Presentation is loading. Please wait.

Presentation is loading. Please wait.

African Safari 2009 1 Security in the Cisco Academy Gratitude Kudyachete EA-CATCAFRALTI April 2009.

Published byLindsey Short Modified over 8 years ago

Similar presentations

Presentation on theme: "African Safari 2009 1 Security in the Cisco Academy Gratitude Kudyachete EA-CATCAFRALTI April 2009."— Presentation transcript:

1

2 African Safari 2009 1 Security in the Cisco Academy Gratitude Kudyachete EA-CATCAFRALTI April 2009

3 2 Africa Academy Safari 2009 Agenda  Why Security?  Security in IT E I  Security in IT E II  Security in CCNA-Discovery  Security in CCNA-Exploration  Security in CCNP – ISCW  Network Security I & II  Major points - current currilla and security  CCNA-Security  Q&A

4 3 Africa Academy Safari 2009 Why Security??  If the security is compromised, serious consequences, such as loss of privacy, theft of information, legal liability… result  Types of potential threats to security are always evolving  E-business and Internet applications continue to grow- cannot avoid open networks  Security has moved to the forefront of network management and implementation – and this is evident in the Academy Curricula

5 4 Africa Academy Safari 2009 Security in IT E I  Mainly in chapters 9 & 16  Major issues:  Security Threats – physical, data, internal vs external  Security procedures/techniques  Preventive maintenance techniques  Troubleshooting security IT Essentials

6 5 Africa Academy Safari 2009 Security in IT E – Security procedures Identify: assets, threats Define:-incident handling,emergency,allowed & prohibited behaviour,security framework, security techniques,.. Access control, cable locks,security cages,RFID tags,lock rooms Password protection,data encryption, port protection,backup, file system security WEP, WPA, WPA2(802.11i), LEAP, mac filtering, ssid broadcast, WTLS

7 6 Africa Academy Safari 2009 Preventive maintenance on security  OS updates – automatic, notify, only download, off(no updates)  Antivirus & Antispyware – update signature files  Account maintenance  Terminate employee access  Guest access  Group by job functions  Data backup & access

8 7 Africa Academy Safari 2009 Security components & techniques  The following techniques & components are discussed: oPasswords - it is a minimum requirement oLogging & auditing oEncryption - encoding data for purposes such as oHashing oSymetric encryption oAsymetric oVirtual private networks oFirewalls – hardware & software and could be oPacket filter oProxy firewall oStateful packet inspection oIDS  Security expense vs cost of loss help establish tradeoffs

9 8 Africa Academy Safari 2009 IT E II - unsupported  Mainly in chapters 5, 8,9,10,14  Major issues  Remote Administration & Access Services  Firewalls  Directory & File permissions  Administrative accounts & login privileges  Security threats, Security implementation, patches & upgrades IT Essentials

10 9 Africa Academy Safari 2009 Security in CCNA Discovery  Module 1- chapters 2,7,8  Module 2 – chapters 4,8  Module 3 - chapters 1,2,3,4,5,6,7,8  Module 4 chapters 1,5,7,8  Major issues are:  Basic security – policy, threats, attacks, techniques  Patching OS and applications  Wireless LAN Security  ISP Security  VPNs, NAT/PAT, ACLs  Switch security, VLANs  Routing update and PPP authentication  Security from a design perspective CCNA Discovery

11 10 Africa Academy Safari 2009 Security in CCNA Exploration  Module 1-chapt 1  Module 3- chapt 2,3,7  Module 4 – chapters 2,4,5,6,7  Issues covered include  Network security -threats,mitigation,policy  Security goals & measures  Switch security, router security  Wireless LAN Security  Ppp authentication  ACLs, VPNS, SDM, NAT/PAT CCNA Exploration

12 11 Africa Academy Safari 2009 Proving security  Security measures taken in a network should: Prevent unauthorized disclosure or theft of information Prevent unauthorized modification of information Prevent Denial of Service  Means to achieve these goals include: Ensuring confidentiality Maintaining communication integrity Ensuring availability

13 12 Africa Academy Safari 2009 Primary classes of attacks  Reconnaisance attacks – internet information queries, ping sweeps, port scans, packet sniffers  Access Attacks -– password, trust exploitation,port redirection, man in the middle attack  DOS – Ping of D, Syn flood, DDoS, …  Malicious Software – Virus, Worm, Trojan horse – worms require containment, inoculation, quarantining & treatment

14 13 Africa Academy Safari 2009 Securing Cisco Routers  routers provide gateways to other networks, they are obvious targets, and are subject to a variety of attacks.

