Cisco CCNP ISCW 642-825 Training Course

Cisco CCNP ISCW 642-825 Training Package Includes

• 6 CD-ROMs featuring live instructor-led classroom sessions with full audio, video and demonstration components
• Proven technique - Exam Secrets Review
• Testing Modules to insure that you fully understand the subject matter

Course Introduction

Schedule our instructor led classroom training at your convenience and never miss another lecture or fall behind. You are in complete control. We invited the Best Cisco Certified Trainers in the industry to help us develop the ultimate training and certification program which includes everything you will need to fully prepare for and pass your certification exams.

The Implementing Secure Converged Wide Area Networks (ISCW 642-825) is a qualifying exam for the Cisco Certified Network Professional CCNP®. The ISCW 642-825 exam will certify that the successful candidate has important knowledge and skills necessary to secure and expand the reach of an enterprise network to teleworkers and remote sites with focus on securing remote access and VPN client configuration. The exam covers topics on Cisco hierarchical network model as it pertains to the WAN, teleworker configuration and access, frame mode MPLS, site-to-site IPSEC VPN, Cisco EZVPN, strategies used to mitigate network attacks, Cisco device hardening and IOS firewall features.
 

PRESENTER - Kenneth Mayer Kenneth Mayer, CCSI, MCT, CCNT, CCNP, CCDA. Ken started his career in computer technology in 1980s. He has offered a wide variety of IT training and high level consulting projects for Fortune 500 companies across the United States and Western Europe. He has achieved the Certified Cisco Systems Instructor certification. The CCSI certification involved a two-day lab and observation event held on Cisco in Paris, France Facility. This gave Ken the accreditation to be able to deliver Cisco Authorized Courses as a CCSI. He has taught the full line of Cisco CCNA, CCDA, CCNP, CCDP and CCIP course curriculums, including Cisco's security appliances such as PIX and IDS. Ken is also a Microsoft Certified Trainer and a Certified Ethical Hacker (EC Council) certified trainer and consultant.

Launch Demo from 'Cisco CCNA 640-801' Course

List of Course Features

Cisco CCNP ISCW 642-825 Course Contents
 

Chapter 1 - Describing Network Requirements

Describing Network Requirements
The Cisco IIN and SONA Framework
Intelligent Information Network
Cisco SONA Framework
Cisco SONA Layers
Cisco Hierarchical Network Models
Cisco Enterprise Architecture
Cisco Hierarchical Network Model
Example: Enterprise Network
Requirements for Remote Connections in a Cisco Converged Network
Remote Site Requirements
Example: Integrated Services for Secure Remote Access
Chapter 1 Review

