Cisco IOS Network Security (IINS) (CI-IINS)

Implementing Cisco IOS Network Security (IINS) focuses on the design, implementation, and monitoring of a comprehensive security policy, using Cisco IOS security features and technologies as examples. The course covers security controls of Cisco IOS devices as well as a functional introduction to the Cisco Adaptive Security Appliance (ASA). This course allows learners to perform basic tasks to secure a small branch office network using Cisco IOS security features available through web-based GUIs (Cisco Configuration Professional) and the CLI on Cisco routers, switches, and ASAs.

Notable differences between IINS v2.0 and v3.0
There are several notable changes in this newly updated course. Cisco Configuration Professional is not covered in IINS 3.0. All IOS examples are hands-on and done using IOS CLI. IPv6 is not covered in IINS 3.0. IPv6 is now covered in ICND1. The implementation of IPS on IOS is not covered in IINS 3.0, instead IPS is covered on the theoretical level from the perspective of FirePower technologies. Site-to-Site VPN configuration is covered on both IOS and the Cisco ASA in IINS 3.0. Also, modern malware examples are included in this course and cryptographic techniques use stronger hashing and encryption algorithms, and current version of IOS, Cisco ASA and Cisco AnyConnect are featured.

Module 1 Security Concepts

• Threatscape
• Threat defense technologies
• Security policy and basic security architectures
• Cryptographic technologies

Module 2 Secure Network Devices

• Implementing AAA
• Management protocols and systems
• Securing the control plane

Module 3 Layer 2 Security

• Securing layer 2 infrastructures
• Securing layer 2 protocols

Module 4 Firewall

• Firewall technologies
• Introducing the Cisco ASA v9.2
• Cisco ASA access control and service policies
• Cisco IOS zone based firewall

Module 5 VPN

• IPsec technologies
• Site-to-Site VPN
• Client based remote access VPN
• Clientless remote access VPN

Module 6 Advanced Topics

• Intrusion detection and protection
• Endpoint protection
• Content Security
• Advanced network security architectures

Labs

• Discovery 1: Exploring Cryptographic Technologies
• Discovery 2: Configure and Verify AAA
• Discovery 3: Configuration Management

Protocols
• Discovery 4: Securing Routing Protocols
• Discovery 5: VLAN Security and ACLs on

Switches
• Discovery 6: Port Security and Private VLAN

Edge
• Discovery 7: Securing DHCP, ARP, and STP
• Discovery 8: Explore Firewall Technologies
• Discovery 9: Cisco ASA Interfaces and NAT
• Discovery 10: Access Control Using the Cisco ASA
• Discovery 11: Exploring Cisco IOS Zone-Based

Firewall
• Discovery 12: Explore IPsec Technologies
• Discovery 13: IOS-Based Site-to-Site VPN
• Discovery 14: ASA-Based Site-to-Site VPN
• Discovery 15: Remote Access VPN: ASA and

AnyConnect
• Discovery 16: Clientless Remote Access VPN
• Challenge 1: Configure AAA and Secure Remote

Administration
• Challenge 2: Configure Secure Network

Management Protocols
• Challenge 3: Configure Secure EIGRP Routing
• Challenge 4: Configure Secure Layer 2

Infrastructure
• Challenge 5: Configure DHCP Snooping and STP

Protection
• Challenge 6: Configure Interfaces and NAT on the Cisco ASA
• Challenge 7: Configure Network Access Control with the Cisco ASA
• Challenge 8: Configure Site-to-Site VPN on IOS
• Challenge 9: Configure AnyConnect Remote

Access VPN on ASA
• Challenge 10: Configure Clientless SSL VPN on the ASA

The IINS course focuses on the technology required for securing complex networks. To fully benefit from this course, the student must be familiar with general networking concepts and have Cisco router operation and configuration experience.
The student should also be familiar with the Windows Operating System. Successful completion of the following courses (or equivalent experience) is strongly recommended:
Interconnecting Cisco Networking Devices Part 1 (ICND1)
Interconnecting Cisco Networking Devices Part 2 (ICND2)

Associated Certifications: CCNA Security

Klassikaal: 3 dagen