+91 9872655566 91 8146677988

Learn & Implement Under One Roof

CCNA Security

CCNA Security (640-554_iins)

Course Objectives: CCNA Security Certification is associate level Certification in Network Security Technologies offered by Cisco. CCNA security covers basics of Network Security, Network Attacks, VPN’s, Firewalls and Cisco Router Switch Security.

Exam Description

The 640-554 “Implementing Cisco IOS Network Security” (IINS) exam is associated with the CCNA Security certification. This 90-minute, 55-65 questions exam tests a candidate's knowledge of securing Cisco routers and switches and their associated networks. It leads to validated skills for installation, troubleshooting and monitoring of network devices to maintain integrity, confidentiality and availability of data and devices, and develops competency in the technologies that Cisco uses in its security infrastructure. Candidates can prepare for this exam by taking the “Implementing Cisco IOS Network Security” (IINS) course.

CCNA Security Training Fee and Duration:

TrackRegular Track Weekend (Sat & Sun)
Duration40 Days 7 Weekends

Course Outline

1.0 Common Security Threats

Lesson 1
  • 1.1 Describe common security threats
  • 1.1.a Common threats to the physical installation
  • 1.1.b Mitigation methods for common network attacks
  • 1.1.c Email-based threats
  • 1.1.d Web-based attacks
  • 1.1.e Mitigation methods for Worm, Virus, and Trojan Horse attacks
  • 1.1.f Phases of a secure network lifecycle
  • 1.1.g Security needs of a typical enterprise with a comprehensive security policy
  • 1.1.h Mobile/remote security
  • 1.1.i DLP

3.0 AAA on Cisco Devices

Lesson 3
  • 3.1 Implement authentication, authorization, and accounting (AAA)
  • 3.1.a AAA using CCP on routers
  • 3.1.b AAA using CLI on routers and switches
  • 3.1.c AAA on ASA
  • 3.2 Describe TACACS+
  • 3.3 Describe RADIUS
  • 3.4 Describe AAA
  • 3.4.a Authentication
  • 3.4.b Authorization
  • 3.4.c Accounting
  • 3.5 Verify AAA functionality.

4.0 IOS ACLs

Lesson 4
  • 4.1 Describe standard, extended, and named IP IOS ACLs to filter packets
  • 4.1.a IPv4
  • 4.1.b IPv6
  • 4.1.c Object groups
  • 4.1.d ACL operations
  • 4.1.e Types of ACLs (dynamic, reflexive, time-based ACLs)
  • 4.1.f ACL wild card masking
  • 4.1.g Standard ACLs
  • 4.1.h Extended ACLs
  • 4.1.i Named ACLs
  • 4.1.j VLSM
  • 4.2 Describe considerations when building ACLs
  • 4.2.a Sequencing of ACEs
  • 4.2.b Modification of ACEs
  • 4.3 Implement IP ACLs to mitigate threats in a network
  • 4.3.a Filter IP traffic
  • 4.3.b SNMP
  • 4.3.c DDoS attacks
  • 4.3.d CLI
  • 4.3.e CCP
  • 4.3.f IP ACLs to prevent IP spoofing
  • 4.3.g VACLs

5.0 Secure Network Management and Reporting

Lesson 5
  • 5.1 Describe secure network management
  • 5.1.a In-band
  • 5.1.b Out of band
  • 5.1.c Management protocols
  • 5.1.d Management enclave
  • 5.1.e Management plane
  • 5.2 Implement secure network management
  • 5.2.a SSH
  • 5.2.b syslog
  • 5.2.c SNMP
  • 5.2.d NTP
  • 5.2.e SCP
  • 5.2.f CLI
  • 5.2.g CCP
  • 5.2.h SSL

6.0 Common Layer 2 Attacks

Lesson 6
  • 6.1 Describe Layer 2 security using Cisco switches
  • 6.1.a STP attacks
  • 6.1.b ARP spoofing
  • 6.1.c MAC spoofing
  • 6.1.d CAM overflows
  • 6.1.e CDP/LLDP
  • 6.2 Describe VLAN Security
  • 6.2.a Voice VLAN
  • 6.2.b PVLAN
  • 6.2.c VLAN hopping
  • 6.2.d Native VLAN
  • 6.3 Implement VLANs and trunking
  • 6.3.a VLAN definition
  • 6.3.b Grouping functions into VLANs
  • 6.3.c Considering traffic source to destination paths
  • 6.3.d Trunking
  • 6.3.e Native VLAN
  • 6.3.f VLAN trunking protocols
  • 6.3.g Inter-VLAN routing
  • 6.4 Implement Spanning Tree
  • 6.4.a Potential issues with redundant switch topologies
  • 6.4.b STP operations
  • 6.4.c Resolving issues with STP

7.0 Cisco Firewall Technologies

Lesson 7
  • 7.1 Describe operational strengths and weaknesses of the different firewall technologies
  • 7.1.a Proxy firewalls
  • 7.1.b Packet and stateful packet
  • 7.1.c Application firewall
  • 7.1.d Personal firewall
  • 7.2 Describe stateful firewalls
  • 7.2.a Operations
  • 7.2.b Function of the state table
  • 7.3 Describe the types of NAT used in firewall technologies
  • 7.3.a Static
  • 7.3.b Dynamic
  • 7.3.c PAT
  • 7.4 Implement Zone Based Firewall using CCP
  • 7.4.a Zone to zone
  • 7.4.b Self zone
  • 7.5 Implement the Cisco Adaptive Security Appliance (ASA)
  • 7.5.a NAT
  • 7.5.b ACL
  • 7.5.c Default MPF
  • 7.5.d Cisco ASA sec level
  • 7.6 Implement NAT and PAT
  • 7.6.a Functions of NAT, PAT, and NAT Overload
  • 7.6.b Translating inside source addresses
  • 7.6.c Overloading Inside global addresses

8.0 Cisco IPS

Lesson 8
  • 8.1 Describe IPS deployment considerations
  • 8.1.a SPAN
  • 8.1.b IPS product portfolio
  • 8.1.c Placement
  • 8.1.d Caveats
  • 8.2 Describe IPS technologies
  • 8.2.a Attack responses
  • 8.2.b Monitoring options
  • 8.2.c syslog
  • 8.2.d SDEE
  • 8.2.e Signature engines
  • 8.2.f Signatures
  • 8.2.g Global correlation and SIO
  • 8.2.h Network-based
  • 8.2.i Host-based
  • 8.3 Configure Cisco IOS IPS using CCP
  • live projects
  • Assignments
    Students will be given assignments after completion of each topic. Assignment helps one to think professionally, to gather data and to draw conclusions from the data gathered. Students are advised to be regular in the class and complete their assignments on time.
  • team projects
    For each individual course, students would be provided with sample projects. After reviewing the performance on the given projects, the best selected candidates will get a chance to work on live projects.
  • class participation
    'Participation' is the most important element to grow and learn more. Students should keep their minds active in each lecture to get the best of knowledge and if they come up with any queries, they can send a mail for the same. Keep clearing your doubts as and when it comes!