Chapter 2 - Connect Teleworkers

Topologies for Facilitating Remote Connections
Types of Remote Connection Topologies
Remote Connection Topologies
Enterprise Architecture Framework
Remote Connection Options
What are the Challenges to Connect the Telecommuter
The Teleworker Components
The SOHO/Telecommuter Solution
The Issues
Traditional vs. Telecommuter
Section 1 Review
Describing Cable Technology
Terms used with Cable Technology
Cable Technology Terms
Cable System Standards
Components of a Cable System
Cable System Components
Cable Features
What Is Cable?
Cable System Benefits
Digital Signals over RF Channels
DOCSIS
Digital Signals over Radio Waves
Sending Data over Cable
Fiber Benefits
HFC Architecture
Data over Cable
Cable Technology: The Whole Picture
Putting Cable Technology Together
Data Cable Technology Issues
Process of Provisioning a Cable Modem
Section 2 Review
Describing DSL Technology
DSL Features
What Is a DSL?
DSL Types
DSL Variants
DSL Variants Examples
DSL Limitations
DSL Limitation Factors
DSL Distance Limitations
ADSL
ADSL & POTS Coexistence
ADSL Channels and Encoding
CAP Modulation
DMT Modulation
Data over ADSL: PPPoE
Data over ADSL
PPP over Ethernet
PPPoE Session Variables
PPPoE Session Establishment
Data over ADSL: PPPoA
PPP over ATM
Section 3 Review
Configuring the CPE as the PPPoE or PPPoA Client
Configuration of a Cisco Router as the PPPoE Client
Configuring the CPE as the PPPoE Client over the Ethernet Interface
CPE as the PPPoE Client over the Ethernet Interface
Demo - DHCP Server Settings/NAT Configurations
Configuring the CPE as the PPPoE Client over the ATM Interface
CPE as the PPPoE Client over the ATM Interface
Configuration of a PPPoE Client
PPPoE Client Configuration
Configuring PPPoE Client
Configuration of the PPPoE DSL Dialer Interface
Configuring the PPPoE Dialer Interface
Demo - Setting up PPP Settings
Configuration of PAT
Port Address Translation
Configure PAT
PAT Configuration
Configuration of DHCP to Scale DSL
DHCP Server Configuration
Configuration of a Static Default Route
Configuring a Static Default Route
Static Default Route
Demo - Setup a Router with Dialer Interface Commands
Verifying a PPPoE Configuration
Debug VPDN PPPoE Events
Debug PPP Authentication
Verify DHCP Clients
Verify DHCP Server
Verify PAT
PPPoE Sample Configuration
Configuration of a PPPoA DSL Connection
DSL Configuration Overview
PPPoE vs. PPPoA
Configuration of the DSL ATM Interface
Configuring the DSL ATM Interface
PPPoA Sample Configuration
Section 4 Review
Verifying Broadband ADSL Configurations
Troubleshooting by the Layers
Which Layer to Troubleshoot?
OSI Layer 1 Issues
Administratively Down State for an ATM Interface
ATM Interface Status
Correct DSL Operating Mode?
Check the DSL Operating Mode. Is it Correct?
OSI Layer 2 Issues
Proper PPP Negotiation
PPP Negotiation
PPP Authentication Example
Section 5 Review

Chapter 3 - Implement Frame Mode MPLS

Introducing MPLS Networks
The Concepts of the MPLS Model
Typical VPN Topologies
Basic MPLS Features
Basic MPLS Concepts Example
Switching Mechanisms of Routers
Cisco IOS Platform Switching Mechanisms
Standard IP Switching Review
CEF Switching Review
MPLS Architecture
The Components of the MPLS Architecture
Control Plane Components Example
MPLS Labels
Label Format
Label Stack
Frame Mode MPLS
Label Switch Routers (LSRs)
Label Switch Routers
LSR Component Architecture
Functions of LSRs
Component Architecture of LSR
Component Architecture of Edge LSR
Section 1 Review
Assigning MPLS Labels to Packets
Allocation of Labels in the Frame Mode MPLS Environment
Label Allocation in a Frame Mode MPLS Environment
Building the IP Routing Table
Allocating Labels
LIB and LFIB Setup
Distribution and Advertisement of Labels
Label Distribution and Advertisement
Receiving Label Advertisement
Interim Packet Propagation
Further Label Allocation
Receiving Label Advertisement
Populating the LFIB Table
Propagating Packets Across an MPLS Network
Packet Propagation Across an MPLS Network
Penultimate Hop Popping
Before the Introduction of the PHP
After the Introduction of the PHP
Section 2 Review
Implementing Frame Mode MPLS
How to Configure IP CEF
Step 1: Configure CEF
Monitoring IP CEF
How to Configure MPLS on the Frame Mode Interface
Step 2: Configure MPLS on a Frame Mode Interface
Configuring MPLS on a Frame Mode Interface
How to Configure the MTU Size for Label Switching
Step 3: Configure the MTU Size in Label Switching
Configuring Label Switching MTU
Section 3 Review
MPLS VPN Technology
What is a MPLS VPN?
VPN Taxonomy
VPN Models
Frame Relay Example
Overlay VPNs: Layer 3 Routing
Peer-to-Peer VPNs
Benefits of VPN Implementations
Drawbacks of VPN Implementations
Drawbacks of Peer-to-Peer VPNs
The Architecture of the MPLS VPN
MPLS VPN Architecture
MPLS VPN Architecture: Terminology
PE Router Architecture
How Routing Information is Propagated Across the P-Network
Propagation of Routing Information Across the P-Network
Route Distinguishers
Usage of RDs in an MPLS VPN
VoIP Service Example
VoIP Service Example: Connectivity Requirements
Route Targets
How Do RTs Work?
Routing Information Flow from End-to-End
MPLS VPN Routing Requirements
CE Router Perspective
PE-CE Routing Protocols
MPLS VPN Routing: Overall Customer Perspective
P Router Perspective
PE Router Perspective
End-to-End Routing Information Flow
MPLS VPNs and Packet Forwarding
VPN PHP
Section 4 Review

