Advanced Services - Building Enhanced Cisco Security Networks (BECSN)

• Individuals who design security networks based on Cisco security products
• Individuals who implement end-to-end Cisco security services
• Individuals who deploy networks using Cisco security services

• Cisco IOS routers, routing fundamentals, and IP addressing knowledge covered in the Interconnecting Cisco Networking Devices (ICND) course, or equivalent experience; preferred knowledge source is CCNA certification (required)
• Managing Cisco Network Security (MCNS) 3.0 or equivalent experience with Cisco IOS-based security products (recommended)
• Cisco Secure PIX Firewall Advanced (CSPFA) 3.1 or equivalent experience with the configuration of Cisco Secure PIX firewalls (recommended)
• Cisco Secure Intrusion Detection System (CSIDS) 3.0 or equivalent experience configuring Cisco Secure IDS products (recommended)
• Cisco Secure Virtual Private Networks (CSVPN) 3.1 or equivalent experience configuring Cisco Secure VPN products (recommended)
• Aironet Wireless LAN Fundamentals (AWLF) 3.0 or equivalent experience configuring Cisco wireless products (recommended)

Network security has become more important than ever because of the need to deal with the increased number of network threats from worms and easy-to-use distributed denial of service (DDoS) tools. Today, companies can no longer afford to deal with network security in a reactionary mode due to the potential for severe financial and intellectual loss. For that reason, companies are investing in the security of their networks to provide a safe environment for their employees and customers.

The Building Enhanced Cisco Security Networks Boot Camp teaches the delegate how to create a network security policy, an often overlooked but vital part of any network security deployment, as well as deploy several emerging security technologies. In practical labs, delegates will build a dynamic multipoint VPN (DMVPN), set up High Availability for IPSec (IPSec-HA), identify the Path MTU of a nested IPSec tunnel, configure a site-to-site IPSec VPN for split tunneling, secure network management, configure VMS 2.2 for IDS management, and set up Identity-Based Network Services (IBNS) for a wireless environment.

To test the delegates understanding of the course materials, the final phase of the class will be a network attack in which various tools will be used to attempt to gain access to their networks.

• Introduction
• Developing a network security policy
• Configuring site-to-site IPSec VPNs with split tunneling
• Understanding fragmentation, path MTU discovery, and recursive routing
• Deploying IPSec-HA
• Implementing DMVPN
• Deploying IBNS for a wireless network
• Securing Cisco network management
• Configuring CiscoWorks VMS 2.2 for IDS management
• Common network attack mitigation

Lab Outline

• Developing a network security policy
• Create a threat response procedure for the network security policy
• Configure Cisco IOS Software for site-to-site VPN using IPSec
• Configure a remote office for secure split tunneling
• Identify path MTU for an established site-to-site IPSec VPN
• Configure stateless high availability between IPSec routers
• Configure connectivity to a stateful high-availability IPSec redundant pair
• Configure a NHRP spoke router to participate in a DMVPN
• Configure Cisco IOS Software for SSH Protocol
• Configure Cisco SNMP v2 and Cisco SNMP ACLs
• Configure a wireless network for 802.1X using Cisco secure ACS
• Configure Cisco secure PIX firewall, Cisco IOS Software, Cisco secure IDS, and CiscoWorks VMS 2.2 to mitigate and respond to network threats

Fast Lane has produced a unique CD which is to be distributed free to students on security and wireless courses. It contains Security, Penetration and Wireless tools, freeware programs, and additional information to support and enhance what students will learn on the course.