Chapter 0 :

IT Security
Course presentation and terminology

CCNA Security v2.0

Chapter 2 : Securing Network Devices ;

Chapter 3 : Authentication, Authorization and

Chapter 4 : Implementing and configuring Firewall

Chapter 5 : Implementing Intrusion Prevention ;

Chapter 6 : Securing the Local Area Network ;

Chapter 7 : Cryptographic Systems ;

Chapter 8 : Implementing Virtual Private Networks ;

Chapter 9 : Implementing ASA ;

Chapter 10 : Managing a Secure Network ;

© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 2
 • CCNA Security course helps students to :
o Understand core security concepts and how to develop and
implement security policies to mitigate risks ;
o Acquire skills needed to configure, monitor, and troubleshoot
network security ;
o Prepare for the Cisco CCNA Security certification exam ;
o Start or advance a career in network security ;
o Differentiate themselves in the market with specialized skills
and expertise to achieve success.

© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 3
 • Upon completion of this course, students will be
able to:
o Describe security threats facing modern network infrastructures ;
o Secure routers and switches ;
o Describe AAA functionalities and implement AAA on routers using local
router database and server-based ACS or ISE ;
o Mitigate threats to networks using ACLs and stateful firewalls ;
o Implement IPS and IDS to secure networks against evolving attacks ;
o Mitigate threats to email, web based and endpoints attacks and common
Layer 2 attacks ;
o Secure communications to ensure Integrity, Authenticity and Confidentiality ;
o Describe the purpose of VPNs, and implement Remote Access and Site-to-
Site VPNs ;
o Secure networks using ASA.

© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 4
 • Timeline : 2H every week ;
• Content :
o Course materials as PDF Slides ;
o Exercises as case studies ;
o Labs, in most with Packet Tracer ;

• Evaluations :
o The first one’s in the middle (30%);
o The second one’s in the end with Lab (20%) ;
o The final is the exam in the end (50%) ;

© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 5
 • Security :
o The situation in which someone, something is not exposed to
any risk of physical aggression, accident, theft or deterioration ;

• Two domains :
o Security :
 Protection against intentional malicious actions ;
o Safety :
 Protection against environmental accidents and system defects ;

© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 6
 • Security, Why ?
o 24/7 Internet connectivity ;
o Increase in cybercrime :
 Fraud / Swindle, Thefts of identities/services, Children’s exploitation,
Electronic Vandalism, Terrorism ... ;
o Impacts :
 Loss of revenue, decreased productivity, reputation … ;
o Proliferation of threats :
 Emergence of new threats, … ;
 Threat enhancement : Internal, external, structured, unstructured ...;
o Legislation & Responsibilities :
 New laws have emerged to apprehend those responsible for
sensitive information ;

© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 7
 • Security, Goals
o CONFIDENTIALITY ;
 The information is kept secret ;
 Only authorized subjects can access
this information ;
o INTEGRITY
 The information is editable only by the
voluntary action of an authorized
subject ;
o AVAILABILITY :
 The system should be available at all
times ;
 No denial or degradation of service ;

© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 8
 • Security, Services
o Authentication :
 To aim to guarantee the identity of correspondents ;
 Only authorized entities have access to the system ;
 Protect from identity theft ;
o Access control :
 Prevent the unauthorized use of resources accessible through the
network ;
 Use authentication to ensure identities of the correspondents, exchanged
during the initialization phase of the dialogs ;
o Data privacy :
 Data must be confidential ;
 Prevent data from being understandable by an unauthorized third party, even
in a state of passive fraud ;
 Ensure that only authorized users, under predefined conditions, have access
to the information;
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 9
 • Security, Services

o Data integrity :
 Detect data corruption between sender and receiver in active fraud cases ;
 Ensure that information is modified only under pre-defined conditions
(according to specific constraints) ;
o Non-repudiation :
 At the origin of the data, this service provides the receiver with evidence
preventing the sender to not contest sending a message surely
received;
 Upon receipt of data, it provides the sender with preventing the receiver
to not contest the receipt of a message surely sended ;

© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 10
 • Security, Risks
o All environment actions of a system that can lead to financial
losses ;
o These are as errors whether intentional or not ;
 Intentional risks = set of malicious actions ;
o Risks “Not Intentionals” :
 Related to the consciousness and ignorance of users ;
o Risks “Intentionals” :
 Constitute most of the risks, which require more protection measures ;
 Some users may voluntarily endanger the information system ;
 Two types : Passives (listening, indiscretions) or Actives (Information
changes, Modification of software / program logic ...) ;

© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 11
 • Security, Risks

o Risks scope :
 Networks & communication ;
 Software ;
 Systems ;
 Physical ;

© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 12
Thank you.