Onemind Services Partner with Training World 360 for our training delivery and Lab delivery is Backed up our Partner Cloudmylab.

Implementing Cisco IOS Network Security**CCNA Security** (IINS v3.0)

Overview/Objective


Implementing Cisco Network Security (IINS) v3.0 is a 5-day instructor-led course focusing on security principles and technologies, using Cisco security products to provide hands-on examples. Using instructor-led discussions, extensive hands-on lab exercises, and supplemental materials, this course allows learners to understand common security concepts, and deploy basic security techniques utilizing a variety of popular security appliances within a “real-life” network infrastructure.

Upon completing this course, the learner will be able to meet these overall objectives:

  • Describe common network security concepts
  • Secure routing and switching infrastructure
  • Deploy basic authentication, authorization and accounting services
  • Deploy basic firewalling services
  • Deploy basic site-to-site and remote access VPN services
  • Describe the use of more advanced security services such as intrusion protection, content security and identity management




Course outline


Module 1: Security Concepts


    • Lesson 1: Threatscape

      • Threatscape Overview

      • DoS and DDoS

      • Spoofing

      • Reflection and Amplification Attacks

      • Social Engineering

      • Evolution of Phishing

      • Password Attacks

      • Reconnaissance Attacks

      • Buffer Overflow Attacks

      • Man-in-the-Middle Attacks

      • Malware

      • Vectors of Data Loss and Exfiltration

      • Hacking Tools

      • Other Considerations

      • Summary







    • Lesson 2: Threat Defense Technologies

      • Firewalls

      • Intrusion Prevention Systems

      • Content Security

      • VPNs

      • Endpoint Security

      • Logging

      • Summary







    • Lesson 3: Security Policy and Basic Security Architectures

      • Information Security Overview

      • Classifying Assets, Vulnerabilities, and Countermeasures

      • Managing Risk

      • Regulatory Compliance

      • Principles of Secure Network Design

      • Security Policy

      • Security Zones

      • The Functional Planes of the Network

      • Summary







    • Lesson 4: Cryptographic Technologies

      • Cryptography Overview

      • Hash Algorithms

      • Encryption Overview

      • Cryptanalysis

      • Symmetric Encryption Algorithms

      • Asymmetric Encryption Algorithms

      • Use Case: SSH

      • Digital Signatures

      • PKI Overview

      • PKI Operations

      • Use Case: SSL/TLS

      • Key Management

      • Discovery 1: Exploring Cryptographic Technologies

      • Summary







    • Lesson 5: Module Summary

      • References







    • Lesson 6: Module Self-Check




Module 2: Secure Network Devices


    • Lesson 1: Implementing AAA

      • Introduction to AAA

      • AAA Databases

      • AAA Protocols

      • AAA Servers

      • SSH Configuration and Operation on IOS

      • IOS Authorization with Privilege Levels

      • Implementing Local AAA Authentication and Authorization

      • Authorization with Role-Based CLI

      • TACACS+ on IOS

      • Discovery 2: Configure and Verify AAA

      • Summary







    • Lesson 2: Management Protocols and Systems

      • IOS File System

      • Copying Files to and from Network Devices

      • Validating IOS Images Using MD5

      • Digitally Signed Images

      • IOS Resilient Configuration

      • NTP

      • Syslog

      • Memory and CPU Threshold Notifications

      • Netflow

      • Configuration Management Protocol Options

      • HTTPS Configuration and Operation

      • SNMPv3 Configuration and Operation

      • Locking Down Management Access with ACLs

      • Other Password Considerations

      • Discovery 3: Configuration Management Protocols

      • Summary







    • Lesson 3: Securing the Control Plane

      • The Control Plane

      • Control Plane Policing

      • Control Plane Protection

      • Authenticating Routing Protocols

      • OSPF Route Authentication

      • EIGRP Route Authentication

      • Discovery 4: Securing Routing Protocols







    • Lesson 4: Module Summary

      • References







    • Lesson 5: Module Self-Check




Module 3: Layer 2 Security


    • Lesson 1: Securing Layer 2 Infrastructure

      • Introduction to Layer 2 Security

      • Ethernet Switching Overview

      • VLAN Overview

      • VLAN Configuration

      • 802.1Q Trunking

      • Trunk Attacks

      • Trunk Configuration and Attack Mitigation

      • CDP

      • ACL Primer

      • ACLs on Switches

      • MAC Address Abuse

      • Port Security

      • Private VLANs

      • Private VLAN Edge

      • Private VLAN Proxy Attack and Mitigation

      • Discovery 5: VLAN Security and ACLs on Switches

      • Discovery 6: Port Security and Private VLAN Edge

      • Summary







    • Lesson 2: Securing Layer 2 Protocols

      • STP Overview

      • STP Attacks

      • STP Attack Mitigation

      • DHCP Overview

      • DHCP Attacks

      • DHCP Snooping

      • ARP Overview

      • ARP Cache Poisoning Attack

      • Dynamic ARP Inspection

      • Discovery 7: Securing DHCP, ARP, and STP

      • Summary







    • Lesson 3: Module Summary

      • References







    • Lesson 4: Module Self-Check




Module 4: Firewall


    • Lesson 1: Firewall Technologies

      • Firewall Overview

      • Packet Filters

      • Stateful Firewalls

      • Proxy Servers

      • Next Generation Firewalls

      • Logging

      • Discovery 8: Explore Firewall Technologies

      • Summary







    • Lesson 2: Introducing the Cisco ASA v9.2

      • Introducing the Cisco ASA Family of Security Appliances

      • Cisco ASA Firewall Features

      • Modes of Deployment

      • Security Contexts

      • High-Availability and Failover

      • Configuring Management Access on the Cisco ASA

      • Configuring Cisco ASA Interfaces

      • NAT Fundamentals

      • Configure NAT on Cisco ASA

      • Configure Static NAT on Cisco ASA

      • Configure Dynamic NAT on Cisco ASA

      • Configure PAT on Cisco ASA

      • Configure Policy NAT on Cisco ASA

      • Verify NAT Operations

      • Discovery 9: Cisco ASA Interfaces and NAT

