Chief Cisco instructor for
CCIE R & S/CCIE Security / CCSP

Chandan Sharma
Dual CCIE # 19701
(R&S, Security)


Chandan Sharma free
Training Videos

Coming up on 6th, trainining videos are IPV6 Tunnels and Extended with ACL

CCNP Security

Certifications - CCSP becomes CCNP Security


CCSP Becomes CCNP Security to align the certification to the job role of the Cisco Network Security Engineer
On October 19, 2010, Learning@Cisco announced the evolution of the CCSP certification to CCNP Security. CCNP Security is an evolution of the CCSP certification and is aligned specifically to the job role of the Cisco Network Security Engineer. Over the next year, CCNP Security will replace CCSP as Cisco's professional level security certification.
CCNP Security Certification
The CCNP Security certification is the most efficient way to ensure Network Security Engineers have the practical skills needed to deploy, service, maintain, and support Cisco network security solutions. CCNP Security delivers the practical skills needed to enforce cybersecurity performance, gain high quality security service levels, and meet compliance mandates.
CCNP Security Curriculum and Exams

SECURE

The course provides network security engineers with the knowledge and skills needed to secure Cisco IOS Software router- and switch-based networks, and provide security services based on Cisco IOS Software. The course focuses on the implementation and troubleshooting aspects of the lifecycle services approach, adding some elements of the design phase as well.

IPS v7.0

This course provides network security engineers with the knowledge and skills needed to deploy Cisco IPS-based security solutions. Successful graduates will be able to reduce risk to the IT infrastructure and applications using Cisco IPS features, and provide detailed operations support for the Cisco IPS.

FIREWALL

The course provides network security engineers with the knowledge and skills needed to implement and maintain Cisco ASA adaptive security appliance-based perimeter solutions. Successful graduates will be able to reduce risk to the IT infrastructure and applications using Cisco ASA adaptive security appliance features, and provide detailed operations support for the Cisco ASA adaptive security appliance.

VPN

This course helps engineers in choosing, configuring, and troubleshooting the majority of Cisco ASA adaptive security appliance remote access and site-to-site VPN features to reduce risk to IT infrastructure and its applications.
CCNP Security

COURSE

NEW EXAM

REPLACES

OLD EXAM

LAST DAY TO TEST

SECURE:
Securing Networks with Cisco Routers and Switches

642-637

SNRS v3.0

642-504

08/04/2011

IPS v7.0:
Implementing Cisco Intrusion Prevention System

642-627

IPS v6.0

642-533

31/05/2011

FIREWALL:
Deploying Cisco ASA Firewall Features

642-617 &
642-647

SNAF v1.0 &
SNAA v1.0

642-524

08/04/2011

VPN:
Deploying Cisco ASA VPN Solutions

642-617 &
642-647

SNAF v1.0 &
SNAA v1.0

642-515

08/04/2011

Securing Networks with Cisco Routers and Switches (SECURE v 1.0)
Associated Certifications: CCNP Security
Duration: 5 days
Exam: 642-637
Prerequisites
The knowledge and skills that a learner must have before attending this course:
Cisco Certified Network Associate (CCNA) certification

  • Interconnecting Cisco Network Devices 1 (ICND1)
  • Interconnecting Cisco Network Devices 2 (ICND2)

Cisco Certified Network Associate Security (CCNA Security) certification

  • Implementing Cisco IOS Network Security (IINS)
  • Working knowledge of the Microsoft Windows operating system
     

Who should attend

  • Channel Partner / Reseller
  • Customer
  • Employee
     

The Securing Networks with Cisco Routers and Switches (SECURE) 1.0 course is an instructor-led course presented by Cisco training partners to their end-user customers. This five-day course aims at providing network security engineers with the knowledge and skills needed to secure Cisco IOS Software router- and switch-based networks, and provide security services based on Cisco IOS Software. Successful graduates will be able to secure the network environment using existing Cisco IOS Software features, as well as install and configure components of the Cisco IOS Software, such as zone-based policy firewall, Cisco IOS Intrusion Prevention System (IPS), user-based firewall, secure tunnels using IP Security (IPsec) virtual private network (VPN) technology including public key infrastructure (PKI), virtual tunnel interface / dynamic virtual tunnel interface (VTI / DVTI), Group Encrypted Transport VPN (GET VPN), Dynamic Multipoint Virtual Private Network (DMVPN), Secure Sockets Layer (SSL) VPN, and advanced switch security features. The course focuses on the implementation and troubleshooting aspects of the lifecycle services approach, adding some elements of the design phase as well.
 
