THE ACADEMY CCSP® BOOT CAMP

Description

Duration: 14 days

With a CCSP, a network professional demonstrates the skills required to secure and manage network infrastructures to protect productivity and reduce costs.

Prerequisites:

The most important pre-requisite for the CCSP™ boot camp is the CCNA^® certification. You must be CCNA^® certified before you start the CCSP™ boot camp. If you are not CCNA^® certified, ask our salespeople about the CCNA^® + CCSP™ economy package.

The boot camp is designed for I.T. Professionals with a minimum of one and a half years of networking experience, supporting a TCP/IP network. While not required, if you have any of the following certifications, you are most likely ready to take the CCSP™ boot camp: MCSE 2000 or CNE..

Benefits

• The complete Cisco® Press courseware. We pre-ship study materials for your preparation (upon request), and provide the complete Cisco Press courseware for your training course.
• Subject Matter Experts for instructors. Our instructors are unequalled among training providers, and hold the most prestigious certifications and cutting-edge expertise.
• They are available to you throughout the day for the length of the course for group instruction, lab exercise leadership and individual coaching.
• We teach to accommodate every student's learning needs, including instruction, hands-on labs, lab partner and group exercises, independent study, self-testing, question and answer drills, and friendly competitions between concurrently running classes.
• Lab manuals, guidebooks, and Measure Up self-testing software are utilized to augment your courseware and instruction. And the instructors are with you every step of the way.
• State-of-the-art educational facilities. The school has dedicated, well-equipped educational facilities where you will attend instruction and labs, and have access to comfortable study and lounging rooms. Our students consistently say our facilities are unsurpassed!
• Breakfast, snacks, freshly-brewed coffee, tea and water are available throughout the day at the training site. Our training facilities are located within walking distance of several eateries and restaurants, offering students the opportunity to satisfy their own tastes and dietary requirements.

What's Included?

• The official Authorized Cisco CCSP curriculum  is included in your training package
• Test Engine for practice exams
• CertSim Practice Test with Cisco Router Simulation
• Electronic Flashcards
• Six certification test vouchers
• On-site testing
• Fourteen(14) full days of intensive instruction, labs, and review
• Hands-on practice and skills development on real Cisco Equipment
• Custom Courseware
• Unlimited Practice Tests
  

• Securing Networks with Cisco Routers and Switches (SNRS)
• Securing Networks with PIX and ASA (SNPA)
• Securing Networks Using Intrusion Prevention Systems (IPS)
• Cisco Secure Virtual Private Networks (CSVPN)
• Securing Cisco Network Devices (SND)

Securing Networks with Cisco Routers and Switches (642-502 SNRS)

This exam includes simulations and tests a candidate's knowledge and ability to secure networks using Cisco routers and switches.

Implement Layer 2 security

• Utilize Cisco IOS and Cat OS commands to mitigate Layer 2 attacks
• Implement Cisco Identity-Based Networking Services
• Implement Cisco 802.1X Port-Based Authentication
• Identify and describe Layer 2 security best practices

Configure Cisco IOS Firewall features to meet security requirements

• Identify and describe the capabilities of the IOS firewall feature set
• Configure CBAC to dynamically mitigate identified threats to the network
• Verify and troubleshoot CBAC configuration and operation
• Configure authentication proxy to apply security policies on a per-user basis
• Verify and troubleshoot authentication proxy configuration and operation

Configure Cisco IOS-based IPS to identify and mitigate threats to network resources

• Identify and describe the capabilities of the IOS-IPS feature set
• Configure the IPS features to identify threats and dynamically block them from entering the network
• Verify and troubleshoot IDS operation
• Maintain and update the signatures

Configure basic IPSec VPNs to secure site-to-site and remote access to network resources

• Select the correct IPSec implementation based on specific stated requirements
• Configure IPSec Encryption for site-to-site VPN using pre-shared keys
• Configure IPSec Encryption for site-to-site VPN using certificate authority
• Verify and troubleshoot IPSec operation
• Configure EZ-VPN server
• Configure EZ-VPN remote using both hardware and software clients.
• Troubleshoot EZ-VPN

Configure authentication, authorization and accounting to provide basic secure access control for networks

• Configure administrative access to the Cisco Secure ACS server
• Configure AAA clients on the Cisco Secure ACS (for routers)
• Configure users, groups and access rights
• Configure router to enable AAA to use TACACS+
• Configure router to enable AAA to use a Radius server
• Verify and troubleshoot AAA operation

Use management applications to configure and monitor IOS security features

• Initialize SDM communications on Cisco routers
• Perform a LAN interface configuration of a Cisco router using SDM
• Use SDM to define and establish a site-to-site VPN

[ back to top ]

Securing Networks with PIX and ASA (642-522 SNPA)

This exam includes simulations and tests a candidate's knowledge and ability to describe, configure, verify and manage the Cisco PIX and ASA security appliance products.

