Pierce College - Course CNE 238

Designing Security for a Network

5 Credits

Instructor: Ciaran Bloomer

Office Hours:
E-mail Address: cbloomer@pierce.ctc.edu

Web Site: www.netacad.com Netspace learning management system web site

Course This course is delivered through the NetSpace learning management system, which is the
Delivery Site: online learning and collaboration environment provided by the Cisco Networking
Academy. It is based on Canvas, so its structure should be familiar to you.
As soon as your instructor has enrolled you in the CCNA Security class on NetSpace, you
will receive an email from the Networking Academy Team (from: noreply@netacad.com),
at your Pierce College email address. The email will give you the URL link, username
and password to allow you to login to Netspace, where you may access the online course
materials.

Overview: This course provides an introduction to the core security concepts and skills needed for
the installation, troubleshooting, and monitoring of network devices to maintain the
integrity, confidentiality, and availability of data and devices.
This course prepares students to take Cisco’s 640-554 Implementing Cisco IOS Network
Security (IINS) exam that is associated with the CCNA Security certification.

Objectives: Upon successful completion of this course you will be able to:
• Describe security threats facing modern network infrastructures
• Secure network device access
• Implement AAA on network devices
• Mitigate threats to networks using ACLs
• Implement secure network management and reporting
• Mitigate common Layer 2 attacks
• Implement the Cisco IOS firewall feature set
• Implement an adaptive security appliance (ASA)
• Implement the Cisco IOS Intrusion Prevention System (IPS) feature set
• Implement site-to-site IP Sec VPNs
• Administer effective security policies

Grading: To be decided

CNE 238 Designing Security for a Network Page 1

 Course Outline

Assignments: Lab assignments:

1. There are sixteen lab assignments to be performed, in class, on the CNE

department’s routers, switches and ASA devices.

2. There are ten Packet Tracer lab assignments to be performed. These

assignments may be performed, in class, on the CNE department’s
computers or on your own Windows or Linux machine with Packet Tracer
installed.

The 26 lab sheets are embedded in the online course materials and are also
available on computers in the CNE lab. Email your completed lab worksheet
for each lab to the instructor no later than Friday June 5, 2015.

Chapter Quizzes (known in Netspace as Chapter Exams):

Chapter quizzes are taken online at the Netspace web site. They are found by
clicking on Assignments in the navigation bar down the left side of the home
page on Netspace. Note that the chapter quizzes are referred to as Chapter
Exams in Netspace. Do not confuse them with the Practice Quizzes that are
found by clicking on Quizzes in the navigation bar. It would be beneficial for
you to try the Practice Quizzes before doing the Chapter Exams. The Practice
Quizzes do not contribute to your final grade. The Chapter Exams do contribute
to your final grade. The Chapter Exams must be completed no later than
Friday June 5, 2015.

Book: Title: CCNA Security 640-554 Official Cert Guide

Author: Keith Barker
Publisher: Cisco Press
ISBN 13: 978-1587204463
Date: 2012
Required: Yes

Access and Disability Services

Students with disabilities who believe they may need academic adjustments, auxiliary aids or
services to fully participate in course activities or meet course requirements are encouraged to
register with the Access and Disability Services (ADS) Office. Students requesting accommodations
must obtain the "Approved Quarterly Academic Adjustments, Auxiliary Aids or Services Green
Form" provided by ADS.

For more information contact one of the ADS Office – Fort Steilacoom/JBLM, Cascade Building,
Welcome Center, 253-964-6526/6527 or Puyallup, Gaspard Building, Room A106, 253-840-
8335/3301.

CNE 238 Designing Security for a Network Page 2

 Course Outline

Week Date Activity Labs and Chapter Quizzes

1 Mon Mar 30 Chapter 1: Modern Network Security Threats 1.5.1.1 Lab - Researching Network Attacks and Security Audit Tools
1.1 Fundamental Principles of a Secure Network
1.2 Viruses, Worms, and Trojan horses
1.3 Attack Methodologies
1.4 Cisco Network Foundation Protection Framework

Wed Apr 1 Chapter 2: Securing Network Devices
2.1 Securing Device Access
2.2 Assigning Administrative Roles
2.3 Monitoring and Managing Devices
2.4 Using Automated Security Features
2.5.1.1 Lab - Securing the Router for Administrative Access
2.5.1.2 Packet Tracer - Configure Cisco Routers for Syslog, NTP, and SSH
Operations

2 Mon Apr 6 Chapter 3: Authentication, Authorization, and 3.6.1.1 Lab - Securing Administrative Access Using AAA and RADIUS
Accounting 3.6.1.2 Packet Tracer - Configure AAA Authentication on Cisco Routers
3.1 Purpose of AAA
3.2 Local AAA Authentication
3.3 Server-Based AAA
3.4 Server-Based AAA Authentication
3.5 Server-Based AAA Authorization and Accounting

