Course: CNT205 First Term: 2011 Fall
Final Term: Current
Final Term: 2017 Fall
|
Lec + Lab 4 Credit(s) 6 Period(s) 5.4 Load
Credit(s) Period(s)
Load
Subject Type: OccupationalLoad Formula: S |
MCCCD Official Course Competencies | |||
---|---|---|---|
1. Describe the security threats facing modern network infrastructures. (I)
2. Demonstrate how to secure Cisco routers. (II) 3. Demonstrate implementation of Authentication, Authorization and Accounting (AAA) on Cisco routers using local router database and external Access Control Server (ACS). (III) 4. Describe and demonstrate mitigation of threats to Cisco routers and networks using Access Control Lists (ACLs). (IV) 5. Describe and demonstrate the implementation of secure network management and reporting. (V) 6. Demonstrate the mitigation of common Layer 2 attacks. (VI) 7. Demonstrate the implementation of the Cisco Internetwork Operation System (IOS) firewall feature set using Security Device Manager (SDM). (VII) 8. Demonstrate the implementation of the Cisco IOS Intrusion Prevention System (IPS) feature set using SDM. (VIII) 9. Describe and demonstrate the implementation of site-to-site Virtual Private Networks (VPNs) on Cisco Routers using SDM. (IX) | |||
MCCCD Official Course Competencies must be coordinated with the content outline so that each major point in the outline serves one or more competencies. MCCCD faculty retains authority in determining the pedagogical approach, methodology, content sequencing, and assessment metrics for student work. Please see individual course syllabi for additional information, including specific course requirements. | |||
MCCCD Official Course Outline | |||
I. Security Threats Facing Modern Network Infrastructures
A. Mitigation Methods for Common Network Attacks B. Mitigation Methods for Worm, Virus, and Trojan Horse Attacks C. Cisco Self Defending Network Architecture II. Securing Cisco Routers A. Cisco Routers Using the SDM Security Audit Feature B. One-Step Lockdown Feature in SDM to Secure a Cisco Router C. Administrative Access to Cisco Routers by Setting Strong Encrypted Passwords, Exec Timeout, Login Failure Rate and Using IOS Login Enhancements D. Administrative Access to Cisco Routers by Configuring Multiple Privilege Levels E. Administrative Access to Cisco Routers by Configuring Role Based Command Line Interface (CLI) F. Cisco IOS Image and Configuration File III. AAA on Cisco Routers using Local Router Database and External ACS A. Functions and Importance of AAA B. Features of Terminal Access Controller Access-Control System (TACACS+) and Remote Authentication Dial In User Service (RADIUS) AAA Protocols C. Configuration of AAA Authentication D. Configuration of AAA Authorization E. Configuration of AAA Accounting IV. Threats to Cisco Routers and Networks Using ACLs A. Functionality of Standard, Extended, and Named Internet Protocol (IP) ACLs Used by Routers to Filter Packets B. IP ACLs to Mitigate Given Threats (Filter IP Traffic Destined for Telnet, Simple Network Management Protocol (SNMP), and Distributed Denial of Service (DDoS) Attacks) in a Network Using CLI C. IP ACLs to Prevent IP Address Spoofing Using CLI D. Caveats to be Considered When Building ACLs V. Secure Network Management and Reporting A. CLI and SDM to Configure Secure Shell (SSH) on Cisco Routers to Enable Secured Management Access B. CLI and SDM to Configure Cisco Routers to Send Syslog Messages to a Syslog Server VI. Mitigation of Common Layer 2 Attacks A. Prevention of Layer 2 Attacks by Configuring Basic Catalyst Switch Security Features VII. Implementation of the Cisco IOS Firewall Feature Set Using SDM A. Operational Strengths and Weaknesses of the Different Firewall Technologies B. Stateful Firewall Operations and the Function of the State Table C. Zone Based Firewall Using SDM VIII. Implementation of the Cisco IOS IPS Feature Set Using SDM A. Network Based versus Host Based Intrusion Detection and Prevention B. IPS Technologies, Attack Responses, and Monitoring Options C. Enablement and Verification of Cisco IOS IPS Operations Using SDM IX. Implementation of Site-to-Site VPNs on Cisco Routers Using SDM A. Different Methods Used in Cryptography B. Internet Key Exchange (IKE) Protocol Functionality and Phases C. Building Blocks of Internet Protocol Security (IPSec) and the Security Functions it Provides D. Configuration and Verification of an IPSec Site-to-Site VPN with Pre-Shared Key Authentication Using SDM | |||
MCCCD Governing Board Approval Date:
12/14/2010 |