CCNP Security Topics

Home » CCNP Security Topics

CCNP Security 300-206 SENSS

Introduction of Firewall
  • Packet Filtering
  • Proxy Server
  • StateFul Firewall
  • Transparent Firewall
Introduction of ASA
  • ASA Features, Proprietary Operating System (P), State Full Firewall, User-Based Authentication
  • Protocols & Application Inspection, Modular Policy Frame Work
  • Virtual Private Network, Virtual Firewall
  • Web Based Management
  • Transparent Firewall
  • Stateful Failover (P)
  • IPv6, Clustering, VPN Load Balancing (P)
ASA Basics
  • How to set Hostname, How to set enable password, How to assign IP address to interface
  • How to assign security-level, How to enable Telnet
  • How to enable SSH, How to enable HTTP, How to take Backup of ASA, How to Upgrade ASA
  • How to recover ASA password
  • Labs
Introduction of Access-list
  • Introduction of Access-list & Types, Standards Access-list, Extended Access-list, Time Base Access-list
  • Botnet Traffic Filtering , Object Group & Types, Network Object, Protocol Object, Service Object, ICMP Object
  • IPv6 Access-list
  • Lab
NAT on ASA OS 9.x
  • NAT on ASA OS 9.x
  • Lab
IPSec
  • Confidentiality, Integrity, Data Origin Authentication, Anti-Replay, IPSec Protocols
  • IKE, ESP, AH, IKE Mode, Main Mode, Aggressive Mode, Quick Mode, IKE Phases
    Phase 1, Phase 1.5, Phase 2, IPSec Mode, Transport Mode, Tunnel Mode
  • Security Association, Security Association Components, Security Association Database
  • Security Policy Database, NAT-T, NAT-T Steps, NAT-T Support, NAT-T Detection, NAT-T Decision, ISAKMP
  • Microsoft Server 2003, 2008, 2012, 2016 Certificate Authority installation.
  • Labs
Site-Site VPN
  • Introduction
  • Site-Site VPN Working
  • Lab
Remote Access VPN
  • Client Mode, Network Extension Mode, Network Extension Plus
  • Remote Access VPN Working
  • Lab
VPN Load balancing
  • Supported Protocols
  • Cluster, Master, Member, Load balancing
  • Virtual Cluster Agent
  • Lab
SSL VPN
  • SSL Mode, Clientless, Thin-client, Thick-client, Requirements
  • Working
  • Lab
Transparent Firewall
  • ASA Mode Route, ASA Mode Transparent
  • Transparent Firewall Limitation
  • Lab
Context
  • System Area, Admin Context, Context Channing
  • Mac-Address Auto, Context Requirements
  • Context Limitations, Advantages of Context
  • Lab
Failover
  • Failover Requirements, Failover Hardware Requirements, Failover Software Requirements
  • Failover Types, Stateless Failover, Hardware Failover, State Full Failover, Failover Implementation Types
  • Active-Standby,Active-Active
  • Lab
Modular Policy Framework
  • MPF Features, Inspection of Connection, Connection Restriction
  • Traffic Prioritization, Traffic Policing, MPF Components
  • Class-map, Policy-map, Service-policy
  • Default-inspected Protocols and applications
  • DCE, SUN RPC, ILS, NetBIOS, XDMCP
  • IPSec-Pass-Through, ICMP, FTP, SMTP, DNS, TFTP, HTTP
  • RSH, SQL.NET, SIP, SCCP, CTIQBE, MGCP
  • Lab
Clustering
  • Clustering Terminology
  • Interface Types
  • Load balancing in Clustering, Cluster Monitoring, Limitation of Clustering
  • Supported Features of Clustering
  • Labs
Management of ASA
  • ASA as DHCP, ASA as DHCP Relay-Agent, Fragmentation
  • uRPF, Ether Channel, Redundant Interface
  • Labs
Layer 2 Security
  • CAM Table Overflow , Rough DHCP Attack, DHCP Starvation
  • Port Security, DHCP Snooping, DHCP Attack Prevention via ACL
  • IP Spoofing, IP Source Binding , Protected Port
  • VLAN ACL, Switch Spoofing, DAI & Layer 2 ACL, Man-in-Middle-Attack
  • MAB, Dot1x, Dynamic VLAN, Private VLAN, Proxy Attack, Proxy Attack Solution
  • VLAN Hopping , MAC Spoofing , STP Vulnerabilities, Storm Control, MACSec
  • STP Protection Root Guard, STP Protection Loop Guard, STP Protection BPDU Guard
  • STP Protection BPDU Filter, STP Protection UDLD Lab, STP Protection Port Fast
  • STP Protection Uplink Fast, STP Protection Back Bone Fast
  • Labs
Secure Access
  • NetFlow Configuration, SSH, HTTPS, SNMPv3, NTP
  • Packet Tracer
  • Packet Capture
Cisco Security Manager and Prime Introduction
  • Cisco Security Manager Installation
  • Cisco Prime Infrastructure Introduction
  • Cisco Prime Infrastructure Installation
  • Cisco ASDM
  • Data Center Security Components
  • Virtualization
  • Cloud Security
  • ASA UC Inspection
  • Labs
Device Hardening
  • Cisco Switch
  • Cisco Router
  • Cisco ASA
  • Labs

