49 IPsec courses delivered Live Online

Duration 5 Days 30 CPD hours This course is intended for Students who need to know how to implement and manage Cisco ASA 5500-X. Overview Upon successful completion of this course, students should be able to do the following:? Technology and features of the Cisco ASA? Cisco ASA product family? How ASAs protect network devices from attacks? Bootstrap the security appliance? Prepare the security appliance for configuration via the Cisco Adaptive Security Device Manager (ASDM)? Launch and navigate ASDM? Essential security appliance configuration using ASDM and the command-line interface (CLI)? Configure dynamic and static address translations? Configure access policy based on ACLs? Use object groups to simplify ACL complexity and maintenance? Use the Modular Policy Framework to provide unique policies to specific data flows? Handle advanced protocols with application inspection? Troubleshoot with syslog and tcp ping? Configure the ASA to work with Cisco Secure ACS 5.2 for RADIUS-based AAA of VPNs? Implement site-to-site IPsec VPN? Implement remote access IPsec and SSL VPNs using the Cisco AnyConnect 3.0 Secure Mobility Client? Work with the 5.x Legacy Cisco IPsec VPN client and Anyconnect VPN client? Deploy clientless SSL VPN access, including smart tunnels, plug-ins, and web-type ACLs? Configure access control policies to implement your security policy across all classes of VPN? Configure Active/Standby failover for both firewall and VPN high availability Student will gain the essential skills required to configure, maintain, and operate Cisco ASA 5500-X Series Adaptive Security Appliances based on ASA Software v9.x. Cisco ASA Essentials ? Lesson 1: Evaluating Cisco ASA Technologies ? Lesson 2: Identifying Cisco ASA Families Basic Connectivity and Device Management ? Lesson 1: Preparing the Cisco ASA for Network Integration ? Lesson 2: Managing Basic Cisco ASA Network Settings ? Lesson 3: Configuring Cisco ASA Device Management Features Network Integration ? Lesson 1: Configuring Cisco ASA NAT Features ? Lesson 2: Configuring Cisco ASA Basic Access Control Features Cisco ASA Policy Control ? Lesson 1: Cisco ASA Modular Policy Framework ? Lesson 2: Configuring Cisco ASA Connection Policy Cisco ASA VPN Architecture and Common Components ? Lesson 1: Implementing Profiles, Group Policies, and User Policies ? Lesson 2: Implementing PKI Services Cisco ASA Clientless Remote Access SSL VPN Solutions ? Lesson 1: Deploying Basic Clientless VPN Solutions ? Lesson 2: Deploying Advanced Application Access for Clientless SSL VPNs Cisco AnyConnect Remote Access SSL Solutions ? Lesson 1: Deploying a Basic Cisco AnyConnect Full-Tunnel SSL VPN Solution Cisco ASA Remote Access IPsec VPNs ? Lesson 1: Deploying Cisco Remote Access VPN Clients ? Lesson 2: Deploying Basic Cisco Remote Access IPsec VPN Solutions Cisco ASA Site-to-Site IPsec VPN Solutions ? Lesson 1: Deploying Basic Site-to-Site IPsec VPNs ? Lesson 2: Deploying Advanced Site-to-Site IPsec VPNs Cisco ASA High Availability and Virtualization ? Lesson 1: Configuring Cisco ASA Active/Standby High Availability Labs Lab 1: Prepare the ASA for Administration Lab 2: Fundamental ASA Configuration Lab 3: Network Address Translation (NAT) Lab 4: Basic Access Control Lab 5: Basic Protocol Inspection Lab 6: Licensing, ACS, and Public CA Lab 7: Basic Clientless SSL VPN Lab 8: Clientless SSL VPN - Thin Apps Lab 9: Basic AnyConnect Full Tunnel SSL VPN Lab 10: Remote Access IPSec VPN Lab 11: IPSec Site-to-Site VPN Lab 12: Active/Standby Failover

Duration 3 Days 18 CPD hours This course is intended for Operators of Juniper Networks security solutions, including network engineers, administrators, support personnel, and resellers. Overview Identify high-level security challenges in today's networks. Identify products that are incorporated into the Juniper Connected Security solution. Explain the value of implementing security solutions. Explain how Juniper Connected Security solves the cyber security challenges of the future. Explain the SRX Series devices and the added capabilities that next-generation firewalls provide. Explain traffic flows through the SRX Series devices. List the different security objects and how to create them. Describe interface types and perform basic interface configuration tasks. Describe the initial configuration for an SRX Series device. Explain security zones. Describe screens and their use. Explain address objects. Describe services and their use. Describe the purpose for security policies on an SRX