Course Objectives
Upon completing this course, the learner will be able to meet these overall objectives:

  • Implement and maintain Cisco IOS Software infrastructure protection controls in a Cisco router- and switch-based network infrastructure.
  • Implement and maintain Cisco IOS Software threat control and containment technologies in a Cisco router-based perimeter infrastructure.
  • Implement and maintain Cisco IOS Software VPN technologies in a Cisco router-based WAN.
  • Implement and maintain Cisco IOS Software remote access VPN technologies in a Cisco router-based remote access solution.
     

Course outline


Module 1: Deploying Cisco IOS Software Network Foundation Protection Lesson

  • Lesson 1: Deploying Network Foundation Protection Controls
  • Lesson 2: Deploying Advanced Switched Data Plane Security Controls
  • Lesson 3: Implementing Cisco Identity-Based Network Services
  • Lesson 4: Deploying Basic 802.1X Features
  • Lesson 5: Deploying Advanced Routed Data Plane Security Controls
  • Lesson 6: Deploying Advanced Control Plane Security Controls
  • Lesson 7: Deploying Advanced Management Plane Security Controls
     

Module 2: Deploying Cisco IOS Software Threat Control and Containment

  • Lesson 1: Deploying Cisco IOS Software Network Address Translation
  • Lesson 2: Deploying Basic Zone-Based Policy Firewalls
  • Lesson 3: Deploying Advanced Zone-Based Policy Firewalls
  • Lesson 4: Deploying Cisco IOS Software IPS
     

Module 3: Deploying Cisco IOS Software Site-to-Site Transmission Security
 

  • Lesson 1: Site-to-Site VPN Architectures and Technologies
  • Lesson 2: Deploying VTI-Based Site-to-Site IPsec VPNs
  • Lesson 3: Deploying Scalable Authentication in Site-to-Site IPsec VPNs
  • Lesson 4: Deploying DMVPNs
  • Lesson 5: Deploying High Availability in Tunnel-Based IPsec VPNs
  • Lesson 6: Deploying GET VPN
     

Module 4: Deploying Secure Remote Access with Cisco IOS Software

  • Lesson 1: Remote Access VPN Architectures and Technologies
  • Lesson 2: Deploying Remote Access Solutions Using SSL VPN
  • Lesson 3: Deploying Remote Access Solutions Using Cisco Easy VPN
     

Implementing Cisco Intrusion Prevention System (IPS v7.0 )


Associated Certifications: CCNP Security
Duration: 5 days
Exam: 642-627
Prerequisites
The knowledge and skills that a learner must have before attending this course:
Cisco Certified Network Associate (CCNA) certification

  • Interconnecting Cisco Network Devices 1 (ICND1)
  • Interconnecting Cisco Network Devices 2 (ICND2)
     

Cisco Certified Network Associate Security (CCNA Security) certification

  • Implementing Cisco IOS Network Security (IINS)
  • Working knowledge of the Microsoft Windows operating system 

Who should attend

  • Channel Partner / Reseller
  • Customer
  • Employee 

The Implementing Cisco Intrusion Prevention System (IPS) course is part of the curriculum path leading to the Cisco Certified Network Professional Security (CCNP Security) certification. It is a five-day instructor-led course aimed at providing network security engineers with the knowledge and skills needed to deploy Cisco IPS-based security solutions. Successful graduates will be able to reduce risk to the IT infrastructure and applications using Cisco IPS features, and provide detailed operations support for the Cisco IPS.