Chapter 4 - IPsec VPNs

IPsec Components and IPsec VPN Features
Overview of IPSec
What Is IPsec?
IPsec Security Features
IPsec Protocols
IPsec Headers
Peer Authentication
Internet Key Exchange
IKE Phases
IKE Modes
IKE: Other Functions
Other IKE Functions
The Problem with IPsec and NAT
IPsec NAT Traversal
Mode Configuration
Easy VPN
Xauth
ESP and AH
ESP and AH Header
AH Authentication and Integrity
ESP Protocol
Tunnel and Transport Mode
Message Authentication and Integrity Check
Message Authentication and Integrity Check Using Hash
Commonly Used Hash Functions
Symmetric vs. Asymmetric Encryption Algorithms
Key Lengths of Symmetric vs. Asymmetric Encryption Algorithms
Security Level of Cryptographic Algorithms
Symmetric Encryption: DES
Symmetric Encryption: 3DES
Symmetric Encryption: AES
Asymmetric Encryption: RSA
Diffie-Hellman Key Exchange
PKI Environment
Certificate Authority
X.509 v3 Certificate
PKI Message Exchange
PKI Credentials
Section 1 Review
Site-to-Site IPsec VPN Operations
Five Steps of IPsec
Step 1: Interesting Traffic
Step 2: IKE Phase 1
IKE Transform Sets
Diffie-Hellman Key Exchange
Authenticate Peer Identity
Step 3: IKE Phase 2
IPsec Transform Sets
Security Associations
SA Lifetime
Step 4: IPsec Session
Step 5: Tunnel Termination
Configuring IPsec
Configuration Steps for Site-to-Site IPsec VPN
Site-to-Site IPsec Configuration: Phase 1
Phase 1
Site-to-Site IPsec Configuration: Phase 2
Phase 2
Site-to-Site IPsec Configuration: Apply VPN Configuration
Site-to-Site IPsec Configuration: Interface ACL
Demo - Configuring VPN Information
Section 2 Review
Configuring IPsec Site-to-Site VPN Using SDM
Introducing the SDM VPN Wizard Interface
Cisco Router and SDM
What Is Cisco SDM?
Cisco SDM Features
Introducing the SDM VPN Wizard Interface (Cont.)
Site-to-Site VPN Components
Launching the Site-to-Site VPN Wizard
Quick Setup
Step-by-Step Setup
Connection Settings
IKE Proposals
Transform Set
Defining What Traffic to Protect
Option 1: Single Source and Destination Subnet
Option 2: Using an ACL
Completing the Configuration
Review the Generated Configuration
Test Tunnel Configuration and Operation
Monitor Tunnel Operation
Advanced Monitoring
Troubleshooting
Demo - Configuring a VPN Connection
Section 3 Review
High Availability Options
High Availability for IOS IPsec VPNs
Failures
Redundancy
Failure Detection
Dead Peer Detection
IPsec Backup Peer
Configuration Example
Hot Standby Routing Protocol
HSRP for Default Gateway at Remote Site
HSRP for Head-End IPsec Routers
IPsec Stateful Failover
IPsec Stateful Failover Example
Backing Up a WAN Connection with an IPsec VPN
Section 4 Review
Configuring GRE Tunnels over IPsec
Generic Routing Encapsulation
Default GRE Characteristics
Optional GRE Extensions
GRE Configuration Example
Introducing Secure GRE Tunnels
IPsec Characteristics
GRE over IPsec
GRE over IPsec Characteristics
Configuring GRE over IPsec Site-to-SiteTunnel Using SDM
Backup GRE Tunnel Information
VPN Authentication Information
Demo - Create a GRE Tunnel over IPsec
IKE Proposals
Creating a Custom IKE Policy
Transform Set
Routing Information
Option 1: Static Routing
Option 2: Dynamic Routing Using EIGRP
Completing the Configuration
Review the Generated Configuration
Test Tunnel Configuration and Operation
Monitor Tunnel Operation
Advanced Monitoring
Troubleshooting
Section 5 Review
Configuring Cisco Easy VPN and Easy VPN Server Using SDM
Introducing Cisco Easy VPN
Cisco Easy VPN Components
Remote Access Using Cisco Easy VPN
Describe Easy VPN Server and Easy VPN Remote
Cisco Easy VPN Remote Connection Process
Step 1: The VPN Client Initiates the IKE Phase 1 Process
Step 2: The VPN Client Establishes an ISAKMP SA
Step 3: The Cisco Easy VPN Server Accepts the SA Proposal
Step 4: Easy VPN Server Initiates a Username and Password Challenge
Step 5: The Mode Configuration Process Is Initiated
Step 6: The RRI Process Is Initiated
Step 7: IPsec Quick Mode Completes the Connection