Series device. Describe zone-based policies. Describe global policies and their use. Explain unified security policies. Configure unified security policies with the J-Web user interface. Describe IDP signatures. Configure an IDP policy using predefined templates with the J-Web user interface. Describe the use and configuration of the integrated user firewall feature. Describe the UTM security services List the available UTM services on the SRX Series device. Configure UTM filtering on a security policy with the J-Web user interface. Explain Sky ATP's use in security. Describe how Sky ATP and SRX Series devices operate together in blocking threats. Describe NAT and why it is used. Explain source NAT and when to use it. Explain destination NAT and when to use it. Explain static NAT and its uses. Describe the operation and configuration the different types of NAT. Identify various types of VPNs. Describe IPsec VPNs and their functionality. Describe how IPsec VPNs are established. Describe IPsec traffic processing. Configure IPsec VPNs with the J-Web user interface. Describe and configure proxy IDs and traffic selectors with the J-Web user interface. Monitor IPsec VPNs with the J-Web user interface. Describe the J-Web monitoring features. Explain the J-Web reporting features. Describe the Sky Enterprise service and how it can save resources. Explain the functionality of Junos Space Security Director. This course is designed to provide students with the foundational knowledge required to work with SRX Series devices. This course will use the J-Web user interface to introduce students to the Junos operating system. Module 1: COURSE INTRODUCTION COURSE INTRODUCTION Module 2: Juniper Security Concept Security Challenges Security Design Overview Juniper Connected Security Module 3: Juniper Connected Security ? SRX Series Devices Connected Security Interfaces Initial Configuration LAB 1: Initial Configuration Module 4: Security Objects Security Zone Objects Security Screen Objects Security Address Objects Security Services Objects LAB 2: Creating Security Objects with J-Web Module 5: Security Policies Security Policy Overview Zone-Based Policies Global Security Policies Application Firewall with Unified Security Policies LAB 3: Creating Security Policies with J-Web Module 6: Security Services ? IDP and User Firewall IDP Security Services Integrated User Firewall LAB 4: Adding IDP and User Firewall Security Services to Security Policies Module 7: Security Services ? UTM Content Filtering Web Filtering Antivirus Antispam LAB 5: Adding UTM Security Services to Security Policies Module 8: Juniper Connected Security ? Sky AT Sky ATP Overview Blocking Threats Lab 6: Demonstrating Sky ATP Module 9: Network Address Translation NAT Overview Source NAT Destination NAT Static NAT Lab 7: Implementing Network Address Translation Module 10: IPsec VPN Concepts VPN Types Secure VPN Requirements IPsec Tunnel Establishment IPsec Traffic Processing Module 11: Site-to-Site VPNs IPsec Configuration IPsec Site-to-Site Tunne Lab 8: Implementing Site-to-Site IPsec VPNs Module 12: Monitoring and Reporting J-Web monitoring options J-Web Reporting options Lab 9: Using Monitoring and Reporting Appendix A: SRX Series Hardware Appendix D: Sky Enterprise Services Appendix B: Virtual SRX Appendix EJunos Space Security Director Appendix CCLI Prime

Securing UNIX systems training course description This course teaches you everything you need to know to build a safe Linux environment. The first section handles cryptography and authentication with certificates, openssl, mod_ssl, DNSSEC and filesystem encryption. Then Host security and hardening is covered with intrusion detection, and also user management and authentication. Filesystem Access control is then covered. Finally network security is covered with network hardening, packet filtering and VPNs. What will you learn Secure UNIX accounts. Secure UNIX file systems. Secure UNIX access through the network. Securing UNIX systems course details Who will benefit: Linux technical staff needing to secure their systems. Prerequisites: Linux system administration (LPIC-1) Duration 5 days Securing UNIX systems course contents Cryptography Certificates and Public Key Infrastructures X.509 certificates, lifecycle, fields and certificate extensions. Trust chains and PKI. openssl. Public and private keys. Certification authority. Manage server and client certificates. Revoke certificates and CAs. Encryption, signing and authentication SSL, TLS, protocol versions. Transport layer security