Wed Apr 8 Complete chapter 3 Complete chapter 3 labs

3 Mon Apr 13 Chapter 4: Implementing Firewall Technologies 4.4.1.1 Lab - Configuring Zone-Based Policy Firewalls
4.1 Access Control Lists 4.4.1.2 Packet Tracer - Configure IP ACLs to Mitigate Attacks
4.2 Firewall Technologies 4.4.1.3 Packet Tracer - Configuring a Zone-Based Policy Firewall (ZPF)
4.3 Zone-Based Policy Firewall

Wed Apr 15 Complete chapter 4 Complete chapter 4 labs

4 Mon Apr 20 Chapter 5: Implementing Intrusion Prevention 5.5.1.1 Lab - Configuring an Intrusion Prevention System (IPS) Using the
5.1 IPS Technologies CLI and CCP
5.2 IPS Signatures 5.5.1.2 Packet Tracer - Configure IOS Intrusion Prevention System (IPS)
5.3 Implement IPS using CLI
5.4 Verify and Monitor IPS

Wed Apr 22 Complete chapter 5 Complete chapter 5 labs

5 Mon Apr 27 Chapter 6: Securing the Local Area Network 6.5.1.1 Lab - Securing Layer 2 Switches

CNE 238 Designing Security for a Network Page 3

 Course Outline

Week Date Activity Labs and Chapter Quizzes

6.1 Endpoint Security 6.5.1.2 Packet Tracer - Layer 2 Security
6.2 Layer 2 Security Considerations 6.5.1.3 Packet Tracer - Layer 2 VLAN Security
6.3 Configuring Layer 2 Security
6.4 Wireless, VoIP, and SAN Security

Wed April 29 Complete chapter 6 Complete chapter 6 labs

6 Mon May 4 Chapter 7: Cryptographic Systems 7.5.1.1 Lab - Exploring Encryption Methods
7.1 Cryptographic Services
7.2 Basic Integrity and Authenticity
7.3 Confidentiality
7.4 Public Key Cryptography

Wed May 6 Complete chapter 7 Complete chapter 7 labs

7 Mon May 11 Chapter 8: Implementing Virtual Private Networks
8.1 VPNs
8.2 GRE VPNs
8.3 IPSec VPN Components and Operation
8.4 Implementing Site-to-Site IPSec VPNs with CLI
8.5 Implementing Site-to-Site IPSec VPNs with CCP
8.6 Implementing Remote-Access VPNs
8.7.1.1 Lab - Configuring a Site-to-Site VPN Using Cisco IOS and CCP
8.7.1.2 Lab - Configuring a Remote Access VPN Server and Client
8.7.1.3 Lab - (Optional) Configuring a Remote Access VPN Server and
Client
8.7.1.4 Packet Tracer - Configure and Verify a Site-to-Site IPsec VPN using
CLI

Wed May 13 Complete chapter 8 Complete chapter 8 labs

8 Mon May 18 Chapter 9: Implementing the Cisco Adaptive Security 9.4.1.1 Lab - Configuring ASA Basic Settings and Firewall Using CLI
Appliance (ASA) 9.4.1.2 Lab - Configuring ASA Basic Settings and Firewall Using ASDM
9.1 Introduction to the ASA 9.4.1.3 Lab - Configuring Clientless and AnyConnect Remote Access SSL
9.2 ASA Firewall Configuration VPNs Using ASDM
9.3 ASA VPN Configuration 9.4.1.4 Lab - Configuring a Site-to-Site IPsec VPN Using CCP and ASDM
9.4.1.5 Packet Tracer - Configuring ASA Basic Settings and Firewall Using
CLI

Wed May 20 Complete chapter 9 Complete chapter 9 labs

9 Mon May 25 Day After Memorial Day

Wed May 27 Chapter 10: Managing a Secure Network 10.8.1.1 Lab - CCNA Security Comprehensive Lab

CNE 238 Designing Security for a Network Page 4

 Course Outline

Week Date Activity Labs and Chapter Quizzes

10.1 Principles of Secure Network Design 10.8.1.2 Packet Tracer - Skills Integration Challenge
10.2 Security Architecture
10.3 Operations Security
10.4 Network Security Testing
10.5 Business Continuity Planning and Disaster Recovery
10.6 System Development Life Cycle
10.7 Developing a Comprehensive Security Policy

10 Mon Jun 1 Complete chapter 10 Complete chapter 10 labs

Wed Jun 3

11 Mon Jun 8

Wed June 10 Final Exam

Ciaran Bloomer
March 2015

CNE 238 Designing Security for a Network Page 5