2. Situation: Global IT Talent Gap
Challenge
EvolutionoftheNetwork
Time
Voice Transport
Telecommuting / VPN
Wireless
Web 2.0 Apps
Unified Communications
IP Video, TelePresence
Enhanced Security
Switching
Routing
Storage
Role of the Network Grows
Knowledge
Gap
Converged Solutions
50% of Security is
secure routers.
35% of Voice is
router-embedded.
Wireless is 15%
and growing
annually.
3.12 M Gap by 2012
3. In all markets, especially emerging markets, training and
certification for specialized skills are in demand
•80% of surveyed companies worldwide expect dedicated
security role with 5 years (currently 46%)
•69% expect dedicated voice role (40%)
•66% expect dedicated wireless job role (36%)
Forrester Consulting Findings…
4. Cisco Learning Partner COURSE:
Implementing Cisco Unified Wireless
Networking Essentials (IUWNE)
EXAM: IUWNE 640-721
CCNA Wireless
Cisco Learning Partner COURSE:
Implementing Cisco IOS Network
Security (IINS)
EXAM: IINS 640-453
CCNA Security
CCNA Concentrations: One Pre-Requisite
Three Pathways to Success…
Cisco Learning Partner COURSE:
Implementing Cisco IOS Unified
Communications (IIUC)
EXAM: IIUC 640-460
CCNA Voice
Requirements: Hold active CCNA Certification (640-802 CCNA comp exam or 640-
822 ICND1 and 640-816 ICND2 exams) and pass the corresponding CCNA
Concentration exams
5. CCNA Security
• Verifies an individual’s skills in the
following roles:
– Network Security Specialists
– Security Administrators
– Network Security Support
Engineers
• Enables installation, troubleshooting
and monitoring of Cisco Security
devices/technologies.
• Ability to administer security policies
and identify risks in networks
• Serves as prerequisite for CCSP
Certification
• Employers hiring individuals can feel
confident their staff has the skills
needed to install, troubleshoot and
monitor Cisco security technologies.
6. CCNA Security Overview
• In-depth network security education
• Comprehensive understanding of network security concepts
• Hands-on knowledge and skills, emphasizing practical experience
• For entry-level job roles in network security
• Installation, troubleshooting and monitoring of network devices to
maintain integrity, confidentiality and availability of data and devices
• Prepares students for CCNA Security certification (IINS 640-553 exam)
7. Benefits for Students
CCNA Security helps students:
• Gain an introduction to core security technologies
• Learn how to develop security policies and mitigate risks
• Acquire the skills needed to develop a security infrastructure
• Recognize vulnerabilities to networks
• Mitigate potential security threats
• Prepare for the CCNA Security certification exam
• Start or build a career in networking security
• Differentiate themselves in the market with specialized skills and
expertise to achieve success
8. Security Certifications
SND
Cisco Certified Security
Professional (CCSP) Certification
(as originally designed)
CCNA
Certification
(SND is Moved to CCNA Security)
SNRS
SNPA
IPS
Elective Exam
SNAF
IPS
SNRS
CCSP Certification
(Revised in 2009)
Professional-level Associate-level
Elective Exam
IINS exam
(640-553)
CCNA Security Course
CCNA certification is a
pre-requisite for CCNA
Security certification
CCNA Security
Certification
9. CCNA Security Target Audience
• Career starters seeking career-oriented, entry-level security
specialist skills
• Working IT professionals looking to expand their core routing and
switching skills to change or enhance their career
• Students in technical degree programs at institutions of higher
education (colleges, universities, technical schools)
10. What is in the course?
• Describe the security threats facing modern network infrastructures
• Secure Cisco routers
• Implement AAA on Cisco routers using local router database and external ACS
• Mitigate threats to Cisco routers and networks using ACLs
• Implement secure network management and reporting
• Mitigate common Layer 2 attacks
• Implement the Cisco IOS firewall feature set using SDM
• Implement the Cisco IOS IPS feature set using SDM
• Implement site-to-site VPNs on Cisco Routers using SDM
11. Describe the security threats facing modern
network infrastructures
• Describe and list
mitigation methods for
common network
attacks
• Describe and list
mitigation methods for
Worm, Virus, and Trojan
Horse attacks
• Describe the Cisco Self
Defending Network
architecture
12. Secure Cisco routers
• Secure Cisco routers using the SDM
Security Audit feature
• Use the One-Step Lockdown feature
in SDM to secure a Cisco router
• Secure administrative access to Cisco
routers by setting strong encrypted
passwords, exec timeout, login failure
rate and using IOS login
enhancements
• Secure administrative access to Cisco
routers by configuring multiple
privilege levels
• Secure administrative access to Cisco
routers by configuring role based CLI
• Secure the Cisco IOS image and
configuration file
No, too simple….
13. Implement AAA on Cisco routers using local
router database and external ACS
• Explain the functions and
importance of AAA
• Describe the features of
TACACS+ and RADIUS AAA
protocols
• Configure AAA authentication
• Configure AAA authorization
• Configure AAA accounting
14. Mitigate threats to Cisco routers
and networks using ACLs
• Explain the functionality of
standard, extended, and
named IP ACLs used by
routers to filter packets
• Configure and verify IP ACLs
to mitigate given threats
(filter IP traffic destined for
Telnet, SNMP, and DDoS
attacks) in a network using
CLI
• Configure IP ACLs to prevent
IP address spoofing using CLI
• Discuss the caveats to be
considered when building
ACLs
15. Implement secure network
management and reporting
• Use CLI and SDM to configure
SSH on Cisco routers to enable
secured management access
• Use CLI and SDM to configure
Cisco routers to send Syslog
messages to a Syslog server
16. Mitigate common Layer 2 attacks
• Describe how to
prevent layer 2
attacks by configuring
basic Catalyst switch
security features
17. Implement the Cisco IOS firewall
feature set using SDM
• Describe the
operational strengths
and weaknesses of
the different firewall
technologies
• Explain stateful
firewall operations
and the function of
the state table
• Implement Zone
Based Firewall using
SDM
18. Implement the Cisco IOS IPS feature
set using SDM
• Define network based vs. host
based intrusion detection and
prevention
• Explain IPS technologies,
attack responses, and
monitoring options
• Enable and verify Cisco IOS
IPS operations using SDM
19. Implement site-to-site VPNs on
Cisco Routers using SDM
• Explain the different
methods used in
cryptography
• Explain IKE protocol
functionality and phases
• Describe the building
blocks of IPSec and the
security functions it
provides
• Configure and verify an
IPSec site-to-site VPN with
pre-shared key
authentication using SDM
More than any other area, Security and risk management skills are some of the most highly sought across the network and demand is growing. Recent CompTia study found 73% of IT professionals in mature countries identified security, data privacy, firewalls as most important skill but only 57% said their employees were proficient I these skills. 76% of IT profs. In developing countries identified security as most important, with 57% saying their professionals were proficient.Holders with be able to recognize threats and vulnerabilities to networks and mitigate security threats.For career starters, career switchers, career enhancers. Starters can build on foundation of R&S and specialize, R&S professionals can switch or broaden to new specialties.Those with vendor neutral certifications or knowledge in Symantec/checkpoint can expand to training on latest Cisco security technologies Cisco,More effective and successful in their job role—employers can now hire or add associate level skills in their security organizations to handle operating and monitoring tasks.Trained on the latest Cisco security technologies Will serve as pre-requisite for CCSP, for first year CCNA +SND will be accepted