Install and configure a security appliance for basic network connectivity

• Describe the Security Appliance hardware and software architecture
• Determine the Security Appliance hardware and software configuration and verify if it is correct
• Use setup or the CLI to configure basic network settings, including interface configurations
• Use appropriate show commands to verify initial configurations
• Configure NAT and global addressing to meet user requirements
• Configure DHCP client option
• Set default route
• Configure logging options
• Describe the firewall technology
• Explain the information contained in syslog files
• Configure static address translations
• Configure Network Address Translations: PAT
• Configure static port redirection
• Configure a net static
• Set embryonic and connection limits on the security appliance
• Verify network address translation operation

Configure a security appliance to restrict inbound traffic from untrusted sources

• Configure access-lists to filter traffic based on address, time, and protocols
• Configure object-groups to optimize access-list processing
• Configure Network Address Translations: Nat0
• Configure Network Address Translations: Policy NAT
• Configure java/activeX filtering
• Configure URL filtering
• Verify inbound traffic restrictions

Configure a security appliance to provide secure connectivity using site-to-site VPNs

• Explain certificates, certificate authorities and how they are used
• Explain the basic functionality of IPSec
• Configure IKE with preshared keys
• Configure IKE to use certificates
• Differentiate between the types of encryption
• Configure IPSec parameters
• Configure crypto-maps and ACLs

Configure a security appliance to provide secure connectivity using remote access VPNs

• Explain the functions of EasyVPN
• Configure IPSec using EasyVPN Server/Client
• Configure the Cisco Secure VPN client
• Explain the purpose of WebVPN
• Configure WebVPN services: Server/Client
• Verify VPN operations

Configure transparent firewall, virtual firewall, and high availability firewall features on a security appliance

• Explain differences between L2 and L3 operating modes
• Configure security appliance for transparent mode (L2)
• Explain purpose of virtual firewalls
• Configure security appliance to support virtual firewall
• Monitor and maintain virtual firewall
• Explain the types, purpose and operation of fail-over
• Install appropriate topology to support cable-based or LAN-based fail-over
• Explain the hardware, software and licensing requirements for high-availability
• Configure the SA for active/standby fail-over
• Configure the SA for stateful fail-over
• Configure the SA for active-active fail-over
• Verify fail-over operation
• Recover from a fail-over

Configure AAA services for access through a security appliance

• Configure ACS for security appliance support
• Configure security appliance to use AAA feature
• Configure authentication using both local and external databases
• Configure authorization using an external database
• Configure the ACS server for downloadable ACLs
• Configure accounting of connection start/stop
• Verify AAA operation

Configure routing and switching on a security appliance

• Enable DHCP server and relay functionality
• Configure VLANs on a security appliance interface
• Configure routing functionality of security appliance including OSPF, RIP
• Configure security appliance to pass multi-cast traffic
• Configure ICMP on the security appliance

Configure a modular policy on a security appliance

• Configure a class-map
• Configure a policy-map
• Configure a service-policy
• Configure a ftp-map
• Configure a http-map
• Configure an inspection protocol
• Explain the function of protocol inspection
• Explain DNS guard feature
• Describe the AIP-SSM HW and SW
• Load IPS SW on the AIP-SSM
• Verify AIP-SSM
• Configure an IPS modular policy

Monitor and manage an installed security appliance

• Obtain and apply OS updates
• Backup and restore configurations and software
• Explain the security appliance file management system
• Perform password/lockout recovery procedures
• Obtain and upgrade license keys
• Configure passwords for various access methods: Telnet, serial, enable, SSH
• Configure various access methods: Telnet, SSH, PDM
• Configure command authorization and privilege levels
• Configure local username database
• Verify access control methods
• Enable ASDM functionality
• Verify a security appliance configuration via ASDM
• Verify the licensing available on a security appliance

[ back to top ]

Securing Networks Using Intrusion Prevention Systems (642-532 IPS)

This exam includes simulations and tests a candidate's knowledge and ability to describe, configure, verify and manage the Cisco IPS appliance products.