Course Objectives
Upon completing this course, the learner will be able to meet these overall objectives:

  • Evaluate products and deployment architectures for the Cisco IPS product line.
  • Perform an initial implementation of a Cisco IPS sensor.
  • Implement an initial security policy using a Cisco IPS sensor according to local policies and environmental requirements.
  • Deploy customized policies to adapt Cisco IPS traffic analysis and response to the target environment.
  • Implement a basic Cisco IPS data management and analysis solution.
  • Implement complex Cisco IPS policy virtualization, high availability, and high performance solutions according to policy and environmental requirements.
  • Perform the initial setup of, and maintain specific Cisco IPS hardware.

Course outline
Course Introduction
Module 1: Introduction to Intrusion Prevention and Detection, Cisco IPS Software, and Supporting Devices

  • Evaluating Intrusion Prevention and Intrusion Detection Systems
  • Choosing Cisco IPS Software, Hardware, and Supporting Applications
  • Evaluating Network IPS Traffic Analysis Methods, Evasion Possibilities, and Anti-Evasive Countermeasures
  • Choosing a Network IPS and IDS Deployment Architecture

Module 2: Installing and Maintaining Cisco IPS Sensors

  • Integrating the Cisco IPS Sensor into a Network
  • Performing the Cisco IPS Sensor Initial Setup
  • Managing Cisco IPS Devices

Module 3: Applying Cisco IPS Security Policies

  • Configuring Basic Traffic Analysis
  • Implementing Cisco IPS Signatures and Responses
  • Configuring Cisco IPS Signature Engines and the Signature Database
  • Deploying Anomaly-Based Operation

Module 4: Adapting Traffic Analysis and Response to the Environment

  • Customizing Traffic Analysis
  • Managing False Positives and False Negatives
  • Improving Alarm and Response Quality

Module 5: Managing and Analyzing Events

  • Installing and Integrating Cisco IPS Manager Express with Cisco IPS Sensors
  • Managing and Investigating Events Using Cisco IPS Manager Express
  • Using Cisco IME Reporting and Notifications
  • Integrating Cisco IPS with Cisco Security Manager and Cisco Security MARS
  • Using the Cisco IntelliShield Database and Services

Module 6: Deploying Virtualization, High Availability, and High Performance Solutions

  • Using Cisco IPS Virtual Sensors
  • Deploying Cisco IPS for High Availability and High Performance

Module 7: Configuring and Maintaining Specific Cisco IPS Hardware

  • Configuring and Maintaining the Cisco ASA AIP-SSM and AIP-SSC-5 Modules
  • Configuring and Maintaining the Cisco ISR IPS AIM and IPS NME Modules
  • Configuring and Maintaining the Cisco IDSM-2

Labs

  • Performing the Cisco IPS Sensor Initial Setup
  • Managing a Cisco IPS Sensor
  • Configuring and Modifying Basic Cisco IPS Signatures and Responses
  • Configuring Cisco IPS Anomaly-Based Operation
  • Configuring Custom Cisco IPS Signatures
  • Managing False Positives and False Negatives
  • Improving Alarm and Response Quality
  • Using Cisco IME
  • Using Cisco IPS and Security Intelligence Web Resources
  • Configuring Policy Virtualization

Deploying Cisco ASA Firewall Features (FIREWALL v 1.0)


Associated Certifications: CCNP Security
Duration: 5 days
Exam: 642-617
Prerequisites
The knowledge and skills that a learner must have before attending this course:
Cisco Certified Network Associate (CCNA) certification

  • Interconnecting Cisco Network Devices 1 (ICND1)
  • Interconnecting Cisco Network Devices 2 (ICND2)


Cisco Certified Network Associate Security (CCNA Security) certification

  • Implementing Cisco IOS Network Security (IINS)
  • Working knowledge of the Microsoft Windows operating system

Who should attend

  • Channel Partner / Reseller
  • Customer
  • Employee

The Deploying Cisco ASA Firewall Features (FIREWALL) 1.0 course is an instructor-led course presented by Cisco training partners to their end-user customers. This five-day course aims at providing network security engineers with the knowledge and skills needed to implement and maintain Cisco ASA adaptive security appliance-based perimeter solutions. Successful graduates will be able to reduce risk to the IT infrastructure and applications using Cisco ASA adaptive security appliance features, and provide detailed operations support for the Cisco ASA adaptive security appliance.