Continued

Cisco Easy VPN Server Configuration Tasks
Cisco Easy VPN Server Configuration Tasks Using SDM
Cisco Easy VPN Server Configuration Tasks for the Easy VPN Server Wizard
Configuring Easy VPN Server
VPN Wizards
Enabling AAA
Local User Management
Creating Users
Enable AAA
Starting Easy VPN Server Wizard
Select Interface (Terminating IPsec)
IKE Proposals
Transform Set
Group Policy Confiurations
GPC Options 1and 2
User Authentication: Option 1: Local User Database
Local User Database - Adding Users
Option 2: External User Database via RADIUS
Local Group Policies
Advanced Options
Completing the Configuration
Review the Generated Configuration
Verify the Easy VPN Server Configuration
Monitoring Easy VPN Server
Advanced Monitoring
Troubleshooting
Demo - Using SDM to Configure an Easy VPN Server
Section 6 Review
Implementing the Cisco VPN Client
Steps to Configure the Cisco VPN Client Tasks
Use the Cisco VPN Client to Establish an RA VPN Connection and Verify the Connection Status
Tasks 1-3
Mutual Group Authentication
Task 4: Configure Transparent Tunneling
Routing Table
Task 5: Enable and Add Backup Servers
Configure Connection to the Internet Through Dial-Up Networking
Section 7 Review