15 14 Africa Academy Safari 2009 Secure Routing protocols  Major attacks: disrupt peer, falsify information  Can configure passive int., authentication R1(config)# router rip R1(config)# passive-interface default R1(config)#no passive-interface se0/0/0 R1(config)# key chain RIP_KEY R1(config-keychain)#key 1 R1(config-keychain-key)# key-string cisco R1(config)#int se0/0/0 R1(config-if)#ip rip authentication mode md5 R1(config-if)#ip rip authentication key-chain RIP_KEY Also EIGRP & OSPF authentication

16 15 Africa Academy Safari 2009 Security Device Manager – SDM  An easy-to-use, web-based device-management tool designed for configuring LAN, WAN, and security features on Cisco IOS software-based routers.  Firewall, VPN, IPS/IDS,NAT, router lockdown

17 16 Africa Academy Safari 2009 VPNs  VPNs - enable transportation of information in a private network over a public network – encapsulation(tunneling) & encryption typically used

18 17 Africa Academy Safari 2009 NAT/PAT  Adds a degree of privacy and security - hides internal IP addresses from outside networks. ip nat inside source.. ip nat inside ip nat outside

19 18 Africa Academy Safari 2009 Wireless Security protocols  In 802.11i - WPA uses TKIP and WPA2 employs AES

20 19 Africa Academy Safari 2009 Security in CCNP ISCW  IPSec VPNs  MPLS VPN Technology  Cisco Device Hardening  Cisco IOS threat defense features

21 20 Africa Academy Safari 2009 Network Security I - unsupported  Vulnerabilities, Threats and Attacks  Security Planning and Policy  Security Devices  Trust and Identity Technology  Cisco Secure Access Control Server  Configure Trust and Identity at Layer 2 and 3  Configuring Filtering on a Router  Configuring Filtering on a PIX Security Appliance  Configuring Filtering on a Switch

22 21 Africa Academy Safari 2009 Network Security II - unsupported  Intrusion Detection and Prevention Technology and Implementation  Encryption and VPN Technology  Site-to-site VPNs with pre-shared keys  Site-to-site VPNs with digital certificates  Remote Access VPN  Security Network Architecture and Management  PIX Contexts, Failovers and Management

23 22 Africa Academy Safari 2009 Major points about Security & current curricula  It is evident that a lot of security concepts are covered  Most of the treatment is introductory  In Network Security I & II(unsupported) there is great depth & breath of coverage  CCNP (ISCW) – less breath than NS 1 & 2 but still depth on specific issues  There is need for curricula to build on what IT Essentials and CCNA gives

24 23 Africa Academy Safari 2009 CCNA Security Overview

25 24 Africa Academy Safari 2009 Outline  CCNA Security Overview  Target Audience  Course Details  Equipment Requirements  Enrollment, Training and Support  Release Dates and Availability  Q&A

26 25 Africa Academy Safari 2009 CCNA Security Overview  A new course that provides students with in-depth network security education and develop a comprehensive understanding of network security concepts  Provides students with knowledge and skills to design and support Network Security  Provides an experience-oriented course to prepare for entry-level specialist jobs in network security  Prepares students for CCNA Security certification (IINS 640-553 exam).  CCNA Security course IS NOT a replacement for the current Network Security 1 and Network Security 2 (NS1 and NS2) Courses

27 26 Africa Academy Safari 2009 Cisco Networking Academy Curricula Portfolio Student Networking Knowledge and Skills Networking for Home and Small Businesses Working at a Small- to-Medium Business or ISP Introducing Routing and Switching in the Enterprise Designing and Supporting Computer Networks Building Scalable Internetworks Implementing Secured Converged Wide-Area Networks Building Multilayer Switched Networks Optimizing Converged Networks Network Fundamentals Routing Protocols and Concepts LAN Switching and Wireless Accessing the WAN CCNP CCNA Security CCNA Exploration IT Essentials: PC Hardware and Software CCNA Discovery IT Essentials Network Professional IT Technician Security Packet Tracer

28 27 Africa Academy Safari 2009 Security Certifications SND Cisco Certified Security Professional (CCSP) Certification IINS (640-553) CCNA Security Certification CCNA Security Course SNRS SNPA IPS Elective Exam Network Security 1 & 2 (NS1/NS2) Courses SNAF IPS SNRS Revised CCSP Certification Professional-level Associate-level CCNA certification is a pre-requisite for CCNA Security certification Elective Exam

