| Training Type | Classroom & Online |
|---|---|
| Course Duration | 75 Days |
| No. of Hours | - Weekdays( Mon to Thu)- 2hrs/Day, - Weekend (Sat & Sun)- 4hrs/Day - Only Sunday- 6hrs Per Day |
| Certificate | Yes |
| Skill Level | Intermediate |
| Study Material | Yes |
| Batches Available | (Mon-Thu) & (Sat-Sun) |
Roadmap
Roadmap
Course Outline
- Dynamic routing protocol authentication
- Access list- Standard and extended access-list
Network address translate(NAT)
- static NAT
- dynamic Nat
- PAT
- Zone-based firewall(zbf)
- Rule based access control( RBAC)
- Control plane police
- Control plane protection
- Understanding about common L2 Attacks
- Explanation about DHCP starvation attack LAB- DHCP Starvation attack using Kali linux *Countermeasure- Implementing Port security on cisco switch
- Understanding about MAC flooding/ CAM table overflow attack LAB- MAC flooding attack using kali linux *Countermeasure- Implementing Port security on cisco switch
- Explanation about CDP flooding attack LAB- CDP flooding attack from kali linux *Countermeasure- Implementing Port security on cisco switch
- Understanding about MAC spoofing attack LAB- Mac spoofing attack using kali linux and windows *Countermeasure- Implementing Port security on cisco switch
- Explanation about DHCP spoofing(Rouge DHCP server) attack LAB-DHCP spoofing and Man In the Middle (MITM) attack using kali linux *Countermeasure- Implementing DHCP snooping on cisco switch
- Understanding about IP spoofing attack LAB- IP spoofing attack method *Countermeasure- Implementing IP source guard on switch
- Understanding about ARP spoofing attack LAB- ARP spoofing attack method Countermeasure- Implementing Dynamic ARP Inspection(DAI) on switch
- Understanding about Spanning Tree Protocol (STP) attack LAB- STP attack using Kali linux Countermeasure- Implementing Root Guard, BPDU guard and BPDU filter on cisco
- Understanding about VTP and DTP Attack LAB- VTP and DTP attack using Kali linux Countermeasure- Implementing VTP and DTP Security on cisco switch
- Understanding ASA Firewall and types of firewalls.
- Comparison between Cisco ASA firewall and Next Generation firewall
- Explaination of Application firewall(Host based firewall), Proxy firewall, Hardware firewall(Network based firewall), Stateful & Stateless Firewall and Next Generation firewall
- Explain different types of Hardware firewalls and comparison between vendors.
- Explain Cisco ASA firewall and different types of ASA hardware models.
- Comparison between different types of ASA Hardware models
- Explain ASA software versions.
- Explain different types of ASA licenses.
- Explain features of ASA firewall.
- Explaination of Cisco ASA Packet flow.
- Explain Security levels in Cisco ASA
- Explain Cisco ASA memory types, Boot Process and different types of CLI modes.
- Implementing Cisco ASA firewall in Network.
- Interface configuration
- Zone creation according to company requirements
- Network connectivity testing
- Implementing Routing on Cisco ASA
- Static Routing
- Default Routing
- Dynamic Routing Protocol configuration
- RIPv1 and RIPv2 configuration
- EIGRP and OSPF configuration
- Explain potential attacks on Routing protocols
- RIPv2, EIGRP, OSPF configuration with authentication
- Routing Protocol redistribution.
- Explain Access-list(ACL) and different types of ACL on ASA Firewalls
- Implementing Extended ACL on ASA for Traffic control
- Explain Time-based ACL.
- Implementing Time based ACL on Cisco ASA firewall
- Explain Standard and Web Type ACL on ASA firewall
- Explain Object and Object Group
- Explain different types of Object - Network,Services
- Explain different types of Object groups
- ACL configuration using Object and Object group
- Explain Network address translation (NAT) and different types of NAT method on ASA.
- Explain Static NAT- Implementing Static NAT for Servers.
- Explain Dynamic NAT-Implementing Dynamic NAT for Internet Access.
- Explain Dynamic PAT - Implement PAT on interface ip , PAT with custom ip, PAT with PAT-POOL
- Explain Policy NAT- Implementing NAT only for some Service
- Explain Destination NAT- Implementing NAT only for some remote Destination
- Explain Static PAT- Implementing Static PAT for Internal servers
- Explain Object NAT( Manual NAT) -Implementing Static NAT, Dynamic NAT and PAT using object NAT
- Explain Auto NAT - implementing Auto NAT on Cisco ASA
- Comparison between objects NAT(Manual NAT), Auto NAT(Twice NAT) and After auto NAT
- ASA Remote Management Access
- Implementing Telnet, SSH and GUI(HTTPS) Access for admin
- DHCP server configuration on ASA
- ASA other features
- Explain Sub-Interface on ASA-Creating Sub Interface on ASA
- Explain Etherchannel on ASA-Implementing Etherchannel for link speed and Redundancy
- Explain Redundant Interface on ASA-Implementing Redundant interface for backup
- Explain SLA-Implementing SLA on ASA
- Explain Ip spoofing attack on ASA-Implementing URPF on ASA
- Explain ICMP flooding attack on ASA-Implementing Security for ICMP flooding attack
- Explain Transparent mode on ASA
- Converting ASA from Routed mode to Transparent mode
- BVI Interface configuration in transparent mode
- Static and Default route configuration
- Access-list configuration in transparent mode
- Converting ASA from Transparent to Routed mode
- Explain about AAA
- Explain about local Authentication, Authorisation and Accounting (Local AAA)
- Explain about Centralized Server AAA
- Comparison between local AAA and AAA from Centralized server • Local AAA( Without any Centralized server)
- What is email ?
