Cisco Security

Course Overview

The Implementing and Configuring Cisco Identity Services Engine (SISE) v4.0 course teaches you to deploy and use Cisco® Identity Services Engine (ISE) v3.x, an identity and access control policy platform that simplifies the delivery of consistent, highly secure access control across wired, wireless, and VPN connections. This hands-on course provides you with the knowledge and skills to implement and apply Cisco ISE capabilities to support use cases for Zero Trust security posture. These use cases include tasks such as policy enforcement, profiling services, web authentication and guest access services, BYOD, endpoint compliance services, and Terminal Access Controller Access Control Server (TACACS+) device administration. Through hands-on practice via lab exercises, you will learn how to use Cisco ISE to gain visibility into what is happening in your network, streamline security policy management, and contribute to operational efficiency. This course helps you prepare to take the Implementing and Configuring Cisco Identity Services Engine (300-715 SISE) exam, which leads to CCNP® Security and the Cisco Certified Specialist — Security Identity Management Implementation certifications. This course also earns you 40 Continuing Education (CE) credits toward recertification

How You’ll Benefit

This class will help you use Cisco ISE to:

Develop and implement SASE architecture
Understand application of ISE capabilities towards development of a Zero Trust approach
Enable BYOD and guest access
Centrally configure and manage posture, authentication, and authorization services in a single webbased GUI console
Gain leading-edge career skills for high-demand job roles and responsibilities focused on enterprise security
Earn 40 CE credits toward recertification

Who should attend

Network security engineers
Network security architects
ISE administrators
Senior Security Operations Center (SOC) personnel responsible for Incidence Response
Cisco integrators and partners

Certifications

This course is part of the following Certifications:
Cisco Certified Network Professional Security

Prerequisites

To fully benefit from this course, you should have the following knowledge:

Familiarity with the Cisco IOS® Software Command-Line Interface (CLI) for wired and wireless devices
Familiarity with Cisco AnyConnect® Secure Mobility Client
Familiarity with Microsoft Windows operating systems
Familiarity with 802.1X

Course Objectives

After taking this course, you should be able to:

Describe the Cisco Identity Services Engine (ISE)
Explain Cisco ISE deployment
Describe Cisco ISE policy enforcement components
Describe Cisco ISE policy configuration
Troubleshoot Cisco ISE policy and third-party Network Access Device (NAD) support
Configure guest access
Configure hotspots and guest portals
Describe the Cisco ISE profiler services
Describe profiling best practices and reporting
Configure a Cisco ISE BYOD solution
Configure endpoint compliance
Configure client posture services
Configure Cisco ISE device administration
Describe Cisco ISE TrustSec configurations

Outline: Implementing and Configuring Cisco Identity Services Engine (SISE)

Introducing Cisco ISE Architecture
Introducing Cisco ISE Deployment
Introducing Cisco ISE Policy Enforcement Components
Introducing Cisco ISE Policy Configuration
Troubleshooting Cisco ISE Policy and Third-Party NAD Support
Introducing Web Authentication and Guest Services
Configuring Hotspots and Guest Portals
Introducing the Cisco ISE Profiler
Introducing Profiling Best Practices and Reporting
Configuring Cisco ISE BYOD
Introducing Cisco ISE Endpoint Compliance Services
Configuring Client Posture Services and Compliance
Working With Network Access Devices
Exploring Cisco TrustSec

Lab Topology

Configure Initial Cisco ISE Setup and System Certificate Usage
Integrate Cisco ISE with Active Directory
Configure Cisco ISE Policy for MAC Authentication Bypass (MAB)
Configure Cisco ISE Policy for 802.1X
Configure Guest Access
Configure Hotspot and Self-Registered Guest Access
Configure Sponsor-Approved and Fully Sponsored Guest Access
Create Guest Reports
Configure Profiling
Customize the Cisco ISE Profiling Configuration
Create Cisco ISE Profiling Reports
Configure BYOD
Manage a Lost or Stolen BYOD Device
Configure Cisco ISE Compliance Services
Configure Client Provisioning
Configure Posture Policies
Test and Monitor Compliance-Based Access
Configure Cisco ISE for Basic Device Administration
Configure Cisco ISE Command Authorization
Configure Cisco TrustSec

Длительность обучения:

Instructor-led training: 2 days in the classroom with hands-on lab practice
Virtual instructor-led training: 2 days of web-based classes with hands-on lab practice
E-learning: Equivalent of 2 days of instruction with videos, practice, and challenges

Кому следует посетить:

Security architects
System designers
Network administrators
Operations engineers
Network managers, network or security technicians, and security engineers and managers responsible for web security
Cisco integrators and partners

Предварительные требования:

To fully benefit from this course, you should have knowledge of these topics:

TCP/IP services, including Domain Name System (DNS), Secure Shell (SSH), FTP, Simple Network Management Protocol (SNMP), HTTP, and HTTPS
IP routing
You are expected to have one or more of the following basic technical competencies or equivalent knowledge:
Cisco certification (CCENT certification or higher)
Relevant industry certification [International Information System Security Certification Consortium ((ISC)2), Computing Technology Industry Association (CompTIA) Security+, International Council of Electronic Commerce Consultants (EC-Council), Global Information Assurance Certification (GIAC), ISACA]
Cisco Networking Academy letter of completion (CCNA 1 and CCNA 2)
Windows expertise: Microsoft [Microsoft Specialist, Microsoft Certified Solutions Associate (MCSA), Microsoft Certified Solutions Expert (MCSE)], CompTIA (A+, Network+, Server+)

Программа курса:

After taking this course, you should be able to:
Describe Cisco WSA
Deploy proxy services
Utilize authentication
Describe decryption policies to control HTTPS traffic
Understand differentiated traffic access policies and identification profiles
Enforce acceptable use control settings
Defend against malware
Describe data security and data loss prevention
Perform administration and troubleshooting

Дополнительно:

This class includes lecture sections and some self-study sections. In instructor-led classes, lectures are delivered in real-time, either in person or via video conferencing. In e-learning classes, the lectures are on recorded videos

Длительность обучения:

Instructor-led training: 3 days in the classroom with hands-on lab practice
Virtual instructor-led training: 3 days of web-based classes with hands-on lab practice
E-learning: Equivalent of 3 days of instruction with hands-on lab practice, videos, and challenges

Кому следует посетить:

Security engineers
Security administrators
Security architects
Operations engineers
Network engineers
Network administrators
Network or security technicians
Network managers
System designers
Cisco integrators and partners

Предварительные требования:

To fully benefit from this course, you should have one or more of the following basic technical competencies:
Cisco certification (Cisco CCENT® certification or higher)
Relevant industry certification, such as (ISC)2, CompTIA Security+, EC-Council, Global Information
Assurance Certification (GIAC), and ISACA
Cisco Networking Academy letter of completion (CCNA® 1 and CCNA 2)
Windows expertise: Microsoft [Microsoft Specialist, Microsoft Certified Solutions Associate (MCSA),
Microsoft Certified Systems Engineer (MCSE)], CompTIA (A+, Network+, Server+)
The knowledge and skills that a student must have before attending this course are:
TCP/IP services, including Domain Name System (DNS), Secure Shell (SSH), FTP, Simple Network
Management Protocol (SNMP), HTTP, and HTTPS
Experience with IP routing

Программа курса:

After taking this course, you should be able to:
Describe and administer the Cisco Email Security Appliance (ESA)
Control sender and recipient domains
Control spam with Talos SenderBase and anti-spam
Use anti-virus and outbreak filters
Use mail policies
Use content filters
Use message filters to enforce email policies
Prevent data loss
Perform LDAP queries
Authenticate Simple Mail Transfer Protocol (SMTP) sessions
Authenticate email
Encrypt email
Use system quarantines and delivery methods
Perform centralized management using clusters
Test and troubleshoot

Дополнительно:

This class includes lecture sections and some self-study sections. In instructor-led classes, lectures are delivered in real-time, either in person or via video conferencing. In e-learning classes, the lectures are on recorded videos

Course Overview

The Implementing and Operating Cisco Security Core Technologies (SCOR) v1.0 course helps you prepare for the Cisco® CCNP® Security and CCIE® Security certifications and for senior-level security roles. In this course, you will master the skills and technologies you need to implement core Cisco security solutions to provide advanced threat protection against cybersecurity attacks. You will learn security for networks, cloud and content, endpoint protection, secure network access, visibility and enforcements. You will get extensive hands-on experience deploying Cisco Firepower Next-Generation Firewall and Cisco ASA Firewall; configuring access control policies, mail policies, and 802.1X Authentication; and more. You will get introductory practice on Cisco Stealthwatch Enterprise and Cisco Stealthwatch Cloud threat detection features.
This course, including the self-paced material, helps prepare you to take the exam, Implementing and Operating Cisco Security Core Technologies (350-701 SCOR), which leads to the new CCNP Security, CCIE Security, and the Cisco Certified Specialist — Security Core certifications.