      • Summary







    • Lesson 3: Cisco ASA Access Control and Service Policies

      • Overview of Interface Access Rules

      • Configure Interface Access Rules

      • Configure Object Groups

      • Introducing Cisco ASA Modular Policy Framework

      • Configuring Cisco MPF Service Policy Rules

      • Discovery 10: Access Control Using the Cisco ASA

      • Summary







    • Lesson 4: Cisco IOS Zone Based Firewall

      • Zone-Based Policy Firewall Overview

      • Zones and Zone Pairs

      • Introduction to Cisco Common Classification Policy Language

      • Default Policies, Traffic Flows, and Zone Interaction

      • Cisco Common Classification Policy Language (C3PL) Configuration Overview

      • Configuring Zone-Based Policy Firewall Class-Maps

      • Configuring Zone-Based Policy Firewall Policy-Maps

      • Discovery 11: Exploring Cisco IOS Zone-Based Firewall

      • Summary







    • Lesson 5: Module Summary

      • References







    • Lesson 6: Module Self-Check




Module 5: VPN


    • Lesson 1: IPsec Technologies

      • IPsec VPNs

      • IPsec Security Services

      • IPsec Framework

      • Internet Key Exchange

      • IKE Phase 1

      • ISAKMP Configuration

      • IPsec Protocols

      • IKE Phase 2

      • IPsec Configuration

      • Suite B Cryptographic Standard

      • IKE Version 2

      • IPsec with IPv6

      • Discovery 12: Explore IPsec Technologies

      • Summary







    • Lesson 2: Site-to-Site VPN

      • Site-to-Site Tunnel Negotiation Process

      • Configuring Site-to-Site IPsec VPN

      • Step 1: Ensure That ACLs Are Compatible with IPsec

      • Step 2: Create ISAKMP IKE Phase 1 Policies

      • Step 3: Configure Transform Sets

      • Step 4: Create Crypto ACLs Using Extended ACLs

      • Step 5: Configure IPsec Crypto Maps

      • Verifying the IPsec Configuration

      • Configuring Site-to-Site VPN on Cisco ASA

      • Monitoring Site-to-Site VPN Configuration in ASDM

      • Discovery 13: IOS-Based Site-to-Site VPN

      • Discovery 14: ASA-Based Site-to-Site VPN

      • Summary







    • Lesson 3: Client Based Remote Access VPN

      • Secure Sockets Layer and Transport Layer Security

      • Basic Cisco AnyConnect SSL VPN

      • Cisco AnyConnect SSL VPN Solution Components

      • SSL VPN Server Authentication

      • SSL VPN Client Authentication

      • SSL VPN Client IP Address Assignment

      • Basic AnyConnect SSL VPN Configuration Tasks

      • Discovery 15: Remote Access VPN: ASA and AnyConnect

      • Summary







    • Lesson 4: Clientless Remote Access VPN

      • Cisco Clientless SSL VPN

      • Cisco Clientless SSL VPN Use Cases

      • Cisco Clientless SSL VPN Resource Access Methods

      • Basic Clientless SSL VPN Solution

      • Server Authentication in Basic Clientless SSL VPN

      • Client-Side Authentication in Basic Clientless SSL VPN

      • Clientless SSL VPN URL Entry and Bookmarks

      • Basic Access Control for Clientless SSL VPN

      • Basic Clientless SSL VPN Configuration Tasks

      • Discovery 16: Clientless Remote Access VPN

      • Summary







    • Lesson 5: Module Summary

      • References







    • Lesson 6: Module Self-Check




Module 6: Advanced Topics


    • Lesson 1: Intrusion Detection and Protection

      • Introduction to IPS

      • IPS Terminology

      • Evasion Techniques and Countermeasures

      • Protecting the Network with FireSIGHT

      • FireSIGHT Protection Before an Attack

      • FireSIGHT Protection During an Attack

      • FireSIGHT Protection After an Attack

      • FireSIGHT Deployment Options

      • Inline and Passive Mode Deployment Options

      • Summary







    • Lesson 2: Endpoint Protection

      • Endpoint Security Overview

      • Personal Firewalls

      • Antivirus and Antispyware

      • Centralized Endpoint Policy Enforcement

      • Cisco AMP for Endpoints

      • Summary







    • Lesson 3: Content Security

      • Cisco ESA Deployment

      • Cisco ESA Overview

      • Cisco ESA Features and Benefits

      • Cisco ESA GUI Management

      • Cisco ESA Mail Processing

      • Cisco WSA Deployment

      • Cisco WSA Overview

      • Cisco WSA Features and Benefits

      • Cisco WSA GUI Management

      • Cisco CWS Deployment

      • Cisco CWS Overview

      • Cisco CWS Features and Benefits

      • Summary







    • Lesson 4: Advanced Network Security Architectures

      • Modular Network Architectures

      • Security Issues in Modern Networks

      • Identity Management

      • BYOD Challenge

      • Cisco TrustSec

      • Summary







    • Lesson 5: Module Summary

      • References







    • Lesson 6: Module Self-Check







Audience and Prerequisites


Audience



  • Channel Partners

  • Customers

  • Employees


Prerequisites


The knowledge and skills that a learner must have before attending this course are as follows:



  • Skills and knowledge equivalent to those learned in Interconnecting Cisco Networking Devices Part 1 (ICND1)

  • Working knowledge of the Windows operating system

  • Working knowledge of Cisco IOS networking and concepts




Delivery Method


Web-Based ILT


Duration 5 Days





Implementing Cisco Edge Network Security Solutions**Part of the CCNP Security certification track** (SENSS v1.0)

Overview/Objective


After completing this course the student should be able to:



  • Describe and implement Cisco Web Security Appliance

  • Describe and implement Cloud Web Security

  • Describe and implement Cisco Email Security Appliance

  • Describe and implement Advanced Malware Protection

  • Describe and implement Cisco FirePOWER Next-Generation IPS

  • Describe and implement Cisco ASA FirePOWER Services Module




Course outline


Module 1: Cisco Web Security Appliance

  • Lesson 1: Describing the Cisco Web Security Appliance Solutions

    • Cisco Modular Network Architecture and Cisco WSA

    • Cisco WSA Overview

    • Cisco WSA Architecture

    • Cisco WSA Malware Detection and Protection

    • Cisco Web-Based Reputation Score

    • Cisco WSA Acceptable Use Policy Enforcement

    • Cisco WSA GUI Management

    • Cisco WSA Committing the Configuration Changes

    • Cisco WSA Policy Types Overview

    • Cisco WSA Access Policies

    • Cisco WSA Identity: To Whom Does This Policy Apply?

