CCIE Security Workbooks at INE.com. Complete your CCIE Training with INE.
 

CCIE Security V4 Technology Lab Online Workbook

INE’s CCIE Security Technology Lab Online Workbook is an online interactive compilation of hands-on lab scenarios that walk you through the technologies used in Cisco’s SecureX Security Blueprint. Whether you are preparing for the CCIE Security Lab Exam, have an upcoming implementation project with Cisco’s ASA Firewalls, Web Security Appliances, IOS Routers and more, or simply want to gain hands-on experience with these cutting-edge technologies, this workbook is for you.

The tasks in this workbook are all individually focused advanced technology labs that present topics in an easy-to-follow, goal-oriented, step-by-step approach. Every scenario features detailed breakdowns and thorough verifications to help you completely understand the technology. The workbook is divided into multiple sections, covering each major technology area required by the CCIE Security Lab Exam Blueprint.

In the tasks included in this workbook, you will gain in-depth knowledge of device hardening, including routing protocol authentications, control and management plane security mechanisms, controlling device access, flexible packet matching, and other important aspects of hardening a Cisco device in your network. Topics include the hardening of Cisco IOS 2800 and 2900 Series ISR routers. Layer 2 security topics include PVLANS, VLAN ACLs, STP security, and DHCP security. You'll work with 3750 and 3750-X Series switches. You will also learn about the prevention of various attacks through Cisco IOS routers, as well as all the important aspects of ACS and ISE, including both wired and wireless authentication. You will gain a deep understanding of perimeter security and services with ASA firewalls and IOS devices, with various NAT/PAT, ACLs, object-groups, identity firewall configurations with Active Directory, and more. Finally, you will explore the various VPN technologies, including PKIs, LAN-2-LAN VPN, GETVPN, DMVPN, FlexVPN, Easy VPN, and AnyConnect Remote Access VPN.

Click to see full outline »

Preventing ARP Spoofing Using DAI (Dynamic ARP Inspection)

Preventing ARP Spoofing Using DAI (Dynamic ARP Inspection)

VIEW SAMPLE



CCIE Security V4 Technology Lab Online Workbook

$399.00

ADD TO CART



 

CCIE Security V4 Technology Lab Workbook Overviews

Security V4 Technology Lab Outline

  • Section 1: System Hardening and Availability
    • Section 1 Introduction
    • Routing Protocol Authentication with RIPv2
    • Routing Protocol Authentication with OSPF
    • Routing Protocol Authentication with EIGRP
    • Routing Protocol Authentication with BGP4
    • Route Filtering with EIGRP
    • Route Filtering with OSPF
    • Route Filtering with RIPv2
    • Control Plane Policing
    • Control Plane Protection
    • Management Plane Protection
    • Disabling Unnecessary Services
    • Controlling Device Access
    • CPU Protection Mechanisms
    • Selective Packet Discard
    • Controlling Device Services
    • Transit Traffic Control with Flexible Packet Matching
    • Congestion Management
    • IOS File System Security
    • Network Telemetry Identification and Classification of Security Events
    • BGP TTL Security Hack
    • IPv6 Selective Packet Discard

  • Section 2: Threat Identification and Mitigation
    • Section 2 Introduction
    • Disabling DTP on All Non-Trunking Access Ports
    • Port Security on a Switch
    • Storm Control on a Switch
    • Port Blocking on a Switch
    • PVLAN (Private VLAN) on a Switch
    • Private VLAN (PVLAN) Configuration Propagation
    • Port ACL (PACL) on a Switch
    • MAC ACL on a Switch
    • VLAN ACL (VACL) on a Switch
    • Preventing STP Attacks Using BPDU Guard
    • Preventing STP Reconnaissance Attacks Using BPDU Filter
    • Preventing STP Attacks Using Root Guard
    • Preventing STP Loops Using Loop Guard
    • Preventing DHCP Spoofing Attacks Using DHCP Snooping
    • Preventing DHCP Spoofing Attacks Using DHCP Snooping with Port-Security
    • Preventing ARP Spoofing Using DAI (Dynamic ARP Inspection)
    • Configuring IP Source Guard
    • Preventing VLAN Hopping Attacks
    • Implementing RFC 1918 Anti-Spoofing Filtering
    • Implementing RFC 2827 Anti-Spoofing Filtering
    • Implementing RFC 3330 Anti-Spoofing Filtering
    • Enabling TCP Intercept on a Router
    • Enabling TCP Intercept Watch Mode on a Router
    • Enabling TCP Intercept on the Cisco ASA Security Appliance
    • FPM (Flexible Packet Matching) and Configuration of Nested Policy Maps
    • Classification Using NBAR
    • Understanding and Enabling NetFlow on a Router
    • Preventing an ICMP Attack Using ACLs
    • Preventing an ICMP Attack Using NBAR
    • Preventing an ICMP Attack Using Policing
    • Preventing an ICMP Attack Using MPF
    • Preventing a SYN Attack Using ACLs
    • Preventing a SYN Attack Using Policing
    • Preventing a SYN Attack Using CBAC
    • Preventing a SYN Attack Using CAR
    • Preventing Application Protocol–Specific Attacks Using MPF
    • Preventing IP Spoofing Attacks Using uRPF
    • Preventing Fragment Attacks Using ACLs

