Caricamento...
CI-SIMOS

Implementing Cisco Secure Mobility Solutions

Prezzo

€ 2,690.00
(Iva esclusa)

Scheda tecnica

Scarica

Giorni

5 gg

Il corso Implementing Cisco Secure Mobility Solutions (SIMOS) v1.0 è il corso di cinque giorni di nuova creazione che è parte del percorso che conduce alla certificazione Cisco Certified Network Professional Security (CCNP© Security).

Questo corso è progettato per preparare i network security engineers con la conoscenza e gli skills di cui hanno bisogno per proteggere i dati di traslazione di un’infrastruttura pubblica o condivisa come internet implementando e gestendo soluzioni Cisco VPN.

Si otterrà esperienza pratica con la configurazione e la risoluzione dei problemi di accesso remoto e soluzioni VPM site-to-site, utilizzando apparecchiature di sicurezza Cisco ASA e routers Cisco IOS. 

OBIETTIVI:

Al termine del corso gli allievi saranno in grado di:

  • Descrivere e sviluppare le diverse tecnologie VPN così come gli algoritmi crittografici e i protocolli che forniscono la sicurezza VPN
  • Implementare e gestire le soluzioni Cisco site-to-site VPN
  • Implementare e gestire Cisco FlexVPN in point-to-point, hub-and-spoke, e spoke-to-spoke IPsec VPNs
  • Implementare e gestire Cisco clientless SSL VPNs
  • Implementare e gestire Cisco AnyConnect SSL e IPsec VPNs
  • Implementare e gestire la sicurezza degli endpoint e policy di accesso dinamici (DAP)

Network Security Engineers.

  • Certificazione Cisco Certified Network Associate (CCNA®) 
  • Certificazione Cisco Certified Network Associate (CCNA®) Security

Module 1: The Role of VPNs in Network Security 

  • VPN Definition 
  • Key Threats to WANs and Remote Access 
  • Cisco Modular Network Architecture and VPNs 
  • VPN Types 
  • VPN Components 
  • Secure Communication and Cryptographic Services 
  • Cryptographic Algorithms 
  • Cryptography and Confidentiality 
  • Cryptography and Integrity 
  • Cryptography and Authentication 
  • Cryptography and Nonrepudiation 
  • Keys in Cryptography 
  • Public Key Infrastructure 
  • Next-Generation Encryption 
  • Dependencies in Cryptographic Services 
  • Cryptographic Controls Guidelines

Module 2: Deploying Secure Site-to-Site Connectivity Solutions 

  • Site-to-Site VPN Topologies 
  • Site-to-Site VPN Technologies 
  • IPsec VPN Overview 
  • Internet Key Exchange v1 and v2 
  • Encapsulating Security Payload 
  • IPsec Virtual Tunnel Interface 
  • Dynamic Multipoint VPN 
  • Cisco IOS FlexVPN 
  • Overview of Point-to-Point IPsec VPNs on the Cisco ASA 
  • Configuration Tasks for Basic Point-to-Point Tunnels on the Cisco ASA 
  • Enable IKE on an Interface 
  • Configure IKE Policy 
  • Configure PSKs 
  • Choose Transform Set and VPN Peer 
  • Choose Traffic for VPN 
  • Configuring Site-to-Site VPN with Connection Profiles Menu 
  • Verify and Troubleshoot Basic Point-to-Point Tunnels on the Cisco ASA 
  • Lab 2-1 Implement Site to Site Secure Connectivity on Cisco ASA 
  • Overview of Cisco IOS VTIs 
  • Configure Static VTI Point-to-Point Tunnels 
  • Verify Static VTI Point-to-Point Tunnels 
  • Configure Dynamic VTI Point-to-Point Tunnels 
  • Verify Dynamic VTI Point-to-Point Tunnels 
  • Lab 2-2 Objective: Implement a Cisco IOS static VTI point-to-point tunnel 
  • Overview of Cisco IOS DMVPN 
  • DMVPN Solution Components 
  • GRE 
  • NHRP 
  • DMVPN Operations 
  • Types of Authentication 
  • Configure DMVPN on Hub 
  • Configure DMVPN on Spoke 
  • Configure Routing in DMVPN 
  • Verify DMVPN

Module 3: Deploying Cisco IOS Site-to-Site FlexVPN Solutions 

  • FlexVPN Overview 
  • Public Key Infrastructure (PKI) 
  • Site-to-Site VPN Topologies 
  • FlexVPN Architecture 
  • FlexVPN Configuration Overview 
  • FlexVPN Capabilities 
  • IKEv2 vs. IKEv1 Overview 
  • IKEv2 Message Exchange 
  • IKEv2 DoS Prevention 
  • IKEv1 and IKEv2 Comparison 
  • FlexVPN Use Cases 
  • Point-to-Point FlexVPN 
  • FlexVPN Configuration Blocks 
  • IKEv2 Profile 
  • Smart Defaults 
  • Manipulating Default Values 
  • Negotiating IKEv2 Proposals 
  • Point-to-Point VPN Scenario with IPv4 Static Routes 
  • Configure and Verify Point-to-Point VPN with IPv4 Static Routes 
  • Point-to-Point VPN Scenario with OSPFv3 
  • Configure and Verify Point-to-Point VPN with OSPFv3 
  • Enroll Devices to ECDSA PKI 
  • Configure Router for ECDSA 
  • Configure ASA for ECDSA 
  • Verify EC Key Pairs and Certificates 
  • Verify IKEv2 SA 
  • Verify IPsec SA 
  • Verify Point-to-Point FlexVPN (just flowchart and important show/debug command output) 
  • Lab 3-1: Implement Site-to-Site Secure Connectivity Using Cisco IOS FlexVPN 
  • Cisco IOS FlexVPN 
  • IKEv2 Configuration Payload 
  • Locally Managed Hub-and-Spoke Scenario 
  • Configure a Spoke in a Hub-and-Spoke Scenario 
  • Configure a Hub in a Hub-and-Spoke Scenario 
  • Configuration Exchange 
  • Verify and Troubleshoot Hub-and-Spoke FlexVPN 
  • Lab 3-2: Implement Hub-to-Spoke Secure Connectivity Using Cisco IOS Flex VPN 
  • Spoke-to-Spoke Shortcut Scenario 
  • NHRP in FlexVPN 
  • Configure and Verify a Spoke in a Spoke-to-Spoke Shortcut Scenario 
  • Configure and Verify a Hub in a Spoke-to-Spoke Shortcut Scenario 
  • RADIUS-Managed FlexVPN Scenario 
  • Verify Spoke-to-Spoke Shortcut Switching 
  • Troubleshoot Spoke-to-Spoke Shortcut Switching (just flowchart and important show/debug command output) 
  • Lab 3-3: Implement Spoke-to-Spoke Secure Connectivity Using Cisco IOS Flex VPN