    • Cisco WSA Identity Example

    • Cisco WSA Policy Assignment Using Identity

    • Cisco WSA Identity and Authentication

    • Cisco WSA Policy Trace Tool

    • Challenge



  • Lesson 2: Integrating the Cisco Web Security Appliance

    • Explicit vs. Transparent Proxy Mode

    • Explicit Proxy Mode

    • PAC Files

    • PAC File Deployment Options

    • PAC File Hosting on Cisco WSA

    • Traffic Redirection In Transparent Mode

    • Connecting the Cisco WSA to a WCCP Router

    • Verifying WCCP

    • Challenge



  • Lesson 3: Configuring Cisco Web Security Appliance Identities and User Authentication Controls

    • Configure Identities to Group Client Transactions

    • Configure Policy Groups

    • The Need for User Authentication

    • Authentication Protocols and Schemes

    • Basic Authentication in Explicit Proxy and Transparent Proxy Mode

    • Configure Realms and Realm Sequences

    • Configure NTLM Realm for Active Directory

    • Join Cisco WSA to Active Directory

    • Configure Global Authentication Settings

    • Configure an Identity to Require Authentication (Basic or NTLMSSP)

    • Configure an Identity to Require Transparent User Identification

    • Configure LDAP Realm for LDAP Servers

    • Define How User Information Is Stored in LDAP

    • Bind Cisco WSA to the LDAP Directory

    • LDAP Group Authorization

    • Allowing Guest Access to Users Who Fail Authentication

    • Testing Authentication Settings

    • Authenticated Users in Reports

    • Challenge



  • Lesson 4: Configuring Cisco Web Security Appliance Acceptable Use Controls

    • Acceptable Use Controls

    • URL Categorizing Process

    • Application Visibility and Control Overview

    • Streaming Media Bandwidth Control Overview

    • Enable Acceptable Use Controls

    • Using the Policies Table

    • Configure URL Filtering

    • Enable Safe Search and Site Content Ratings

    • Configure Custom URL Categories

    • URL Category Reports

    • Configuring AVC

    • Configure Media Bandwidth Limits

    • AVC Reports

    • Challenge



  • Lesson 5: Configuring Cisco Web Security Appliance Anti-Malware Controls

    • Dynamic Vectoring and Streaming Engine Overview

    • Contrast Webroot with Sophos or McAfee Malware Scanning

    • Adaptive Scanning Overview

    • Web Reputation Filtering Overview

    • Enable Web Reputation Filtering, Adaptive Scanning and Malware Scanning

    • Configure Inbound Web Reputation Filtering and Malware Scanning

    • Configure Outbound Malware Scanning

    • Malware Reports

    • Challenge



  • Lesson 6: Configuring Cisco Web Security Appliance Decryption

    • HTTPS Proxy Operations Overview

    • Enable HTTPS Proxy

    • Invalid Destination Web Server Certificate Handling

    • Configure Decryption Policies

    • Challenge



  • Lesson 7: Configuring Cisco Web Security Appliance Data Security Controls

    • Cisco WSA Data Security Overview

    • Data Security Policies

    • Control Uploaded Content

    • External Data Loss Prevention

    • Add an ICAP Server

    • Challenge




Module 2: Cisco Cloud Web Security



  • Lesson 1: Describing the Cisco Cloud Web Security Solutions

    • Cisco Modular Network Architecture and Cisco Cloud Web Security (CWS)

    • Cisco Cloud Web Security Overview

    • Cisco Cloud Web Security Traffic Flow Overview

    • Cisco Cloud Web Security URL Filtering, AVC, and Reporting Features Overview

    • Cisco Cloud Web Security Scanning Processes and Day Zero Outbreak Intelligence Overview

    • Cisco ScanCenter Overview

    • Challenge



  • Lesson 2: Configuring Cisco Cloud Web Security Connectors

    • Cisco Cloud Web Security Traffic Redirection Overview

    • Cisco Cloud Web Security Authentication Key

    • Authentication Key Generation from the Cisco ScanCenter

    • Verifying Traffic Redirection to CWS Using Special URL

    • Cisco ASA Cloud Web Security Overview

    • Cisco ASA Cloud Web Security Basic Configuration Using ASDM

    • Cisco ASA Cloud Web Security Basic Configuration Using the CLI

    • Cisco ASA Cloud Web Security Configuration with the Whitelist and Identity Options Using the CLI

    • Verifying Cisco ASA Cloud Web Security Operations Using the Cisco ASDM

    • Verifying Cisco ASA Cloud Web Security Operations Using the CLI

    • Cisco AnyConnect Web Security Module Overview

    • Cisco AnyConnect Web Security Module for Standalone Use Overview

    • Configure Cisco AnyConnect Web Security Module for Standalone Use

    • Configure Cisco ASA to Download the Web Security Module to the Client Machine

    • Verifying Cisco AnyConnect Web Security Module Operations

    • Cisco ISR G2 Cloud Web Security Overview

    • Cisco ISR G2 Cloud Web Security Configuration

    • Cisco ISR G2 Cloud Web Security Verification

    • Cisco WSA Cloud Web Security Overview

    • Challenge



  • Lesson 3: Describing the Web Filtering Policy in Cisco ScanCenter

    • ScanCenter Web Filtering Policy Overview

    • ScanCenter Web Filtering Policy Configuration HTTPS Inspection Configuration Overview