Course Content

Describing Information Security Concepts*
Describing Common TCP/IP Attacks*
Describing Common Network Application Attacks*
Describing Common Endpoint Attacks*
Describing Network Security Technologies
Deploying Cisco ASA Firewall
Deploying Cisco Firepower Next-Generation Firewall
Deploying Email Content Security
Deploying Web Content Security
Deploying Cisco Umbrella*
Explaining VPN Technologies and Cryptography
Introducing Cisco Secure Site-to-Site VPN Solutions
Deploying Cisco IOS VTI-Based Point-to-Point
Deploying Point-to-Point IPsec VPNs on the Cisco ASA and Cisco Firepower NGFW
Introducing Cisco Secure Remote Access VPN Solutions
Deploying Remote Access SSL VPNs on the Cisco ASA and Cisco Firepower NGFW
Explaining Cisco Secure Network Access Solutions
Describing 802.1X Authentication
Configuring 802.1X Authentication
Describing Endpoint Security Technologies*
Deploying Cisco AMP for Endpoints*
Introducing Network Infrastructure Protection*
Deploying Control Plane Security Controls*
Deploying Layer 2 Data Plane Security Controls*
Deploying Layer 3 Data Plane Security Controls*
Deploying Management Plane Security Controls*
Deploying Traffic Telemetry Methods*
Deploying Cisco Stealthwatch Enterprise*
Describing Cloud and Common Cloud Attacks*
Securing the Cloud*
Deploying Cisco Stealthwatch Cloud*
Describing Software-Defined Networking (SDN*)

* This section is self-study material that can be done at your own pace if you are taking the instructor-led version of this course.

Who should attend

Security Engineer
Network Engineer
Network Designer
Network Administrator
Systems Engineer
Consulting Systems Engineer
Technical Solutions Architect
Cisco Integrators/Partners
Network Manager
Cisco integrators and partners

Certifications

This course is part of the following Certifications:

Cisco Certified Networkn Professional Security

Prerequisites

To fully benefit from this course, you should have the following knowledge and skills:
Skills and knowledge equivalent to those learned in Implementing and Administering Cisco Solutions (CCNA) v1.0 course
Familiarity with Ethernet and TCP/IP networking
Working knowledge of the Windows operating system
Working knowledge of Cisco IOS networking and concepts
Familiarity with basics of networking security concepts

Course Objectives

After taking this course, you should be able to:
Describe information security concepts and strategies within the network
Describe common TCP/IP, network application, and endpoint attacks
Describe how various network security technologies work together to guard against attacks
Implement access control on Cisco ASA appliance and Cisco Firepower Next-Generation Firewall
Describe and implement basic email content security features and functions provided by Cisco Email Security Appliance
Describe and implement web content security features and functions provided by Cisco Web Security Appliance
Describe Cisco Umbrella security capabilities, deployment models, policy management, and Investigate console
Introduce VPNs and describe cryptography solutions and algorithms
Describe Cisco secure site-to-site connectivity solutions and explain how to deploy Cisco IOS VTI-based point-to-point IPsec VPNs, and point-to-point IPsec VPN on the Cisco ASA and Cisco FirePower NGFW
Describe and deploy Cisco secure remote access connectivity solutions and describe how to configure 802.1X and EAP authentication
Provide basic understanding of endpoint security and describe AMP for Endpoints architecture and basic features
Examine various defenses on Cisco devices that protect the control and management plane
Configure and verify Cisco IOS Software Layer 2 and Layer 3 Data Plane Controls
Describe Cisco Stealthwatch Enterprise and Stealthwatch Cloud solutions
Describe basics of cloud computing and common cloud attacks and how to secure cloud environment

This course will help you:

Gain hands-on experience implementing core security technologies and learn best practices using Cisco security solutions
Prepare for the Implementing and Operating Cisco Security Core Technologies (350-701 SCOR) exam
Qualify for professional and expert-level security job roles
This course will help you prepare to take the Implementing and Operating Cisco Security Core Technologies (350-701 SCOR) exam. This exam tests a candidate’s knowledge of implementing and operating core security technologies.

Follow On Courses

Implementing Automation for Cisco Security Solutions (SAUI)
Securing Email with Cisco Email Security Appliance (SESA)
Implementing and Configuring Cisco Identity Services Engine (SISE)
Implementing Secure Solutions with Virtual Private Networks (SVPN)
Securing the Web with Cisco Web Security Appliance (SWSA)

Lab Topology

Configure Network Settings and NAT on Cisco ASA
Configure Cisco ASA Access Control Policies
Configure Cisco Firepower NGFW NAT
Configure Cisco Firepower NGFW Access Control Policy
Configure Cisco Firepower NGFW Discovery and IPS Policy
Configure Cisco NGFW Malware and File Policy
Configure Listener, Host Access Table (HAT), and Recipient Access Table (RAT) on Cisco Email Security Appliance (ESA)
Configure Mail Policies
Configure Proxy Services, Authentication, and HTTPS Decryption
Enforce Acceptable Use Control and Malware Protection
Examine the Umbrella Dashboard
Examine Cisco Umbrella Investigate
Explore DNS Ransomware Protection by Cisco Umbrella
Configure Static VTI Point-to-Point IPsec IKEv2 Tunnel
Configure Point-to-Point VPN between the Cisco ASA and Cisco Firepower NGFW
Configure Remote Access VPN on the Cisco Firepower NGFW
Explore Cisco AMP for Endpoints
Perform Endpoint Analysis Using AMP for Endpoints Console
Explore File Ransomware Protection by Cisco AMP for Endpoints Console
Explore Cisco Stealthwatch Enterprise v6.9.3
Explore Cognitive Threat Analytics (CTA) in Stealthwatch Enterprise v7.0
Explore the Cisco Cloudlock Dashboard and User Security
Explore Cisco Cloudlock Application and Data Security
Explore Cisco Stealthwatch Cloud
Explore Stealthwatch Cloud Alert Settings, Watchlists, and Sensors

Training Content

Describing Information Security Concepts*

Information Security Overview
Managing Risk
Vulnerability Assessment
Understanding CVSS

Describing Common TCP/IP Attacks*

Legacy TCP/IP Vulnerabilities
IP Vulnerabilities
ICMP Vulnerabilities
TCP Vulnerabilities
UDP Vulnerabilities
Attack Surface and Attack Vectors
Reconnaissance Attacks
Access Attacks
Man-In-The-Middle Attacks
Denial of Service and Distributed Denial of Service Attacks
Reflection and Amplification Attacks
Spoofing Attacks
DHCP Attacks

Describing Common Network Application Attacks*

Password Attacks
DNS-Based Attacks
DNS Tunneling
Web-Based Attacks
HTTP 302 Cushioning
Command Injections
SQL Injections
Cross-Site Scripting and Request Forgery
Email-Based Attacks

Describing Common Endpoint Attacks*

Buffer Overflow
Malware
Reconnaissance Attack
Gaining Access and Control
Gaining Access via Social Engineering
Gaining Access via Web-Based Attacks
Exploit Kits and Rootkits
Privilege Escalation
Post-Exploitation Phase
Angler Exploit Kit

Describing Network Security Technologies

Defense-in-Depth Strategy
Defending Across the Attack Continuum
Network Segmentation and Virtualization Overview
Stateful Firewall Overview
Security Intelligence Overview
Threat Information Standardization
Network-Based Malware Protection Overview
IPS Overview
Next Generation Firewall Overview
Email Content Security Overview
Web Content Security Overview
Threat Analytic Systems Overview
DNS Security Overview
Authentication, Authorization, and Accounting Overview
Identity and Access Management Overview
Virtual Private Network Technology Overview
Network Security Device Form Factors Overview

Deploying Cisco ASA Firewall

Cisco ASA Deployment Types
Cisco ASA Interface Security Levels
Cisco ASA Objects and Object Groups
Network Address Translation
Cisco ASA Interface ACLs
Cisco ASA Global ACLs
Cisco ASA Advanced Access Policies
Cisco ASA High Availability Overview

