• Software and networking become more and more interconnected every day.
• Security teams can take advantage of automation to scale their security solutions.
• Today’s security professionals need a broader range of skills and deeper focus in strategic technology areas.
• The new CCNP Security certification program gives you exactly that breadth and depth.
• The core exam is also the qualifying exam for CCIE Security Certification.

This exam tests your knowledge of implementing and operating core security technologies, including:

• Network security
• Cloud security
• Content security
• Endpoint protection and detection
• Secure network access
• Visibility and enforcement
• SDN and Network Automation Concepts

Who this course is for:

• Network Security Engineers
• Security Engineers

Cisco Certifications

• About Cisco
• Cisco Certification Updates
• Cisco Re-Certification
• CCNP Certifications
• 005 CCIE Certifications
• 006 Cisco Certification Migration Options
• Required Exams for CCNP

CCNP SCOR - 350-701

• CCNP Security Certifications
• CCNP SCOR-350-701
• SCOR-Contents

Network Security Concepts

• Network Security Terminology
• Goals of Network Security
• Understanding Threat Types -Mitigation
• Assets - Classification of Assets
• Classify Countermeasures
• Classify Vulnerabilities
• Network Security - Design Principles

Common Security Attacks - Mitigation

• Motivations Behind Network Attacks
• Social Engineering Attacks
• Phishing Attacks
• Social Engineering - Phishing Mitigation
• Denail of Service Attacks - DoS
• Distributed Denial of Service Attacks - DDoS
• Spoofing Attacks
• Spoofing Attacks - Mitigation
• Man in the Middle Attacks - MiTM
• Password Attacks
• Password Attacks - Mitigation
• Reflector Attacks
• Amplification Attacks
• Reconnaissance Attacks
• Reconnaissance Attacks - Mitigation

Malicious Codes - HACKING

• Malicious Codes - VIRUS
• Malicious Codes - WORMS
• Malicious Codes - TROJAN HORSES
•  Hacking
•  Hackers - Script Kiddies
•  Malware services Darknet

Threat Defense Technologies

• What is Firewall
• Next Generation Firewalls
• AAA- Network Security
• Virtual Private Networks
• Cisco Traffic Telemetry methods
• Intrusion Prevention System - IPS

LABS VIRTUAL - GNS3

• Cisco Lab Options
• About GNS3
• Installing GNS3 on Windows
• GNS3 - Adding IOS Images
• Default Topology- IOS Routers -Initial Configurations
• IOS Default Topology
• Connecting GNS3 Topology to Host Computer
• GNS3- VMWARE Integration
• GNS3 - IOSv L2-L3 Configuration Steps
• GNS3 - ASAv Setup
• GNS3- IOU- L2-L3 Configuration Steps

Network Infrastructure Protection

• Network Infrastructure Protection
• Identify Network Planes
• Data Plane
• Control Plane
• Management Plane

Remote Management - TELNET -SSH

• Inband vs OutBand
• Remote Access - Telnet
• Remote Access - SSH

Cisco Telemetry Services

• Cisco Traffic Telemetry methods
• Device-Network Events Logging
• Syslog - Terminal Logging
• Network Time Protocol
• NTP -Stratum Value
• LAB - NTP - Configuration

Control Plane Security

• Control Plane - Possible Threats
• Routing Protocol Authentication
• Control Plane Policing -CoPP
• Class Map -Policy Map -Hierarchy
• CoPP_ Configuration Example

Layer 2 Security - Basic Options

• Switch Security - Overview
• Disable Unused Ports
• Dynamic Trunking Protocol
• DTP Vulnerabilities - Mitigation
• VLAN Hopping Attack- Mitigation
• CDP Overview
• LLDP Overview
• CDP-LLDP- Vulnerabilities - Mitigation

Layer 2 Security - Advanced

• MAC Flooding Attack - Port Security
• MAC Spoofing Attack - Port Security
• Port Security - Configuration
• Spanning-tree Portfast
• What is Native VLAN
• DHCP Spoofing Attack- DHCP Snooping
• DHCP Snooping - Configuration
• DHCP Starvation Attack - Mitigation
• ARP Spoofing Attack - Dynamic ARP Inspection -DAI
• Dynamic ARP Inspection - Configuration
• Protected Ports - Private VLAN Edge
• Private VLAN - Overview
• Private VLAN - Configuration
• Private VLAN - Configuration Lab
• Protected Ports-Private VLAN Edge

Firewalls - Introduction

• What is Firewall
• Stateful packet Filtering
• Stateless Packet Filtering
• Application Level Gateways - Proxy Servers
• Next Generation Firewalls
• Which Firewall - Vendors

Cisco ASA Firewall

• Cisco Stateful Firewalls - IOS-ASA
• ASA-Supported Features-Part 1
• ASA-Supported Features-Part 2
• ASA - Compare models

Cisco ASA -CLI

• Manage Cisco ASA-CLI-GUI
• ASA Basic CLI Modes - Commands
• ASA Security levels
• ASA Interface configuration
• ASA Security Policies - Default
• ASA - Routing

ASA - ACL - Object Groups

• ASA ACLs - Overview
• ACL ACLs- Basic Example
• Traffic between Same Security level
• ACL Object-Groups
• ACL Object-Groups - LAB

ASA - Network Address Translation

• Public-Private IP
• What is NAT
• NAT Types
• Dynamic NAT on ASA
• Dynamic PAT on ASA
• Dynamic PAT using Exit Interface
• Dynamic NAT-PAT Combination
• Static NAT on ASA
• Static PAT on ASA

