Course Details
Overview
The CCIE Security Instructor Led Workshop is designed for CCIE Security candidates preparing for CCIE Security Lab Exam.This event is 5-days instructor led training program that helps students to learn and practice lab topics from CCIE blueprint.
Outline
Day 1 Section 1 Firewalls, ASA and IOS
- Lab 1.1 Basic ASA Setup
- Lab 1.2 Static and Default Routing
- Lab 1.3 Dynamic Routing
- Lab 1.4 Object Groups
- Lab 1.5 ACL
- Lab 1.6 NAT and PAT
- Lab 1.7 Connection limits and timeouts.
- Lab 1.8 Management
- Lab 1.9 Configuring Java, ActiveX and URL Filtering
Day 1 Section 2 Advanced ASA Setup
- Lab 2.1 Protocol inspection
- Lab 2.2 Modular policy framework
- Lab 2.3 TCP Normalization
- Lab 2.4 Advanced HTTP inspection
- Lab 2.5 Advanced FTP inspection
- Lab 2.6 URPF and fragments
- Lab 2.7 Qos on the ASA
Day 1 Section 3 Failover, Contexts and Transparent mode
- Lab 3.1 Multimode
- Lab 3.2 Failover
- Lab 3.3 Multicontext Transparent mode
Day 1 Section 4 Basic IOS Firewall Setup
- Lab 4.1 Basic IOS FW setup
- Lab 4.2 Tuning
- Lab 4.3 Filtering of Java and URLs
- Lab 4.4 Port application mapping (PAM)
Day 1 Section 5 Zone Based Firewall Setup
- Lab 5.1 Creating a ZBF
- Lab 5.2 ZBF advanced
Day 2 Section 1 VPN using ASA and IOS
- Lab 1.1 Basic ASA setup
- Lab 1.2 ASA to ASA VPN
- Lab 1.3 IOS to ASA VPN
- Lab 1.4 Router to Router VPN using GRE
- Lab 1.5 Router to Router VPN using VTI
- Lab 1.6 DMVPN
- Lab 1.7 GET VPN
- Lab 1.8 IOS CA
Day 2 Section 3 Remote access VPN
- Lab 3.1 VPN Client to ASA
- Lab 3.2 IOS to IOS with Dynamic VTI
- Lab 3.3 ASA SSL VPN basic
- Lab 3.4 ASA SSL VPN advanced
Day 3 Section 1 IPS
- Lab 1.1 Basic IPS Setup
- Lab 1.2 Configuring Inline Mode
- Lab 1.3 Signature Tuning
- Lab 1.4 Event Action Overrides
- Lab 1.6 Event reduction
- Lab 1.7 Virtual sensors
- Lab 1.8 Configuring SNMP
- Lab 1.9 Creating a custom signature
- Lab 1.10 Summarisation
- Lab 1.11 IPS Authentication Attempt Limit
Day 3 Section 2 Catalyst Switch Security
- Lab 2.1 Securing Spanning tree
- Lab 2.2 Port Security
- Lab 2.3 DHCP snooping
- Lab 2.4 ARP inspection
- Lab 2.5 VLAN Maps
- Lab 2.6 Advanced features
- Lab 2.7 802.1x
- Lab 2.8 Strom control
- Lab 2.9 Private VLAN edge
DAY 3 Section 3 Access Control Server (ACS)
- Lab 3.1 AAA Clients
- Lab 3.2 AAA Users and Groups
- Lab 3.3 AAA on Routers
- Lab 3.4 AAA on the ASA
- Lab 3.6 Command authorization on IOS
- Lab 3.7 Proxy Authentication on the ASA
- Lab 3.8 Proxy Authentication on IOS
Day 3 Section 4 Advanced IOS Security Features
- Lab 4.1 NTP
- Lab 4.2 Time based ACL
- Lab 4.3 TCP intercept
- Lab 4.4 QOS
- Lab 4.5 URPF
- Lab 4.6 FPM
- Lab 4.7 PBR and ICMP unreachable
- Lab 4.8 Control plane security
- Lab 4.9 Session Management
- Lab 4.10 Management Processes Survival
- Lab 4.11 Logging Class Maps
- Lab 4.12 ACL IP Options Selective Drop
- Lab 4.13 Router protection and notifications
- Lab 4.14 IKE protection on router
- Lab 4.15 Management protection
- Lab 4.16 Advanced access lists
- Lab 4.17 IKE pre shared key protection
Day 4 Section 1 Putting it all together and troubleshooting VPN
- Lab 1.1 DMVPN through the ASA
- Lab 1.2 IOS EZVPN with DVTI not working
Day 4 Section 2 Putting it all together and troubleshooting FW
- Lab 2.1 BGP through the ASA
- Lab 2.2 AAA through IOS ZBF and ASA
Day 4 Section 3 Putting it all together and troubleshooting Other
- Lab 3.1 Routing Authentication
- Lab 3.2 Cannot SSH to a device
Day 5 Full Lab
- Section 1Core Configuration (20 points)
- Section 2Firewalls (10 Points)
- Section 3: Cisco VPN (14 Points)
- Section 4: Cisco IPS (8 Points)
- Section 5: Identity Authentication (8 Points)
- Section 6: Control and Management Plane Security (18 Points)
- Section 7: Advanced Security (10 Points)
- Section 8: Network Attacks (12 Points)
Target Audience
- CCIE Security Lab Exam Candidates
Pre-Requisites
- Candidates must have passed the CCIE written exam
- CCIE Security Written Exam Power Workshop CCIESW
- 3 – 5 years hands-on experience
- CCSP or CCNP Security Certified (Recommended)