Deploying Cisco Firepower Next-Generation Firewall

Cisco Firepower NGFW Deployments
Cisco Firepower NGFW Packet Processing and Policies
Cisco Firepower NGFW Objects
Cisco Firepower NGFW NAT
Cisco Firepower NGFW Prefilter Policies
Cisco Firepower NGFW Access Control Policies
Cisco Firepower NGFW Security Intelligence
Cisco Firepower NGFW Discovery Policies
Cisco Firepower NGFW IPS Policies
Cisco Firepower NGFW Malware and File Policies

Deploying Email Content Security

Cisco Email Content Security Overview
SMTP Overview
Email Pipeline Overview
Public and Private Listeners
Host Access Table Overview
Recipient Access Table Overview
Mail Policies Overview
Protection Against Spam and Graymail
Anti-virus and Anti-malware Protection
Outbreak Filters
Content Filters
Data Loss Prevention
Email Encryption

Deploying Web Content Security

Cisco WSA Overview
Deployment Options
Network Users Authentication
HTTPS Traffic Decryption
Access Policies and Identification Profiles
Acceptable Use Controls Settings
Anti-Malware Protection

Deploying Cisco Umbrella*

Cisco Umbrella Architecture
Deploying Cisco Umbrella
Cisco Umbrella Roaming Client
Managing Cisco Umbrella
Cisco Umbrella Investigate Overview

Explaining VPN Technologies and Cryptography

VPN Definition
VPN Types
Secure Communication and Cryptographic Services
Keys in Cryptography
Public Key Infrastructure

Introducing Cisco Secure Site-to-Site VPN Solutions

Site-to-Site VPN Topologies
IPsec VPN Overview
IPsec Static Crypto Maps
IPsec Static Virtual Tunnel Interface
Dynamic Multipoint VPN
Cisco IOS FlexVPN

Deploying Cisco IOS VTI-Based Point-to-Point

Cisco IOS VTIs
Static VTI Point-to-Point IPsec IKEv2 VPN Configuration

Deploying Point-to-Point IPsec VPNs on the Cisco ASA and Cisco Firepower NGFW

Point-to-Point VPNs on the Cisco ASA and Cisco Firepower NGFW
Cisco ASA Point-to-Point VPN Configuration
Cisco Firepower NGFW Point-to-Point VPN ConfigurationTraining Content

Introducing Cisco Secure Remote Access VPN Solutions

Remote Access VPN Components
Remote Access VPN Technologies
SSL Overview

Deploying Remote Access SSL VPNs on the Cisco ASA and Cisco Firepower NGFW

Remote Access Configuration Concepts
Connection Profiles
Group Policies
Cisco ASA Remote Access VPN Configuration
Cisco Firepower NGFW Remote Access VPN Configuration

Explaining Cisco Secure Network Access Solutions

Cisco Secure Network Access
Cisco Secure Network Access Components
AAA Role in Cisco Secure Network Access Solution
Cisco Identity Services Engine
Cisco TrustSec

Describing 802.1X Authentication

802.1X and EAP
EAP Methods
Role of RADIUS in 802.1X Communications
RADIUS Change of Authorization

Configuring 802.1X Authentication

Cisco Catalyst Switch 802.1X Configuration
Cisco WLC 802.1X Configuration
Cisco ISE 802.1X Configuration
Supplicant 802.1x Configuration
Cisco Central Web Authentication

Describing Endpoint Security Technologies*

Host-Based Personal Firewall
Host-Based Anti-Virus
Host-Based Intrusion Prevention System
Application Whitelists and Blacklists
Host-Based Malware Protection
Sandboxing Overview
File Integrity Checking

Deploying Cisco AMP for Endpoints*

Cisco AMP for Endpoints Architecture
Cisco AMP for Endpoints Engines
Retrospective Security with Cisco AMP
Cisco AMP Device and File Trajectory
Managing Cisco AMP for Endpoints

Introducing Network Infrastructure Protection*

Identifying Network Device Planes
Control Plane Security Controls
Management Plane Security Controls
Network Telemetry
Layer 2 Data Plane Security Controls
Layer 3 Data Plane Security Controls

Deploying Control Plane Security Controls*

Infrastructure ACLs
Control Plane Policing
Control Plane Protection
Routing Protocol Security

Deploying Layer 2 Data Plane Security Controls*

Overview of Layer 2 Data Plane Security Controls
VLAN-Based Attacks Mitigation
STP Attacks Mitigation
Port Security
Private VLANs
DHCP Snooping
ARP Inspection
Storm Control
MACsec Encryption

Deploying Layer 3 Data Plane Security Controls*

Infrastructure Antispoofing ACLs
Unicast Reverse Path Forwarding
IP Source Guard

* This section is self-study material that can be done at your own pace if you are taking the instructor-led version of this course.

Длительность обучения:

Instructor-led training: 5 days in the classroom
Virtual instructor-led training: 5 days of web-based classes
E-learning: Equivalent to 5 days of classroom instruction

Кому следует посетить:

This course is designed for professionals in the following job roles:

Network security engineer
CCNP Security candidate
Channel Partner

Предварительные требования:

Before taking this course, you should have the following knowledge and skills:
Familiarity with the various Cisco router and firewall command modes
Experience navigating and managing Cisco routers and firewalls
Clear understanding of the benefits of site-to-site and Remote Access VPN options
The following Cisco courses can help you gain the knowledge you need to prepare for this course:
Implementing and Administering Cisco Solutions (CCNA®)
Implementing and Operating Cisco Security Core Technologies (SCOR)

Программа курса:

After taking this course, you should be able to:
Introduce site-to-site VPN options available on Cisco router and firewalls
Introduce remote access VPN options available on Cisco router and firewalls
Review site-to-site and remote access VPN design options
Review troubleshooting processes for various VPN options available on Cisco router and firewalls

Дополнительно:

This class includes lecture sections and some self-study sections. In instructor-led classes, lectures are delivered in real-time, either in person or via video conferencing. In e-learning classes, the lectures are on recorded videos

Длительность обучения:

Instructor-led training: 1 day in the classroom
Virtual instructor-led training: 1 day of web-based classes
E-learning: Equivalent of 1 day of instruction with hands-on lab practice

Кому следует посетить:

This course benefits cloud consumers and administrators of public cloud, private cloud, and hybrid cloud infrastructures:
Security architects
Cloud architects
Network engineers and administrators
System engineers and adminstrators
Cloud security consumers
Cloud application administrators
IT managers
Line of business managers
Cisco integrators and partners

Предварительные требования:

This course has no prerequisites, but you’ll get the most from the course if you have the following knowledge and skills:
Basic computer literacy
Basic PC operating system navigation skills
Basic Internet usage skills
Basic IP address knowledge
We also recommend that you have the following skills:
Prior knowledge of cloud computing and virtualization software basics

Программа курса:

After taking this course, you should be able to:

Describe public, private, and hybrid cloud models, concepts, and design
Explain the concepts and components for securing cloud environments
Describe Cisco security offerings for Amazon Web Services (AWS)
Define methods to secure SaaS application usage

Дополнительно:

This class includes lecture sections and some self-study sections. In instructor-led classes, lectures are delivered in real-time, either in person or via video conferencing. In e-learning classes, the lectures are on recorded videos

Длительность обучения:

Instructor-led training: 4 days in the classroom with hands-on lab practice
Virtual instructor-led training: 4 days of web-based classes with hands-on lab practice
E-learning: Equivalent of 4 days of instruction with videos, practice, and challenges

Кому следует посетить:

This course is open to engineers, administrators, and security-minded users of public, private, and hybrid cloud infrastructures responsible for implementing security in cloud environments:
Security architects
Cloud architects
Security engineers
Cloud engineers
System engineers
Cisco integrators and partners

Предварительные требования:

To fully benefit from this course, you should have completed the following course or obtained the equivalent knowledge and skills:
Knowledge of cloud computing and virtualization software basics
Ability to perform basic UNIX-like OS commands
Cisco CCNP® security knowledge or understanding of the following topic areas:
Topic areas/Available in these courses
Cisco Adaptive Security Appliance (ASA) and Adaptive Security Virtual Appliance (ASAv) deployment, and Cisco IOS® Flexible NetFlow operations/Implementing Cisco Edge Network Security Solutions (SENSS)
Cisco NGFW (Cisco Firepower Threat Defense [FTD]), Cisco Firepower, and Cisco Firepower Management Center (FMC) deployment
Cisco Content Security operations including Cisco Web Security Appliance (WSA)/ Cisco Email Security Appliance (ESA)/Cisco Cloud Web Security (CWS)Cisco AMP for network and endpoints deployment/Implementing Cisco Threat Control Solutions (SITCS)
Cisco ISE operations and Cisco TrustSec architecture/Implementing Cisco Secure Access Solutions (SISAS)
VPN operation/Implementing Cisco Secure Mobility Solutions (SIMOS)

