Advanced Services - Building Enhanced Cisco Security Networks (BECSN)

This course is intended for network professionals including designers, implementers and support staff who design security networks and deploy networks using Cisco security products including end-to-end Cisco security services.

• Experience using the IOS ® Command Line Interface (CLI) • Routing fundamentals and IP addressing • Experience using Cisco Secure Products including PIX Firewalls, VPN Concentrators, and Intrusion Prevention Systems (Recommended) • Experience using Cisco Aironet Wireless LANs (Recommended)

• Develop and document a comprehensive security policy that fulfills all requirements of a network assessment • Based on a set of threat management criteria, document a threat response procedure • Configure a site-to-site IP Security (IPSec) VPN to the corporate core network • Configure split tunneling to send unencrypted traffic to the Internet so that users are capable of loading a Web page outside of the IPSec tunnel • Configure context-based access control (CBAC) on a router to secure the remote VPN connection • Identify the path maximum transmission unit (MTU) for the established site-to-site IPSec tunnel • Configure Cisco VPN Routers for IPSec-HA and verify their correct operation by using a failover sequence and reverse route injection • Configure a Cisco router to be a Next Hop Resolution Protocol (NHRP) client by having it register with the NHRP hub in the core network • Connect a NHRP client router to a peer pod client router through the dynamic multipoint VPN (DMVPN) network • Configure the Cisco Wireless Application Protocol (WAP) for 802.1x port-based authentication and verify its accuracy with a successful RADIUS login to a student pod Cisco Secure Access Control Server • Configure an access edge router to support Simple Network Management Protocol Version 2 (SNMP v2) with SNMP access control lists (ACLs) for remote administration • Configure Cisco Intrusion Detection System components to respond to active internal and external network threats using CiscoWorks VPN/Security Management Solution 2.2 • Configure a Cisco PIX firewall to respond to active and internal and external networks • Configure Cisco routers to respond to active internal and external networks

• Developing a Network Security Policy
• Configuring Split Tunneling for Remote Access
  • Configuring IPSec
  • Configuring Split Tunneling
• Fragmentation, Path MTU Discovery, and Recursive Routing
  • Avoiding Fragmentation with TCP MSS
  • PMTUD
  • Modifying Path MTU for IPSec Site-to-Site VPNs
• IPSec High Availability (IPSec-HA)
  • Configuring IPSec-HA
  • Verifying IPSec-HA
• Dynamic Multipoint VPN (DMVPN)
  • DMVPN Benefits
  • Configuring and Verifying DMVPN
• Identity Based Networking Services (IBMS)
  • 802.11 Security
  • IBMS Overview
  • Configuring and Verifying IBNS for Wireless Networks
• Securing Network Management
  • Network Management Overview
  • SNMP
  • Securely Managing Network Devices
  • CiscoWorks VMS 2.2
  • Managing IDS with CiscoWorks
  • Monitoring IDS Sensors with Security Monitor
• Network Attacks
  • Network Attack Overview
  • Network Attack Mitigation
• Network Implementation Package