Post on 28-Oct-2014
ISCWImplementing Secure Cisco WANs
Preview
CIS 186 ISCW
Rick Graziani
Fall 2007
Rick Graziani graziani@cabrillo.edu 2
My Web Site
Rick Graziani graziani@cabrillo.edu 3
On-line curriculum
Rick Graziani graziani@cabrillo.edu 4
Labs and NetLab
Rick Graziani graziani@cabrillo.edu 5
ISCW Exam Certification Guide
Rick Graziani graziani@cabrillo.edu 6
Review Questions: On-line curriculum and ISCW Exam Cert Book
Rick Graziani graziani@cabrillo.edu 7
Description and Chapters
This course will teach advanced skills required to secure and enhance services in enterprise networks for teleworkers and remote sites.
It will focus on securing remote access, VPN client configuration and other topics including Mulit-Protocol Label Switching (MPLS), IPsec, Cisco device hardening, IOS firewall features, and IOS threat defense features.
1. Remote Network Connectivity Requirements2. Teleworker Connectivity (Simulation)3. IPsec VPNs (Labs)4. Frame Mode MPLS Implmentation (One lab)5. Cisco Device Hardening (Labs)6. Cisco IOS Threat Defense Features (Labs)
Rick Graziani graziani@cabrillo.edu 8
Chapter 1 Remote Network Connectivity Requirements
• Enterprise Networking
• Hierarchical Model
• Cisco Enterprise Architecture
• Remote Connection Requirements in a Converged Network
• Remote Connection Considerations
• Intelligent Information Network
• Cisco SONA Framework
Rick Graziani graziani@cabrillo.edu 9
Hierarchical Network Model
Rick Graziani graziani@cabrillo.edu 10
Cisco Enterprise Architecture
Rick Graziani graziani@cabrillo.edu 11
Remote Connection Considerations
Rick Graziani graziani@cabrillo.edu 12
Cisco SONA Framework
Rick Graziani graziani@cabrillo.edu 13
Chapter 2 Teleworker Connectivity
• Describing Remote Connection Topologies for Teleworkers
• Describing Cable Technology
• Deploying Cable System Technology
• Describing DSL Technology
• Deploying ADSL
• Configuring the CPE as the PPPoE or PPPoA Client
• Troubleshooting Broadband ADSL Configurations
• PPPoE Simulation Practice
Rick Graziani graziani@cabrillo.edu 14
Remote Connection Topologies for the Teleworker
Rick Graziani graziani@cabrillo.edu 15
Components of the Teleworker Solution
Rick Graziani graziani@cabrillo.edu 16
What is a Cable System?
Rick Graziani graziani@cabrillo.edu 17
Describing Cable Technology
Rick Graziani graziani@cabrillo.edu 18
Deploying Cable System Technology
Rick Graziani graziani@cabrillo.edu 19
Describing DSL Technology
Rick Graziani graziani@cabrillo.edu 20
Deploying ADSL
Rick Graziani graziani@cabrillo.edu 21
Configuring the CPE as the PPPoE or PPPoA Client
Rick Graziani graziani@cabrillo.edu 22
Troubleshooting Broadband ADSL Configurations
Rick Graziani graziani@cabrillo.edu 23
PPPoE Simulation Practice
Rick Graziani graziani@cabrillo.edu 24
Chapter 3 IPsec VPNs
• Introducing VPN Technology
• Understanding IPsec Components and IPsec VPN Features
• Implementing Site-to-Site IPsec VPN Operations
• Configuring IPsec Site-to-Site VPN Using SDM
• Configuring GRE Tunnels over IPsec
• Configuring High-Availability VPNs
• Introducing Cisco Easy VPN
• Configuring Easy VPN Server using Cisco SDM
• Implementing the Cisco VPN Client
• IPsec VPN Lab Exercises
Rick Graziani graziani@cabrillo.edu 25
Introducing VPN Technology
Rick Graziani graziani@cabrillo.edu 26
Understanding IPsec Components and IPsec VPN Features
Rick Graziani graziani@cabrillo.edu 27
Implementing Site-to-Site IPsec VPN Operations
Rick Graziani graziani@cabrillo.edu 28
Configuring IPsec Site-to-Site VPN Using SDM
Rick Graziani graziani@cabrillo.edu 29
Configuring GRE Tunnels over IPsec
Rick Graziani graziani@cabrillo.edu 30
Configuring High-Availability VPNs
Rick Graziani graziani@cabrillo.edu 31
Introducing Cisco Easy VPN
Rick Graziani graziani@cabrillo.edu 32
Configuring Easy VPN Server using Cisco SDM
Rick Graziani graziani@cabrillo.edu 33
Implementing the Cisco VPN Client
Rick Graziani graziani@cabrillo.edu 34
Lab 3.1 Configuring SDM on a Router
Rick Graziani graziani@cabrillo.edu 35
Lab 3.2 Configuring a Basic GRE Tunnel
Rick Graziani graziani@cabrillo.edu 36
Lab 3.3 Configuring Wireshark and SPAN
Rick Graziani graziani@cabrillo.edu 37