Программа курса:

After taking this course, you should be able to:
Contrast the various cloud service and deployment models
Implement the Cisco Security Solution for SaaS using Cisco Cloudlock Micro Services
Deploy cloud security solutions using Cisco AMP for Endpoints, Cisco Umbrella, and Cisco Cloud Email Security
Define Cisco cloud security solutions for protection and visibility using Cisco virtual appliances and Cisco Stealthwatch Cloud
Describe the network as a sensor and enforcer using Cisco Identity Services Engine (ISE), Cisco Stealthwatch Enterprise, and Cisco TrustSec®
Implement Cisco Firepower NGFW Virtual (NGFWv) and Cisco Stealthwatch Cloud to provide protection and visibility in AWS environments
Explain how to protect the cloud management infrastructure by using specific examples, defined best practices, and AWS reporting capabilities

Дополнительно:

This class includes lecture sections and some self-study sections. In instructor-led classes, lectures are delivered in real-time, either in person or via video conferencing. In e-learning classes, the lectures are on recorded videos

Кому следует посетить:

Курс предназначен для тех, кто работает на стыке телефонии и информационной безопасности, а также всем инженерам, работающим с архитектурой и продуктами UC. Данный курс следует посетить сетевым администраторам, сетевым инженерам, а также системным инженерам.

Предварительные требования:

Перед посещением данного курса слушатели должны обладать следующими навыками:
Практические знания конвергентных голосовых сетей и СХД
Знакомство с Cisco IOS gateway, Cisco Unified SRST gateway и Cisco Unified Border Element
Знание продуктов Cisco Unified Communications Manager и Cisco Unified Communications Manager Express
Рекомендовано наличие сертификата CCNP® Voice

Дополнительные навыки, которые будут полезны:

Знание основ сетевой безопасности
Знание технологий Cisco IOS Firewall и Cisco ASA adaptive security appliance firewalls
Знакомство с IPsec и SSL VPNs
Рекомендовано наличие сертификата CCNA® Security

Цели курса:

После посещения тренинга слушатели смогут:
Определять уязвимые места в сетях Cisco Unified Communications, а также описывать стратегии безопасности, криптографические сервисы , PKI и технологии VPN
Использовать функционал системы безопасности сетевой инфраструктуры
Внедрять Cisco Unified Communications Manager и Cisco Unified Communications endpoint security features

Содержание курса:

5-дневный курс UCSEC посвящен описанию уязвимостей и атак на инфраструктуру IP-телефонии, а также методов борьбы с ними и методов обеспечения безопасности инфраструктуры. За время курса слушатели научатся определять уязвимые места в сетях Cisco Unified Communications, а также описывать стратегии безопасности, криптографические сервисы PKI и технологии VPN, использовать функционал системы безопасности сетевой инфраструктуры и внедрять функции безопасности в Cisco Unified Communications Manager и терминалах Cisco.

Программа курса

1. Введение

2. Уязвимости сети Cisco Unified Communications и основы безопасности

2.1. Оценка уязвимостей сети Cisco Unified Communications
2.2. Стратегии реализации безопасности
2.3. Криптографические службы и функции
2.4. Управления ключами и PKI
2.5. IPsec и Cisco AnyConnect SSL VPN
2.6. Лабораторная работа 1: Идентификация уязвимых мест в Cisco UC сетях

3. Функционал системы безопасности сетевой инфраструктуры

3.1. Разделение сети и фильтрация пакетов
3.2. Функции безопасности коммутаторов
3.3. Cisco AnyConnect SSL VPN в сетях Cisco Unified Communications
3.4. Лабораторная работа 2: Внедрение межсетевых экранов
3.5. Лабораторная работа 3: Внедрение 802.1X
3.6. Лабораторная работа 4: Внедрение Cisco AnyConnect SSL VPN-ов

4. Cisco Unified Communications Manager и функции защиты абонентских устройств

4.1. Повышение защиты абонентских устройств
4.2. Предотвращение мошеннических звонков
4.3. Встроенные функции безопасности Cisco Unified Communications Manager
4.4. Функции безопасности Cisco Unified Communications Manager, основанные на маркерах безопасности
4.5. Лабораторная работа 5: Внедрение механизмов безопасности Cisco Unified Communications Manager, основанных на безопасных токенах

5. Интеграция Cisco Unified Communications с внешними элементами защиты

5.1. Применение SRTP для шлюзов и защита сигнала средствами IPSec
5.2. Применение SRTP для шлюзов и защита сигнала в SRST and Cisco Unified Communications Manager Express
5.3. Trusted Relay Points
5.4. Прокси
5.5. Лабораторная работа 6: Внедрение SRTP на шлюзах и защита сигнализации с помощью IPsec
5.6. Лабораторная работа 7: Внедрение безопасного SRST и безопасного Cisco Unified Communications Manager Express
5.7. Лабораторная работа 8: Внедрение Trusted Relay Points
5.8. Лабораторная работа 9: Внедрение прокси для сигнализации и RTP потоков

Описание курса:

Этот курс предназначен для инженеров и менеджеров, обслуживающих клиентов с решениями на базе 802.1x, архитекторов систем информационной безопасности, инженеров и других специалистов, желающие получить практический опыт реализации архитектуры Cisco TrustSec 802.1X на базе Cisco ISE.

Предварительные требования:

Сертификация CCNA
Участие в тренинге Обеспечение безопасности сетей с помощью маршрутизаторов и коммутаторов Cisco (SECURE) или эквивалентный объем знаний
Знание Microsoft Windows Server 2008 Active Directory
Знание принципов работы легковесных беспроводных точек и контроллеров беспроводных точек Cisco
Умение базовой настройки коммутаторов Cisco Catalyst при помощи командной строки

После прохождения обучения слушатели будут уметь:

Описывать принципы Cisco TrustSec
Описывать принципы, архитектуру и требования к реализации IEEE 802.1X
Описывать как протокол аутентификации RADIUS используется в Cisco TrustSec
Настроить работу ISE для 802.1x
Описывать клиентскую часть IEEE 802.1X от Microsoft, Apple и Cisco
Настраивать IEEE 802.1X для проводной сети
Настраивать IEEE 802.1X для беспроводной сети
Описывать, каким образом можно реализовать сервис защищенного гостевого доступа в сети Cisco TrustSec
Построить общий дизайн сети Cisco TrustSec с использованием IEEE 802.1X

Содержание курса:

Это 3-дневный курс, разработанный для подготовки системных инженеров компаний-партнеров к конфигурации решений Cisco TrustSec на базе Cisco Identity Services Module, коммутаторов Cisco Catalyst, и контроллеров Cisco Wireless LAN.

Цель курса — обеспечить участников базовыми знаниями о возможностях и функциях протокола IEEE 802.1X, а также умением настроить Cisco Identity Services Engine (ISE) для работы 802.1X. Курс описывает архитектуру, компоненты и возможности сети Cisco TrustSec на базе протоколов IEEE 802.1X и RADIUS.

Студенты получат практический опыт конфигурации сетевых служб на базе 802.1X при помощи Cisco ISE, коммутаторов Cisco Catalyst, а также беспроводных продуктов Cisco. Этот курс является предварительным требованием для прохождения тренинга Внедрение решения Cisco Identity Services Engine (ISE). На данный момент только сертифицированные партнеры ATP (Authorized Technology Partners) могут продавать решения Cisco ISE/802.1x.

Программа курса:

Введение

Архитектура Cisco TrustSec

Обзор Cisco TrustSec
Обзор составляющих архитектуры Cisco TrustSec
Обзор аутентификации на уровне порта
Обзор стандарта IEEE 802.1X
Обзор 802.1X и EAP
Роль протокола RADIUS в соединениях, использующих протокол EAP
Лабораторная работа 1: Предварительная настройка сети

Конфигурация устройств для работы с 802.1X

Компоненты и топологии 802.1X
Конфигурация Cisco ISE для работы с 802.1X
Конфигурация сетевых устройств для поддержки 802.1X
Конфигурация клиентских станций для поддержки 802.1X
Лабораторная работа 2: Настройка компонентов 802.1X на Cisco ISE, коммутаторе, WLC и клиенте
Конфигурация гостевого доступа

Конфигурация Cisco TrustSec для клиентских станций без поддержки 802.1X

Конфигурация Cisco WebAuth для клиентских станций без поддержки 802.1X
Лабораторная работа 3: Настройка гостевого доступа с помощью веб-аутентификации

Разработка дизайна сетей Cisco TrustSec на базе Cisco ISE и 802.1X

Совместимость составляющих сети с 802.1X
Обзор нюансов внедрения 802.1X, влияющих на дизайн сети
Обзор масштабируемых архитектур 802.1X
Лабораторная работа 4: Построение архитектуры Cisco TrustSec

Итоговый контроль знаний

Кому следует посетить:

Этот курс предназначен для технических специалистов, которым необходимо знать, как развертывать Cisco Firepower NGIPS и управлять им в своей сетевой среде.