Describe how Cisco IDS/IPS sensors are used to mitigate network security threats

• Select the best sensor platform to protect a given network
• Describe the features of the IDSM-2
• Describe the features of the NM-CIDS
• List sensor requirements for inline operations
• List platforms on which the 50 image will run
• Explain the difference between inline and promiscuous mode sensor operations
• Select the most effective location for the sensor and other defense-in-depth components
• Explain how Cisco IDS/IPS protects network devices from attacks (Describe signatures, alerts, and actions)
• Explain the similarities and differences among the various intrusion detection technologies
• Explain the evasive techniques used by hackers and how Cisco IDS defeats those techniques
• Explain the differences between HIPS and Network IPS
• Describe the network sensors that are currently available and their features
• Describe the considerations necessary for selection, placement, and deployment of a network intrusion prevention system
• Explain the features, benefits, and system requirements of the IDM
• Describe traffic that is not inspected by the NM-CIDS
• Define intrusion detection
• Define intrusion prevention
• Explain the Cisco IDS/IPS signature features

Install Cisco IDS/IPS sensors and configure essential system parameters

• Install a sensor appliance in the network
• Use the IDM to configure SSH and TLS communications
• Use the CLI to install the sensor's software image
• Select the appropriate image file for a sensor
• Select a router to host the NM-CIDS
• Configure communications between the router and the NM-CIDS
• Describe the functions of the various IDSM-2 ports
• Describe the tasks for configuring the NM-CIDS
• Describe the interfaces and components of the NM-CIDS
• Explain how the NM-CIDS works
• Explain how the IDSM-2 obtains access to network traffic
• Explain the importance of accurate time on the NM-CIDS and how the NM-CIDS should obtain the accurate time
• Explain the importance of accurate time on the IDSM-2 and how the IDSM-2 should obtain the accurate time
• Install the IDSM-2 in a switch
• Install the NM-CIDS in a router
• Select a switch to host the IDSM-2
• Use the CLI to initialize the sensor
• Describe user accounts and how they provide sensor security
• Use the IDM to configure and manage user accounts
• Use the IDM to verify secure management access to the sensor
• Obtain management access to the sensor appliance
• Obtain management access to the NM-CIDS
• Obtain management access to the IDSM-2
• Describe allowed hosts
• Use the IDM to configure allowed hosts
• Describe sensor interfaces and interface pairs
• Use the IDM to configure the sensor's interfaces (enable, create pairs, assign to virtual sensor)
• Describe software bypass mode
• Use the IDM to configure software bypass mode
• Use the IDM to configure the sensor's network settings (IP address, netmask, default gateway, etc)
• Describe sensor communications with external management and monitoring systems
• Launch, navigate, and use the IDM to manage and monitor the sensor
• Use the IDM to set the sensor's time
• Define traffic flow notification
• Use the IDM to configure traffic flow notification
• Describe the various CLI modes
• Navigate the sensor CLI
• List the tasks for installing and configuring the IDSM-2

Describe Cisco IDS/IPS sensor advanced system parameters

• Plan the mitigation of specific network vulnerabilities and exploits
• Describe sensor tuning
• Describe sensor tuning methods
• Explain IP fragment and TCP stream reassembly options
• Describe the IP logging capabilities of the sensor
• Explain how IP logging should be used
• Explain the use of Event Variables
• Determine the need for a custom signature
• Describe the signature engines and their functionality
• Describe the types of signatures supported by each engine
• Describe common engine parameters and their effects on signatures
• Describe engine-specific parameters and their effects on signatures
• Describe the device management capability of the sensor and how it is used to perform blocking with a Cisco device
• Determine which response actions need to be configured for a given scenario
• Determine the need for Event Action Filters in a given scenario
• Describe the purpose of the Meta Event Generator
• Explain Target Value Ratings and how they are used
• Determine the need for Event Action Rules in a given scenario
• Explain event Risk Ratings and how they are used
• Explain the sensor's SNMP support
• Determine if the sensor's application policy enforcement feature is needed in a given scenario

Tune Cisco IDS/IPS sensor advanced system parameters to optimize attack mitigation performance

• Use the IDM to tune the sensor to work optimally in the network
• Use the IDM to tune signatures to provide maximum protection for a network
• Use the IDM to create custom signatures as needed
• Configure response actions for a signature
• Configure the sensor to take response actions based on a risk rating
• Configure the sensor to minimize false alerts
• Use the IDM to create a Meta signature and disable alert production for the component signatures
• Use the IDM to configure the sensor to support SNMP
• Configure Event Action Filters
• Configure Event Action Overrides
• Configure Target Value Ratings
• Configure general settings for Event Action Rules
• Use the IDM to configure IP logging
• Configure Event Variables
• Use the IDM to configure blocking for a given scenario
• Use the IDM to configure the sensor to use a Master Blocking Sensor
• Use the IDM to configure IP fragment and TCP stream reassembly options
• Use the sensor's application policy enforcement feature