Course Objectives
Upon completing this course, the learner will be able to meet these overall objectives:

  • Evaluate the basic technology, features, and hardware models of the Cisco ASA adaptive security appliance product line.
  • Implement and maintain basic Cisco ASA adaptive security appliance connectivity and device management plane features.
  • Implement and maintain data plane access control features of the Cisco ASA adaptive security appliance product family.
  • Implement and maintain Cisco ASA adaptive security appliance features that integrate it with the local and global routing and switching infrastructure.
  • Implement and maintain Cisco ASA adaptive security appliance virtualization and high availability features.
  • Evaluate Cisco ASA adaptive security appliance SSM modules, their major features, and integrate them with the Cisco ASA adaptive security appliance. 

Course outline
Course Introduction
Module 1: Introduction to the Cisco ASA Adaptive Security Appliance

  • Introducing Cisco ASA Adaptive Security Appliance Technology and Features
  • Introducing the Cisco ASA Adaptive Security Appliance Family

Module 2: Implementation of Basic Connectivity and Device Management

  • Getting Started with the Cisco ASA Adaptive Security Appliance and Cisco ASDM
  • Configuring Interfaces and Static Routing
  • Configuring Basic Device Management Features
  • Configuring Management Access

Module 3: Deployment of Cisco ASA Adaptive Security Appliance Access Control Features

  • Configuring Basic Access Control
  • Using Cisco ASA Adaptive Security Appliance Modular Policy Framework
  • Tuning Basic Stateful Inspection Features
  • Configuring Application Layer Policies
  • Configuring Advanced Access Controls
  • Configuring Resource Limits and Guarantees
  • Configuring User-Based Policies (Cut-Through Proxy)

Module 4: Deployment of Cisco ASA Adaptive Security Appliance Network Integration Features

  • Deploying Network Address Translation
  • Configuring Cisco ASA Adaptive Security Appliance Transparent Operations

Module 5: Deployment of Cisco ASA Adaptive Security Appliance Virtualization and High Availability Features

  • Deploying Cisco ASA Adaptive Security Appliance Virtualization Features
  • Deploying Cisco ASA Adaptive Security Appliance Redundant Interfaces
  • Deploying Active/Standby High Availability Failover
  • Active/Active High-Availability Failover

Module 6: Integration of Cisco ASA Adaptive Security Appliance Security Service Modules

  • Introducing Cisco ASA Adaptive Security Appliance Security Service Modules
  • Integrating the Cisco ASA Adaptive Security Appliance AIP-SSM and AIP-SSC Modules
  • Integrating the Cisco ASA Adaptive Security Appliance CSC-SSM Module

Labs

  • Configuring Basic Connectivity
  • Configuring Management Features
  • Configuring Basic Access Control
  • Tuning Basic Cisco ASA Adaptive Security Appliance Stateful Inspection Features
  • Configuring Application-Layer Policies
  • Configuring Advanced Access Controls
  • Configuring User-Based Policies (Cut-Through Proxy)
  • Configuring Cisco ASA Adaptive Security Appliance NAT
  • Configuring Transparent Firewall Mode
  • Deploying a Cisco ASA Adaptive Security Appliance Active/Standby Failover
  • Deploying a Cisco ASA Adaptive Security Appliance Active/Active Failover

Deploying Cisco ASA VPN Solutions (VPN v 1.0)


Associated Certifications: CCNP Security
Duration: 5 days
Exam: 642-647
Prerequisites
The knowledge and skills that a learner must have before attending this course are as follows:

  • Cisco Certified Network Associate (CCNA) certification: Interconnecting Cisco Network Devices 1 (ICND1) & Interconnecting Cisco Network Devices 2 (ICND2)
  • Cisco Certified Network Associate Security (CCNA Security) certification: Implementing Cisco IOS Network Security (IINS)
  • Working knowledge of the Microsoft Windows operating system. 

Who should attend
The primary audience for this course is as follows:

  • Network Security Engineers (NSEs) involved in VPN design, implementation and maintenance
  • Cisco customers who implement and maintain Cisco ASA (adaptive security appliance) based VPN solutions.

