NIL Data Communications Ltd.

1. Navigation
2. Main Menu
3. Left sidebar
4. Content
5. Right sidebar
6. Footer

Content

Implementing Cisco IOS Network Security Remote Labs v1.0

This set of lab exercises contains all exercises associated with the Implementing Cisco IOS Network Security (IINS) course. The labs address different aspects of security - from embedding secret messages and scanning networks and hosts, to securing management of and access to Cisco devices using AAA framework, SDM, Cisco ACS, and Kiwi Syslog server. Labs also address Layer 2, Layer 3, and application layer security features, such as ACLs, VPNs with IPsec, firewalls, and IPS.

Content

This set of lab exercises contains the following exercises:

• Embedding a Secret Message Using Steganography
• Scanning a Network Using Testing Tools
• Securing Administration Access to Cisco Routers
• Configuring AAA on Cisco Routers to Use the Local Database
• Configuring AAA on Cisco Routers to Use Cisco Secure ACS
• Implementing Secure Management and Reporting
• Using Cisco SDM One-Step Lockdown and Security Audit
• Creating Static Packet Filters Using ACLs
• Configuring a Cisco IOS Zone-Based Policy Firewall
• Configuring a Site-to-Site IPsec VPN
• Configuring Cisco IOS IPS
• Using Cisco Catalyst Switch Security Features

Objectives

Upon finishing this set of exercises, you will be able to:

• Create a secret message
• Embed a secret message into a picture
• Retrieve a secret message
• Scan a computer system using the Nmap software
• Scan hosts using the SuperScan4
• Identify services running on hosts
• Configure a minimum length for all router passwords
• Configure an encrypted password on a Cisco router
• Configure the console port, auxiliary port, and vty line-level passwords
• Encrypt plaintext passwords
• Configure role-based CLI access
• Configure enhanced username password security using the MD5 hashing algorithm
• Configure the Cisco IOS login enhancements feature to provide better protection for virtual logins
• Configure the local database using SDM
• Configure an authentication login profile to be used by AAA
• Test an authentication login profile by accessing the console
• Use debug commands to verify and troubleshoot the AAA configuration and authentication
• Verify the Cisco Secure ACS for Windows installation
• Configure Cisco Secure ACS to use the local database on Cisco Secure ACS for Windows using Cisco SDM for AAA
• Configure a Cisco router to use Cisco Secure ACS for authentication
• Configure Cisco Secure ACS for Windows to use the Windows Server database for authentication
• Configure a Cisco router to use Cisco Secure ACS for authorization
• Configure a Cisco router to use Cisco Secure ACS for accounting
• Configure the router to log debug messages to the Kiwi Syslog server on the PC using Cisco SDM
• Using Cisco SDM, configure the router to be managed securely using SSH instead of Telnet
• Configure the router to synchronize its clock with the remote router using NTP
• Use the Security Audit wizard to identify potential security problems posed by unused services and interfaces
• Identify any security risks and determine which ones represent vulnerabilities
• Use the Security Audit wizard to make the necessary changes to make the router configuration more secure
• Perform a one-step lockdown on a router using Cisco SDM
• Use Cisco SDM to review previous configurations done in the CLI
• Apply a standard and extended ACL as a practical solution
• Use show commands to verify ACL operations
• Use Cisco SDM to create a zone-based policy firewall
• Examine, test, and remove the zone-base policy firewall configuration
• Launch the Cisco SDM Site-to-Site VPN Wizard and define the VPN connection for one side of a site-to-site VPN configuration
• Verify and troubleshoot the site-to-site VPN operations
• Delete a VPN tunnel
• Launch the Cisco SDM IPS rule wizard
• Enable Cisco IOS IPS using the Cisco SDM IPS Policies wizard
• Configure signature setting using Cisco SDM
• Enable the syslog and SDEE global settings using Cisco SDM
• Demonstrate how the Cisco IOS IPS protects against an internal attacker using a scan utility
• Configure various switch security features to secure trunk ports from known attacks using the CLI
• Configure BPDU guard and port security to secure access ports from known Layer 2 attacks using the CLI

Importance

The lab exercises in this set are important for all network engineers and designers involved in designing, implementing, and operating security solutions based on Cisco IOS security.

Target Audience

The primary audience for this course comprises network engineers and systems engineer responsible for security solutions deployment. Because most of the exercises are done using the Cisco SDM, labs are suitable for administrators who wish to expedite and simplify the router configuration process, as well as for less-experienced users not familiar with the CLI.

Prerequisite Knowledge

To be able to successfully complete this set of labs, you need to have the Cisco Certified Network Associate (CCNA) certification and basic experience with the Microsoft Windows operating system.

Left sidebar

• Learning Options
  • Classroom Training
  • E-Learning
  • Remote Labs
  • Virtual Classrooms
• Technology Area
• Cisco Certifications
• Cisco Specializations

Right sidebar