Content
Security Solutions for System Engineers v3.0
The lab exerices included in the Security Solutions for System Engineers (SSSE) v3.0 course provide an introduction to security design best practices for both host- and network-centric countermeasures. The course includes a systematic overview of modern threats, countermeasures, and defensive architectures for a variety of common business scenarios, and enables the learner to choose the optimal architecture and Cisco products to satisfy business risk management requirements.
Content
This set of lab exercises contains the following exercises:
- Demonstration of Modern Threats
- Network Infrastructure Protection Technology Demonstration
- Internet Access Protection Technology Demonstration
- Protection of Enterprise Exposed Services
- Demonstration of an On-Demand Fully Meshed IPsec VPN
- Secure Remote Access Technology Demonstration
Objectives
Upon finishing this set of exercises, you will be able to:
- Flood a router control plane to deny service to legitimate traffic
- Compromise server data confidentiality by exploiting a web application vulnerability
- Install a rootkit to hide malicious objects (files and processes) on a compromised client system
- Scan a Cisco IOS router to discover minimal available services
- Attempt to overload a Cisco IOS router protected with Control Plane Policing (CoPP) with control plane traffic and observe the results
- Attempt to inject malicious routes and spoofed traffic into a Cisco IOS router configured with routing protocol authentication and traffic anti-spoofing controls
- Attempt to download dangerous files and observe Cisco ASA controls preventing it
- Attempt to execute dangerous content and observe Cisco Security Agent (CSA) controls preventing its malicious actions
- Attempt reconnaissance against the web server and observe how network controls minimize server exposure
- Attempt an attack against the web server and observe how signatures of a network Intrusion Prevention System (IPS) function inside the AIP-SSM can help prevent it
- Attempt an attack against the web server and observe how minimized application exposure using a Stateful Packet Filter (SPF) with Application Inspection and Control can help prevent it
- Attempt an attack against the web server and observe how a sandboxing Host Intrusion Prevention System (HIPS) agent can help prevent it
- Examine the initial hub-and-spoke configuration of a DMVPN network and verify hub-and-spoke connectivity
- Establish an on-demand spoke-to-spoke tunnel without configuring a spoke-to-spoke relationship in the VPN
- Examine clientless SSL VPN access types
- Examine centralized provisioning of SSL VPN user policies
Importance
This bundle of lab exercises demonstrates the application of security technologies used in guidelines and case studies presented within the SSSE 3.0 course, and therefore help the student understand the purpose and benefits of proposed security controls.
Target Audience
The SSSE course and lab exercises are recommended for system engineers, network designers, and security professionals designing security solutions in enterprise environments.
Prerequisite Knowledge
Basic user-level familiarity with Microsoft Windows operating systems, Cisco IOS software command-line interface (CLI), and TCP/IP networking are required to complete this bundle of lab exercises.