Администраторы безопасности
Консультанты по безопасности
Сетевые администраторы
Системные инженеры
Персонал технической поддержки
Торговые партнеры и реселлеры

Предварительные требования:

Для прохождения данного курса рекомендуется обладать знаниями и навыками:

Базовое понимание работы TCP/IP сетей
Базовые знания о работе систем IDS и IPS

Цели курса:

После прохождения данного курса слушатели будут уметь:

Описывать компоненты Cisco Firepower Threat Defense, управлять процессом регистрации устройства
Настраивать политику обнаружения устройств
Внедрять политик контроля доступа
Настраивать intrusion-политики
Создавать и анализировать отчеты Firepower Management Center
Интегрировать Firepower Management Center с внешними системами логирования
Обновлять ПО и управлять административными аккаунтами Firepower Management Center
Использовать базовые команды и инструменты для поиска и устранения неполадок в работе Firepower Management Center и устройств Firepower Threat Defense

Программа курса:

Введение

Обзор Cisco Firepower Threat Defense
Сравнение и анализ систем предотвращения вторжений и межсетевых экранов
Основные функции и компоненты системы Firepower Threat Defense
Сравнение модельного ряда
Принципы лицензирования
Процесс внедрения Firepower

Настройки устройства Firepower NGFW

FXOS и Firepower Device Manager
Управление устройствами
Исследование политик Firepower Management Center
Системные настройки, показатели здоровья устройства

Контроль трафика

Packet Processing
Bypassing

Механизм анализа сети Firepower Discovery

Обзор механизма анализа сети
Анализ профиля хоста
Работа с идентификационной информацией пользователя

Политика контроля доступа к ресурсам

Введение, анализ работы политики
Анализ списка правил, действие по умолчанию
Further Inspection
Расширенные функции
Рекомендации для внедрения политики контроля доступа

Механизм Security Intelligence

Обзор механизма Security Intelligence
Объекты Security Intelligence
Настройка Security Intelligence, анализ логов

Контроль файлов и расширенная защита от вредоносного ПО

Анализ файловой политики
Анализ сервиса AMP

Система предотвращения вторжений

Введение, Snort-правила
Variables, Variable Set
Создание IPS-политики
Настройка IPS-политики
Управление IPS-политикой

Политика анализа сети

Исследование работы препроцессора
Обзор политики анализа сети

Дополнительные техники анализа

Анализ событий
Типа событий
Контекстная информация
Инструменты для анализа

Интеграция с другими платформами

Интеграция с Cisco ISE
Интеграция со Splunk

Политики корреляции и оповещения

Оповещение внешних систем
Политика корреляции

Системное администрирование

Обновления ПО
Управление пользовательскими аккаунтами

Поиск и устранение неполадок в работе системы Firepower

Распространенные ошибки в настройках
Команды для поиска и устранения неполадок
Packet Capture

Этот курс поможет Вам:

Получить знания и навыки, которые необходимы для настройки и эксплуатации передовой сетевой системы защиты информации Cisco.

В процессе прохождения данного курса Вы научитесь:

Понимать архитектуру, разбираться в управляющих и исполнительных компонентах системы, понимать взаимодействия между компонентами системы;
Понимать принципы лицензирования;
Понимать возможные варианты разворачивания компонентов системы;
Понимать назначение, редактировать и создавать политики Management;
Понимать возможные пути прохождения трафика через систему;
Использовать механизм Discovery для анализа сети и создания профилей хостов;
Использовать механизм Security Intelligence;
Понимать принципы работы, редактировать и создавать политики контроля доступа к ресурсам, политики контроля файлов и сервиса AMP, политики системы предотвращения вторжений, политики анализа сети;
Работать с инструментами для анализа событий;
Искать и устранять неполадки в работе системы.

Предварительные требования:

Данный курс предполагает наличие у слушателей базового знания сетевых технологий, терминологии в области ИБ, умения работать с Windows Workstation, понимания TCP/IP.

Course Outline

1. Cisco Secure Firewall Family
2. Cisco Firepower Threat Defense Components and Features
3. Firepower Threat Defense High Availability and Clustering
4. Routing for Firepower Threat Defense
5. Network Address Translation (NAT)
6. Firepower Discovery
7. Prefiltering and Prefilter Policies
8. Security Intelligence
9. SSL Policy
10. Access Control Policy
11. File Control and Advanced Malware Protection
12. Next-Generation Intrusion Prevention Systems
13. Network Analysis Policies
14. Correlation Policy
15. Firepower QoS
16. Firepower Threat Defense VPN
17. Cisco Threat Intelligence Director
18. Event Analysis Techniques
19. Cisco Secure Firewall Troubleshooting

Lab Outline

1. Navigating Firepower Management Center
2. FTD Device Configuration
3. NAT Configuration
4. Network Discovery Policy
5. Object Management
6. Access Control Policy
7. Security Intelligence
8. File Policy
9. Intrusion Policy
10. Network Analysis Policy
11. SSL Policy Configuration
12. QoS Policy Configuration
13. Correlation Policy

Course Overview

The Understanding Cisco SDA Fundamentals (SDAFND) v1.0 course introduces you to Cisco® Software-Defined Access and teaches you, through a combination of lectures and labs, how to implement simple, single-site fabric networks. You will learn the benefits of leveraging Software-Defined Access in the Cisco-powered Enterprise Campus network. SDAFND will introduce the solution, its architecture and components, and guide you through labs to design and deploy simple Cisco SD-Access networks.

This course will help you:

Deploy Cisco SD-Access networks
Explain Cisco Software-Designed Access
Operate, manage, and integrate Cisco DNA Center™
Prepare for various Cisco certifications: Cisco Certified Specialist – Enterprise Core (ENCOR), and Cisco Certified Specialist – Enterprise Design (ENSLD)

Who should attend

Field engineers
Network engineers
Network administrators
System engineers

Prerequisites

To fully benefit from this course, you should have the following knowledge and skills:

CCNP® level core networking knowledge
Ability to use Windows and Linux CLI tools such as ping, SSH, or running scripts

These are the recommended Cisco offerings that may help you meet these prerequisites:

Implementing and Administering Cisco Solutions (CCNA)
Implementing and Operating Cisco Enterprise Network Core Technologies (ENCOR)

Course Objectives

After taking this course, you should be able to:

Describe Cisco SD-Access architecture and its components
Explain Cisco DNA Center deployment models, scaling, and high availability
Identify Cisco SD-Access fabric protocols and node roles
Understand the Cisco SD-Access Wireless deployment models
Automate Day 0 device onboarding with Cisco DNA Center LAN Automation and Network PnP
Deploy simple Cisco SD-Access fabric networks
Monitor health and performance of the network with Cisco DNA Center Assurance
Interact with the Cisco DNA Center Platform Intent APIs

Course Outline:

Understanding Cisco SDA Fundamentals (SDAFND)
Introducing Cisco SD-Access
Introducing Cisco DNA Center
Exploring Cisco SD-Access Solution Components
Exploring Cisco SD-Access Wireless Architecture
Automating Network Changes with Cisco DNA Center
Deploying Fabric Networks with Cisco DNA Center
Exploring Cisco DNA Center Assurance
Exploring Cisco DNA Center Programmability

Lab Topology

Explore Cisco DNA Center User Interface
Verify Location Identifier Separation Protocol (LISP) Operation in Cisco SD-Access
Integrate Cisco DNA Center and Cisco Identity Services Engine (Cisco ISE)
Provision Access Points in Cisco DNA Center
Provision Underlay Networks with Cisco DNA Center LAN Automation
Provision Underlay Networks with Cisco DNA Center LAN Automation (cont.)
Deploy Cisco SD-Access Single Site Fabric
Deploy Cisco SD-Access Single Site Fabric (cont.)
Explore Cisco DNA Center Assurance
Cisco DNA Assurance Issues and Guided Remediation
Interact with Cisco DNA Center Intent APIs Using Python

Course Overview

The Protecting Against Malware Threats with Cisco AMP for Endpoints (SSFAMP) v6.0 course shows you how to deploy and use Cisco® AMP for Endpoints, a next-generation endpoint security solution that prevents, detects, and responds to advanced threats. Through expert instruction and hands-on lab exercises, you will learn how to implement and use this powerful solution through several step-by-step attack scenarios. You’ll learn how to build and manage a Cisco AMP for Endpoints deployment, create policies for endpoint groups, and deploy connectors. You will also analyze malware detections using the tools available in the AMP for Endpoints console.