Analyze Cisco IDS/IPS sensor events to determine the appropriate response to network attacks

• Configure the IDM events display
• Analyze alerts and make configuration changes to respond to attacks
• Use the CLI and the IDM to monitor events
• Classify an alarm as true, false, positive or negative
• Explain the fields in a Cisco IDS/IPS alert
• Describe the various types of events generated by the sensor
• Explain the difference between true and false and positive and negative alarms

Upgrade and maintain Cisco IDS/IPS sensors

• Configure the sensor to allow an SNMP NMS to obtain its health and welfare information
• Use the CLI to recover the sensor's software image
• Use the IDM to install signature updates and service packs
• Use the IDM to configure automatic signature and service pack updates
• Move software images/upgrades and configuration files via HTTP, HTTPS, SCP, and FTP
• Use the IDM to restore the default configuration to the sensor
• Select the correct software update file for a sensor
• Use the CLI to upgrade the software image
• Describe the various types of image files
• Apply the appropriate system image to the sensor
• Describe maintenance tasks specific to the NM-CIDS
• Use the CLI to obtain PEP information from the sensor
• Use the IDM to install a sensor license
• Describe PEP information and its purpose
• Explain the purpose of service packs and signature updates
• Describe service pack and signature update file names
• Explain why a sensor license is needed
• Obtain a license key

Troubleshoot Cisco IDS/IPS sensor operation and configuration errors

• Use the packet command to display and capture packets from the data interfaces
• Copy (to a location off the sensor) packets that have been captured from the data interfaces
• Use the IDM to verify the sensor's configuration
• Use the CLI to back up the sensor configuration
• View IP logs for troubleshooting purposes
• Troubleshoot communications between the NM-CIDS and its host router
• Reset and power down the sensor
• Determine when resetting or powering down the sensor is necessary
• Describe the main components of the IPS 50 software architecture
• Verify functionality of the NM-CIDS
• Verify the Catalyst 6500 switch and Catalyst IDSM-2 functionality
• Use the IDM and the CLI to obtain sensor statistics
• Use the IDM to obtain a sensor diagnostic report
• Use the IDM to obtain sensor system information
• Use general troubleshooting commands
• Use the IDM to shut down and reboot the sensor
• Describe Cisco IDS/IPS configuration file format

[ back to top ]

Cisco Secure Virtual Private Networks (642-511 CSVPN)

This exam includes simulations and tests a candidate's knowledge and ability to describe, configure, verify, and manage the Cisco VPN 3000 Concentrator, Cisco VPN Software Client, and Cisco VPN 3002 Hardware Client feature set. CCNA or CCDA recertification candidates who pass the 642-511 CSVPN exam will be considered recertified at the CCNA or CCDA level.

Overview of Virtual Private Networks and IPSec Technologies

• Cisco products enable a secure VPN
• IPSec overview
• IPSec protocol framework
• How IPSec works

Cisco Virtual Private Network 3000 Concentrator Series Hardware

• Overview of the Cisco VPN 3000 Concentrator Series
• Cisco VPN 3000 Concentrator
• Cisco VPN 3000 Concentrator Series Client support

Configuring the Cisco VPN 3000 Series Concentrator for Remote Access Using Pre-shared Keys

• Overview of remote access using pre-shared keys
• Initial configuration of the Cisco VPN 3000 Concentrator Series for remote access
• Browser configuration of the Cisco VPN 3000 Series Concentrator
• Configure users and groups
• More in-depth configuration information
• Configure the Cisco Windows VPN Software Client

Configure Cisco Virtual Private Network 3000 Series Concentrator for Remote Access Using Digital Certificates

• CA support overview
• Certificate generation
• Validating certificates
• Configuring the Cisco VPN 3000 Concentrator Series for CA support

Configure the Cisco Virtual Private Network Firewall Feature for IPSec Software Client

• Overview of software client's firewall feature
• Software Client's Are You There feature
• Software Client's Central Policy Protection feature
• Software Client's firewall statistics
• Customizing firewall policy

Configure the Cisco Virtual Private Network Client Auto-Initiation Feature

• Overview of the Cisco VPN Software Client auto-initiation
• Configure the Cisco VPN Software Client auto-initiation

