Cisco Security Certification - Cisco Security

Introduction

This course covers claims and evidence identified for the new Advanced Security SE Specialisation. The Security Solutions for Systems Engineers training is part of the Channel SE program.

The SSSE course will form the basis for the Security Cisco Qualified Specialist certification.

Who should attend?

This course is intended for:

• Systems engineers
• Network designers
• Security professionals designing security solutions in enterprise environments

Pre-requisites

• Valid CCDA Certification

Course Objectives

Upon completing this course, you will be able to:

• Recognize modern threats to enterprise business processes
• Recognize modern security controls
• Choose appropriate controls for specific threats and environments
• Apply basic security design guidelines
• Recognize basic customer requirements and environment limitations and build an optimal solution based on them
• Position Cisco security products in basic customer scenarios

Course Outline

The Threat Landscape and Goals of Security Engineering

1: General Principles

• Risks to Enterprise Business Processes
• Security Terminology
• Types of Attackers
• Value of Assets and Cost of Incidents
• Security Engineering

2: Physical Attacks

• Physical Access
• Theft
• Physical Intrusion and Destruction
• Electromagnetic Leakage and Interference

3: Network Infrastructure Attacks

• Impact of Network Infrastructure Attacks
• Device- and Link-Focused Attacks
• Attacks Against Network Infrastructure Signaling Processes
• Attacks Against Management Protocols and Supporting Infrastructure Applications

4: System and Application Attacks

• Impact of System and Application Attacks
• Attacks Against Network and Application Protocols
• Attacks Against Operating Systems
• Attacks Against Applications Lesson 5: User Attacks
• Impact of User Attacks
• Types of User Attacks

Overview of Security Controls

1: Organizational Controls

• Security Policies and Procedures
• Organizational Controls
• Security Life-Cycle Management
• Security Life-Cycle Management Models
• Security Regulation
• Security Evaluation and Assurance

2: Types of Controls

• Access Control
• Detection and Response
• Proactive and Reactive Controls
• Network, Endpoint, and Data-Centric Controls

3: Security Engineering Principles

• Matching Controls to Threats
• Realistic Assumptions
• Simplicity
• Fail-Open and Fail-Closed Controls
• Defense in Depth
• Limiting Damage

4: Distribution of Controls Between Network and Endpoints

• Infrastructure-Endpoint Architecture
• Perimeter-Endpoint Architecture
• Endpoint-Only Architecture
• Combining Security Architectures

5: Cryptographic Services

• Cryptographic Controls
• Confidentiality as a Cryptographic Service
• Integrity as a Cryptographic Service
• Authentication as a Cryptographic Service
• Nonrepudiation as a Cryptographic Service
• Key Management

6: Authentication and Identity Management

• Identity Management
• Subjects and Credentials
• Authentication Protocols
• Authentication Architectures

7: Network Controls

• Network Infrastructure Controls
• Network Separation and Boundary Controls

8: System Controls

• Native Operating System Controls
• Operating System Security Extensions

9: Application Controls

• Secure Application Protocols
• Secure Development, Testing, and Operations
• Data Validation
• Access Control and Auditing

Network Infrastructure Protection Solutions

1: Overview of Threats, Controls, and Specific Customer Requirements

• Threats Against the Network Infrastructure
• Customer Environment and Requirements

2: Architectures and Design Guidelines

• Architecture Components
• Device Hardening Design
• Network Signaling Protection Design
• Permanent Traffic Filtering Design
• On-Demand Traffic Filtering Design
• Edge User Access Control Design
• Edge User Compliance Verification Design
• Secure Management Design

3: Case Studies

The lesson includes these topics:

• Network Infrastructure Security for Enterprise IP Telephony
• Enterprise Infrastructure-Based Worm Defence

Enterprise Internet Access Solutions

1: Overview of Threats, Controls, and Specific Customer Requirements

• Threats Against Enterprise Internet Access
• Customer Environment and Requirements

2: Architectures and Design Guidelines

• Architectural Components
• Resource Separation Design
• Infrastructure Security Design
• Boundary Network Access Control Design
• Endpoint Protection Design
• High-Availability and High-Performance Solutions Design
• Management Support Design

3: Case Studies

• Enterprise Internet Access Case Study
• Internet Access Protection Technology Demonstration

Solutions for Exposed Enterprise Services and Data Centers

1: Overview of Threats, Controls, and Specific Customer Requirements

• Threats with Exposed Enterprise Services and Data Centers
• Customer Environment and Requirements

2: Architectures and Design Guidelines

• Architectural Components
• Resource Separation Design
• Infrastructure Security Design
• Boundary Network Access Control Design
• Endpoint Protection Design
• High-Availability and High-Performance Solutions Design
• Management Support Design

3: Case Studies

• Exposed Enterprise Service Case Study
• Protection of Enterprise Exposed Services

Unified Communications Protection Solutions

1: Overview of Threats, Controls, and Specific Customer Requirements

• Threats Against Unified Communications Systems
• Customer Environment and Requirements

2: Architectures and Design Guidelines

• Architectural Components
• Physical Security Design
• Resource Separation Design
• Network Infrastructure Security Design
• Boundary Network Access Control Design
• Endpoint Protection Design
• Management Support Design

3: Case Studies

• Unified Communications Protection Solutions

Secure WAN Solutions

1: Overview of Threats, Controls, and Specific Customer Requirements

• Threats Against Enterprise WANs
• Customer Environment and Requirements

2: Architectures and Design Guidelines

• Architectural Components
• Authentication and Transmission Protection Design
• Infrastructure Security Design
• Point-to-Point Secure WAN Design
• Hub-and-Spoke Secure WAN Design
• Meshed Secure WAN Design
• High-Availability and High-Performance Design
• Management Support Design
• Secure WAN Feature Matrix

3: Case Studies

• Hub-and-Spoke IPsec WAN
• Fully-Meshed IPsec WAN
• Demonstration of an On-Demand Fully Meshed IPsec VPN

Secure Remote Access Solutions

1: Overview of Threats, Controls, and Specific Customer Requirements

• Threats Against Enterprise Remote Access and Mobility
• Customer Environment and Requirements

2: Architectures and Design Guidelines

• Architectural Components
• Authentication and Transmission Protection Design
• Infrastructure Security Design
• Remote Access Solutions Design
• High-Availability and High-Performance Design
• Network and Content Access Control Design
• Remote User Protection and Data Loss Protection Design
• Management Support Design

3: Case Studies

• Enterprise Remote Access
• Secure Remote Access Technology Demonstration

Enterprise Wireless Security Solutions

1: Overview of Threats, Controls, and Specific Customer Requirements

• Threats Against Enterprise Wireless Access
• Customer Environment and Requirements

2: Architectures and Design Guidelines

• Architectural Components
• Infrastructure Security Design
• Authentication Design
• Transmission Protection Design
• Endpoint Protection Design
• Guest Access Design
• Management Support Design

3: Case Studies

• Enterprise WLAN Case Study

Enterprise Security Management Solutions

1: Overview of Specific Customer Requirements

• Customer Environment and Requirements

2: Architectures and Design Guidelines

• Architectural Components
• Management Network and System Protection Design
• Infrastructure Security Design
• Policy Provisioning Design
• Secure Monitoring and SIM Design
• Design Compliance Assessment

3: Case Studies

• Enterprise Security Management Case Study