powered by
Center for Curriculum and Transfer Articulation
Cisco Certified Network Associate Security
Course: CNT205

First Term: 2021 Spring
Lec + Lab   4.0 Credit(s)   6.0 Period(s)   6.0 Load  
Course Type: Occupational
Load Formula: T - Lab Load

Description: Associate-level knowledge and skills required to secure Cisco networks. Development of a security infrastructure, identification of threats and vulnerabilities to networks. Mitigation of security threats. Core security technologies. Installation, troubleshooting and monitoring of network devices to maintain integrity, confidentiality and availability of data and devices. Competency in the technologies that Cisco uses in its security structure.

MCCCD Official Course Competencies
1. Describe the security threats facing modern network infrastructures. (I)
2. Demonstrate how to secure Cisco routers. (II)
3. Demonstrate implementation of Authentication, Authorization and Accounting (AAA) on Cisco routers using local router database and external Access Control Server (ACS). (III)
4. Describe and demonstrate mitigation of threats to Cisco routers and networks using Access Control Lists (ACLs). (IV)
5. Describe and demonstrate the implementation of secure network management and reporting. (V)
6. Demonstrate the mitigation of common Layer 2 attacks. (VI)
7. Demonstrate the implementation of the Cisco Internetwork Operation System (IOS) firewall feature set using Security Device Manager (SDM). (VII)
8. Demonstrate the implementation of the Cisco IOS Intrusion Prevention System (IPS) feature set using SDM. (VIII)
9. Describe and demonstrate the implementation of site-to-site Virtual Private Networks (VPNs) on Cisco Routers using SDM. (IX)
MCCCD Official Course Outline
I. Security threats facing modern network infrastructures
   A. Mitigation methods for common network attacks
   B. Mitigation methods for worm, virus, and trojan horse attacks
   C. Cisco self defending network architecture
II. Securing cisco routers
   A. Cisco routers using the SDM security audit feature
   B. One-step lockdown feature in SDM to secure a cisco router
   C. Administrative access to Cisco routers by setting strong encrypted passwords, exec timeout, login failure rate and using IOS login enhancements
   D. Administrative access to Cisco routers by configuring multiple privilege levels
   E. Administrative access to Cisco routers by configuring role based command line interface (CLI)
   F. Cisco IOS image and configuration file
III. AAA on Cisco routers using local router database and external ACS
   A. Functions and importance of AAA
   B. Features of terminal access controller access-control system (TACACS+) and remote authentication dial in user service (RADIUS) AAA protocols
   C. Configuration of AAA authentication
   D. Configuration of AAA authorization
   E. Configuration of AAA accounting
IV. Threats to Cisco routers and networks using ACLs
   A. Functionality of standard, extended, and named internet protocol (IP) ACLs used by routers to filter packets
   B. IP ACLs to mitigate given threats (filter IP traffic destined for Telnet, simple network management protocol (SNMP), and distributed denial of service (DDoS) attacks) in a network using CLI
   C. IP ACLs to prevent IP address spoofing using CLI
   D. Caveats to be considered when building ACLs
V. Secure network management and reporting
   A. CLI and SDM to configure secure shell (SSH) on Cisco routers to enable secured management access
   B. CLI and SDM to configure Cisco routers to send syslog messages to a syslog server
VI. Mitigation of common layer 2 attacks
   A. Prevention of layer 2 attacks by configuring basic catalyst switch security features
VII. Implementation of the Cisco IOS firewall feature set using SDM
   A. Operational strengths and weaknesses of the different firewall technologies
   B. Stateful firewall operations and the function of the state table
   C. Zone based firewall using SDM
VIII. Implementation of the Cisco IOS IPS feature set using SDM
   A. Network based versus host based intrusion detection and prevention
   B. IPS technologies, attack responses, and monitoring options
   C. Enablement and verification of Cisco IOS IPS operations using SDM
IX. Implementation of site-to-site VPNs on Cisco routers using SDM
   A. Different methods used in Cryptography
   B. Internet Key Exchange (IKE) Protocol Functionality and Phases
   C. Building blocks of internet protocol security (IPSec) and the security functions it provides
   D. Configuration and verification of an IPSec site-to-site VPN with pre-shared key authentication using SDM
MCCCD Governing Board Approval Date: November 24, 2020

All information published is subject to change without notice. Every effort has been made to ensure the accuracy of information presented, but based on the dynamic nature of the curricular process, course and program information is subject to change in order to reflect the most current information available.