How you’ll benefit

This class will help you:

Learn how to deploy and manage Cisco AMP for Endpoints
Succeed in today’s high-demand security operations roles

Who should attend
Cisco integrators, resellers, and partners
Network administrators
Security administrators
Security consultants
Systems engineers
Technical support personnel

Prerequisites

To fully benefit from this course, you should have the following knowledge and skills:

Technical understanding of TCP/IP networking and network architecture
Technical understanding of security concepts and protocols
The recommended Cisco offering may help you meet these prerequisites:

Implementing and Administering Cisco Solutions (CCNA)

Course Objectives

After taking this course, you should be able to:

Identify the key components and methodologies of Cisco Advanced Malware Protection (AMP)
Recognize the key features and concepts of the AMP for Endpoints product
Navigate the AMP for Endpoints console interface and perform first-use setup tasks
Identify and use the primary analysis features of AMP for Endpoints
Use the AMP for Endpoints tools to analyze a compromised host
Analyze files and events by using the AMP for Endpoints console and be able to produce threat reports
Configure and customize AMP for Endpoints to perform malware detection
Create and configure a policy for AMP-protected endpoints
Plan, deploy, and troubleshoot an AMP for Endpoints installation
Use Cisco Orbital to pull query data from installed AMP for Endpoints connectors.
Describe the AMP Representational State Transfer (REST) API and the fundamentals of its use
Describe all the features of the Accounts menu for both public and private cloud installations

Course Outline:

Protecting against Malware Threats with Cisco AMP for Endpoints (SSFAMP)
Introducing to Cisco AMP Technologies
Introducing AMP for Endpoints Overview and Architecture
Navigating the Console Interface
Using Cisco AMP for Endpoints
Identifying Attacks
Analyzing Malware
Managing Outbreak Control
Creating Endpoint Policies
Working with AMP for Endpoint Groups
Using Orbital for Endpoint Visibility
Introducing AMP REST API
Navigating Accounts

Lab Topology

Amp Account Self-Registration
Accessing AMP for Endpoints
Attack Scenario
Analysis Tools and Reporting
Outbreak Control
Endpoint Policies
Groups and Deployment
Testing Your Configuration
Endpoint Visibility Using Orbital
REST API
Endpoint Isolation Using Cisco AMP API
User Accounts

Course Overview

The Securing Cisco Networks with Snort Rule Writing Best Practices (SSFRules) v2.1 course shows you how to write rules for Snort, an open-source intrusion detection and prevention system. Through a combination of expert-instruction and hands-on practice, this course provides you with the knowledge and skills to develop and test custom rules, standard and advanced rules-writing techniques, how to integrate OpenAppID into rules, rules filtering, rules tuning, and more. The hands-on labs give you practice in creating and testing Snort rules.

This course will help you:

Gain an understanding of characteristics of a typical Snort rule development environment
Gain hands-on practices on creating rules for Snort
Gain knowledge in Snort rule development, Snort rule language, standard and advanced rule options

Who should attend

This course is for technical professionals to gain skills in writing rules for Snort-based intrusion detection systems (IDS) and intrusion prevention systems (IPS). The primary audience includes:

Security administrators
Security consultants
Network administrators
System engineers
Technical support personnel using open source IDS and IPS
Channel partners and resellers

Prerequisites

To fully benefit from this course, you should have:

Basic understanding of networking and network protocols
Basic knowledge of Linux command-line utilities
Basic knowledge of text editing utilities commonly found in Linux
Basic knowledge of network security concepts
Basic knowledge of a Snort-based IDS/IPS system

Course Objectives

After taking this course, you should be able to:

Describe the Snort rule development process
Describe the Snort basic rule syntax and usage
Describe how traffic is processed by Snort
Describe several advanced rule options used by Snort
Describe OpenAppID features and functionality
Describe how to monitor the performance of Snort and how to tune rules

Course Outline:

Securing Cisco Networks with Snort Rule Writing Best Practices (SSFRULES)
Introduction to Snort Rule Development
Snort Rule Syntax and Usage
Traffic Flow Through Snort Rules
Advanced Rule Options
OpenAppID Detection
Tuning Snort

Lab Topology

Connecting to the Lab Environment
Introducing Snort Rule Development
Basic Rule Syntax and Usage
Advanced Rule Options
OpenAppID
Tuning Snort

Course Overview

The Securing Cisco Networks with Open Source Snort (SSFSNORT) v2.1 course shows you how to deploy a network intrusion detection system based on Snort. Through a combination of expert instruction and hands-on practice, you will learn how to install, configure, operate, and manage a Snort system, rules writing with an overview of basic options, advanced rules writing, how to configure Pulled Pork, and how to use OpenAppID to provide protection of your network from malware. You will learn techniques of tuning and performance monitoring, traffic flow through Snort rules, and more.

This course will help you:

Learn how to implement Snort, an open-source, rule-based, intrusion detection and prevention system
Gain leading-edge skills for high-demand responsibilities focused on security

Who should attend

This course is for technical professionals who need to know how to deploy open source intrusion detection systems (IDS) and intrusion prevention systems (IPS), and how to write Snort rules.

Security administrators
Security consultants
Network administrators
System engineers
Technical support personnel
Channel partners and resellers

Prerequisites

To fully benefit from this course, you should have:

Technical understanding of TCP/IP networking and network architecture
Proficiency with Linux and UNIX text editing tools (vi editor is suggested by not required)

Course Objectives

After taking this course, you should be able to:

Describe Snort technology and identify resources available for maintaining a Snort deployment
Install Snort on a Linux-based operating system
Describe the Snort operation modes and their command-line options
Describe the Snort intrusion detection output options
Download and deploy a new rule set to Snort
Describe and configure the snort.conf file
Configure Snort for inline operation and configure the inline-only features
Describe the Snort basic rule syntax and usage
Describe how traffic is processed by the Snort engine
Describe several advanced rule options used by Snort
Describe OpenAppID features and functionality
Describe how to monitor Snort performance and how to tune rules
Course Benefits

Course Outline:

Securing Cisco Networks with Open Source Snort (SSFSNORT)
Introduction to Snort Technology
Snort Installation
Snort Operation
Snort Intrusion Detection Output
Rule Management
Snort Configuration
Inline Operation and Configuration
Snort Rule Syntax and Usage
Traffic Flow Through Snort Rules
Advanced Rule Options
OpenAppID Detection
Tuning Snort

Lab Outline

Connecting to the Lab Environment
Snort Installation
Snort Operation
Snort Intrusion Detection Output
Pulled Pork Installation
Configuring Variables
Reviewing Preprocessor Configurations
Inline Operations
Basic Rule Syntax and Usage
Advanced Rule Options
OpenAppID
Tuning Snort

Course Overview

The Securing Networks with Cisco Firepower Next Generation Firewall (SSNGFW) v1.0 course shows you how to deploy and use Cisco Firepower® Threat Defense system. This hands-on course gives you knowledge and skills to use and configure Cisco® Firepower Threat Defense technology, beginning with initial device setup and configuration and including routing, high availability, Cisco Adaptive Security Appliance (ASA) to Cisco Firepower Threat Defense migration, traffic control, and Network Address Translation (NAT). You will learn how to implement advanced Next-Generation Firewall (NGFW) and Next-Generation Intrusion Prevention System (NGIPS) features, including network intelligence, file type detection, network-based malware detection, and deep packet inspection. You will also learn how to configure site-to-site VPN, remote-access VPN, and SSL decryption before moving on to detailed analysis, system administration, and troubleshooting.

Course Prerequisites

Attendees should meet the following prerequisites:
Knowledge of TCP/IP and basic routing protocols — ICND1 or CCNA Recommended
Familiarity with firewall, vpn and IPS concepts — IINS or SFNDU Recommended

Recommended prerequisites:

CCNA — Implementing and Administering Cisco Solutions
SCOR — Implementing and Operating Cisco Security Core Technologies

Target Audience:

This course is designed for technical professionals who need to know how to deploy and manage a Cisco Firepower NGIPS and NGFW in their network environments.

