CCNP,CCIE Security SCOR (350-701) Training Part-1/2

Explain the CIA goals: confidentiality, integrity, and availability, in network security, detailing data in storage and in motion, encryption, hashing, and redundancy like backups and multiple links.

discover common network security terms—assets, vulnerabilities, exploits, threats, attacks, risks, and countermeasures—and see how vulnerabilities enable exploits and how countermeasures protect assets.

Explore cross-site scripting attack theory and lab, showing how scripts hijack cookies and session IDs to impersonate users, with a practical look at vulnerable web applications.

Explore vulnerabilities as weaknesses in protocols, apps, or devices, including hardcoded default credentials, sql injection, cross-site scripting forgery, missing encryption, and weak https ssl version 1.1.

Discover layer 2 attacks on access layer switches and how dhcp snooping mitigates dhcp starvation and rogue dhcp servers. Learn to configure trusted and untrusted ports for protection.

Explore mac flooding attacks on layer two switches that fill the mac address table, cause broadcasts, and enable packet capture, with port security using static, dynamic, and sticky options.

Explore two STP attacks—becoming the root bridge and claiming the root port—and apply defenses using bpdu guard, portfast, and root guard to protect the topology.

The VLAN hopping attack lab demonstrates switch spoofing and double tagging, and shows how changing the native VLAN and disabling negotiation with static access ports protects switches.

Storm control on Cisco switches uses threshold-based limits for unicast, multicast, and broadcast traffic to protect against DDoS attacks by shutting down interfaces or sending logs.

Configure management plane access with ssh version two, rsa keys, domain name, and vty security; restrict ssh via acl and enable http/https management.

Explore how the domain name system translates names to IPs, the role of root servers A to M and forwarders, DNS records and caching, and how DNSSEC defends against spoofing.

Configure and verify snmp version 2 and version 3 for network monitoring with a manager and agent. Explore get, get next, get bulk, trap messages, and v3 security options.

Explore the fundamentals of cryptography, defining encryption, decryption, plaintext, and ciphertext, and illustrate with Caesar cipher and vinegar cipher examples.

Explore cryptography basics, hash functions like MD5 and SHA, and how hashes ensure data integrity. Learn symmetric encryption with DES, 3DES, and AES, including HMAC concepts.

Explore how SSL and TLS provide authentication and confidentiality via certificates and public keys, with client hello, server hello, and key exchange establishing an encrypted session.

Explore ike phase 1 with main mode and aggressive mode in a lab, observing six packets in main mode, three in aggressive mode, with isakmp/ike version 1 and pre-shared key.

Configure and verify site-to-site ipsec vpn between routers and firewalls using isakmp, pre-shared keys, transform sets, and crypto maps, then validate with show commands.

Troubleshoot site-to-site IPsec VPN on Cisco routers with hands-on configuration, verification of phase one and phase two, and diagnosis of ACL and transform-set mismatches using debug commands.

Configure site-to-site vpn by defining phase one policy and encryption domain with an acl, then bind them with a crypto map for the vpn tunnel.

Learn to deploy a fully licensed Cisco ASA firewall in Eve-ng with clustering enabled, using a simple drag-and-drop workflow: create a versioned folder, upload the image, and boot.

Configure devices securely via out-of-band console management, using a console cable and serial/usb adapters with tools like Putty or SecureCRT, and protect access with AAA.

Discover how tftp stores and restores device configurations on Cisco ASA firewalls, using UDP port 69 to back up running and startup configurations and to upgrade or downgrade operating system.

Explore how access control lists on Cisco ASA firewalls filter traffic using top-to-bottom extended and standard ACLs, with permit and deny rules, interfaces inbound and outbound, and the implicit deny.

Learn to configure and verify extended ACLs on Cisco ASA firewall, using permit and deny rules, inbound and global application, with IPv4/IPv6 and top-to-bottom evaluation.

Configure time-based ACLs on Cisco ASA by creating time ranges (periodic or absolute), then attach the time range to ACLs to permit or deny traffic during defined hours.

Discover how NAT and PAT operate on Cisco ASA firewall, covering static and dynamic NAT, static and dynamic PAT, policy NAT, and identity NAT using network and service objects.

Trace the evolution from Snort to Sourcefire to Cisco Firepower, and discover how FTD and FMC enable a next generation firewall with IPS/IDS and centralized management.

install and add Cisco FMC 6.2.3-83 on eve-ng by downloading from torrent, extracting with seven-zip, transferring with winSCP, and applying permissions to run FMC and ftd images.

Register each FTD with the FMC by configuring a manager, entering the FMC IP and a registration key. Verify with show manager to confirm FMC-based management instead of local configuration.

Register FTDs with FMC, configure hostnames and IPs, apply a default policy, and activate smart licenses for malware, threat, and URL; then deploy unified policies from FMC to all FTDs.