Implementing Cisco IOS Network Security (IINS) v2.0 is a five-day instructor-led course that is presented by Cisco Learning Partners to end users and channel partner customers. The content focuses on the design, implementation, and monitoring of a comprehensive security policy, using Cisco IOS security features and technologies as examples.

The course covers security controls of Cisco IOS devices as well as a functional introduction to the Cisco ASA adaptive security appliance. Using instructor-led discussion, lecture, and hands-on lab exercises, this course allows students to perform basic tasks to secure a small branch office network using Cisco IOS security features that are available through web-based GUIs (Cisco Configuration Professional) and the CLI on Cisco routers, switches, and ASA appliances.

Last day to test: November 30, 2015

Upon completing this course, the student will be able to meet these overall objectives:

• Describe the components of a comprehensive network security policy that can be used to counter threats against IT systems, within the context of a security policy life cycle
• Develop and implement security countermeasures that are aimed at protecting network elements as part of the network infrastructure
• Deploy and maintain threat control and containment technologies for perimeter security in small and midsize networks
• Describe secure connectivity strategies and technologies using VPNs, as well as configure site-to-site and remote-access VPNs using Cisco IOS features

Module 1: Networking Security Fundamentals

This module describes the components of a comprehensive network security policy that can be used to counter threats against IT systems, within the context of a security policy life cycle.

• Lesson 1: Introducing Networking Security Concepts
• Lesson 2: Understanding Security Policies Using a Life-Cycle Approach
• Lesson 3: Building a Security Strategy for Borderless Networks

Module 2: Protecting the Network Infrastructure

This module explains how to develop and implement security countermeasures aimed at protecting network elements as part of the network infrastructure. The module explains examples of control plane, data plane, and management plane security controls, within the Cisco Network Foundation Protection (NFP) framework, providing tools to implement those security controls as part of a security policy.

• Lesson 1: Introducing Cisco Network Foundation Protection
• Lesson 2: Protecting the Network Infrastructure Using Cisco Configuration Professional
• Lesson 3: Securing the Management Plane on Cisco IOS Devices
• Lesson 4: Configuring AAA on Cisco IOS Devices Using Cisco Secure ACS
• Lesson 5: Securing the Data Plane on Cisco Catalyst Switches
• Lesson 6: Securing the Data Plane in IPv6 Environments

Module 3: Threat Control and Containment

This module explains how to deploy and maintain threat control and containment technologies for perimeter security in small and medium-sized networks.

• Lesson 1: Planning a Threat Control Strategy
• Lesson 2: Implementing Access Control Lists for Threat Mitigation
• Lesson 3: Understanding Firewall Fundamentals
• Lesson 4: Implementing Cisco IOS Zone-Based Policy Firewalls
• Lesson 5: Configuring Basic Firewall Policies on Cisco ASA Appliances
• Lesson 6: Understanding IPS Fundamentals
• Lesson 7: Implementing Cisco IOS IPS

Module 4: Secure Connectivity

This module describes secure connectivity strategies and technologies using VPNs. The module also explains how to configure site-to-site and remote-access VPNs using Cisco IOS features.

• Lesson 1: Understanding the Fundamentals of VPN Technologies
• Lesson 2: Introducing Public Key Infrastructure
• Lesson 3: Examining IPsec Fundamentals
• Lesson 4: Implementing Site-to-Site VPNs on Cisco IOS Routers

Lesson 5: Implementing SSL VPNs Using Cisco ASA Appliances

• Channel Partner / Reseller
• Customer
• Employee

The knowledge and skills that a student must have before attending this course are as follows:

Skills and knowledge equivalent to those learned in Interconnecting Cisco Network Devices Part 1 (ICND1)