62 IPsec courses

Duration 5 Days 30 CPD hours This course is intended for Security engineer Network engineer Network designer Network administrator Systems engineer Consulting systems engineer Technical solutions architect Network manager Cisco integrators and partners Overview After taking this course, you should be able to: Describe information security concepts and strategies within the network Describe common TCP/IP, network application, and endpoint attacks Describe how various network security technologies work together to guard against attacks Implement access control on Cisco ASA appliance and Cisco Firepower Next-Generation Firewall Describe and implement basic email content security features and functions provided by Cisco Email Security Appliance Describe and implement web content security features and functions provided by Cisco Web Security Appliance Describe Cisco Umbrella security capabilities, deployment models, policy management, and Investigate console Introduce VPNs and describe cryptography solutions and algorithms Describe Cisco secure site-to-site connectivity solutions and explain how to deploy Cisco Internetwork Operating System (Cisco IOS) Virtual Tunnel Interface (VTI)-based point-to-point IPsec VPNs, and point-to-point IPsec VPN on the Cisco ASA and Cisco Firepower Next-Generation Firewall (NGFW) Describe and deploy Cisco secure remote access connectivity solutions and describe how to configure 802.1X and Extensible Authentication Protocol (EAP) authentication Provide basic understanding of endpoint security and describe Advanced Malware Protection (AMP) for Endpoints architecture and basic features Examine various defenses on Cisco devices that protect the control and management plane Configure and verify Cisco IOS software Layer 2 and Layer 3 data plane controls Describe Cisco Stealthwatch Enterprise and Stealthwatch Cloud solutions Describe basics of cloud computing and common cloud attacks and how to secure cloud environment The Implementing and Operating Cisco Security Core Technologies (SCOR) v1.0 course helps you prepare for the Cisco© CCNP© Security and CCIE© Security certifications and for senior-level security roles. In this course, you will master the skills and technologies you need to implement core Cisco security solutions to provide advanced threat protection against cybersecurity attacks. You will learn security for networks, cloud and content, endpoint protection, secure network access, visibility, and enforcements. You will get extensive hands-on experience deploying Cisco Firepower© Next-Generation Firewall and Cisco Adaptive Security Appliance (ASA) Firewall; configuring access control policies, mail policies, and 802.1X Authentication; and more. You will get introductory practice on Cisco Stealthwatch© Enterprise and Cisco Stealthwatch Cloud threat detection features. This course, including the self-paced material, helps prepare you to take the exam, Implementing and Operating Cisco Security Core Technologies (350-701 SCOR), which leads to the new CCNP Security, CCIE Security, and the Cisco Certified Specialist - Security Core certifications. Describing Information Security Concepts* Information Security Overview Assets, Vulnerabilities, and Countermeasures Managing Risk Vulnerability Assessment Understanding Common Vulnerability Scoring System (CVSS) Describing Common TCP/IP Attacks* Legacy TCP/IP Vulnerabilities IP Vulnerabilities Internet Control Message Protocol (ICMP) Vulnerabilities TCP Vulnerabilities User Datagram Protocol (UDP) Vulnerabilities Attack Surface and Attack Vectors Reconnaissance Attacks Access Attacks Man-in-the-Middle Attacks Denial of Service and Distributed Denial of Service Attacks Reflection and Amplification Attacks Spoofing Attacks Dynamic Host Configuration Protocol (DHCP) Attacks Describing Common Network Application Attacks* Password Attacks Domain Name System (DNS)-Based Attacks DNS Tunneling Web-Based Attacks HTTP 302 Cushioning Command Injections SQL Injections Cross-Site Scripting and Request Forgery Email-Based Attacks Describing Common Endpoint Attacks* Buffer Overflow Malware Reconnaissance Attack Gaining Access and Control Gaining Access via Social Engineering Gaining Access via Web-Based Attacks Exploit Kits and Rootkits Privilege Escalation Post-Exploitation Phase Angler Exploit Kit Describing Network Security Technologies Defense-in-Depth Strategy Defending Across the Attack Continuum Network Segmentation and Virtualization Overview Stateful Firewall Overview Security Intelligence Overview Threat Information Standardization Network-Based Malware Protection Overview Intrusion Prevention System (IPS) Overview Next Generation Firewall Overview Email Content Security Overview Web Content Security Overview Threat Analytic Systems Overview DNS Security Overview Authentication, Authorization, and Accounting Overview Identity and Access Management Overview Virtual Private Network Technology Overview Network Security Device Form Factors Overview Deploying