    • ScanCenter Web Filtering Verification

    • ScanCenter Web Filtering Reporting

    • Challenge




Module 3: Cisco Email Security Appliance



  • Lesson 1: Describing the Cisco Email Security Solutions

    • Cisco Modular Network Architecture and Cisco ESA

    • Cisco Hybrid Email Security Solution Overview

    • SMTP Terminologies

    • SMTP Flow

    • SMTP Conversation

    • Cisco ESA Services Overview

    • Cisco ESA GUI Management

    • Cisco ESA Committing the Configuration Changes

    • Cisco ESA Licensing

    • Incoming Mail Processing Overview

    • Outgoing Mail Processing Overview

    • Cisco ESA LDAP Integration Overview

    • Cisco Registered Envelope Service (CRES) Overview

    • Challenge



  • Lesson 2: Describing the Cisco Email Security Appliance Basic Setup Components

    • Cisco ESA Listener Overview

    • Cisco ESA Listener Type: Private and Public

    • Cisco ESA One Interface/One Listener Deployment Example

    • Cisco ESA Two Interfaces/Two Listeners Deployment Example

    • Cisco ESA Listener Major Components: HAT and RAT

    • Cisco ESA One Listener Deployment Scenario

    • One Listener Deployment Scenario: Interfaces and Listener

    • One Listener Deployment Scenario: LDAP Accept Query

    • One Listener Deployment Scenario: HAT

    • One Listener Deployment Scenario: HAT > Sender Group

    • One Listener Deployment Scenario: HAT > Sender Group SBRS

    • One Listener Deployment Scenario: HAT > BLACKLIST Sender Group

    • One Listener Deployment Scenario: HAT > RELAYLIST Sender Group

    • One Listener Deployment Scenario: HAT > Add Sender Group

    • One Listener Deployment Scenario: HAT > Mail Flow Policy

    • One Listener Deployment Scenario: HAT > Mail Flow Policy > Anti-Spam and Anti-Virus

    • One Listener Deployment Scenario: HAT > Mail Flow Policies Summary

    • One Listener Deployment Scenario: RAT

    • One Listener Deployment Scenario: SMTP Routes

    • One Listener Deployment Scenario: Email Relaying on Internal Mail Server

    • Challenge



  • Lesson 3: Configuring Cisco Email Security Appliance Basic Incoming and Outgoing Mail Policies

    • Cisco ESA Incoming and Outgoing Mail Policies Overview

    • Cisco ESA Mail Policies Matching

    • Anti-Spam Overview

    • Anti-Spam Configuration

    • Spam Quarantine Configuration

    • Policy, Virus, Outbreak Quarantines Configuration

    • Anti-Virus Overview

    • Anti-Virus Configuration

    • Content Filters Overview

    • Content Filters Configuration

    • Outbreak Filters Overview

    • Outbreak Filters Configuration

    • Data Loss Prevention Overview

    • Data Loss Prevention Configuration

    • Reporting Overview

    • Message Tracking

    • Trace

    • Challenge




Module 4: Advanced Malware Protection for Endpoints



  • Lesson 1: AMP for Endpoints Overview and Architecture

    • Modern Malware

    • Why Defenses Fail

    • Introduction to AMP for Endpoints

    • AMP for Endpoints Architecture

    • AMP Connector Architecture

    • Installation Components

    • How AMP Connector Components Interact

    • The Role of the AMP Cloud

    • Transaction Processing

    • Additional Transaction Processing

    • Real-time Data Mining

    • Private Cloud Architecture

    • Private Cloud Modes

    • Cloud Proxy Mode Communications

    • Air Gap Mode

    • Challenge



  • Lesson 2: Customizing Detection and AMP Policy

    • Detection, Application Control, DFC Options, and IOCs

    • Endpoint Policy

    • Policy Modes

    • Simple Custom Detections

    • Creating A Simple Custom Detection

    • Application Blocking

    • Advanced Custom Signatures

    • Whitelisting

    • Android Custom Detections

    • DFC IP Blacklists and Whitelists

    • DFC IP Blacklists

    • DFC IP Whitelists

    • Configuring Exclusions

    • Custom Exclusion Sets

    • Challenge



  • Lesson 3: IOCs and IOC Scanning

    • Indications of Compromise (IOCs)

    • IOC Scanning

    • Customizing IOCs

    • Challenge



  • Lesson 4: Deploying AMP Connectors

    • Groups

    • Creating Groups

    • Deploying Windows Connectors

    • Direct Download Deployment

    • Creating the Installer (Public Cloud)