threats, e.g. MITM. Apache HTTPD with mod_ssl for HTTPS service, including SNI and HSTS. HTTPD with mod_ssl to authenticate users using certificates. HTTPD with mod_ssl to provide OCSP stapling. Use OpenSSL for SSL/TLS client and server tests. Encrypted File Systems Block device and file system encryption. dm-crypt with LUKS to encrypt block devices. eCryptfs to encrypt file systems, including home directories and, PAM integration, plain dm-crypt and EncFS. DNS and cryptography DNSSEC and DANE. BIND as an authoritative name server serving DNSSEC secured zones. BIND as an recursive name server that performs DNSSEC validation, KSK, ZSK, Key Tag, Key generation, key storage, key management and key rollover, Maintenance and resigning of zones, Use DANE. TSIG. Host Security Host Hardening BIOS and boot loader (GRUB 2) security. Disable useless software and services, sysctl for security related kernel configuration, particularly ASLR, Exec-Shield and IP / ICMP configuration, Exec-Shield and IP / ICMP configuration, Limit resource usage. Work with chroot environments, Security advantages of virtualization. Host Intrusion Detection The Linux Audit system, chkrootkit, rkhunter, including updates, Linux Malware Detect, Automate host scans using cron, AIDE, including rule management, OpenSCAP. User Management and Authentication NSS and PAM, Enforce password policies. Lock accounts automatically after failed login attempts, SSSD, Configure NSS and PAM for use with SSSD, SSSD authentication against Active Directory, IPA, LDAP, Kerberos and local domains, Kerberos and local domains, Kerberos tickets. FreeIPA Installation and Samba Integration FreeIPA, architecture and components. Install and manage a FreeIPA server and domain, Active Directory replication and Kerberos cross-realm trusts, sudo, autofs, SSH and SELinux integration in FreeIPA. Access Control Discretionary Access Control File ownership and permissions, SUID, SGID. Access control lists, extended attributes and attribute classes. Mandatory Access Control TE, RBAC, MAC, DAC. SELinux, AppArmor and Smack. etwork File Systems NFSv4 security issues and improvements, NFSv4 server and clients, NFSv4 authentication mechanisms (LIPKEY, SPKM, Kerberos), NFSv4 pseudo file system, NFSv4 ACLs. CIFS clients, CIFS Unix Extensions, CIFS security modes (NTLM, Kerberos), mapping and handling of CIFS ACLs and SIDs in a Linux system. Network Security Network Hardening FreeRADIUS, nmap, scan methods. Wireshark, filters and statistics. Rogue router advertisements and DHCP messages. Network Intrusion Detection ntop, Cacti, bandwidth usage monitoring, Snort, rule management, OpenVAS, NASL. Packet Filtering Firewall architectures, DMZ, netfilter, iptables and ip6tables, standard modules, tests and targets. IPv4 and IPv6 packet filtering. Connection tracking, NAT. IP sets and netfilter rules, nftables and nft. ebtables. conntrackd Virtual Private Networks OpenVPN server and clients for both bridged and routed VPN networks. IPsec server and clients for routed VPN networks using IPsec-Tools / racoon. L2TP.

Securing Linux systems training course description This course teaches you everything you need to know to build a safe Linux environment. The first section handles cryptography and authentication with certificates, openssl, mod_ssl, DNSSEC and filesystem encryption. Then Host security and hardening is covered with intrusion detection, and also user management and authentication. Filesystem Access control is then covered. Finally network security is covered with network hardening, packet filtering and VPNs. What will you learn Secure Linux accounts. Secure Linux file systems. Secure Linux access through the network. Securing Linux systems training course details Who will benefit: Linux technical staff needing to secure their systems. Prerequisites: Linux system administration (LPIC-1) Duration 5 days Securing Linux systems training course contents Cryptography Certificates and Public Key Infrastructures X.509 certificates, lifecycle, fields and certificate extensions. Trust chains and PKI. openssl. Public and private keys. Certification authority. Manage server and client certificates. Revoke certificates and CAs. Encryption, signing and authentication SSL, TLS, protocol versions. Transport layer security threats, e.g. MITM. Apache HTTPD with mod_ssl for HTTPS service, including SNI and HSTS. HTTPD with mod_ssl to authenticate users using certificates. HTTPD with mod_ssl to provide OCSP stapling. Use OpenSSL for SSL/TLS client and server tests. Encrypted File Systems Block device