The secondary audience for this course is as follows:

  • Cisco channel partners who sell, implement, and maintain Cisco ASA security appliances
  • Cisco engineers who support the sale of Cisco ASA security appliances 

The Deploying Cisco ASA VPN Solutions (VPN) 1.0 course is an instructor-led course presented by Cisco training partners to their end-user customers. This five-day course aims at choosing, configuring, and troubleshooting the majority of Cisco ASA adaptive security appliance remote access and site-to-site VPN features to reduce risk to IT infrastructure and its applications.

Course Objectives
Upon completing this course, the learner will be able to meet these overall objectives:

  • Evaluate the Cisco ASA adaptive security appliance VPN subsystem
  • Deploy Cisco ASA adaptive security appliance IPsec VPN solutions
  • Deploy Cisco ASA adaptive security appliance Cisco AnyConnect remote access VPN solutions
  • Deploy Cisco ASA adaptive security appliance clientless remote access VPN solutions
  • Deploy advanced Cisco ASA adaptive security appliance VPN solutions 

Course outline
Module 1: Evaluating the Cisco ASA Adaptive Security Appliance VPN Subsystem

  • Evaluating the Cisco ASA Adaptive Security Appliance Software Architecture
  • Evaluating the Cisco ASA Adaptive Security Appliance VPN Subsystem Architecture
  • Applying Common Cisco ASA Adaptive Security Appliance Remote Access VPN Configuration Concepts 

Module 2: Deploying Cisco ASA Adaptive Security Appliance IPsec VPN Solutions

  • Deploying Basic Site-to-Site IPsec VPNs
  • Deploying Certificate Authentication in Site-to-Site IPsec VPNs
  • Deploying the Cisco IPsec VPN Client
  • Deploying Basic Easy VPN Solutions
  • Deploying Advanced Authentication in Cisco Easy VPN Solutions
  • Deploying the Cisco ASA 5505 Adaptive Security Appliance as an Easy VPN Hardware Client

Module 3: Deploying Cisco ASA Adaptive Security Appliance AnyConnect Remote

  • Access VPN Solutions
  • Deploying a Basic Cisco AnyConnect Full Tunnel SSL VPN Solution
  • Advanced Deployment of the Cisco AnyConnect VPN Client
  • Deploying Advanced Authentication in AnyConnect Full Tunnel SSL VPNs

Module 4: Deploying Cisco ASA Adaptive Security Appliance Clientless Remote

  • Access VPN Solutions
  • Deploying a Basic Clientless VPN Solution
  • Deploying Advanced Application Access for Clientless SSL VPN
  • Deploying Advanced Authentication and Single Sign-On in a Clientless SSL VPN
  • Customising the Clientless SSL VPN User Interface and Portal

Module 5: Deploying Advanced Cisco ASA Adaptive Security Appliance VPN Solutions

  • Deploying VPN Authorisation, Access Control, and Accounting
  • Deploying Cisco Secure Desktop in SSL VPNs
  • Deploying Dynamic Access Policies
  • Deploying High Availability and High Performance in SSL and IPsec VPNs

Labs

  • Lab 2-1: Deploying a Basic Cisco ASA Site-to-Site VPN
  • Lab 2-2: Deploying a Certificate-Based Cisco ASA IPsec Site-to-Site VPN
  • Lab 2-3: Deploying Basic Easy VPN
  • Lab 2-4: Deploying Advanced Easy VPN Server with Certificate-based Authentication
  • Lab 2-5: Deploying the Cisco ASA 5505 as a Hardware Easy VPN Client
  • Lab 3-1: Configuring a Basic Cisco AnyConnect Full Tunnel SSL VPN using Local Password Authentication
  • Lab 3-2: Configuring a Basic AnyConnect Full Tunnel SSL VPN Using the Local CA
  • Lab 3-3: Deploying the Cisco AnyConnect Client with Centralised Management
  • Lab 4-1: Configuring Basic Clientless VPN Access
  • Lab 4-2: Configuring Advanced Application Access in Clientless SSL VPNs
  • Lab 4-3: Customising the SSL VPN Portal
  • Lab 5-1: Deploying SSL VPN Access Policies and Authorisation Parameters
  • Lab 5-2: Deploying Cisco Secure Desktop and DAP in SSL VPNs
  • Lab 5-3: Configuring a Load Balancing SSL VPN Cluster