29 28 Africa Academy Safari 2009 CCNA Security Target Audience  Career starters seeking career-oriented, entry-level Security specialist skills  Working professionals looking to enhance or change their careers  Students in degree programs at colleges or universities  Higher Education institutions and Universities

30 29 Africa Academy Safari 2009 Course Details  One semester long (~70-hr) course format  Enabled for both ILT and Blended Distance Learning (BDL)  Delivered in the same Graphical User Interface (GUI) as the CCNA Discovery and CCNA Exploration curricula  9 Chapters  One complex hands-on lab per chapter and Packet Tracer activities Provided as separate.zip files downloaded from AC; not packaged within the GUI  9 end of chapter exams  1 final exam  Available in English only, no translated versions are planned

31 30 Africa Academy Safari 2009 Equipment Requirements  Goal is to minimize equipment costs Uses CCNA Discovery/Exploration equipment bundle and topology NetLab compatible topology—enabled for remote operation  Additional investment required for memory upgrade and Advanced IOS images DescriptionMfr.Part NumberQty. Modular Router w/2xFE, 2 WAN slots, 32 FL/128 DR CiscoCISCO18413 128 to 192MB SODIMM DRAM factory upgrade for the Cisco 1841 CiscoMEM1841-64D2 64MB Cisco 1800 Compact Flash Memory CiscoMEM1800-64CF2 2-Port Async/Sync Serial WAN Interface Card CiscoWIC-2A/S or WIC-2T3 V.35 Cable, DTE Male to Smart Serial, 10 Feet CiscoCAB-SS-V35MT2 V.35 Cable, DCE Female to Smart Serial, 10 Feet CiscoCAB-SS-V35FC2 Catalyst 2960 24 10/100 + 2 1000BT LAN Base Image CiscoWS-C2960-24TT-L3 (Optional) Rackmount Kit for the 1841 CiscoACS-1841-RM-193 Cisco IOS Release 12.4(20)T1 Advanced IP Services Ciscoc1841-advipservicesk9- mz.124-20.T1.bin 2

32 31 Africa Academy Safari 2009 CCNA Security Course Outline Course Chapter Titles Ch. 1 Modern Network Security Threats Goal: Explain network threats, mitigation techniques, and the basics of securing a network. Ch. 2 Securing Network Devices Goal: Securing administrative access on Cisco routers, roles, ios, syslog, snmp, lockdown Ch. 3 Authentication, Authorization and Accounting Goal: Securing administrative access with AAA. Ch. 4 Implementing Firewall Technologies Goal: Implement firewall technologies to secure the network perimeter., acls, cbac,zone-based pol fwall Ch. 5 Implementing Intrusion Prevention Goal: Configure IPS to mitigate attacks on the network. Ch. 6 Securing the Local Area Network Goal: Describe LAN security considerations and implement endpoint and Layer 2 security features.,- csa,wireless, voip Ch. 7 Cryptographic Systems Goal: Describe methods for implementing data confidentiality and integrity.- encryption, hashing, pki, cert, Ch. 8 Implementing Virtual Private Networks Goal: Implement secure virtual private networks.,gre, ipsec Ch. 9 Managing A Secure Network Goal: Given the security needs of an enterprise, create and implement a comprehensive security policy. Stds guidles & procedures, Security Design, risk analysis, management, bcp, sdlc

33 32 Africa Academy Safari 2009 Enrollment, Training & Support  Student Enrollment Pre-requisite: CCNA-level knowledge required  Instructor Training Guidelines CCNA-level knowledge required Required for new CCNA Security instructors; Fast track possible with evidence of CCNA Security or higher certification or industry experience Recommended for existing NS1, NS2 and CCNP: ISCW instructors Existing NS1, NS2 and CCNP: ISCW instructors allowed to teach CCNA Security course  Instructor Training BDL format with 3-day in-person preferred; Can also be delivered 100% remote BDL Best Practices guide developed to provide guidelines on how to deliver course in a BDL environment  Training Support Model – similar to CCNP model; Cisco Networking Academy Global Support Desk will provide day-to-day technical support