    • Email Deployment

    • Microsoft Windows Installation and Interface

    • Connectivity Considerations

    • Command-Line Installation

    • Challenge



  • Lesson 5: AMP Analysis Tools

    • Event View Filters

    • Events List

    • Event Detail: File Detection

    • Event Detail: Connector Info

    • Event Detail: Comments

    • File Analysis

    • The File Analysis Page

    • File Analysis Results

    • File Repository

    • Trajectory

    • File Trajectory Page

    • Device Trajectory

    • Device Trajectory Filters and Search

    • Prevalence

    • Vulnerable Software

    • Reporting

    • Creating a Report

    • Challenge




Module 5: Cisco FirePOWER Next-Generation IPS



  • Lesson 1: Describing the Cisco FireSIGHT System

    • Cisco FireSIGHT System Overview

    • Cisco FirePOWER NGIPS and NGFW

    • Cisco FireSIGHT System Detection and Architecture

    • Cisco FireSIGHT System Components

    • Cisco FireSIGHT System Device Configuration

    • Traffic Flows

    • Challenge



  • Lesson 2: Configuring and Managing Cisco FirePOWER Devices

    • Introduction to Device Management

    • Interfaces Tab

    • Virtual Device Configuration

    • Static Route Configuration

    • Object Management

    • Challenge



  • Lesson 3: Implementing an Access Control Policy

    • Access Control Policy Overview

    • Access Control Policy Configuration

    • Default Action

    • Targets Tab

    • Security Intelligence

    • HTTP Responses

    • Advanced Tab

    • Access Control Policy Rules

    • Rule Constraints Overview

    • Save and Apply the Access Control Policy

    • Challenge



  • Lesson 4: Understanding Discovery Technology

    • Introduction to Host Discovery

    • Network Discovery Policy

    • Discovery Overview

    • Challenge



  • Lesson 5: Configuring File-Type and Network Malware Detection

    • Introduction to Network-Based Malware Detection

    • Network-Based Malware Detection Overview

    • File Dispositions

    • Important Network-Based Malware Detection Concepts

    • Retrospective Event Overview

    • Cisco FireSIGHT File-Type Detection Architecture

    • Cisco FireSIGHT Malware Detection Architecture

    • File Disposition Caching

    • File Lists

    • File Policy

    • Challenge



  • Lesson 6: Managing SSL Traffic with Cisco FireSIGHT

    • SSL Traffic Management Overview

    • SSL Inspection Architecture

    • Cisco FireSIGHT SSL Inspection

    • SSL Policy

    • Challenge



  • Lesson 7: Describing IPS Policy and Configuration Concepts

    • Introduction to IPS Policy

    • Policy Layering Model

    • Rule Management

    • Cisco FireSIGHT Rule Recommendations

    • IPS Policy Layering

    • Challenge



  • Lesson 8: Describing the Network Analysis Policy

    • Network Analysis Policy Introduction

    • Network Analysis Policy Customization

    • Preprocessors

    • Network Analysis Policy Configuration

    • Network Analysis Policy Creation

    • Preprocessor Configuration

    • Challenge



  • Lesson 9: Creating Reports

    • Reporting System Overview

    • Report Templates

    • Report Sections

    • Advanced Settings

    • Challenge



  • Lesson 10: Describing Correlation Rules and Policies

    • Correlation Policies Overview

    • Correlation Policy Responses

    • Remediations Configuration

    • Remediation Module Configuration

    • Correlation Policy Rules

    • Correlation Policies Overview

    • Correlation Events

    • Whitelists Overview

    • Whitelist Events and Violations

    • Traffic Profiles Overview

    • Traffic Profiles in Correlation Policies

    • Challenge



  • Lesson 11: Understanding Basic Rule Syntax and Usage

    • Basic Snort Rule Structure

    • Snort Rule Headers

    • Snort Rule Bodies

    • Challenge




Module 6: Cisco ASA FirePOWER Services Module



  • Lesson 1: Installing Cisco ASA 5500-X Series FirePOWER Services (SFR) Module

    • Cisco ASA FirePOWER Services (SFR) Module Overview

    • Cisco FireSIGHT Management Center Overview

    • Cisco ASA FirePOWER Services Software Module Management Interface

    • Cisco ASA FirePOWER Services Module Package Installation

    • Cisco ASA FirePOWER Services Module Verification

    • Redirect Traffic to Cisco ASA FirePOWER Services Module

    • Challenge







Audience and Prerequisites


Audience



  • Channel Partners

  • Customers

  • Employees


Prerequisites


The knowledge and skills that a learner must have before attending this course are as follows:



  • Cisco Certified Network Associate (CCNA) certification

  • Cisco Certified Network Associate (CCNA) Security certification

  • Knowledge of Microsoft Windows operating system




Delivery Method


Web-Based ILT Duration 5 Days





Implementing Cisco Secure Mobility Solutions**Part of the CCNP Security certification track** (SIMOS v1.0)

Overview/Objective


Upon completing this course, you will be able to:



  • Describe the various VPN technologies and deployments as well as the cryptographic algorithms and protocols that provide VPN security.

  • Implement and maintain Cisco site-to-site VPN solutions.

  • Implement and maintain Cisco FlexVPN in point-to-point, hub-and-spoke, and spoke-to-spoke IPsec VPNs.

  • Implement and maintain Cisco clientless SSL VPNs.

  • Implement and maintain Cisco AnyConnect SSL and IPsec VPNs.

  • Implement and maintain endpoint security and dynamic access policies (DAP).




Course outline


Module 1: Fundamentals of VPN Technologies and Cryptography




    • Lesson 1: The Role of VPNs in Network Security

    • Lesson 2: VPNs and Cryptography



Module 2: Deploying Secure Site-to-Site Connectivity Solutions




    • Lesson 1: Introducing Cisco Secure Site-to-Site Connectivity Solutions

    • Lesson 2: Deploying Point-to-Point IPsec VPNs on the Cisco ASA

    • Lesson 3: Deploying Cisco IOS VTI-Based Point-to-Point IPsec VPNs

    • Lesson 4: Deploying Cisco IOS DMVPNs



Module 3: Deploying Cisco IOS Site-to-Site FlexVPN Solutions




    • Lesson 1: Introducing Cisco FlexVPN Solution

    • Lesson 2: Deploying Point-to-Point IPsec VPNs Using Cisco IOS FlexVPN

    • Lesson 3: Deploying Hub-and-Spoke IPsec VPNs Using Cisco IOS FlexVPN

    • Lesson 4: Deploying Spoke-to-Spoke IPsec VPNs Using Cisco IOS FlexVPN



Module 4: Deploying Clientless SSL VPN




    • Lesson 1: Clientless SSL VPN Overview

    • Lesson 2: Deploying Basic Cisco Clientless SSL VPN

    • Lesson 3: Deploying Application Access in Clientless SSL VPN

    • Lesson 4: Deploying Advanced Authentication in Clientless SSL VPN



Module 5: Deploying Cisco AnyConnect VPNs




    • Lesson 1 Overview of Cisco AnyConnect VPNs

    • Lesson 2 Deploying Basic Cisco AnyConnect SSL VPN on Cisco ASA

    • Lesson 3 Deploying Advanced Cisco AnyConnect SSL VPN on Cisco ASA

    • Lesson 4 Deploying Cisco AnyConnect IPsec/IKEv2 VPNs

    • Lesson 5 Deploying Advanced Authentication, Authorization, and Accounting in Cisco AnyConnect VPNs



Module 6: Deploying Endpoint Security and Dynamic Access Policies




    • Lesson 1: Implementing Host Scan

    • Lesson 2: Implementing DAP for SSL VPNs





Audience and Prerequisites


Audience



  • Channel Partners

  • Customers

  • Employees


Prerequisites


The knowledge and skills that a learner must have before attending this course are as follows:



  • Cisco Certified Network Associate (CCNA) certification

  • Cisco Certified Network Associate (CCNA) Security certification

  • Knowledge of Microsoft Windows operating system




Delivery Method


Web-Based ILT Duration 5 Days





Implementing Cisco Secure Access Solutions**Part of the CCNP Security certification track** (SISAS v1.0)

