differences between a Cisco IPS and Cisco IDS device, and some options that you have when deploying them in your network. We will describe the type of traffic analysis and the actions that can be performed by each on malicious traffic that is detected in your network.

This lecture will introduce you to Cisco IPS and the components within IPS.

Topics Covered Include:
  • Introduction
Introduction
00:42

Cisco Intrusion Prevention Systems and Cisco Intrusion Detection Systems are part of a defense in depth approach, which is used in conjunction with other security devices, like a firewall. An IPS device acts like a sensor – it analyzes the traffic for malicious data that goes through the device.

This lecture will discuss the fundamentals of IPS and how they are crucial to the IPS.

Topics Covered Include:
  • Cisco Intrusion Prevention System (IPS)
  • Cisco Intrusion Detection System (IDS)
IPS Fundamentals
01:52

There are quite a few IPS Sensor options available. Cisco, along with other brands, sell an IPS appliance on its own. This appliance acts solely as an IPS sensor and does not perform any other duties. A good example is the Cisco 4200 and 4300 series.

This lecture will discuss the options for the IPS Sensor.

Topics Covered Include:
  • IPS Sensor Options
IPS Sensor Options
01:09

When an IPS is identifying malicious traffic, it needs some sort of reference or a baseline in which to compare the traffic to. The IPS can do this in several different ways. The first option is a signature based IPS device.

This lecture will discuss the ways of identifying malicious traffic and how to defend against it.

Topics Covered Include:
  • Identifying Malicious Traffic
  • IPS vs IDS
Identifying Malicious Traffic
02:31

When configuring Cisco IPS on a router, there are a few steps to follow. The first step is to download IOS IPS signature package files and public crypto key from Cisco.com. The second step is to create a directory on your router's flash where you store the required signature files and configurations.

This lecture will discuss the steps taken to configure Cisco IPS.

Topics Covered Include:
  • Configuring Cisco IPS
  • Demonstration
Configuring Cisco IPS
06:20

There are a few best practices to consider when deploying either an IPS or IDS device. First, there should always be at least one IPS or IDS device on a network in order to provide a layered approach to security.

This lecture will discuss the best practices to use within IPS.

Topics Covered Include:
  • IPS Best Practices
IPS Best Practices
01:36

This lecture will ask some sample questions.

Knowledge Check
00:58

This lecture will take you through some of the key points covered throughout the this section. Upon Completion of this section you will be prepared to move on to the next Section: VPN Technologies.

Summary
00:41

Section Quiz
3 questions
+
VPN Technologies
15 Lectures 33:45

VPN is the ability to make a secure connection back to a primary location from a remote location. This is a heavily used tool in the real world today, as it provides a secure connection that allows a user feel as if they were back in the office.

This lecture will introduce you to VPN Technologies and the components within it.

Topics Covered Include:
  • Introduction
Introduction
01:06

Virtual Private Networks, or VPN, offer many benefits to a remote user, a remote office, or even a home office user. The biggest benefits are confidentiality, data integrity, authentication and anti-replay.

This lecture will give a brief overview of VPN Technologies.

Topics Covered Include:
  • Benefits of VPN
Overview of VPN
00:47

Cryptography can play a key role in VPN, as it provides hashing, key encryption and key management to the VPN connection. There are many elements to cryptography, the first one being a cipher. A cipher is a set of rules regarding how to encrypt and decrypt data.

This lecture will discuss the elements of cryptography used within VPN.


Topics Covered Include:
  • Ciphers
  • Types of Ciphers
  • Hashes
Elements of Cryptography
05:47

There are different types of VPN technologies available. First, is an IPSec VPN, which implements Layer 3 security for traffic. It uses a few different protocols and algorithms to protect IP packets. It provides encryption, hashing, authentication and key management.

This lecture will discuss the different types of VPN Technologies and how they are used.

Topics Covered Include:
  • IPSec
  • SSL
Types of VPN Technologies
01:05

There are two types of VPN - Remote access and site-to-site VPN. Remote access is the ability for a secret tunnel of traffic to be created between an end user or an office and another remote destination. Site-to-site VPNs are used to connect multiple sites together to share information.