and file system encryption. dm-crypt with LUKS to encrypt block devices. eCryptfs to encrypt file systems, including home directories and, PAM integration, plain dm-crypt and EncFS. DNS and cryptography DNSSEC and DANE. BIND as an authoritative name server serving DNSSEC secured zones. BIND as an recursive name server that performs DNSSEC validation, KSK, ZSK, Key Tag, Key generation, key storage, key management and key rollover, Maintenance and resigning of zones, Use DANE. TSIG. Host Security Host Hardening BIOS and boot loader (GRUB 2) security. Disable useless software and services, sysctl for security related kernel configuration, particularly ASLR, Exec-Shield and IP / ICMP configuration, Exec-Shield and IP / ICMP configuration, Limit resource usage. Work with chroot environments, Security advantages of virtualization. Host Intrusion Detection The Linux Audit system, chkrootkit, rkhunter, including updates, Linux Malware Detect, Automate host scans using cron, AIDE, including rule management, OpenSCAP. User Management and Authentication NSS and PAM, Enforce password policies. Lock accounts automatically after failed login attempts, SSSD, Configure NSS and PAM for use with SSSD, SSSD authentication against Active Directory, IPA, LDAP, Kerberos and local domains, Kerberos and local domains, Kerberos tickets. FreeIPA Installation and Samba Integration FreeIPA, architecture and components. Install and manage a FreeIPA server and domain, Active Directory replication and Kerberos cross-realm trusts, sudo, autofs, SSH and SELinux integration in FreeIPA. Access Control Discretionary Access Control File ownership and permissions, SUID, SGID. Access control lists, extended attributes and attribute classes. Mandatory Access Control TE, RBAC, MAC, DAC. SELinux, AppArmor and Smack. etwork File Systems NFSv4 security issues and improvements, NFSv4 server and clients, NFSv4 authentication mechanisms (LIPKEY, SPKM, Kerberos), NFSv4 pseudo file system, NFSv4 ACLs. CIFS clients, CIFS Unix Extensions, CIFS security modes (NTLM, Kerberos), mapping and handling of CIFS ACLs and SIDs in a Linux system. Network Security Network Hardening FreeRADIUS, nmap, scan methods. Wireshark, filters and statistics. Rogue router advertisements and DHCP messages. Network Intrusion Detection ntop, Cacti, bandwidth usage monitoring, Snort, rule management, OpenVAS, NASL. Packet Filtering Firewall architectures, DMZ, netfilter, iptables and ip6tables, standard modules, tests and targets. IPv4 and IPv6 packet filtering. Connection tracking, NAT. IP sets and netfilter rules, nftables and nft. ebtables. conntrackd Virtual Private Networks OpenVPN server and clients for both bridged and routed VPN networks. IPsec server and clients for routed VPN networks using IPsec-Tools / racoon. L2TP.

Duration 2 Days 12 CPD hours This course is intended for Networking and security professionals involved in the design, implementation, and administration of a network infrastructure using FortiGate appliances. Overview Analyze a FortiGate's route table. Route packets using policy-based and static routes for multi-path and load balanced deployments. Configure SD-WAN to load balance traffic between multiple WAN links effectively. Inspect traffic transparently, forwarding as a Layer 2 device. Divide FortiGate into two or more virtual devices, each operating as an independent FortiGate, by configuring virtual domains (VDOMs). Establish an IPsec VPN tunnel between two FortiGate appliances. Compare policy-based to route-based IPsec VPN. Implement a meshed or partially redundant VPN. Diagnose failed IKE exchanges. Offer Fortinet Single Sign On (FSSO) access to network services, integrated with Microsoft Active Directory. Deploy FortiGate devices as an HA cluster for fault tolerance and high performance. Deploy implicit and explicit proxy with firewall policies, authentication, and caching. Diagnose and correct common problems. In this two-day course, you will learn how to use advanced FortiGate networking and security. Course Outline Module 1. Routing Module 2. Software-Defined WAN (SD-WAN) Module 3. Layer 2 Switching Module 4. Virtual Domains Module 5. Site-to-Site IPsec VPN Module 6. Fortinet Single Sign-On (FSSO) Module 7. High Availability (HA) Module 8. Web Proxy Module 9. Diagnostics

