Your SlideShare is downloading. ×
Critical Lab list.doc.doc
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×

Saving this for later?

Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime - even offline.

Text the download link to your phone

Standard text messaging rates apply

Critical Lab list.doc.doc

803
views

Published on


0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
803
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
2
Comments
0
Likes
0
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide

Transcript

  • 1. Net 1 2.1.2 Lab Exercise: Designing a Security Plan In this lab, students will analyze, offer recommendations, and help improve the security infrastructure of a fictitious business. Students will be asked to analyze business application requirements, security risks, and network assets. Students will also examine security requirements and tradeoffs. 2.5.2a Lab Exercise: Configure SSH In this lab, students will configure a router as a Secure Shell (SSH) Version 1 server. Students will install and configure an SSH client on a student PC. Students will then use show and debug commands to troubleshoot SSH. Finally, the students will strengthen SSH by configuring SSH Version 2. 2.5.2b Lab Exercise: Controlling TCP/IP Services In this lab, students will begin the process of implementing a secure perimeter router. Students will explicitly deny common TCP/IP services, and then verify that these services have been disabled. 2.5.7 Lab Exercise: Configure Routing Authentication and Filtering In this lab, students will configure routing protocol authentication. Students will then configure route filters to control route updates from peer routers. 3.4.6 Lab Exercise: Configure the PIX Security Appliance using CLI In this lab exercise, students will learn to execute general PIX Security Appliance commands. Students will also configure the PIX Security Appliance inside and outside interfaces. Finally, students will test and verify basic PIX Security Appliance operation. 3.4.6 e-Lab Activity: PIX Security Appliance show Commands In this activity, the student will demonstrate how to use the show commands to learn about the configuration of the PIX Security Appliance. 3.5.2 e-Lab Activity: Configure Internet Access on a PIX Security Appliance The administrator wants to set up basic Internet connectivity for the internal network. The administrator does not want internal addresses exposed. However, the administrator wants to grant access to the internal Web server from outside hosts. In this activity, the student will create a default route to the perimeter router. 3.5.3 e-Lab Activity: PIX Security Appliance PAT Configuration In this activity, the student will configure PAT to allow all internal hosts to share one IP address. 3.5.5 e-Lab Activity: PIX Security Appliance NAT 0 Configuration
  • 2. In this activity, the student will demonstrate how to use the nat 0 command. 3.5.7 e-Lab Activity: Configure a PIX Security Appliance with Three Interfaces In this activity, the student will practice configuring three interfaces on the PIX Security Appliance. 3.5.7 e-Lab Activity: Configure a PIX Security Appliance with Four Interfaces In this activity, the student will practice configuring three interfaces on the PIX Security Appliance. 3.6.3 Lab Exercise: Configuring the PIX Security Appliance with ASDM In this lab, students will learn to configure basic settings using ASDM. Students will configure outbound access with NAT. Students will test connectivity through the PIX Security Appliance. Students will also configure banners, as well as Telnet and SSH for Remote access. 5.2.1 Lab Exercise: Install and Configure CSACS 3.3 for Windows In this lab, students will install Cisco Secure Access Control Server (CSACS) for Windows 2000. Students will then examine the features of CSACS for Windows. 5.2.1 Resource: Installing Cisco Secure ACS 3.0 and greater for Windows 2000 5.2.2 Resource: How to Add Users to CSACS 6.1.3 Lab Exercise: Configure Local AAA on Cisco Router In this lab, students will secure and test access to the EXEC mode, VTY lines, and the console. Students will configure local database authentication using AAA. Students will then verify and test the AAA configuration. 6.1.4 Lab Exercise: Configure Authentication Proxy In this lab, students will first configure CSACS for Windows 2000. Students will also configure authentication, authorization, and accounting (AAA). Students will then configure an authentication proxy. Finally, students will test and verify the functionality of the authentication proxy. 6.3.9 Lab Exercise: Configure Local AAA on the PIX Security Appliance In this lab, students will configure a local user account. Students will then configure and test inbound and outbound authentication, telnet and http console access, and Virtual Telnet authentication. Finally, students will change and test authentication timeouts and prompts. 6.3.9 Resource: How to View Accounting Information in CSACS 6.3.10 Lab Exercise: Configure AAA on the PIX Security Appliance Using Cisco Secure ACS for Windows 2000