This lecture will discuss the different types of VPNs and how they are operated.

Topics Covered Include:
  • Types of VPN
Types of VPN
01:51

There are two types of VPN - Remote access and site-to-site VPN. Remote access is the ability for a secret tunnel of traffic to be created between an end user or an office and another remote destination. Site-to-site VPNs are used to connect multiple sites together to share information.

This lecture will discuss the different types of VPNs and how they are operated.

Topics Covered Include:
  • Types of VPN
  • Demonstration
VPN Tunnel
09:21

This lecture will ask some sample questions.

Knowledge Check
00:39

A site-to-site VPN tunnel is used for a variety of purposes. One purpose of a VPN site-to-site implementation includes resource reachability. If there was a new office being created in a remote location, a financially viable option would be to install a firewall with an ISP connection.

This lecture will give a brief overview of the uses of a Site-to-Site VPN.

Topics Covered Include:
  • Reasons for Site-to-Site VPN
Site-to-Site VPN Overview
01:45

Like a remote access VPN, a site-to-site VPN goes through the IKE Phase 1 and Phase 2 process. Phase 1 negotiation must occur for hashing, authentication, diffie-hellman key exchange, and encryption, in order for the tunnel to be established. IKE Phase 2 is established for actual IPSec traffic to be protected.

This lecture will discuss the ways a Site-to-Site VPN is authenticated.

Topics Covered Include:
  • Site-to-Site VPN Authentication
  • Demonstration
Site-to-Site VPN Authentication
03:12

SSL VPNs can be created along with an IPSec VPN option, to have multiple abilities to VPN back into an entity. SSL is a standard that is already built into web browsers across the world, which makes this option very beneficial for users, as it does not require a special client to be preinstalled on a machine.

This lecture will discuss the SSL VPN and its components.

Topics Covered Include:
  • SSL VPN
SSL VPN
01:05

SSL and TLS are the encryption protocols used for secure communications and transactions on the internet. These communications include banking, email, web browsing and instant messaging.

This lecture will discuss the protocols used to secure communication within VPN.

Topics Covered Include:
  • SSL and TLS
SSL and TLS
00:50

There are a few SSL VPN options available. The first is the clientless VPN option, which is used through a web browser. WebVPN, as it's called, does not require a client, and can be used off any SSL capable browser. The user simply logs out when the VPN connection is finished.

This lecture will discuss the options that are available to configure SSL VPN.

Topics Covered Include:
  • SSL VPN Options
SSL VPN Options
01:15

When configuring SSL VPN, you can configure both the client-less and client SSL VPN package. You must first ensure that the installation of the SSL AnyConnect client actually exists on the VPN server so that it is available for download by mobile users.

This lecture will discuss the steps to configuring SSL VPN.

Topics Covered Include:
  • Demonstration
SSL VPN Configuration
03:33

This lecture will ask some sample questions.

Knowledge Check
00:49

This lecture will ask some sample questions.

Summary
00:40

Section Quiz
4 questions
1 More Section
About the Instructor
LearnSmart LLC
4.2 Average rating
10,394 Reviews
83,295 Students
68 Courses
Smarter Training. Never Open a Textbook.

LearnSmart has served the learning community with high-quality professional skills and IT certification training since 1997. In that time, the company has helped thousands earn career-related certifications from respected vendors, such as Project Management Institute (PMI)®, Cisco, Microsoft, CompTIA, Oracle, and EC-Council. LearnSmart offers over 1,000 courses covering IT, project management, administrative, HR, and workplace safety topics. With a rapidly growing clientele of individuals and corporations, LearnSmart serves a broad range of Fortune 500 companies to universities, as well as government institutions and the armed forces.

LearnSmart is able to meet diverse career and learning needs through its extensive selection of training. LearnSmart uses industry experts to give learners the most up-to-date content in a video format as well as training resources including; reference tools, pretests, study guides and labs. For more information about how we can help pinpoint and solve your individual or multi-user training challenges.

PMI is a registered trademark of the Project Management Institute, Inc.