Duration 2 Days 12 CPD hours This course is intended for Networking and security professionals involved in the design, implementation, and administration of a network infrastructure using FortiGate devices should attend this course. This course assumes knowledge of basic FortiGate fundamentals. You should have a thorough understanding of all the topics covered in the FortiGate Security course before attending the FortiGate Infrastructure course. Overview After completing this course, the successful student should be able to: Analyze a FortiGate route table Route packets using policy-based and static routes for multipath and load-balanced deployments Divide FortiGate into two or more virtual devices, each operating as an independent FortiGate, by configuring virtual domains (VDOMs) Understand the fundamentals and benefits of using ZTNA Offer an SSL VPN for secure access to your private network Establish an IPsec VPN tunnel between two FortiGate devices Implement a meshed or partially redundant VPN Diagnose failed IKE exchanges Offer Fortinet Single Sign-On (FSSO) access to network services, integrated with Microsoft Active Directory (AD) Deploy FortiGate devices as an HA cluster for fault tolerance and high performance Diagnose and correct common problems In this two-day course, you will learn how to use the most common FortiGate networking and infrastructure features. Topics include features commonly applied in complex or larger enterprise or MSSP networks, such as advanced routing, redundant infrastructure, virtual domains (VDOMs), zero trust network access (ZTNA), SSL VPN, site-to-site IPsec VPN, single sign-on (SSO), and diagnostics. Course Outline 1. Routing 2. Virtual Domains 3. Fortinet Single Sign-On 4. ZTNA 5. SSL VPN 6. IPsec VPN 7. High Availability 8. Diagnostics

Duration 2 Days 12 CPD hours This course is intended for This course is intended for network engineers, network support personnel, and reseller support. Overview After successfully completing this course, you should be able to:Configure LAN-to-LAN IP Security (IPsec) VPNs in various configurations. Configure VPN redundancy. Configure dynamic routing using IPsec VPNs. Configure remote access IPsec connectivity including group Internet Key Exchange (IKE) and shared IKE. Configure generic routing encapsulation (GRE) tunnels. This intermediate-level course focuses on the wide range of options available when configuring virtual private networks (VPNs) using Juniper Networks firewall/VPN products. Students attending the course will learn these various deployments through detailed lectures and hands-on lab exercises. Chapter 1: Course IntroductionChapter 2: ScreenOS VPN Basics Review VPN Review Verifying Operations VPN Monitor Lab: VPN Review Chapter 3: VPN Variations Dynamic Peers Transparent Mode Overlapping Addresses Lab: VPN Variations Chapter 4: Hub-and-Spoke VPNs Concepts Policy-Based Hub-and-Spoke VPNs Route-Based Hub-and-Spoke VPNs with No Policy and NHTB Route-Based Hub-and_Spoke VPNS with Policy Centralized Control Hub-and-Spoke VPNs ACVPNs Lab: Hub-and-Spoke VPNs Chapter 5: Routing over VPNs Routing Overview Configuring RIP Configuring OSPF Case Studies Lab: Dynamic Routing Chapter 6: Using Certificates Concepts and Terminology Configuring Certificates and Certificate Support Configuring VPNs with Certificates Lab: Using Certificates Chapter 7: Redundant VPN Gateways (Optional) Redundant VPN Gateways Other Options Demonstration: Redundant VPN Gateways Chapter 8: Generic Routing Encapsulation (Optional) Configuring GRE Chapter 9: Dial-Up IPsec VPNs (Optional) Basic Dial-Up Configuration Group IKE ID XAUTH and Shared IKE ID Additional course details: Nexus Humans Advanced Juniper Networks VPN Implementations training program is a workshop that presents an invigorating mix of sessions, lessons, and masterclasses meticulously crafted to propel your learning expedition forward. This immersive bootcamp-style experience boasts interactive lectures, hands-on labs, and collaborative hackathons, all strategically designed to fortify fundamental concepts. Guided by seasoned coaches, each session offers priceless insights and practical skills crucial for honing your expertise. Whether you're stepping into the realm of professional skills or a seasoned professional, this comprehensive course ensures you're equipped with the knowledge and prowess necessary for success. While we feel this is the best course for the Advanced Juniper Networks VPN Implementations course and one of our Top 10 we encourage you to read the course outline to make sure it is the right content for you. Additionally, private sessions, closed classes or dedicated events are available both live online and at our training centres in Dublin and London, as well as at your offices anywhere in the UK, Ireland or across EMEA.