CCNP Security 300-208 SISAS

AAA
  • TACACS+, RADIUS, Active Directory ,LDAP ,PKI,OTP, AAA Products
  • Smart Card, local
Identity Service Engine
  • ISE Personas, Admin Persona, Policy Service Persona, Management Persona
  • ISE Installation, ISE Up gradation, ISE Patch Installation
EAP types
  • 802.1X Phases, 802.1X Modes (monitor mode, low impact, closed mode)
  • MAB, MAB Process, MAB Implementation, MAB Verification
802.1X Implementation
  • 802.1X Verification
  • 802.1X Dynamic VLAN Implementation
  • 802.1X Dynamic VLAN Verification
Downloadable Access List
  • DACL Implementation
  • DACL Verification
  • Downloadable Access List VLAN Verification
Local Web Authentication
  • Local Web Authentication Implementation
  • Local Web Authentication Verification
Central Web Authentication
  • Central Web Authentication Implementation
  • Central Web Authentication Verification
  • Sponsor portals
  • Guest portals
Profiling
  • Profiling Implementation
  • Profiling Verification
Posture
  • Posture Implementation
  • Posture Verification
SGA/SGT
  • SGA/SGT Implementation
  • SGA/SGT Verification
  • Network probes
  • Introduction of BYOD access
  • BYOD Implementation
  • BYOD Verification
TrustSec Architecture
  • SGT Classification – dynamic/static
  • SGT Transport – inline tagging and SXP
  • SGT Enforcement – SGACL and SGFW
  • MACSec
Troubleshooting
  • MAB, 802.1X, Dynamic VLAN, Downloadable Access-list, Local Web Authentication
  • Central Web Authentication, Profiling, Posture

CCNP Security 300-209 SIMOS

IPSec Terminology
  • VPN, What is IPSec VPN and Why ?,VPN Types, Site-Site, Remote Access
  • DMVPN, GET VPN, SSL VPN, Flex VPN
  • IPSec Features, Confidentiality, Integrity, Data Origin Authentication
  • Anti-Reply, IPSec Protocols, IKE, ESP, AH, IKE Modes, Main Mode, Aggressive Mode, Quick Mode
  • IKE Phases, Phase 1, Phase 1.5, Phase 2
  • ISAKMP
  • IPSec Mode,Transport Mode and Header Structure. Tunnel Mode and Header Structure
  • NAT-T, Why NAT-T, NAT-T Steps, NAT-T Support, NAT-T Detection, NAT-T Decision
  • Security Association and Components, SAD Security Association Database, SPD Security Policy Database
  • Detail Explanation of Authentication Header (AH)
  • Detail Explanation of Encapsulating Security Payload (ESP)
  • Elliptic Curve Cryptography (ECC), Compare and contrast SSL, DTLS, and TLS
Site-Site VPN
  • What is Site-Site VPN, Working of Site-Site
  • Site-Site VPN Labs
Remote Access Introduction
  • Remote Access Modes, Remote Access Client Mode Software, Remote Access Client Mode Hardware
  • Remote Access Network-Extension Mode, Remote Access Network Extension Plus Mode
  • Remote Access With DVTI, Remote Access Working
  • Split-Tunnel
  • Remote Access VPN Labs
SSL VPN Introduction
  • SSL VPN Modes, Clientless, Thin Client, Thick Client, SSL VPN Requirements
  • SSL VPN Working
  • SSL VPN Labs
DMVPN
  • DMVPN Terminologies, NHRP, MGRE, DMVPN Working, DMVPN Limitation
  • DMVPN Advantages, DMVPN Phases, DMVPN Phase 1, DMVPN Phase 2, DMVPN Phase 3
  • DMVPN Labs
GET VPN
  • GET VPN Terminologies, GDOI, Key Server (KS)
  • Key Encryption Key (KEK), Traffic Encryption Key (TEK)
  • Rekey Process, Unicast Rekey Process, Multicast Rekey Process
  • Group Member (GM), Tunnel Header Preservation
  • TBAR, COOPs, GET VPN Working
  • GET VPN Labs
IOS Flex VPN
  • IKEv2 Introduction
  • Flex VPN Labs

Our Trainers

Saurabh Yadav

Saurabh Yadav

Triple CCIE R&S, SP, Security # 46962

Baldev Singh

Baldev Singh

CCIE Security #37094

Sudhanshu Bhat

Sudhanshu Bhat

CCIE Voice # 41212

Surendra Singh

Surendra Singh

CCIE R&S # 60346

Shubham Singh

Shubham Singh

CCIE Security # 58858

What Our Students Say

Register for Free Demo Session