Chapter 5 - Cisco Device Hardening

Mitigating Network Attacks
Cisco Self-Defending Network
Evolution of Cisco Self-Defending Network
Types of Network Attacks
Reconnaissance Attacks and Mitigation
Packet Sniffers
Packet Sniffer Mitigation
Port Scans and Ping Sweeps
Port Scan and Ping Sweep Mitigation
Internet Information Queries
Access Attacks and Mitigation
Access Attacks
Password Attacks
Password Attack Example
Password Attack Mitigation
Trust Exploitation
Trust Exploitation Attack Mitigation
Port Redirection
Man-in-the-Middle Attacks and Their Mitigation
DoS Attacks and Mitigation
DDoS Attacks
DDoS Example
DoS and DDoS Attack Mitigation
IP Spoofing in DoS and DDoS
Worm, Virus, and Trojan Horse Attacks and Mitigation
Virus and Trojan Horse Attack Mitigation
The Anatomy of a Worm Attack
Mitigating Worm Attacks
Application Layer Attacks and Mitigation
Application Layer Attacks
Netcat
Netcat Example
Mitigation of Application Layer Attacks
Management Protocols and Vulnerabilities
Configuration Management
Configuration Management Recommendations
Management Protocols
Management Protocol Best Practices
Determining Vulnerabilities and Threats
Blue's Port Scanner and Ethereal
Section 1 Review
Disabling Unused Cisco Router Network Services and Interfaces
Which Services on a Router are Vulnerable
Vulnerable Router Services and Interfaces
Vulnerable Router Services
Router Hardening Considerations
Locking Down Routers with AutoSecure
What is AutoSecure?
AutoSecure Operation Modes
AutoSecure Functions
AutoSecure Failure Scenarios
Demo - Looking at AutoSecure
AutoSecure Process Overview
Start and Interface Selection
Securing Management Plane Services
Creating Security Banner
Passwords and AAA
SSH and Interface-Specific Services
Forwarding Plane, Verificaton and Deployment
Locking Down Routers with the SDM
Security Device Manager
SDM Security Audit Overview
SDM Security Audit: Main Window
SDM Security Audit: Fix the Security Problems
SDM One-Step Lockdown: Main Window
Section 2 Review
Securing Cisco Router Installations and Administrative Access
Configuring Router Passwords
Password Creation Rules
Initial Configuration Dialog
Configure the Line-Level Password
Password Minimum Length Enforcement
Enhanced Username Password Security
Securing ROMMON with the No Password-Recovery Command
Setting a Login Failure Rate
Authentication Failure Rate with Logging
Setting a Login Failure Blocking Period
Excluding Addresses from Login Blocking
Setting a Login Delay
Verifying Login
Setting Timeouts
Setting Timeouts for Router Lines
Setting Multiple Privilege Levels
Configuring Banner Messages
Configuring Role-Based CLI
Role-Based CLI Overview
Role-Based CLI Details
Getting Started with Role-Based CLI
Configuring CLI Views
Configuring Superviews
Role-Based CLI Monitoring
Role-Based CLI Configuration Example
Secure Configuration Files
Secure Configuration Files Introduction
Cisco IOS Resilient Configuration Feature Verification
Demo - Looking at Router Passwords
Section 3 Review
Mitigating Threats and Attacks with Access Lists
What are Cisco ACLs?
Standard and Extended ACLs
Identifying ACLs
Guidelinesfor Developing ACLs
Applying ACLs to Interfaces on the Router
Applying ACLs to Router Interfaces
ACLs for Traffic Filtering
Traffic Filtering
How to Mitigate Threats with Traffic Filtering
IP Address Spoofing Mitigation: Inbound
IP Address Spoofing Mitigation: Outbound
DoS TCP SYN Attack Mitigation: Blocking External Access
DoS TCP SYN Attack Mitigation: Using TCP Intercept
DoS Smurf Attack Mitigation
Filtering Inbound ICMP Messages
Filtering Outbound ICMP Messages
Filtering UDP Traceroute Messages
Mitigating DDoS with ACLs
Basics of DDoS Attacks
Mitigate DDoS Using Martians Filters
DDoS Attack Mitigation: TRIN00
DDoS Attack Mitigation: Stacheldraht
DDoS Attack Mitigation: Trinity v3
DDoS Attack Mitigation: SubSeven
Combining Access Functions
Best Practices for ACLs
ACL Caveats
Section 4 Review
Securing Management and Reporting Features
Secure Management and Reporting Planning Considerations
Management and Reporting Planning Considerations
Secure Management and Reporting Architecture
Information Paths
In-Band Management Considerations
Secure Management and Reporting Guidelines
Configuring an SSH Server for Secure Management and Reporting
Using Syslog Logging for Network Security
Implementing Log Messaging for Security
Syslog Systems
Cisco Log Severity Levels
Log Message Format
Configuring Syslog Logging
Configuring Syslog
Syslog Implementation Example
SNMP Version 3
SNMPv1 and SNMPv2 Architecture
Community Strings
SNMP Security Models and Levels
SNMPv3 Architecture
SNMPv3 Operational Model
SNMPv3 Features and Benefits
Configuring an SNMP Managed Node
SNMPv3 Configuration Task List
Configuring the SNMP-Server Engine ID
Configuring the SNMP-Server Group Names
Configuring the SNMP-Server Users
Configuring the SNMP-Server Hosts
SNMPv3 Configuration Example
Configuring NTP Client
Understanding NTP
Configuring NTP Authentication
Configuring NTP Associations
Configuring Additional NTP Options
Configuring NTP Server
Implementing NTP Server
Configuring NTP Server (Cont.)
NTP Configuration Example
Demo - Configurations for SSH
Section 5 Review
Configuring AAA on Cisco Routers
What is AAA?
Implementing AAA
Router Access Modes
RADIUS and TACACS+
AAA Protocols: RADIUS and TACACS+
RADIUS Authentication and Authorization
RADIUS Messages
RADIUS Attributes
RADIUS Features
TACACS+ Authentication
TACACS+ Network Authorization
TACACS+ Command Authorization
TACACS+ Attributes and Features
Configuring the AAA Server
How to configure AAA login on a Router with the CLI
AAA Authentication Commands
Character Mode Login Example
How to configure AAA login on a Router with the SDM
Enabling AAA in SDM
Verifying AAA Login Authentication Commands
Troubleshooting AAA
Troubleshoot AAA Login Authentication on Cisco Routers
Troubleshoot AAA Authentication Example
AAA Authorization Commands
Authorization Example
Troubleshooting Authorization
AAA Accounting Commands
AAA Accounting Example
Troubleshooting Accounting
Section 6 Review