АВТОРЫ

Основная команда


  • Виталий Красновид: руководитель проекта, перевод текста, тестирование
  • Анатолий Калифицкий: звукорежиссёр
  • Евгений Сухарев: перевод текста, тестирование
  • Николай Горелов: помощь в переводе
  • Александр Киселёв (ponaromixxx): упаковка ресурсов, инсталлятор




Роли озвучили


  • Максим Кулаков — Рассказчик Рукс
  • Элис Ковальская — Зия
  • Дмитрий Захаров — Зулф
  • Ева Финкельштейн — Турелька
  • Анатолий Миков — рассказчик Рукс (бонусная песня)




Отдельная благодарность


  • Сообществу Mechanics VoiceOver (MVO) и Дмитрию Вячеславовичу (spider91) за разбор ресурсов игры
  • Алексею Никитину за помощь в обработке оригинальной музыки
  • Филиппу Робозёрову за помощь в подборе актёров
  • Пользователю GolfNorth с форума Zone of Games за стилизованные шрифты
  • Команде переводчиков ZoG Forum Team, наработками которых вдохновлялась наша команда





ПАТЧНОУТ

1.0 от 04.04.2017


  • Первая публичная версия озвучки
  • Добавлено: Выбор компонентов
  • Добавлено: Возможность распаковать в папку с игрой русский саундтрек
  • Исправлено: Правки текста
  • Исправлено: Перезаписаны некоторые реплики




1.1 от 22.05.2017


  • Исправлено: Уезжающие кнопки в инсталляторе если используется сверхвысокое разрешение
  • Исправлено: Отображение текста в титрах
  • Исправлено: Отображение кавычек в субтитрах и другие мелкие ошибки
  • Исправлено: и перезаписано более ста реплик рассказчика
  • Добавлено: Недостающие реплики




1.2 от 18.11.2017


  • Добавлено: совместимость с актуальной Steam-версией игры (Build 1.49930, 2017-10-06)
  • Исправлено: мелкие правки инсталлятора
  • Исправлено: и перезаписано девять реплик рассказчика.




beta 0.2 от 26.03.2017


  • Добавлена: Озвучка всех персонажей
  • Исправлено: Правки текста




beta 0.1 от 08.01.2017


  • Текстовая сборка русификатора.





ДОПОЛНИТЕЛЬНО

Детали


  • Авторы: GamesVoice
  • OS: Windows (7, 8, 10), macOS, Linux
  • Лаунчеры: Steam / GOG
  • Версия: 1.2 от 18.11.2017
  • Дата выхода: 04.04.2017
  • Размер: 297 МБайт





Implementing Cisco Threat Control Solutions**Part of the CCNP Security certification track** (SITCS v1.5)

Overview/Objective


After completing this course the student should be able to:



  • Describe and implement Cisco Web Security Appliance

  • Describe and implement Cloud Web Security

  • Describe and implement Cisco Email Security Appliance

  • Describe and implement Advanced Malware Protection

  • Describe and implement Cisco FirePOWER Next-Generation IPS

  • Describe and implement Cisco ASA FirePOWER Services Module




Course outline


Module 1: Cisco Web Security Appliance

  • Lesson 1: Describing the Cisco Web Security Appliance Solutions

    • Cisco Modular Network Architecture and Cisco WSA

    • Cisco WSA Overview

    • Cisco WSA Architecture

    • Cisco WSA Malware Detection and Protection

    • Cisco Web-Based Reputation Score

    • Cisco WSA Acceptable Use Policy Enforcement

    • Cisco WSA GUI Management

    • Cisco WSA Committing the Configuration Changes

    • Cisco WSA Policy Types Overview

    • Cisco WSA Access Policies

    • Cisco WSA Identity: To Whom Does This Policy Apply?

    • Cisco WSA Identity Example

    • Cisco WSA Policy Assignment Using Identity

    • Cisco WSA Identity and Authentication

    • Cisco WSA Policy Trace Tool

    • Challenge



  • Lesson 2: Integrating the Cisco Web Security Appliance

    • Explicit vs. Transparent Proxy Mode

    • Explicit Proxy Mode

    • PAC Files

    • PAC File Deployment Options

    • PAC File Hosting on Cisco WSA

    • Traffic Redirection In Transparent Mode

    • Connecting the Cisco WSA to a WCCP Router

    • Verifying WCCP

    • Challenge



  • Lesson 3: Configuring Cisco Web Security Appliance Identities and User Authentication Controls

    • Configure Identities to Group Client Transactions

    • Configure Policy Groups

    • The Need for User Authentication

    • Authentication Protocols and Schemes

    • Basic Authentication in Explicit Proxy and Transparent Proxy Mode

    • Configure Realms and Realm Sequences

    • Configure NTLM Realm for Active Directory

    • Join Cisco WSA to Active Directory

    • Configure Global Authentication Settings

    • Configure an Identity to Require Authentication (Basic or NTLMSSP)

    • Configure an Identity to Require Transparent User Identification

    • Configure LDAP Realm for LDAP Servers

    • Define How User Information Is Stored in LDAP

    • Bind Cisco WSA to the LDAP Directory

    • LDAP Group Authorization

    • Allowing Guest Access to Users Who Fail Authentication

    • Testing Authentication Settings

    • Authenticated Users in Reports

    • Challenge



  • Lesson 4: Configuring Cisco Web Security Appliance Acceptable Use Controls

    • Acceptable Use Controls

    • URL Categorizing Process

    • Application Visibility and Control Overview

    • Streaming Media Bandwidth Control Overview

    • Enable Acceptable Use Controls

    • Using the Policies Table

    • Configure URL Filtering

    • Enable Safe Search and Site Content Ratings

    • Configure Custom URL Categories

    • URL Category Reports

    • Configuring AVC

    • Configure Media Bandwidth Limits

    • AVC Reports

    • Challenge



  • Lesson 5: Configuring Cisco Web Security Appliance Anti-Malware Controls

    • Dynamic Vectoring and Streaming Engine Overview

    • Contrast Webroot with Sophos or McAfee Malware Scanning

    • Adaptive Scanning Overview

    • Web Reputation Filtering Overview

    • Enable Web Reputation Filtering, Adaptive Scanning and Malware Scanning

    • Configure Inbound Web Reputation Filtering and Malware Scanning

    • Configure Outbound Malware Scanning

    • Malware Reports

    • Challenge



  • Lesson 6: Configuring Cisco Web Security Appliance Decryption

    • HTTPS Proxy Operations Overview

    • Enable HTTPS Proxy

    • Invalid Destination Web Server Certificate Handling

    • Configure Decryption Policies

    • Challenge



  • Lesson 7: Configuring Cisco Web Security Appliance Data Security Controls

    • Cisco WSA Data Security Overview

    • Data Security Policies

    • Control Uploaded Content

    • External Data Loss Prevention

    • Add an ICAP Server

    • Challenge




Module 2: Cisco Cloud Web Security



  • Lesson 1: Describing the Cisco Cloud Web Security Solutions

    • Cisco Modular Network Architecture and Cisco Cloud Web Security (CWS)