  • Section 3: Intrusion Prevention and Content Security
    • Section 3 Introduction
    • IPS Initial Setup
    • Configuring an Inline Interface Pair
    • Creating a Custom Signature
    • Event Counting
    • Inline Blocking
    • IPS VLAN Groups and Virtual Sensors
    • Promiscuous Mode
    • IPS Event Summarization
    • IPS Event Processing and Blocking
    • IPS Rate-Limiting
    • IPS Application Inspection and Control
    • IPS META Engine
    • IPS Anomaly Detection
    • IOS IPS
    • WSA Initialization
    • Active Directory Integration
    • Access Policies and Identities
    • User Authentication with WSA
    • Custom URL Categories
    • HTTPS Proxy

  • Section 4: Identity Management
    • Section 4 Introduction
    • Initializing Cisco Secure ACS
    • Configuring AAA Clients
    • User and Local Identity Stores
    • ACS Active Directory Integration
    • Command Authorization
    • Installing ACS Certificates
    • 802.1x Authentication with Cisco ACS
    • VLAN Control
    • 802.1x VLAN Assignments
    • HTTP Authentication
    • ISE Initial Configuration
    • ISE Certificates and Admin Access
    • AD Integration
    • ISE and MAB
    • 802.1X With ISE and Windows 7
    • Wired Local Web Authentication with ISE
    • Wireless 802.1x with ISE

  • Section 5: Perimeter Security and Services - ASA Firewalls
    • Section 5 Introduction
    • VLANs and IP Addressing
    • RIPv2
    • OSPF
    • EIGRP
    • Advanced Routing
    • IP Access-Lists
    • Object Groups
    • Administrative Access
    • ICMP Traffic
    • URL Filtering
    • Dynamic NAT and PAT
    • Static NAT and PAT
    • Policy NAT and PAT
    • Static Policy NAT and PAT on ASA1
    • Static Identity NAT
    • Outside Dynamic NAT
    • DNS Doctoring Using “Alias”
    • DNS Doctoring Using “Static”
    • Fragmented Traffic
    • IDENT Issues
    • BGP across the Firewall
    • Stub Multicast Routing
    • PIM Multicast Routing
    • Network Time Protocol
    • System Logging
    • Filtering System Logs
    • SNMP Monitoring
    • DHCP Server
    • HTTP Traffic Inspection
    • FTP Traffic Inspection
    • SMTP Traffic Inspection
    • TCP Inspection
    • RADIUS Accounting for GPRS Traffic Inspection
    • ICMP Traffic Inspection
    • Threat Detection
    • Un-Stealthing the Firewall
    • Get Title
    • Low Latency Queuing
    • Traffic Shaping
    • Hierarchical Queuing
    • Transparent Firewall
    • ARP Inspection
    • Ethertype Access-Lists
    • Transparent Firewall NAT
    • Firewall Contexts
    • Firewall Contexts Routing
    • Firewall Contexts Classification
    • Resource Management
    • Active-Standby Failover
    • Active-Active Failover
    • ASA Redundant Interface and Etherchannel
    • ASA Enhanced Object Groups
    • Identity Firewall