Chapter 6 - Cisco IOS Threat Defense Features

Introducing the Cisco IOS Firewall
Layered Defense Strategy
DMZ
Layered Defense Features
Multiple DMZs
Modern DMZ Design
Firewall Technologies
Packet Filtering
Packet Filtering Example
Application Layer Gateway
ALG Firewall Device
Stateful Packet Filtering
Stateful Firewall Operation
Stateful Firewalls
SPF Handling of Different Protocols
Introducing the Cisco IOS Firewall Feature Set
The Cisco IOS Firewall Feature Set
Cisco IOS Firewall
Cisco IOS Authentication Proxy
Cisco IOS IPS
Cisco IOS Firewall Functions
Cisco IOS ACLs Revisited
Cisco IOS Firewall TCP Handling
Cisco IOS Firewall UDP Handling
Cisco IOS Firewall Process
How Cisco IOS Firewall Works
Supported Protocols
Alerts and Audit Trails
Section 1 Review
Implementing Cisco IOS Firewalls
Configuring Cisco IOS Firewall from the CLI
Cisco IOS Firewall Configuration Tasks Using the CLI
Set Audit Trails and Alerts
Define Inspection Rules for Application Protocols
Apply an Inspection Rule to an Interface
Guidelines for Applying Inspection Rules and ACLs to Interfaces
Example: Two-Interface Firewall
Verifying Cisco IOS Firewall
Troubleshooting Cisco IOS Firewall
Demo - Initial Security Settings
Basic and Advanced Firewall Wizards
Configuring a Basic Firewall
Reviewing the Basic Firewall for the Originating Traffic
Resulting Basic Firewall Inspection Rule Configuration
Demo - Inspection Options
Demo - Basic Firewall Settings
Configuring Interfaces on an Advanced Firewall
Configuring a DMZ on an Advanced Firewall
Advanced Firewall DMZ Service Configuration
Advanced Firewall Security Configuration
Advanced Firewall Security Policy
Complete the Configuration
Advanced Firewall Configuration Summary and Deployment
Viewing Firewall Activity
Preparing for Firewall Activity Viewing
Section 2 Review
Introducing Cisco IOS IPS
Introducing Cisco IOS IDS and IPS
IDS Introduction
IPS Introduction
Combining IDS and IPS
Types of IDS and IPS Systems
Signature-Based IDS and IPS
Policy-Based IDS and IPS
Anomaly-Based IDS and IPS
Honeypot
Network-Based and Host-Based IPS
Network-Based vs. Host-Based IPS
NIPS Features
NIDS and NIPS Deployment
IDS and IPS Signatures
Signature Categories
Exploit Signatures
Signature Examples
Cisco IOS IPS Signature Definition Files
Cisco IOS IPS SDFs
Cisco IOS IPS Alarms
Cisco IOS IPS Alarms: Configurable Actions
Cisco IOS IPS Alarm Considerations
Section 3 Review
Configuring Cisco IOS IPS
Cisco IOS IPS Configuration Steps
Configure Basic IPS Settings
Configure Enhanced IPS Settings
Verifying IOS IPS Configuration
Cisco IOS IPS SDM Tasks
Selecting Interfaces and Configuring SDF Locations
Launching the IPS Policies Wizard
Demo - Setting up an IPS
Configuring IPS Policies and Global Settings
IPS Policies
Global Settings
Viewing SDEE Messages
Viewing All SDEE Messages
Viewing SDEE Status Messages
Tuning Signatures
Selecting a Signature
Editing a Signature
Disabling a Signature Group
Verifying the Tuned Signatures
Section 4 Review
Course Closure