  • 3. In this lab, students will configure and test inbound and outbound authentication, console access and Virtual Telnet authentication, as well as authorization and accounting. Students will also learn to change and test authentication timeouts and prompts. 7.1.9 Lab Exercise: Configure EAP on Cisco ACS for Windows In this lab, students will configure Extensible Authentication Protocol (EAP) with Cisco Secure ACS for Windows. 7.2.8 Lab Exercise: Configure 802.1x Port-Based Authentication In this lab, students will configure 802.1x port-based authentication on a Catalyst 2950 switch. 8.3.13 Lab Exercise: Configure Cisco IOS Firewall CBAC In this lab, students will understand how CBAC enables a router-based firewall. Students will configure a simple firewall including CBAC using the Security Device Manager (SDM). Students will then learn to configure a simple firewall including CBAC and RFC Filtering using the IOS CLI. Students will also test and verify CBAC operation. 9.1.7 Lab Exercise: Configure Access Through the PIX Security Appliance using CLI In this lab, students will configure the PIX Security Appliance to allow inbound traffic to both the inside host and the bastion host. Students will then test and verify correct PIX Security Appliance operation. 9.1.7 Lab Exercise: Configure Multiple Interfaces using CLI – Challenge Lab In this lab, the student will complete the objective of configuring three PIX interfaces and configure access through the PIX Security Appliance. 9.1.9 Lab Exercise: Configure ACLs in the PIX Security Appliance using CLI In this lab activity, students will learn to disable pinging from an interface. Students will then configure inbound and outbound access control lists (ACLs). 9.2.3 Lab Exercise: Configure Service Object Groups using ASDM In this lab, students will configure an inbound access control list (ACL) with object groups. Students will also learn to configure a service object group. Students will then configure web and ICMP access to the inside host. Finally, students will test and verify the inbound ACL. 9.2.5 Lab Exercise: Configure Object Groups and Nested Object Groups using CLI
  • 4. In this lab, students will learn to configure a service, ICMP-Type, and nested server object group. Students will also learn to configure an inbound access control list (ACL) with object groups. Students will then configure web and ICMP access to the inside host. Finally, students will test and verify the inbound ACL. 9.4.10 Lab Exercise: Configure and Test Advanced Protocol Handling on the Cisco PIX Security Appliance In this lab, the student will complete the objective of configuring three PIX interfaces and configure access through the PIX Security Appliance. 10.2.4 Lab Exercise: Mitigate Layer 2 Attacks In this Lab activity, students will configure network switches and routers to mitigate Layer 2 attacks. After completing this activity, students will be able to mitigate CAM table overflow attacks, MAC spoofing attacks, and DHCP starvation attacks. Net 2 2.1.6 Lab Exercise: Configure a Router with the IOS Intrusion Prevention System In this lab activity, students will learn how to initialize IPS on the router. Students will also disable and exclude signatures. Students will then create and apply audit rules. After the IPS configuration is complete, students will verify the IPS configuration on the router and generate a test message. 2.3.3 Lab Exercise: Configure Intrusion Prevention on the PIX Security Appliance In this lab exercise, students will configure the use of Cisco Intrusion Prevention System (IPS) information and attack signatures using both ADSM and CLI. 4.4.7 Lab Exercise: Configure IOS IPSec using Pre-shared Keys In this lab, students will prepare to configure Virtual Private Network (VPN) support. Students will learn to configure Internet Key Exchange (IKE) phase one. Students will also configure IKE parameters and verify IKE and IP Security (IPSec). Students will then configure the IPSec parameters. Finally, students will test and verify the IPSec configuration. 4.4.8 Lab Exercise: Configuring Cisco IOS IPSec with Pre-Shared Keys using SDM In this lab, students will prepare to configure VPN support. Students will learn to configure a VPN tunnel using the SDM VPN Wizard. Students will also modify the IKE and IPSec configuration. Students will then test and verify the IPSec configuration. 4.4.8 Lab Exercise: Configuring Cisco GRE IPSec Tunnel using SDM