Course Objectives:

After completing this course, you should be able to:
Describe key concepts of NGIPS and NGFW technology and the Cisco Firepower Threat Defense system and identify deployment scenarios
Perform initial Firepower Threat Defense device configuration and setup tasks
Describe how to manage traffic and implement Quality of Service (QoS) using Cisco Firepower Threat Defense
Describe how to implement NAT by using Cisco Firepower Threat Defense
Perform an initial network discovery, using Cisco Firepower to identify hosts, applications and services
Describe the behavior, usage and implementation procedure for access control policies
Describe the concepts and procedures for implementing security Intelligence features
Describe Cisco AMP for Networks and the procedures for implementing file control and Advanced Malware Protection
Implement and manage intrusion policies
Describe the components and configuration of site-to-site VPN
Describe and configure a remote-access SSL VPN that uses Cisco AnyConnect
Describe SSL decryption capabilities and usage

Course Content:

Cisco Firepower Threat Defense Overview:

Examining Firewall and IPS Technology
Firepower Threat Defense Features and Components
Examining Firepower Platforms
Examining Firepower Threat Defense Licensing
Cisco Firepower Implementation Use Cases

Cisco Firepower NGFW Device Configuration

Firepower Threat Defense Device Registration
FXOS and Firepower Device Manager
Initial Device Setup
Managing NGFW Devices
Examining Firepower Management Center Policies
Examining Objects
Examining System Configuration and Health Monitoring
Device Management
Examining Firepower High Availability
Configuring High Availability
Cisco ASA to Firepower Migration
Migrating from Cisco ASA to Firepower Threat Defense

Cisco Firepower NGFW Traffic Control

Firepower Threat Defense Packet Processing
Implementing QoS
Bypassing Traffic

Cisco Firepower NGFW Address Translation

NAT Basics
Implementing NAT
NAT Rule Examples
Implementing NAT

Cisco Firepower Discovery

Examining Network Discovery
Configuring Network Discovery

Implementing Access Control Policies

Examining Access Control Policies
Examining Access Control Policy Rules and Default Action
Implementing Further Inspection
Examining Connection Events
Access Control Policy Advanced Settings
Access Control Policy Considerations
Implementing an Access Control Policy

Security Intelligence

Examining Security Intelligence
Examining Security Intelligence Objects
Security Intelligence Deployment and Logging
Implementing Security Intelligence

File Control and Advanced Malware Protection

Examining Malware and File Policy
Examining Advanced Malware Protection

Next-Generation Intrusion Prevention Systems

Examining Intrusion Prevention and Snort Rules
Examining Variables and Variable Sets
Examining Intrusion Policies

Site-to-Site VPN

Examining IPsec
Site-to-Site VPN Configuration
Site-to-Site VPN Troubleshooting
Implementing Site-to-Site VPN

Remote-Access VPN

Examining Remote-Access VPN
Examining Public-Key Cryptography and Certificates
Examining Certificate Enrollment
Remote-Access VPN Configuration
Implementing Remote-Access VPN

SSL Decryption

Examining SSL Decryption
Configuring SSL Policies
SSL Decryption Best Practices and Monitoring

Detailed Analysis Techniques

Examining Event Analysis
Examining Event Types
Examining Contextual Data
Examining Analysis Tools
Threat Analysis

System Administration

Managing Updates
Examining User Account Management Features
Configuring User Accounts
System Administration

Cisco Firepower Troubleshooting

Examining Common Misconfigurations
Examining Troubleshooting Commands
Firepower Troubleshooting

Labs

Lab 1: Initial Device Setup
Lab 2: Device Management
Lab 3: Configuring High Availability
Lab 4: Migrating from Cisco ASA to Firepower Threat Defense
Lab 5: Implementing QoS
Lab 6: Implementing NAT
Lab 7: Configuring Network Discovery
Lab 8: Implementing an Access Control Policy
Lab 9: Implementing Security Intelligence
Lab 10: Implementing Site-to-Site VPN
Lab 11: Implementing Remote Access VPN
Lab 12: Threat Analysis
Lab 13: System Administration
Lab 14: Firepower Troubleshooting

Course Description (full version)

The Securing Data Center Networks and VPNs with Cisco Secure Firewall Threat Defense training shows you how to deploy and configure Cisco Secure Firewall Threat Defense system and its features as a data center network firewall or as an Internet Edge firewall with Virtual Private Network (VPN) support. You will learn how to configure identity-based policies, Secure Sockets Layer (SSL) decryption, remote-access VPN, and site-to-site VPN before moving on to advanced Intrusion Prevention System (IPS) configuration and event management, integrations with other systems, and advanced troubleshooting. You will also learn how to automate configuration and operations of Cisco Secure Firewall Threat Defense system using programmability and Application Programming Interfaces (APIs) and how to migrate configuration from Cisco Secure Firewall Adaptive Security Appliances (ASA).
This training prepares you for the 300-710 Securing Networks with Cisco Firepower (SNCF) exam. If passed, you earn the Cisco Certified Specialist – Network Security Firepower certification and satisfy the concentration exam requirement for the Cisco Certified Networking Professional (CCNP) Security certification. This training also earns you 40 Continuing Education (CE) credits toward recertification.

How You’ll Benefit

This training will help you:
Attain advanced knowledge of Cisco Secure Firewall Threat Defense technology
Gain competency and skills required to implement and manage a Cisco Secure Firewall Threat Defense system regardless of platform
Learn detailed information on policy management, traffic flow through the system, and the system architecture
Deploy and manage many of the advanced features available in the Cisco Secure Firewall Threat Defense system
Gain knowledge for protocols, solutions, and designs to acquire professional-level and expert-level data center roles
Earn 40 CE credits toward recertification

Who Should Enroll

System Installers
System Integrators
System Administrators
Network Administrators
Solutions Designers

What to Expect in the Exam

300-710 SNCF: Securing Networks with Cisco Firepower is a 90-minute exam associated with the Cisco Certified Specialist – Network Security Firepower certification and satisfies the concentration exam requirement for the CCNP Security certification.
The multiple-choice format tests your knowledge of Cisco Firepower Threat Defense and Firepower 7000 and 8000 Series virtual appliances, including:
Policy configurations
Integrations
Deployments
Management and troubleshooting

Course Objectives

Describe Cisco Secure Firewall Threat Defense
Describe advanced deployment options on Cisco Secure Firewall Threat Defense
Describe advanced device settings for Cisco Secure Firewall Threat Defense device
Configure dynamic routing on Cisco Secure Firewall Threat Defense
Configure advanced network address translation on Cisco Secure Firewall Threat Defense
Configure SSL decryption policy on Cisco Secure Firewall Threat Defense
Deploy Remote Access VPN on Cisco Secure Firewall Threat Defense
Deploy identity-based policies on Cisco Secure Firewall Threat Defense
Deploy site-to-site IPsec-based VPN on Cisco Secure Firewall Threat Defense
Deploy advanced access control settings on Cisco Secure Firewall Threat Defense
Describe advanced event management on Cisco Secure Firewall Threat Defense
Describe available integrations with Cisco Secure Firewall Threat Defense
Troubleshoot traffic flow using advanced options on Cisco Secure Firewall Threat Defense
Describe benefits of automating configuration and operations of Cisco Secure Firewall Threat Defense
Describe configuration migration to Cisco Secure Firewall Threat Defense

Course Prerequisites

The knowledge and skills you are expected to have before attending this training are:
Knowledge of Transmission Control Protocol/Internet Protocol (TCP/IP)
Basic knowledge of routing protocols
Familiarity with the content explained in the Securing Internet Edge with Cisco Secure Firewall Threat Defense training
These skills can be found in the following Cisco Learning Offerings:
Implementing and Administering Cisco Solutions 2.0
Fundamentals of Cisco Firewall Threat Defense and Intrusion Prevention 1.0

Course Outline

1. Introducing Cisco Secure Firewall Threat Defense
2. Describing Advanced Deployment Options on Cisco Secure Firewall Threat Defense
3. Configuring Advanced Device Settings on Cisco Secure Firewall Threat Defense
4. Configuring Dynamic Routing on Cisco Secure Firewall Threat Defense
5. Configuring Advanced NAT on Cisco Secure Firewall Threat Defense
6. Configuring SSL Policy on Cisco Secure Firewall Threat Defense
7. Deploying Remote Access VPN on Cisco Secure Firewall Threat Defense
8. Deploying Identity-Based Policies on Cisco Secure Firewall Threat Defense
9. Deploying Site-to-Site VPN on Cisco Secure Firewall Threat Defense
10. Configuring Snort Rules and Network Analysis Policies
11. Describing Advanced Event Management Cisco Secure Firewall Threat Defense
12. Describing Integrations on Cisco Secure Firewall Threat Defense
13. Troubleshooting Advanced Traffic Flow on Cisco Secure Firewall Threat Defense
14. Automating Cisco Secure Firewall Threat Defense
15. Migrating to Cisco Secure Firewall Threat Defense