Module 4: Deploying SSL VPNs 

  • SSL VPN Components 
  • SSL/TLS 
  • Overview of group policies and connection profiles 
  • Basic Cisco Clientless SSL VPN 
  • Solution Components 
  • Configure ASA gateway 
  • Configure basic authentication 
  • Configure access control (including URL entry and bookmarks) 
  • Verify basic clientless SSL VPN 
  • Troubleshoot basic clientless SSL VPN 
  • Lab 4-1 Objective: Implement Basic Cisco Clientless SSL VPN on Cisco ASA 
  • Deploying Application Access options (plug-ins, smart tunnels) 
  • Configure and verify plugins 
  • Configure and verify smart tunnels 
  • Troubleshoot plugins and smart tunnel 
  • Lab 4-2 Objective: Application Access clientless SSL 
  • Advanced Authentication in Cisco Clientless SSL VPN Solution Components 
  • Configure and verify Certificate based Authentication 
  • Configure and Verify External Authentication 
  • Troubleshoot Advanced Authentication in Clientless SSL VPN 
  • Lab 4-3 Objective: Advanced AAA Clientless SSL

Module 5: Deploying Cisco AnyConnect VPNs 

  • IP Address assignment 
  • Split Tunneling 
  • Basic Cisco AnyConnect SSL VPN 
  • Solution Components 
  • SSL VPN Server Authentication 
  • SSL VPN Clients Authentication 
  • SSL VPN Clients IP Address Assignment 
  • SSL VPN Split Tunneling 
  • Configure ASA for Basic AnyConnect SSL VPN 
  • Configure Basic Cisco Authentication 
  • Configure Access Control 
  • Verify and Troubleshoot Basic Cisco AnyConnect SSL VPN 
  • Lab 5-1 Objective: Implement Basic Cisco AnyConnect SSL VPN on Cisco ASA 
  • DTLS Overview 
  • Parallel DTLS and TLS Tunnels 
  • Configure DTLS 
  • Verify DTLS 
  • Cisco AnyConnect Client Configuration Management 
  • Cisco AnyConnect Client Operating System Integration Options 
  • Cisco AnyConnect Start Before Logon 
  • Cisco AnyConnect Trusted Network Detection 
  • Configure, Verify, and Troubleshoot Cisco AnyConnect Start Before Logon and Cisco AnyConnect Trusted Network Detection 
  • Lab 5-2: Implement Advanced Cisco AnyConnect SSL VPN on Cisco ASA 
  • AnyConnect Support for IPSec/IKEv2 
  • Configure a Cisco AnyConnect IPsec/IKEv2 VPNs on a Cisco ASA Adaptive Security Appliance 
  • Verify and Troubleshoot Cisco AnyConnect IPsec/IKEv2 VPNs on Cisco ASA 
  • Lab 5-3: Configure Cisco AnyConnect IPsec/IKEv2 VPNs on Cisco ASA 
  • Cisco AnyConnect Advanced Authentication Scenarios 
  • External Authentication 
  • Certificate-Based Server Authentication 
  • Configure and Verify Certificate-Based Client Authentication 
  • SCEP Proxy Overview 
  • SCEP Proxy Connection Flow 
  • SCEP Proxy Configuration Procedure 
  • Configure SCEP Proxy 
  • Verify SCEP Proxy 
  • Local Authorization Overview 
  • Local Authorization Scenario 
  • Local Authorization Configuration Procedure 
  • Configure Local Authorization 
  • External Authentication and Authorization Scenario 
  • Configure External Authentication and Authorization 
  • Troubleshoot Advanced Authentication and Authorization in Cisco AnyConnect VPNs 
  • Accounting 
  • Lab 5-3: Configure Cisco AnyConnect IPsec/IKEv2 VPNs on Cisco ASA 
  • Lab 5-4: Implement Advanced Cisco AnyConnect SSL VPN on Cisco ASA

Module 6: Endpoint Security and Dynamic Access Policies 

  • Cisco HostScan Overview 
  • Cisco HostScan Prelogin Assessment 
  • Install Cisco HostScan 
  • Configure Prelogin Criteria and Prelogin Policy 
  • Configure Host Scan Endpoint Assessment 
  • Configure Host Scan Advanced Endpoint Assessment 
  • DAP Overview 
  • Integrating DAP with Host Scan 
  • Configuring DAP 
  • Verifying and Troubleshooting DAP 
  • Lab 6-1: Configure Hostscan and DAP for AnyConect SSL VPNs


Sede Data P