  • Section 6: Perimeter Security and Services - IOS Firewalls
    • Section 6 Introduction
    • IOS Access-Lists
    • Dynamic ACLs
    • Reflexive ACLs
    • Context-Based Access Control
    • Port-to-Application Mapping (PAM)
    • IOS Firewall and Stateful Failover
    • IOS Firewall Performance Improvements
    • CBAC Connection Tuning and TCP Intercept
    • uRPF
    • Zone-Based Policy Firewall
    • Zone-Based Firewall HA
    • Simple Cisco IOS NAT

  • Section 7: Confidentiality and Secure Access
    • Section 7 Introduction
    • PKI Infrastructure Overview
    • Certificate Authority on Cisco ASA
    • RSA Key Management on Cisco IOS Routers
    • Certificate Authority on Cisco IOS Routers
    • Certificate Authority High Availability on Cisco IOS Routers
    • PC Enrollment with ASA CA
    • PC Enrollment with IOS CA
    • Static LAN-to-LAN IKEv1 IPsec between IOS Routers with Crypto-Maps and PSK
    • Static LAN-to-LAN IKEv1 IPsec between IOS Routers with Crypto-Maps and PKI
    • Dynamic LAN-to-LAN IKEv1 IPsec between IOS Routers with Crypto-Map and PSK
    • Dynamic LAN-to-LAN IKEv1 IPsec between IOS Routers with Crypto-Map and ISAKMP Profile
    • Static LAN-to-LAN IKEv1 IPsec between IOS Routers with SVTI and PSK
    • Static LAN-to-LAN IKEv1 IPsec between IOS Routers with SVTI and PKI
    • Static LAN-to-LAN IKEv1 IPsec between IOS and ASA with PSK in Main Mode
    • Static LAN-to-LAN IKEv1 IPsec between IOS and ASA with PSK in Aggressive Mode
    • Static LAN-to-LAN IKEv1 IPsec between IOS and ASA with PKI
    • Static LAN-to-LAN IKEv1 IPsec between IOS and ASA with PKI and Certificate Map
    • GRE over IPsec Using Crypto Maps with PSK
    • GRE over IPsec Using IPsec Profiles with PSK
    • VRF-Aware IPsec Using Crypto Maps and Global FVRF
    • VRF-Aware IPsec Using Crypto Maps and Custom FVRF
    • VRF-Aware IPsec Using IPsec Profiles and Global FVRF
    • VRF-Aware IPsec Using IPsec Profiles and Custom FVRF
    • VPN High Availability Using IPsec Backup Peers
    • VPN High Availability Using Loopback Peers
    • VPN High Availability Using Crypto Maps and RRI
    • VPN High Availability Using GRE over IPsec
    • VPN High Availability Using Crypto-Maps and SSO
    • VPN High Availability Using GRE over IPsec and SSO
    • IOS EzVPN Server with Crypto-Maps and PSK
    • IOS EzVPN Server with Crypto-Maps, ISAKMP Profiles, and PSK
    • IOS EzVPN Server with DVTI and PSK
    • IOS EzVPN Server with Group Lock
    • IOS EzVPN Remote Client Mode with PSK
    • IOS EzVPN Remote Network Extension Plus Mode with PSK
    • IOS EzVPN Remote with DVTI and PSK
    • IOS EzVPN Remote with DVTI and Digital Certificates
    • ASA EzVPN Server with PSK
    • ASA EzVPN Server DHCP Address Allocation
    • DMVPN Phase1 with PSK
    • DMVPN Phase2 with PSK
    • DMVPN Phase3 with PSK
    • DMVPN Behind NAT with PSK
    • GET VPN Unicast Rekey with PSK
    • DMVPN and GET VPN Integration
    • GET VPN Key Server Redundancy
    • ASA Clientless SSL VPN
    • ASA Clientless SSL VPN Port Forwarding
    • ASA Clientless SSL VPN Smart Tunnel
    • ASA AnyConnect SSL VPN with PSK
    • ASA AnyConnect SSL VPN with Digital Certificates
    • IOS AnyConnect SSL VPN with PSK
    • IOS Clientless SSL VPN
    • IOS Clientless SSL VPN Port Forwarding


    ^back to top
Train with the Best in CCIE Cisco Certification Training. Visit www.ine.com for your CCIE Training! INE Twitter INE RSS Feeds INE Linked In INE Facebook INE Blog INE YouTube Ine.com meets the PCI data security requirements by passing a SecurityMetrics Site Certification vulnerability scan. VeriSign Trusted BBB Reliability Report for Internetwork Expert, Inc. INE IEOC Community