Duration 3 Days 18 CPD hours This course is intended for This course is intended for networking and security professionals involved in the administration and support of a security infrastructure using FortiGate appliances. Overview Monitor traffic passing through FortiGate Optimize FortiGate memory usage Diagnose using FortiGate tools such as the built-in sniffer and ''diagnose debug flow'' command Monitor statistics for user traffic, traffic shaping, user authentication, IPsec, web proxy, BGP, OSPF and HA Troubleshoot issues with conserve mode, high CPU, firewall policies, session helpers, user authentication, *IPsec, FortiGuard, UTM inspection, explicit web proxy, routing, and HA Describe the processing flow of FortiGate packet inspection Configure FortiGate for external BGP and OSPF This 3-day class provides more in-depth work with FortiGate infrastructure and architecture, combined with enhanced troubleshooting methods and tools to isolate and fix the most common issues in networks with FortiGate devices. Module 1: Security Fabric Configuring the Security Fabric Troubleshooting: Security Fabric Physical and logical topology views Module 2: FortiOS Architecture System information Module 3: System Troubleshooting Crash Logs Module 4: Traffic and Session Monitoring Exploring the session table Troubleshooting: Connectivity issues Module 5: Routing Failover of existing sessions Troubleshooting: Routing Module 6: FortiGuard Troubleshooting: Local FDS issue Troubleshooting: Rating lookups Module 7: Central Management FortiManager and registration Module 8: OSPF Configuring OSPF Troubleshooting: OSPF Module 9: Web Filtering and Antivirus Configuring Web Filtering and AV Troubleshooting: Web Filetering Troubleshooting: Antivirus Module 10: IPS Configuring IPS IPS custom signatures Module 11: BGP Configuring BGP Troubleshooting: BGHP neighbor Troubleshooting: BGP routing Configuring prefix lists Module 12: IPsec Troubleshooting: IPsec VPN Manager Module 13: Auto Discovery VPN Configuring ADVPN and IBGP Troubleshooting: OSPF and BGP' Additional course details: Nexus Humans Enterprise Firewall (NSE 7) training program is a workshop that presents an invigorating mix of sessions, lessons, and masterclasses meticulously crafted to propel your learning expedition forward. This immersive bootcamp-style experience boasts interactive lectures, hands-on labs, and collaborative hackathons, all strategically designed to fortify fundamental concepts. Guided by seasoned coaches, each session offers priceless insights and practical skills crucial for honing your expertise. Whether you're stepping into the realm of professional skills or a seasoned professional, this comprehensive course ensures you're equipped with the knowledge and prowess necessary for success. While we feel this is the best course for the Enterprise Firewall (NSE 7) course and one of our Top 10 we encourage you to read the course outline to make sure it is the right content for you. Additionally, private sessions, closed classes or dedicated events are available both live online and at our training centres in Dublin and London, as well as at your offices anywhere in the UK, Ireland or across EMEA.

Essential SD-WAN training course description SD-WAN is rapidly growing in use. This vendor neutral course starts with an introduction to what SD-WAN is and when it is useful. Each main area of SD-WAN is then studied in more detail to enable delegates to recognise the technologies used in SD-WAN and then use this information to evaluate SD-WAN products. What will you learn Describe what SD-WAN is (and isn't). Explain how SD-WAN works. Evaluate SD-WAN products. Compare and contrast SD-WAN with other technologies such as MPLS, Ethernet, SDN, NFV and WAN optimisation. Essential SD-WAN training course details Who will benefit: Anyone wishing to learn about SD-WAN. Prerequisites: Network fundamentals. Duration 1 day Essential SD-WAN training course contents What is SD-WAN? What is SD and SDN? What is WAN? Branch/ Office. MPLS, MPLS vs Internet, Ethernet, Broadband, LTE/4G, Cable, Satellite. The impact of the cloud. Single console, Dynamic path selection, automation. Why SD-WAN? Single console Network management, orchestration, administration. Example GUI interfaces. Northbound and southbound APIs. Dynamic path selection SD-WAN transports, Overlay networks, security. VPNs, IPsec. QoS and prioritization. Policies, traffic path rules. Application specific routing, bonding, optimisation. Automation Time saving, removing errors. Zero touch, ZOOM, ZTP. The role of the orchestrator. Real time monitoring of the network. APIs. Architecture and products Hardware solutions, software solutions, virtual appliances. Clouds. SD-WAN edge devices, SDWAN controllers, Orchestrators. HA and SD-WAN. Riverbed, Cisco, Juniper, others. Summary SD-WAN doesn't replace MPLS, virtualisation and SD-WAN. Relationship with SDN and NFV. SDWAN versus WAN optimisation.