  • 5. In this lab, students will prepare to configure VPN support. Students will learn to configure a GRE/IPSec tunnel using the SDM VPN Wizard. Students will also modify the GRE/IPSec configuration. Students will then test and verify the GRE/IPSec configuration. 4.5.5 Lab Exercise: Configure a PIX Security Appliance Site-to-Site IPSec VPN Tunnel Using CLI In this lab exercise, students will prepare to configure VPN support. Students will then configure IKE and IPSec parameters. Finally, students will test and verify IPSec configuration. 4.5.5 Lab Exercise: Configure a PIX Security Appliance Site-to-Site IPSec VPN Tunnel Using ASDM In this lab exercise, students will configure IKE and IPSec parameters using the ADSM VPN Wizard. Students will then test and verify IPSec configuration. 5.2.6 Lab Exercise: Configure IPSec using Digital Certificates In this lab, students will first prepare for IKE and IPSec. Students will then learn to configure certificate support. Students will also configure IKE and IPSec. Finally, students will test and verify the IPSec configuration. 5.3.2 Lab Exercise: Configure a Site-to-Site IPSec VPN Tunnel with CA Support In this lab exercise, students will prepare for and then configure CA support. Students will then configure and verify IKE and IPSec Parameters. Students will verify that the VPN connection is up and working properly. Finally, students will verify the VPN status and configuration using PDM. 6.2.12 Lab Exercise: Configure Remote Access Using Cisco Easy VPN In this lab, students will learn to enable policy lookup via authentication, authorization, and accounting (AAA). Students will then define group policy information for mode configuration push. Students will also configure and verify the IPSec transforms and crypto maps. Students will also learn to install and configure the Cisco VPN Client 4.0 or later, and then use the VPN Client to connect to the corporate Intranet. 6.2.12 Lab Exercise: Configure Cisco Easy VPN Server with NAT In this lab, students will first verify the Easy VPN Server configuration. Students will learn to configure and modify PAT using both SDM and CLI. Students will also test remote connectivity. 6.5.9 Lab Exercise: Configure a Secure VPN Using IPSec between a PIX and a VPN Client using ASDM
  • 6. In this lab exercise, students will configure the PIX Easy VPN Server feature using the VPN Wizard. Students will then install and configure the Cisco VPN Client on the Student PC. Finally, students will verify and Test the Cisco VPN Client remote access connection. 6.5.9 Lab Exercise: Configure a Secure VPN Using IPSec between a PIX and a VPN Client using CLI In this lab exercise, students will configure and verify the PIX Easy VPN Server feature using CLI. Students will then install and configure the Cisco VPN Client on a Microsoft Windows end-user PC. Finally, students will verify and Test the Cisco VPN Client remote access connection. 7.4.5 Lab Exercise: Configure SNMP Messages on a Cisco Router In this lab, students will learn to configure SNMP. Students will install SNMP trap watcher and enable SNMP Community Strings. Students will then establish the contact and location of the SNMP Agent. Students will also test the configuration. Students will then learn to limit SNMP to the inside server. Finally, students will disable SNMP traps, and then disable SNMP and the associated ACL. 7.4.6 Lab Exercise: Configure SNMP Monitoring of the PIX Security Appliance Using ASDM In this lab exercise, students will enable the SNMP community string. Students will also establish the contact and location of the SNMP Agent. Students will then learn to limit SNMP to the inside server. Finally, students will test the configuration. 8.3.3 Lab Exercise: Configure a PIX Security Appliance as a Transparent Firewall In this lab activity, students will configure a PIX Security Appliance is transparent mode. 8.4.3 Lab Exercise: Configure User Authentication and Command Authorization using ASDM In this lab exercise, students will configure command authorization, local user authentication, and SSH. 8.4.3 Lab Exercise: Configure SSH, Command Authorization, and Local User Authentication using CLI In this lab exercise, students will configure and verify SSH operation. Students will then configure command authorization and local user authentication. 8.4.4 Lab Exercise: Perform Password Recovery on the PIX Security Appliance In this lab exercise, students will learn to upgrade the PIX Security Appliance software image. Students will also learn to perform password recovery procedures.