Monitor and Administer Cisco VPN 3000 Remote Access Networks

• Monitoring
• Administration
• Bandwidth Management

Configure the Cisco VPN 3002 Hardware Client for Remote Access

• Cisco VPN 3002 Hardware client remote access with pre-shared keys

Configure the Cisco Virtual Private Network 3002 Hardware Client

• Overview of the Hardware Client interactive unit and user authentication features
• Configuring the Hardware Client interactive unit authentication feature
• Configuring the Hardware Client user authentication feature
• Monitoring the Hardware Client user statistics

Configure the Cisco Virtual Private Network Client Backup Server and Load Balancing

• Configuring the Cisco VPN Client backup server feature
• Configuring the Cisco VPN Client load balancing feature
• Overview of the Cisco VPN Client Reverse Route Injection feature

Configure the Virtual Private Network 3002 Hardware Client for Software Auto-Update

• Overview and configuration of the VPN 3002 Hardware Client software auto-update feature
• Monitoring the Cisco VPN 3002 Hardware Client software auto-update feature

Configure the Cisco Virtual Private Network 3000 Series Concentrator for the IPSec Over UDP and IPSec Over TCP

• Overview of Port Address Translation
• Configuring IPSec over UDP
• Configuring NAT-Transversal
• Configuring IPSec over TCP

Cisco Virtual Private Network 3000 Series Concentrator LAN-to-LAN with Pre-Shared Keys

• Cisco VPN 3000 Series Concentrator IPSec LAN-to-LAN
• LAN-to-LAN configuration

Cisco Virtual Private Network 3000 Series Concentrator LAN-to-LAN with NAT

• LAN-to-LAN overview
• Configuring the Concentrator LAN-LAN NAT feature

Cisco Virtual Private Network 3000 Series Concentrator LAN-to-LAN using Digital Certificates

• Root certificate installation
• Identify certificate installation

[ back to top ]

Securing Cisco Network Devices (642-551 SND)

This exam includes simulations and tests a candidate's knowledge and ability to describe, configure, and verify basic security features of Cisco Layer 2 devices, Cisco Routers, Cisco IDS/IPS Sensors, Cisco VPN 3000 Concentrators, and Cisco PIX Security Appliances.

Describe the products in the Cisco security portfolio and explain how they mitigate security threats to a network

• Identify the appropriate devices to secure a network
• Identify the appropriate device feature to secure a network
• Describe the difference in functionality and capabilities of the different security devices
• Identify security issues with common management protocols
• Describe threats to a network and network devices
• Identify different techniques to deal with security threats

Describe the security features available for a Cisco Layer 2 device in a secure network

• Identify security features on a Layer 2 device
• Describe basic security feature configurations on a Layer 2 device

Implement security on a Cisco IOS Router

• Identify mitigation techniques for common physical router security threats
• Configure router for secure administrative access
• Implement basic AAA for router administrative authentication
• Configure AutoSecure to harden Cisco routers
• Configure router access lists to secure networks
• Configure security for router services and interfaces
• Implement Syslog logging
• Identify major components of the SDM

Describe and configure Cisco IPS and HIPS

• Configure user accounts
• Describe and configure Network Access lists
• Describe how the sensor device is secure by default
• Install the sensor on the network
• Describe the methods used to access a sensor
• Describe the process for displaying the sensor configuration
• Identify major components of IDM
• Describe basic sensor operations
• Describe the process of using alarms to identify network attacks
• Identify the appropriate platform required to install the CSA MC
• Configure the default group
• Describe the process of agent kit deployment and verifying management of the agent
• Describe key features and concepts of VMS
• Describe the interoperability of the components of VMS
• Describe the hardware and software requirements of VMS

Configure and verify basic remote access on a Cisco VPN 3000 Concentrator

• Perform an initial configuration
• Configure users and groups
• Configure VPN clients
• Verify IPSec tunnel establishment

Implement a Cisco PIX security appliance

• Describe basic PIX security appliance hardware and software architecture
• Identify appropriate PIX security appliance hardware and software configuration
• Configure basic network settings using CLI
• Configure basic interface features on a PIX security appliance
• Verify initial configurations
• Identify major components of the FWDM
• Configure static address translation
• Configure Network Address Translation
• Configure firewall to secure inbound traffic
• Verify inbound traffic restrictions
• Describe basic IPSec topologies he
• Define the services provided by IPSec
• Describe the IPSec protocol framework
• Describe the IPSec algorithm framework
• Describe the concepts of split tunneling
• Describe the various authentication methods
• Describe how the PIX security appliance uses IPSec to secure networks

Cisco Trademark Notice