Duration 5 Days 30 CPD hours This course is intended for Security engineer Network engineer Network designer Network administrator Systems engineer Consulting systems engineer Technical solutions architect Network manager Cisco integrators and partners Overview After taking this course, you should be able to: Describe information security concepts and strategies within the network Describe common TCP/IP, network application, and endpoint attacks Describe how various network security technologies work together to guard against attacks Implement access control on Cisco ASA appliance and Cisco Firepower Next-Generation Firewall Describe and implement basic email content security features and functions provided by Cisco Email Security Appliance Describe and implement web content security features and functions provided by Cisco Web Security Appliance Describe Cisco Umbrella security capabilities, deployment models, policy management, and Investigate console Introduce VPNs and describe cryptography solutions and algorithms Describe Cisco secure site-to-site connectivity solutions and explain how to deploy Cisco Internetwork Operating System (Cisco IOS) Virtual Tunnel Interface (VTI)-based point-to-point IPsec VPNs, and point-to-point IPsec VPN on the Cisco ASA and Cisco Firepower Next-Generation Firewall (NGFW) Describe and deploy Cisco secure remote access connectivity solutions and describe how to configure 802.1X and Extensible Authentication Protocol (EAP) authentication Provide basic understanding of endpoint security and describe Advanced Malware Protection (AMP) for Endpoints architecture and basic features Examine various defenses on Cisco devices that protect the control and management plane Configure and verify Cisco IOS software Layer 2 and Layer 3 data plane controls Describe Cisco Stealthwatch Enterprise and Stealthwatch Cloud solutions Describe basics of cloud computing and common cloud attacks and how to secure cloud environment The Implementing and Operating Cisco Security Core Technologies (SCOR) v1.0 course helps you prepare for the Cisco© CCNP© Security and CCIE© Security certifications and for senior-level security roles. In this course, you will master the skills and technologies you need to implement core Cisco security solutions to provide advanced threat protection against cybersecurity attacks. You will learn security for networks, cloud and content, endpoint protection, secure network access, visibility, and enforcements. You will get extensive hands-on experience deploying Cisco Firepower© Next-Generation Firewall and Cisco Adaptive Security Appliance (ASA) Firewall; configuring access control policies, mail policies, and 802.1X Authentication; and more. You will get introductory practice on Cisco Stealthwatch© Enterprise and Cisco Stealthwatch Cloud threat detection features. This course, including the self-paced material, helps prepare you to take the exam, Implementing and Operating Cisco Security Core Technologies (350-701 SCOR), which leads to the new CCNP Security, CCIE Security, and the Cisco Certified Specialist - Security Core certifications. Describing Information Security Concepts* Information Security Overview Assets, Vulnerabilities, and Countermeasures Managing Risk Vulnerability Assessment Understanding Common Vulnerability Scoring System (CVSS) Describing Common TCP/IP Attacks* Legacy TCP/IP Vulnerabilities IP Vulnerabilities Internet Control Message Protocol (ICMP) Vulnerabilities TCP Vulnerabilities User Datagram Protocol (UDP) Vulnerabilities Attack Surface and Attack Vectors Reconnaissance Attacks Access Attacks Man-in-the-Middle Attacks Denial of Service and Distributed Denial of Service Attacks Reflection and Amplification Attacks Spoofing Attacks Dynamic Host Configuration Protocol (DHCP) Attacks Describing Common Network Application Attacks* Password Attacks Domain Name System (DNS)-Based Attacks DNS Tunneling Web-Based Attacks HTTP 302 Cushioning Command Injections SQL Injections Cross-Site Scripting and Request Forgery Email-Based Attacks Describing Common Endpoint Attacks* Buffer Overflow Malware Reconnaissance Attack Gaining Access and Control Gaining Access via Social Engineering Gaining Access via Web-Based Attacks Exploit Kits and Rootkits Privilege Escalation Post-Exploitation Phase Angler Exploit Kit Describing Network Security Technologies Defense-in-Depth Strategy Defending Across the Attack Continuum Network Segmentation and Virtualization Overview Stateful Firewall Overview Security Intelligence Overview Threat Information Standardization Network-Based Malware Protection Overview Intrusion Prevention System (IPS) Overview Next Generation Firewall Overview Email Content Security