    • Cisco Cloud Web Security Overview

    • Cisco Cloud Web Security Traffic Flow Overview

    • Cisco Cloud Web Security URL Filtering, AVC, and Reporting Features Overview

    • Cisco Cloud Web Security Scanning Processes and Day Zero Outbreak Intelligence Overview

    • Cisco ScanCenter Overview

    • Challenge



  • Lesson 2: Configuring Cisco Cloud Web Security Connectors

    • Cisco Cloud Web Security Traffic Redirection Overview

    • Cisco Cloud Web Security Authentication Key

    • Authentication Key Generation from the Cisco ScanCenter

    • Verifying Traffic Redirection to CWS Using Special URL

    • Cisco ASA Cloud Web Security Overview

    • Cisco ASA Cloud Web Security Basic Configuration Using ASDM

    • Cisco ASA Cloud Web Security Basic Configuration Using the CLI

    • Cisco ASA Cloud Web Security Configuration with the Whitelist and Identity Options Using the CLI

    • Verifying Cisco ASA Cloud Web Security Operations Using the Cisco ASDM

    • Verifying Cisco ASA Cloud Web Security Operations Using the CLI

    • Cisco AnyConnect Web Security Module Overview

    • Cisco AnyConnect Web Security Module for Standalone Use Overview

    • Configure Cisco AnyConnect Web Security Module for Standalone Use

    • Configure Cisco ASA to Download the Web Security Module to the Client Machine

    • Verifying Cisco AnyConnect Web Security Module Operations

    • Cisco ISR G2 Cloud Web Security Overview

    • Cisco ISR G2 Cloud Web Security Configuration

    • Cisco ISR G2 Cloud Web Security Verification

    • Cisco WSA Cloud Web Security Overview

    • Challenge



  • Lesson 3: Describing the Web Filtering Policy in Cisco ScanCenter

    • ScanCenter Web Filtering Policy Overview

    • ScanCenter Web Filtering Policy Configuration HTTPS Inspection Configuration Overview

    • ScanCenter Web Filtering Verification

    • ScanCenter Web Filtering Reporting

    • Challenge




Module 3: Cisco Email Security Appliance



  • Lesson 1: Describing the Cisco Email Security Solutions

    • Cisco Modular Network Architecture and Cisco ESA

    • Cisco Hybrid Email Security Solution Overview

    • SMTP Terminologies

    • SMTP Flow

    • SMTP Conversation

    • Cisco ESA Services Overview

    • Cisco ESA GUI Management

    • Cisco ESA Committing the Configuration Changes

    • Cisco ESA Licensing

    • Incoming Mail Processing Overview

    • Outgoing Mail Processing Overview

    • Cisco ESA LDAP Integration Overview

    • Cisco Registered Envelope Service (CRES) Overview

    • Challenge



  • Lesson 2: Describing the Cisco Email Security Appliance Basic Setup Components

    • Cisco ESA Listener Overview

    • Cisco ESA Listener Type: Private and Public

    • Cisco ESA One Interface/One Listener Deployment Example

    • Cisco ESA Two Interfaces/Two Listeners Deployment Example

    • Cisco ESA Listener Major Components: HAT and RAT

    • Cisco ESA One Listener Deployment Scenario

    • One Listener Deployment Scenario: Interfaces and Listener

    • One Listener Deployment Scenario: LDAP Accept Query

    • One Listener Deployment Scenario: HAT

    • One Listener Deployment Scenario: HAT > Sender Group

    • One Listener Deployment Scenario: HAT > Sender Group SBRS

    • One Listener Deployment Scenario: HAT > BLACKLIST Sender Group

    • One Listener Deployment Scenario: HAT > RELAYLIST Sender Group

    • One Listener Deployment Scenario: HAT > Add Sender Group

    • One Listener Deployment Scenario: HAT > Mail Flow Policy

    • One Listener Deployment Scenario: HAT > Mail Flow Policy > Anti-Spam and Anti-Virus

    • One Listener Deployment Scenario: HAT > Mail Flow Policies Summary

    • One Listener Deployment Scenario: RAT

    • One Listener Deployment Scenario: SMTP Routes

    • One Listener Deployment Scenario: Email Relaying on Internal Mail Server

    • Challenge



  • Lesson 3: Configuring Cisco Email Security Appliance Basic Incoming and Outgoing Mail Policies

    • Cisco ESA Incoming and Outgoing Mail Policies Overview

    • Cisco ESA Mail Policies Matching

    • Anti-Spam Overview

    • Anti-Spam Configuration

    • Spam Quarantine Configuration

    • Policy, Virus, Outbreak Quarantines Configuration

    • Anti-Virus Overview

    • Anti-Virus Configuration

    • Content Filters Overview

    • Content Filters Configuration

    • Outbreak Filters Overview

    • Outbreak Filters Configuration

    • Data Loss Prevention Overview

    • Data Loss Prevention Configuration

    • Reporting Overview

    • Message Tracking

    • Trace

    • Challenge




Module 4: Advanced Malware Protection for Endpoints



  • Lesson 1: AMP for Endpoints Overview and Architecture

    • Modern Malware

    • Why Defenses Fail

    • Introduction to AMP for Endpoints

    • AMP for Endpoints Architecture

    • AMP Connector Architecture

    • Installation Components

    • How AMP Connector Components Interact

    • The Role of the AMP Cloud

    • Transaction Processing

    • Additional Transaction Processing

    • Real-time Data Mining

    • Private Cloud Architecture

    • Private Cloud Modes

    • Cloud Proxy Mode Communications

    • Air Gap Mode

    • Challenge



  • Lesson 2: Customizing Detection and AMP Policy

    • Detection, Application Control, DFC Options, and IOCs

    • Endpoint Policy

    • Policy Modes

    • Simple Custom Detections

    • Creating A Simple Custom Detection

    • Application Blocking

    • Advanced Custom Signatures

    • Whitelisting

    • Android Custom Detections

    • DFC IP Blacklists and Whitelists

    • DFC IP Blacklists

    • DFC IP Whitelists

    • Configuring Exclusions

    • Custom Exclusion Sets

    • Challenge



  • Lesson 3: IOCs and IOC Scanning

    • Indications of Compromise (IOCs)