Lab 3.4 Configuring Site-to-Site IPsec VPNs with SDM
Rick Graziani graziani@cabrillo.edu 38
Lab 3.5 Configuring Site-to-Site IPsec VPNs with the IOS CLI
Rick Graziani graziani@cabrillo.edu 39
Lab 3.6 Configuring a Secure GRE Tunnel with SDM
Rick Graziani graziani@cabrillo.edu 40
Lab 3.7 Configuring a Secure GRE Tunnel with the IOS CLI
Rick Graziani graziani@cabrillo.edu 41
Lab 3.8 Configuring IPsec VTIs
Rick Graziani graziani@cabrillo.edu 42
Lab 3.9 Configuring Easy VPN with SDM
Rick Graziani graziani@cabrillo.edu 43
Lab 3.10 Configuring Easy VPN with the IOS CLI
Rick Graziani graziani@cabrillo.edu 44
Chapter 4 Frame Mode MPLS
• Introducing MPLS Networks
• Assigning MPLS Labels to Packets
• Implementing Frame Mode MPLS
• Describing MPLS VPN Technology
• MPLS Lab Exercises
Rick Graziani graziani@cabrillo.edu 45
Introducing MPLS Networks
Rick Graziani graziani@cabrillo.edu 46
Assigning MPLS Labels to Packets
Rick Graziani graziani@cabrillo.edu 47
Implementing Frame Mode MPLS
Rick Graziani graziani@cabrillo.edu 48
Describing MPLS VPN Technology
Rick Graziani graziani@cabrillo.edu 49
Lab 4.1 Configuring Frame Mode MPLS
Rick Graziani graziani@cabrillo.edu 50
Lab 4.2 Challenge Lab: Implementing MPLS VPNs (Optional)
Rick Graziani graziani@cabrillo.edu 51
Chapter 5 Cisco Device Hardening
• Thinking Like a Hacker • Mitigating Network Attacks • Network Attacks Using Intelligence • Disabling Unused Cisco Router Network Services and
Interfaces• Securing Cisco Router Administrative Access• Configuring Role-Based CLI • Mitigating Threats and Attacks with Access Lists• Securing Management and Reporting Features • Configuring SNMP • Configuring the NTP Client • Configuring AAA on Cisco Routers • Cisco Device Hardening Lab Exercises
Rick Graziani graziani@cabrillo.edu 52
Thinking Like a Hacker
Rick Graziani graziani@cabrillo.edu 53
Mitigating Network Attacks
Rick Graziani graziani@cabrillo.edu 54
Network Attacks Using Intelligence
Rick Graziani graziani@cabrillo.edu 55
Disabling Unused Cisco Router Network Services and Interfaces
Rick Graziani graziani@cabrillo.edu 56
Securing Cisco Router Administrative Access
Rick Graziani graziani@cabrillo.edu 57
Configuring Role-Based CLI
Rick Graziani graziani@cabrillo.edu 58
Mitigating Threats and Attacks with Access Lists
Rick Graziani graziani@cabrillo.edu 59
Securing Management and Reporting Features
Rick Graziani graziani@cabrillo.edu 60
Configuring SNMP
Rick Graziani graziani@cabrillo.edu 61
Configuring the NTP Client
Rick Graziani graziani@cabrillo.edu 62
Configuring AAA on Cisco Routers
Rick Graziani graziani@cabrillo.edu 63
Lab 5.1 Using SDM One-Step Lockdown
Rick Graziani graziani@cabrillo.edu 64
Lab 5.2 Securing a Router with Cisco AutoSecure
Rick Graziani graziani@cabrillo.edu 65
Lab 5.3 Disabling Unneeded Services
Rick Graziani graziani@cabrillo.edu 66
Lab 5.4 Enhancing Router Security
Rick Graziani graziani@cabrillo.edu 67
Lab 5.5 Configuring Logging
Rick Graziani graziani@cabrillo.edu 68
Lab 5.6 Configuring AAA Authentication
Rick Graziani graziani@cabrillo.edu 69
Lab 5.7 Configuring Role-Based CLI Views
Rick Graziani graziani@cabrillo.edu 70
Lab 5.8 Configuring NTP
Rick Graziani graziani@cabrillo.edu 71
Chapter 6 Cisco IOS Threat Defense Features
• Introducing the Cisco IOS Firewall
• Configuring Cisco IOS Firewall from the CLI
• Basic and Advanced Firewall Wizards
• Introducing Cisco IOS IPS
• Configuring Cisco IOS IPS
• Threat Defense Lab Exercises
Rick Graziani graziani@cabrillo.edu 72
Introducing the Cisco IOS Firewall
Rick Graziani graziani@cabrillo.edu 73
Configuring Cisco IOS Firewall from the CLI
Rick Graziani graziani@cabrillo.edu 74
Basic and Advanced Firewall Wizards
Rick Graziani graziani@cabrillo.edu 75
Introducing Cisco IOS IPS
Rick Graziani graziani@cabrillo.edu 76
Configuring Cisco IOS IPS
Rick Graziani graziani@cabrillo.edu 77
Lab 6.1 Configuring a Cisco IOS Firewall Using SDM
Rick Graziani graziani@cabrillo.edu 78
Lab 6.2 Configuring CBAC
Rick Graziani graziani@cabrillo.edu 79
Lab 6.3 Configuring IPS with SDM
Rick Graziani graziani@cabrillo.edu 80
Lab 6.4 Configuring IPS with CLI
ISCWImplementing Secure Cisco WANs
Preview
CIS 186 ISCW
Rick Graziani
Fall 2007