- How email works?
- What are the threats come along with the email usage?
- How to setup email server
- Understand inter domain mail vs intra domain mail transfer
- How to secure email of a coporate enviornment with the use of CISCO EMAIL SECURITY APPLIANCE.
- Comparison between hardware models vs virtual models
- Initial setup of a ESA
- Setup of a license on a CISCO ESA Appliance
- Policy making for mail environment protection from greymail , spam mail , unwanted attachments , phishing mails, undesirable URLs , unwanted domains.
- Understand virus scanning via McAffee & sophos scanning engines
- Configure message filters components, rules, processing order, and attachment scanning
- Configure scan behavior & action
- Configure outbreak filters
- Understand concept of Data Loss Prevention (DLP)
- Understand how web traffic works
- What are the web related threats to the corporate networks
- How we secure network with the use of a CISCO WSA Appliance
- Hardware vs virtual model comparison
- Initial setup of WSA
- Demo license setup on WSA
- Policy creation on WSA, scenario base policy making for the protocol
of http & https using web proxy & https proxy -
- creation of identification profile & access policy
- Configure URL filtering ==> category wise , custom URL-FILTERING
- Configure time-based and traffic volume acceptable use policies and end user notifications
- Create a corporate global acceptable use policy
- Implement policy trace tool to verify corporate global acceptable use policy
- Configure Secure Web Appliance to inspect archive file types
- SSL/TLS inspection via decryption policy on WSA for the https protocol
- understand concept of application visibility and control and Configure web application visibility and control
- Traffic redirection using transparent redirection method of a web requests and WCCP protocol setup
- Traffic redirection using explicit redirection method of a web requests
- Describe scanning engines
- Configure file reputation filtering and file analysis
- What is VPN?
- How VPN works on Enterprise level?
- What are the Differnet types of VPN?
- what is cryptography?
- What is Symetric key cryptography?
- What is Asymetric key cryptography?
- What is Encryption and how Encryption works?
- What is Hashing?
- what is Authentication?
- what is Group?
- what is lifetime?
- What is Encryption ?
- what is IPsec?
- What are the different modes of a IPsec Phase-1 and Phase-2?
- What is IKEv1?
- What is ESP & AH?
- what is transport mode and tunnel mode?
- Implimentation of IKEv1 IOS site-to-site VPN with CRYPTO MAP.
- Implimentation of IKEv1 IOS ASA Firewall site-to-site VPN with CRYPTO MAP.
- What is VTI and Different types of VTI?
- Implimentation of IKEv1 site-to-site VPN with SVTI.
- What is GRE?
- Implimentation of IKEv1 IOS site-to-site VPN with GRE.
- Implimentation of IKEv1 IOS site-to-site VPN with GRE+IPsec.
- What is Certificate Authority(CA)?
- What is Digital Certificates?
- What is Public Key Infrastructure(PKI)?
- What is Certificate Revocation?
- Implimentation of IKEv1 IOS site-to-site VPN with CA
- Implimentation of IKEv1 IOS ASA Firewall site-to-site VPN with CA
- What is DMVPN?
- Why we need DMVPN?
- How DMVPN works?
- What is NHRP Protocol?
- Implimentation of DMVPN PHASE-1 with RIPv2.
- Implimentation of DMVPN PHASE-1 with EIGRP.
- Implimentation of DMVPN PHASE-1 with OSPF.
- Implimentation of DMVPN PHASE-2 with RIPv2.
- Implimentation of DMVPN PHASE-2 with EIGRP.
- Implimentation of DMVPN PHASE-2 with OSPF.
- Implimentation of DMVPN PHASE-3 with EIGRP.
- Implimentation of DMVPN PHASE-3 with OSPF.
- Impliment DMVPN with ASA Firewall.
- DMVPN with IKEv1.
- DMVPN HUB Behind ASA Firewall with IKEv1.
- What is NAT-T and NAT-D?
- DMVPN HUB Behind NAT Device with IKEv1.
- DMVPN Hub & Spoke Behind NAT Device With IKEv1.
- IKEv1 DMVPN Dual Hub with HSRP.
- What is GET VPN?
- How GET VPN Works?
- IKEv1 GET VPN with UNICAST REKEY METHOD.
- IKEv1 GET VPN with MULTICAST REKEY METHOD.
- What is IKEv2?
- How IKEv2 works?
- IKEv2 and FLEX VPN.
- IKEv2 site-to-site VPN with CRYPTO MAP.
- IKEv2 site-to-site VPN with SVTI.
- IKv2 site-to-site VPN ASA to ASA.
- IKEv2 IPSEC site-to-site VPN DVTI vrs CRYPTO MAP.
- IKEv2 site-to-site VPN with SVTI IPv4 vrs IPV6.
- IKEv2 DMVPN Phase-2 with IPv4.
- IKEv2 DMVPN Phase-2 IPv4 vrs IPv6.
- IKEv2 DMVPN Phase-2 IPv6.
- What is Remote Access VPN?
- Why we need Remote Access VPN?
- How Remote Access VPN Works?
- What is Thin Client VPN, Thick Client VPN, Clientless VPN?
- IKEv2 REMOTE ACCESS VPN.
- IKEv2 REMOTE ACCESS VPN WITH HARDWARE CLIENT.
- IKEv2 CISCO ANYCONNECT VPN ASA.
- SSL WEBVPN CLIENTLESS ASA.
- SSL WEBVPN SMART-TUNNEL on ASA.
| Track | Classroom & Online |
|---|---|
| Duration | 75 Days |
| Hours | Weekdays( Mon to Thu)- 2hrs/Day, Weekend (Sat & Sun)- 4hrs/Day, Only Sunday- 6hrs Per Day |