    • IOC Scanning

    • Customizing IOCs

    • Challenge



  • Lesson 4: Deploying AMP Connectors

    • Groups

    • Creating Groups

    • Deploying Windows Connectors

    • Direct Download Deployment

    • Creating the Installer (Public Cloud)

    • Email Deployment

    • Microsoft Windows Installation and Interface

    • Connectivity Considerations

    • Command-Line Installation

    • Challenge



  • Lesson 5: AMP Analysis Tools

    • Event View Filters

    • Events List

    • Event Detail: File Detection

    • Event Detail: Connector Info

    • Event Detail: Comments

    • File Analysis

    • The File Analysis Page

    • File Analysis Results

    • File Repository

    • Trajectory

    • File Trajectory Page

    • Device Trajectory

    • Device Trajectory Filters and Search

    • Prevalence

    • Vulnerable Software

    • Reporting

    • Creating a Report

    • Challenge




Module 5: Cisco FirePOWER Next-Generation IPS



  • Lesson 1: Describing the Cisco FireSIGHT System

    • Cisco FireSIGHT System Overview

    • Cisco FirePOWER NGIPS and NGFW

    • Cisco FireSIGHT System Detection and Architecture

    • Cisco FireSIGHT System Components

    • Cisco FireSIGHT System Device Configuration

    • Traffic Flows

    • Challenge



  • Lesson 2: Configuring and Managing Cisco FirePOWER Devices

    • Introduction to Device Management

    • Interfaces Tab

    • Virtual Device Configuration

    • Static Route Configuration

    • Object Management

    • Challenge



  • Lesson 3: Implementing an Access Control Policy

    • Access Control Policy Overview

    • Access Control Policy Configuration

    • Default Action

    • Targets Tab

    • Security Intelligence

    • HTTP Responses

    • Advanced Tab

    • Access Control Policy Rules

    • Rule Constraints Overview

    • Save and Apply the Access Control Policy

    • Challenge



  • Lesson 4: Understanding Discovery Technology

    • Introduction to Host Discovery

    • Network Discovery Policy

    • Discovery Overview

    • Challenge



  • Lesson 5: Configuring File-Type and Network Malware Detection

    • Introduction to Network-Based Malware Detection

    • Network-Based Malware Detection Overview

    • File Dispositions

    • Important Network-Based Malware Detection Concepts

    • Retrospective Event Overview

    • Cisco FireSIGHT File-Type Detection Architecture

    • Cisco FireSIGHT Malware Detection Architecture

    • File Disposition Caching

    • File Lists

    • File Policy

    • Challenge



  • Lesson 6: Managing SSL Traffic with Cisco FireSIGHT

    • SSL Traffic Management Overview

    • SSL Inspection Architecture

    • Cisco FireSIGHT SSL Inspection

    • SSL Policy

    • Challenge



  • Lesson 7: Describing IPS Policy and Configuration Concepts

    • Introduction to IPS Policy

    • Policy Layering Model

    • Rule Management

    • Cisco FireSIGHT Rule Recommendations

    • IPS Policy Layering

    • Challenge



  • Lesson 8: Describing the Network Analysis Policy

    • Network Analysis Policy Introduction

    • Network Analysis Policy Customization

    • Preprocessors

    • Network Analysis Policy Configuration

    • Network Analysis Policy Creation

    • Preprocessor Configuration

    • Challenge



  • Lesson 9: Creating Reports

    • Reporting System Overview

    • Report Templates

    • Report Sections

    • Advanced Settings

    • Challenge



  • Lesson 10: Describing Correlation Rules and Policies

    • Correlation Policies Overview

    • Correlation Policy Responses

    • Remediations Configuration

    • Remediation Module Configuration

    • Correlation Policy Rules

    • Correlation Policies Overview

    • Correlation Events

    • Whitelists Overview

    • Whitelist Events and Violations

    • Traffic Profiles Overview

    • Traffic Profiles in Correlation Policies

    • Challenge



  • Lesson 11: Understanding Basic Rule Syntax and Usage

    • Basic Snort Rule Structure

    • Snort Rule Headers

    • Snort Rule Bodies

    • Challenge




Module 6: Cisco ASA FirePOWER Services Module



  • Lesson 1: Installing Cisco ASA 5500-X Series FirePOWER Services (SFR) Module

    • Cisco ASA FirePOWER Services (SFR) Module Overview

    • Cisco FireSIGHT Management Center Overview

    • Cisco ASA FirePOWER Services Software Module Management Interface

    • Cisco ASA FirePOWER Services Module Package Installation

    • Cisco ASA FirePOWER Services Module Verification

    • Redirect Traffic to Cisco ASA FirePOWER Services Module

    • Challenge







Audience and Prerequisites


Audience



  • Channel Partners

  • Customers

  • Employees


Prerequisites


The knowledge and skills that a learner must have before attending this course are as follows:



  • Cisco Certified Network Associate (CCNA) certification

  • Cisco Certified Network Associate (CCNA) Security certification

  • Knowledge of Microsoft Windows operating system




Delivery Method


Web-Based ILT Duration 5 Days





GET IN TOUCH WITH US

© 2016 -2020 One Mind Services.

CONTACT

Phone: 1-408-540-6771

Email: info@onemindservices.com

HQ

11501 Dublin Blvd

Suite#200

Dublin CA 94568