Lab Outline

1. Deploy Advanced Connection Settings
2. Configure Dynamic Routing
3. Configure SSL Policy
4. Configure Remote Access VPN
5. Configure Site-to-Site VPN
6. Customize IPS and NAP Policies
7. Configure Cisco Secure Firewall Threat Defense Integrations
8. Troubleshoot Cisco Secure Firewall Threat Defense
9. Migrate Configuration from Cisco Secure Firewall ASA

Course Description (full version)

The Fundamentals of Cisco Firewall Threat Defense and Intrusion Prevention (SFWIPF) training shows you how to implement and configure Cisco Secure Firewall Threat Defense for deployment as a next generation firewall at the internet edge. You’ll gain an understanding of Cisco Secure Firewall architecture and deployment, base configuration, packet processing and advanced options, and conducting Secure Firewall administration troubleshooting.
This training prepares you for the CCNP Security certification, which requires passing the 350-701 Implementing and Operating Cisco Security Core Technologies (SCOR) core exam and one concentration exam such as the 300-710 Securing Networks with Cisco Firepower (SNCF) concentration exam. This training also earns you 40 Continuing Education (CE) credits towards recertification.

How You’ll Benefit

This training will teach you how to implement, configure, and manage Cisco Secure Firewall Threat Defense for deployment, including:
Configure settings and policies on Cisco Secure Firewall Threat Defense
Gain an understanding of Cisco Secure Firewall Threat Defense policies and explain how different policies influence packet processing through the device
Perform basic threat analysis and administration tasks using Cisco Secure Firewall Management Center

Who Should Enroll

Network security engineers
Administrators

What to Expect in the Exam

350-701 SCOR: Implementing and Operating Cisco Security Core Technologies is a 120-minute exam associated with the CCNP Security certification. The multiple-choice format tests knowledge and skills related to implementing and operating core security technologies, including:
Network security
Cloud security
Content security
Endpoint protection and detection
Secure network access
Visibility and enforcement

300-710 SNCF: Securing Networks with Cisco Firepower is a 90-minute exam associated with the CCNP Security certification. The multiple-choice format tests knowledge of Cisco Firepower® Threat Defense and Firepower® 7000 and 8000 Series virtual appliances, including:
Policy configurations
Integrations
Deployments
Management and troubleshooting

Course Objectives

Describe Cisco Secure Firewall Threat Defense
Describe Cisco Secure Firewall Threat Defense Deployment Options
Describe management options for Cisco Secure Firewall Threat Defense
Configure basic initial settings on Cisco Secure Firewall Threat Defense
Configure high availability on Cisco Secure Firewall Threat Defense
Configure basic Network Address Translation on Cisco Secure Firewall Threat Defense
Describe Cisco Secure Firewall Threat Defense policies and explain how different policies influence packet processing through the device
Configure Discovery Policy on Cisco Secure Firewall Threat Defense
Configure and explain prefilter and tunnel rules in prefilter policy
Configure an access control policy on Cisco Secure Firewall Threat Defense
Configure security intelligence on Cisco Secure Firewall Threat Defense
Configure file policy on Cisco Secure Firewall Threat Defense
Configure Intrusion Policy on Cisco Secure Firewall Threat Defense
Perform basic threat analysis using Cisco Secure Firewall Management Center
Perform basic management and system administration tasks on Cisco Secure Firewall Threat Defense
Perform basic traffic flow troubleshooting on Cisco Secure Firewall Threat Defense
Manage Cisco Secure Firewall Threat Defense with Cisco Secure Firewall Threat Defense Manager

Course Prerequisites

Before taking this offering, you should understand:
TCP/IP
Basic routing protocols
Firewall, VPN, and IPS concepts

Course Outline

1. Introducing Cisco Secure Firewall Threat Defense
2. Describing Cisco Secure Firewall Threat Defense Deployment Options
3. Describing Cisco Secure Firewall Threat Defense Management Options
4. Configuring Basic Network Settings on Cisco Secure Firewall Threat Defense
5. Configuring High Availability on Cisco Secure Firewall Threat Defense
6. Configuring Auto NAT on Cisco Secure Firewall Threat Defense
7. Describing Packet Processing and Policies on Cisco Secure Firewall Threat Defense
8. Configuring Discovery Policy on Cisco Secure Firewall Threat Defense
9. Configuring Prefilter Policy on Cisco Secure Firewall Threat Defense
10. Configuring Access Control Policy on Cisco Secure Firewall Threat Defense
11. Configuring Security Intelligence on Cisco Secure Firewall Threat Defense
12. Configuring File Policy on Cisco Secure Firewall Threat Defense
13. Configuring Intrusion Policy on Cisco Secure Firewall Threat Defense
14. Performing Basic Threat Analysis on Cisco Secure Firewall Management Center
15. Managing Cisco Secure Firewall Threat Defense System
16. Troubleshooting Basic Traffic Flow
17. Cisco Secure Firewall Threat Defense Device Manager

Lab Outline

1. Perform Initial Device Setup
2. Configure High Availability
3. Configure Network Address Translation
4. Configure Network Discovery
5. Configure Prefilter and Access Control Policy
6. Configure Security Intelligence
7. Implement File Control and Advanced Malware Protection
8. Configure Cisco Secure IPS
9. Detailed Analysis Using the Firewall Management Center
10. Manage Cisco Secure Firewall Threat Defense System
11. Secure Firewall Troubleshooting Fundamentals
12. Configure Managed Devices Using Cisco Secure Firewall Device Manager

Course Objectives

Define DoD C2C, including its steps and alignment with ISE features/functions and Zero Trust
Describe Cisco Identity-Based Networking Services
Explain 802.1X extensible authentication protocol (EAP)
Configure devices for 802.1X operation
Configure access for non-supplicant devices
Describe the Cisco Identity Services Engine
Explain Cisco ISE deployment
Describe Cisco ISE policy enforcement concepts
Describe Cisco ISE policy configuration
Explain PKI fundamentals, technology, components, roles, and software supplicants
Troubleshoot Cisco ISE policy and third-party network access device (NAD) support
Describe Cisco ISE TrustSec configurations
Describe the Cisco ISE profiler service
Describe profiling best practices and reporting
Configure endpoint compliance
Configure client posture services
Configure Cisco ISE device administration
Describe the four main use cases within C2C

Course Prerequisites

There are no prerequisites for this training. However, the knowledge and skills you are recommended to have before attending this training are:
Familiarity with 802.1X
Familiarity with Microsoft Windows Operating Systems
Familiarity with Cisco IOS CLI for wired and wireless network devices
Familiarity with Cisco Identity Service Engine
The following recommended Cisco offering may help you meet these prerequisites:
Implementing and Operating Cisco Security Core Technologies (SCOR)

Course Outline

C2C Fundamentals
Cisco Identity-Based Networking Services
802.1X EAP Authentication
Configure Devices for 802.1X Operation
Configure Access for Non-Supplicant Devices
Introducing Cisco ISE Architecture
Introducing Cisco ISE Deployment
Introducing Cisco ISE Policy Enforcement Components
Introducing Cisco ISE Policy Configuration
PKI and Advanced Supplicants
Troubleshooting Cisco ISE Policy and Third-Party NAD Support
Exploring Cisco TrustSec
Introducing the Cisco ISE Profiler
Introducing Profiling Best Practices and Reporting
Introducing Cisco ISE Endpoint Compliance Services
Configuring Client Posture Services and Compliance
Working with Network Access Devices
C2C Use Cases

Lab Outline

Configure and Test 802.1X Operations
Configure Initial Cisco ISE Configuration and System Certificate Usage
Integrate Cisco ISE with Active Directory
Configure Cisco ISE Policy for MAB
Configure Cisco ISE Policy for 802.1X
TEAP on Windows
Configure Cisco TrustSec
Configure Profiling
Customize the Cisco ISE Profiling Configuration
Create Cisco ISE Profiling Reports
Configure Cisco ISE Compliance Services
Configure Client Provisioning
Configure Posture Policies
Test and Monitor Compliance-Based Access
Configure Cisco ISE for Basic Device Administration
Configure Cisco ISE Command Authorization
DISA Reports
Certificate-Based Authentication for Cisco ISE Administration