34 33 Africa Academy Safari 2009 CCNA Security Release Dates and Availability End of July 2009 General Availability (GA) Release — student and instructor materials: Released at same time with Packet Tracer v5.2 GA Use for teaching student classes JulJan Mid-April 2009 Beta Release of student course:  For instructor training and preview purposes Apr Early January 2009 Draft Scope and Sequence Mar Mar 2009 Virtual SMT for Beta Release Jun End of Jun 2009 Virtual SMT for GA Release 2009

35 34 Africa Academy Safari 2009 Communications  Announcements sent via email to all instructors: New CCNA Security Course announced – Sep 2008 Current NS1 and NS2 courses move to unsupported – Sep 2008 CCNA Security course availability announced – Oct 2008 Preliminary CCNA Security Scope & Sequence available – Jan 2009 FAQs

36 35 Africa Academy Safari 2009 Q and A

37 36 Africa Academy Safari 2009

Download ppt "African Safari 2009 1 Security in the Cisco Academy Gratitude Kudyachete EA-CATCAFRALTI April 2009."

Similar presentations

Apie PC Essentials IT Essentials: PC Hardware and Software.

Apie PC Essentials IT Essentials: PC Hardware and Software.
© 2007 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Networking Academy Advanced Technology Update June 19, 2008.

© 2007 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Networking Academy Advanced Technology Update June 19, 2008.
© 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 IT Essentials: PC Hardware and Software v4.1 Overview April 2010- CREATE.

© 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 IT Essentials: PC Hardware and Software v4.1 Overview April CREATE.
Cisco CCNA Security Overview

Cisco CCNA Security Overview
1 Wireless LANs – in Academy Curricula Presenter: Gratitude Kudyachete EA - CATC.

1 Wireless LANs – in Academy Curricula Presenter: Gratitude Kudyachete EA - CATC.
Information Security 1 Information Security: Security Tools Jeffy Mwakalinga.

Information Security 1 Information Security: Security Tools Jeffy Mwakalinga.
CCNP v6.0 Overview May 2012.

CCNP v6.0 Overview May 2012.
CCNA Security Overview

CCNA Security Overview
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 1 Updated February 2012.

© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 1 Updated February 2012.
Network Security Topologies Chapter 11. Learning Objectives Explain network perimeter’s importance to an organization’s security policies Identify place.

Network Security Topologies Chapter 11. Learning Objectives Explain network perimeter’s importance to an organization’s security policies Identify place.
Building Your Own Firewall Chapter 10. Learning Objectives List and define the two categories of firewalls Explain why desktop firewalls are used Explain.

Building Your Own Firewall Chapter 10. Learning Objectives List and define the two categories of firewalls Explain why desktop firewalls are used Explain.
IS Network and Telecommunications Risks

IS Network and Telecommunications Risks
Lesson 11-Virtual Private Networks. Overview Define Virtual Private Networks (VPNs). Deploy User VPNs. Deploy Site VPNs. Understand standard VPN techniques.

Lesson 11-Virtual Private Networks. Overview Define Virtual Private Networks (VPNs). Deploy User VPNs. Deploy Site VPNs. Understand standard VPN techniques.
Enterprise Network Security Accessing the WAN Lecture week 4.

Enterprise Network Security Accessing the WAN Lecture week 4.
CCNA Security 2011 Michigan Cisco Academy Conference April 15, 2011.

CCNA Security 2011 Michigan Cisco Academy Conference April 15, 2011.
© 2006 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1  CompTIA: A+  CCENT: Cisco Certified Entry Networking Technician 

© 2006 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1  CompTIA: A+  CCENT: Cisco Certified Entry Networking Technician 
© 2012 Cisco and/or its affiliates. All rights reserved. 1 CCNA Security 1.1 Instructional Resource Chapter 10 – Implementing the Cisco Adaptive Security.

© 2012 Cisco and/or its affiliates. All rights reserved. 1 CCNA Security 1.1 Instructional Resource Chapter 10 – Implementing the Cisco Adaptive Security.
© 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 IT Essentials: PC Hardware and Software v4.1 Overview March 2011.

© 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 IT Essentials: PC Hardware and Software v4.1 Overview March 2011.
© 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 IT Essentials PC Hardware and Software 4.1 Instructional Resource Chapter.

© 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 IT Essentials PC Hardware and Software 4.1 Instructional Resource Chapter.
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.1 ISP Responsibility Working at a Small-to-Medium Business or ISP – Chapter 8.

© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.1 ISP Responsibility Working at a Small-to-Medium Business or ISP – Chapter 8.

Similar presentations

Ads by Google