CCNA SECURITY

001. OSI Model

• 1. Before OSI
• 2. No. of OSI Layers
• 3. Application Layer
• 4. Presentation Layer
• 5. Session layer
• 6. Transport Layer
• 7. Network Layer Part-1
• 8. Network Layer Part-2
• 9. Protocol & port no
• 10. Data Link Layer
• 11. Physical Layer
• 12. Devices on OSI Layers
• 13. What is PDU
• 14. Data encapsulation & De-encapsulation process
• 15. OSI Peer to Peer model
• 16. OSI & TCP-IP

–

002. CIA Model

• 1. Confidentiality, integrity, Availability

–

003. Introduction of Network Security Terms

• 1. Network Security Terms–ASSET-Vulnerability- Counter Measure
• 2. Data security & Traffic Classification Part-1
• 3. Data security & Traffic Classification Part-2
• 4. IPsec VPN is a combination of multiple protocols

–

004. Layer 3 Security–Types of ACL

• 001. Access Control List Intro & Implentation Rules
• 002. Task & Solution -Numberd & Named Standard ACL
• 003. Task & Solution -Numberd & Named Extended ACL
• 004. Routing Protocols & ACL Part-1
• 005. Routing Protocols & ACL Part-2
• 006. Time-Based Access Control List
• 007. Remote Access Security -(Time-based)
• 008. Monitoring SYN-Attack with Attacker IP & MAC Address
• 009. Dynamic ACL-LOCK & KEY
• 010. Reflexive Access-List
• 011. IOS Firewall -Context-Based Access Control
• 012. Zone Based Firewall
• 013. Unicast Reverse Path Forwarding- URPF
• 014. TCP Intercept-INTERCEPT & WATCH MODE Part-1
• 015. TCP Intercept-INTERCEPT & WATCH MODE Part-2

–

005. Layer 3 Security– User Based

• 1. Telnet is not Secure
• 2. Secure Remote Session with SSH–(telnet vs ssh)
• 3. Auto Command User Security
• 4. Users Privilege Level Security
• 5. IOS Login Enhancement- Un-Authorize Login Block
• 6. IOS Login Enhancement- Quiet Mode with Extended ACL
• 7. IOS Login Enhancement- Slow Down login Attack
• 8. IOS Login Enhancement- Authorize & Un-Authorize Logs
• 9. dot1x security part 1
• 10. dot1x security part 2

–

006. SECURING ROUTING PROTOCOLS & LINK

• 1. Secure RIPv2 updates- RIP AUTHENTICATION
• 2. Secure OSPF Updates- OSPFv2 AUTHENTICATION
• 3. Secure EIGRP Updates- EIGRP AUTHENTICATION
• 4. Secure BGP Updates – BGP AUTHENTICATION
• 5. PPP Authentication
• 6. Event Manager-Link Security

–

007.Types of NAT on Cisco Router-

• 1. NAT & its Advantages
• 2. Types of NAT
• 3. Range of Private Ip address
• 4. Comman Lab diagram for Static -dynamic- PAT
• 5. TEST before NAT configuration part 1
• 6. TEST before NAT configuration part 2
• 7. NAT Interface commands (INSIDE & OUTSIDE)
• 8. STATIC NAT lab configuration
• 9. DYNAMIC NAT lab configuration
• 10. PAT lab configuration
• 11. Configure CISCO Router as a DNS SERVER

–

008. CONTROL PLANE Protection –CCP & CPPr

• 1. ICMP Rate Limit with CoPP–Control Plane policy
• 2. Control-Plane policy Vs Control-Plane Protection
• 3. Block TELNET to the CPU Via Control-Plane host(CPPr)
• 4. Drop ARP to CPU–Control Plane cef-exception(CPPr)
• 5. Filter Traffic based on Packet Length

–

009. Management Plane Protection

• 1. Syslog Server & Syslog Messages
• 2. Configure & verify Syslog Server Message
• 3. AAA Security part 1
• 4. AAA Security part 2
• 5. SNMP & Its Components
• 6. SNMP version 1 Messages
• 7. SNMP version 2c
• 8. SNMP version 3 & Its Configuration Steps
• 9. SNMP version 3 LAB-Verification of User Authentication & Traffic Encryption
• 10. NTP Server -Client -Authentation
• 11. Parser View –

–

010.LAYER 2 SECURITY

• 1. How to configure DHCP on CISCO Router-T
• 2. How to configure DHCP on CISCO Router-L
• 3. DHCP Packets OR DORA Process
• 4. Man-In-The-Middle Attack via Rogue DHCP Server
• 5. Mitigate DHCP Attack via DHCP Snooping
• 6. Switchport Security with Protected Mode
• 7. Port-Security with MAC Address
• 8. VACL–VLAN Access Control List Part-1
• 9. VACL–VLAN Access Control List Part-2
• 10. VACL–VLAN Access Control List Part-3
• 11. Private Vlan security Part-1
• 12. Private Vlan Security Part-2
• 13. Port mirroring or SPAN
• 14. Local SPAN with Access Link
• 15. Local SPAN with VLAN -TRUNK-EC
• 16. Remote SPAN
• 17. Protect Switch Topology with BPDUGUARD
• 18. How to Recover Errordisable Port
• 19. Protect Switch Topology with ROOT GUARD
• 20. Protect Switch Topology with BPDU FIlter –
• 21. Dynamic ARP Inspection –
• 22. IP Source Guard –
• 23. Strong Control –
• 24. CDP and LLDP –

–

011.VPN SECURITY

• 1. Basic Fundamental of VPN
• 2. Types of VPN Model
• 3. Classification of VPN
• 4. VPN Terminology in Overlay model -GRE
• 5. Introduction of GRE
• 6. Configuration of Single & Multiple GRE Tunnels
• 7. Site -To- Site VPN -IPSEC Part-1
• 8. Site -To- Site VPN -IPSEC Part-2
• 9. IPSec over GRE Part-1
• 10. IPSec over GRE Part-2

–

012.CISCO ADAPTIVE SECURITY APPLIANCE

• 1. What is Firewll
• 2. Types of Cisco Firewll
• 3. Firewll Technologies
• 4. Types of Table in ASA Firewall
• 5. State Table & its Components for TCP & UDP Part-1
• 6. State Table & its Components for TCP & UDP Part-2
• 7. TCP Pointer or TCP Flag
• 8. Security Algorithm Rules
• 9. Firewall Security Levels
• 10. Firewall Logical Names
• 11. Inbound & Outbound Connnection
• 12. How Cisco ASA works Part-1
• 13. How Cisco ASA works Part-2
• 14. How Cisco ASA works Part-3
• 15. Basic Configuration of ASA Part-1
• 16. Basic Configuration of ASA Part-2
• 17. Testing of ASA Default behaviour Part-1
• 18. Testing of ASA Default behaviour Part-2
• 19. How to Telnet ASA from Inside & DMZ
• 20. Configuring Static & Default Route on ASA Part-1
• 21. Configuring Static & Default Route on ASA Part-2
• 22. Object Group & Its Type
• 23. Configure Network Object Group Part-1
• 24. Configure Network Object Group Part-2
• 25. Configure Network Object Group Part-3
• 26. Static NAT Part-1
• 27. Static NAT Part-2
• 28. Dynamic NAT Part-1
• 29. Dynamic NAT Part-2
• 30. Dynamic PAT Part-1
• 31. Dynamic PAT Part-2
• 32. FTP Traffic Inspection via MPF Part-1
• 33. FTP Traffic Inspection via MPF Part-2