Overview Web Content Security Overview Threat Analytic Systems Overview DNS Security Overview Authentication, Authorization, and Accounting Overview Identity and Access Management Overview Virtual Private Network Technology Overview Network Security Device Form Factors Overview Deploying Cisco ASA Firewall Cisco ASA Deployment Types Cisco ASA Interface Security Levels Cisco ASA Objects and Object Groups Network Address Translation Cisco ASA Interface Access Control Lists (ACLs) Cisco ASA Global ACLs Cisco ASA Advanced Access Policies Cisco ASA High Availability Overview Deploying Cisco Firepower Next-Generation Firewall Cisco Firepower NGFW Deployments Cisco Firepower NGFW Packet Processing and Policies Cisco Firepower NGFW Objects Cisco Firepower NGFW Network Address Translation (NAT) Cisco Firepower NGFW Prefilter Policies Cisco Firepower NGFW Access Control Policies Cisco Firepower NGFW Security Intelligence Cisco Firepower NGFW Discovery Policies Cisco Firepower NGFW IPS Policies Cisco Firepower NGFW Malware and File Policies Deploying Email Content Security Cisco Email Content Security Overview Simple Mail Transfer Protocol (SMTP) Overview Email Pipeline Overview Public and Private Listeners Host Access Table Overview Recipient Access Table Overview Mail Policies Overview Protection Against Spam and Graymail Anti-virus and Anti-malware Protection Outbreak Filters Content Filters Data Loss Prevention Email Encryption Deploying Web Content Security Cisco Web Security Appliance (WSA) Overview Deployment Options Network Users Authentication Secure HTTP (HTTPS) Traffic Decryption Access Policies and Identification Profiles Acceptable Use Controls Settings Anti-Malware Protection Deploying Cisco Umbrella* Cisco Umbrella Architecture Deploying Cisco Umbrella Cisco Umbrella Roaming Client Managing Cisco Umbrella Cisco Umbrella Investigate Overview and Concepts Explaining VPN Technologies and Cryptography VPN Definition VPN Types Secure Communication and Cryptographic Services Keys in Cryptography Public Key Infrastructure Introducing Cisco Secure Site-to-Site VPN Solutions Site-to-Site VPN Topologies IPsec VPN Overview IPsec Static Crypto Maps IPsec Static Virtual Tunnel Interface Dynamic Multipoint VPN Cisco IOS FlexVPN Deploying Cisco IOS VTI-Based Point-to-Point IPsec VPNs Cisco IOS VTIs Static VTI Point-to-Point IPsec Internet Key Exchange (IKE) v2 VPN Configuration Deploying Point-to-Point IPsec VPNs on the Cisco ASA and Cisco Firepower NGFW Point-to-Point VPNs on the Cisco ASA and Cisco Firepower NGFW Cisco ASA Point-to-Point VPN Configuration Cisco Firepower NGFW Point-to-Point VPN Configuration Introducing Cisco Secure Remote Access VPN Solutions Remote Access VPN Components Remote Access VPN Technologies Secure Sockets Layer (SSL) Overview Deploying Remote Access SSL VPNs on the Cisco ASA and Cisco Firepower NGFW Remote Access Configuration Concepts Connection Profiles Group Policies Cisco ASA Remote Access VPN Configuration Cisco Firepower NGFW Remote Access VPN Configuration Explaining Cisco Secure Network Access Solutions Cisco Secure Network Access Cisco Secure Network Access Components AAA Role in Cisco Secure Network Access Solution Cisco Identity Services Engine Cisco TrustSec Describing 802.1X Authentication 802.1X and Extensible Authentication Protocol (EAP) EAP Methods Role of Remote Authentication Dial-in User Service (RADIUS) in 802.1X Communications RADIUS Change of Authorization Configuring 802.1X Authentication Cisco Catalyst© Switch 802.1X Configuration Cisco Wireless LAN Controller (WLC) 802.1X Configuration Cisco Identity Services Engine (ISE) 802.1X Configuration Supplicant 802.1x Configuration Cisco Central Web Authentication Describing Endpoint Security Technologies* Host-Based Personal Firewall Host-Based Anti-Virus Host-Based Intrusion Prevention System Application Whitelists and Blacklists Host-Based Malware Protection Sandboxing Overview File Integrity Checking Deploying Cisco Advanced Malware Protection (AMP) for Endpoints* Cisco AMP for Endpoints Architecture Cisco AMP for Endpoints Engines Retrospective Security with Cisco AMP Cisco AMP Device and File Trajectory Managing Cisco AMP for Endpoints Introducing Network Infrastructure Protection* Identifying Network Device Planes Control Plane Security Controls Management Plane Security Controls Network Telemetry Layer 2 Data Plane Security Controls Layer 3 Data Plane Security Controls Deploying Control Plane Security Controls* Infrastructure ACLs Control Plane Policing Control Plane Protection Routing Protocol Security Deploying Layer 2 Data Plane Security Controls* Overview of Layer 2 Data Plane Security Controls Virtual LAN (VLAN)-Based Attacks Mitigation Sp