Zone Based Firewall - ZBF

• IOS - Zone based Firewall
• ZBF- Configuration overview
• ZBF- Security zones
• ZBF - Default Traffic flow
• Class map -Policy map -Hierarchy
• ZBF - Classify Traffic using Class-maps
• ZBF- Class-map Configuration
• ZBF- Policy Map- Zone Pairs

Cryptography

• What is Cryptography
• Goals of Cryptography
• What is Hashing How it works
• Hashing with HMAC
• What is Encryption - Decryption
• Encryption Algorithms - Symmetric vs Asymmetric
• Cryptanalysis - Attacks
• Asymmetric Encryption - Drawbacks
• Public Key Infrastructure

Virtual Private Networks - VPN

• VPN-Introduction
• VPN Types
• VPN Logical Topologies
• VPN Default Lab Setup- Routers

IPSEC - Internet Protocol Security

• What is IPSEC
• IPSEC Security Services
• IPSEC Modes - Tunnel vs Transport

IPSEC Site to Site VPN

• How IPsec VPN works
• Step-1 Interesting Traffic Configuration
• Step-2 IKE Phase-1
• Step-3- IKE - Phase 2
• IKE Phase -2 Configuration- Verification

Remote VPN- SSL VPN

• Remote Access VPN
• What is SSL - TLS
• How SSL-TLS Works
• What is SSL VPN
• SSL VPN Modes

AAA - Authentication-Authorization-Accounting

• AAA- Network Security
• AAA - Components
• AAA - Protocols -TACACS- RADIUS
• AAA - Cisco Authentication Servers

AAA - Authentication

• AAA Authentication - Device Access
• Authentication - Local Database
• AAA - External Servers
• LAB- Authentication - TACACS

AAA Authorization

• Authorization - Device Access
• IOS Privilege Levels
• LAB -Local Authorization- Privilege Levels
• IOS Privilege Levels - Limitations
• Role based CLI Access - RBAC
• RBAC - Views Types
• LAB1- RBAC Views
• LAB2 - Modify RBAC Views
• LAB3 - RBAC Views
• LAB4 - RBAC Super Views

Web Based Attacks - Web Security

• Web Access-Possible Threats
• Web Based Attacks -Threats
• Web Attacks-Examples
• Web Security Solutions

Cisco WSA - Web Security Appliance

• Cisco Web Security-WSA-CWS
• What is WSA
• WSA-How it Works
• WSA Deployment Modes
• WSA Models-Physical-Virtual
• WSA Licensing Options

Cisco ESA - Email Security Appliance

• Email Based Threats
• Cisco Email Security - ESA - CES

Intrusion Prevention System - IPS

• What is Intrusion?
• Intrusion Prevention System - IPS
• IDS vs IPS
• Host based IPS vs Network Based IPS
• IPS Deployments - Inline vs Promiscuous
• Cisco IPS Solutions
• IPS Threat Detection Methods
• Signature Alarm Types
• IPS Signature Actions
• IPS Evasion Methods - Countermeasures

What is Network Management?

• What is Network Management
• Past-Present Methods of Network Management - PART 1
• Past-Present Methods of Network Management - PART 2
• Simple Network Management Protocol - SNMP

What is Network Automation?

• Challenges - Traditional Management
• Network Automation- Goals
• Types of Network Automation
• What can be Automated- PART 1
• What can be Automated - PART 2
• Impact of Network Automation

Software Defined Networking - SDN & SDN Controllers

• Automation Origination Points
• SDN- Software Defined Networking
• SDN Controllers
• Networks Managed by SDN Controllers

SDN-Control - Management - Data Planes

• Identify Network Device Planes
• Identify Network Device Planes
• Data Plane
• Control Plane
• Management Plane
• SDN- Management Plane
• SDN - Control Plane- Data Plane

SDN Models - Architecture

• SDN - Imperative Model
• SDN - Declarative Model
• SDN-Network Design Requirements
• Underlay Networks
• Overlay Networks
• SDN Fabric

Application Programming Interface - API

• API - Application Programming Interface
• API - Types
• API - with SDN Networks
• NorthBound API
• SounthBOund API

Cisco Devnet - SandBox

• Cisco DEVNET
• DevNET Certifications
• DevNET SandBox
• Sandbox LABS
• Sandbox Lab Access-Reservations

Cisco DNA Center

• Cisco DNA Center
• DNA Center Appliance
• DNA Center- What can do - PART 1
• DNA Center- What can do - PART 2

Web Service API - REST API

• Web Service API
• Web Service API - Commonly Used
• REST API

Network Automation Tools

• Config MGMT Tools
• Config MGMT Tools - Capabilities
• Config-MGMT tools - Similarities
• Master - Agent
• Agent based- Agentless
• Push-Pull Model
• Configuration Files

PUPPET Config Management Tool

• Puppet Master-Agent-Database
• PUPPET-Tool
• Puppet-Manifest
• Puppet-Module-Forge
• Puppet- PULL Model Steps
• Puppet Agent-Agentless

CHEF Config Management Tool

• CHEF- Config MGMT Tool
• CHEF-Terminology

ANSIBLE Config MGMT Tool

• ANSIBLE-Tool
• ANSIBLE-Control Station
• ANSIBLE -Playbook-Inventory
• ANISBLE - Templates-Variables

JSON DATA Encoding

• API Data Formats
• JSON Overview
• JSON Data Types
• JSON Syntax Rules
• JSON Data Interpretation