Cisco ASA Firewall Cisco ASA Deployment Types Cisco ASA Interface Security Levels Cisco ASA Objects and Object Groups Network Address Translation Cisco ASA Interface Access Control Lists (ACLs) Cisco ASA Global ACLs Cisco ASA Advanced Access Policies Cisco ASA High Availability Overview Deploying Cisco Firepower Next-Generation Firewall Cisco Firepower NGFW Deployments Cisco Firepower NGFW Packet Processing and Policies Cisco Firepower NGFW Objects Cisco Firepower NGFW Network Address Translation (NAT) Cisco Firepower NGFW Prefilter Policies Cisco Firepower NGFW Access Control Policies Cisco Firepower NGFW Security Intelligence Cisco Firepower NGFW Discovery Policies Cisco Firepower NGFW IPS Policies Cisco Firepower NGFW Malware and File Policies Deploying Email Content Security Cisco Email Content Security Overview Simple Mail Transfer Protocol (SMTP) Overview Email Pipeline Overview Public and Private Listeners Host Access Table Overview Recipient Access Table Overview Mail Policies Overview Protection Against Spam and Graymail Anti-virus and Anti-malware Protection Outbreak Filters Content Filters Data Loss Prevention Email Encryption Deploying Web Content Security Cisco Web Security Appliance (WSA) Overview Deployment Options Network Users Authentication Secure HTTP (HTTPS) Traffic Decryption Access Policies and Identification Profiles Acceptable Use Controls Settings Anti-Malware Protection Deploying Cisco Umbrella* Cisco Umbrella Architecture Deploying Cisco Umbrella Cisco Umbrella Roaming Client Managing Cisco Umbrella Cisco Umbrella Investigate Overview and Concepts Explaining VPN Technologies and Cryptography VPN Definition VPN Types Secure Communication and Cryptographic Services Keys in Cryptography Public Key Infrastructure Introducing Cisco Secure Site-to-Site VPN Solutions Site-to-Site VPN Topologies IPsec VPN Overview IPsec Static Crypto Maps IPsec Static Virtual Tunnel Interface Dynamic Multipoint VPN Cisco IOS FlexVPN Deploying Cisco IOS VTI-Based Point-to-Point IPsec VPNs Cisco IOS VTIs Static VTI Point-to-Point IPsec Internet Key Exchange (IKE) v2 VPN Configuration Deploying Point-to-Point IPsec VPNs on the Cisco ASA and Cisco Firepower NGFW Point-to-Point VPNs on the Cisco ASA and Cisco Firepower NGFW Cisco ASA Point-to-Point VPN Configuration Cisco Firepower NGFW Point-to-Point VPN Configuration Introducing Cisco Secure Remote Access VPN Solutions Remote Access VPN Components Remote Access VPN Technologies Secure Sockets Layer (SSL) Overview Deploying Remote Access SSL VPNs on the Cisco ASA and Cisco Firepower NGFW Remote Access Configuration Concepts Connection Profiles Group Policies Cisco ASA Remote Access VPN Configuration Cisco Firepower NGFW Remote Access VPN Configuration Explaining Cisco Secure Network Access Solutions Cisco Secure Network Access Cisco Secure Network Access Components AAA Role in Cisco Secure Network Access Solution Cisco Identity Services Engine Cisco TrustSec Describing 802.1X Authentication 802.1X and Extensible Authentication Protocol (EAP) EAP Methods Role of Remote Authentication Dial-in User Service (RADIUS) in 802.1X Communications RADIUS Change of Authorization Configuring 802.1X Authentication Cisco Catalyst© Switch 802.1X Configuration Cisco Wireless LAN Controller (WLC) 802.1X Configuration Cisco Identity Services Engine (ISE) 802.1X Configuration Supplicant 802.1x Configuration Cisco Central Web Authentication Describing Endpoint Security Technologies* Host-Based Personal Firewall Host-Based Anti-Virus Host-Based Intrusion Prevention System Application Whitelists and Blacklists Host-Based Malware Protection Sandboxing Overview File Integrity Checking Deploying Cisco Advanced Malware Protection (AMP) for Endpoints* Cisco AMP for Endpoints Architecture Cisco AMP for Endpoints Engines Retrospective Security with Cisco AMP Cisco AMP Device and File Trajectory Managing Cisco AMP for Endpoints Introducing Network Infrastructure Protection* Identifying Network Device Planes Control Plane Security Controls Management Plane Security Controls Network Telemetry Layer 2 Data Plane Security Controls Layer 3 Data Plane Security Controls Deploying Control Plane Security Controls* Infrastructure ACLs Control Plane Policing Control Plane Protection Routing Protocol Security Deploying Layer 2 Data Plane Security Controls* Overview of Layer 2 Data Plane Security Controls Virtual LAN (VLAN)-Based Attacks Mitigation Sp

Essential SD-WAN training course description SD-WAN is rapidly growing in use. This vendor neutral course starts with an introduction to what SD-WAN is and when it is useful. Each main area of SD-WAN is then studied in more detail to enable delegates to recognise the technologies used in SD-WAN and then use this information to evaluate SD-WAN products. What will you learn Describe what SD-WAN is (and isn't). Explain how SD-WAN works. Evaluate SD-WAN products. Compare and contrast SD-WAN with other technologies such as MPLS, Ethernet, SDN, NFV and WAN optimisation. Essential SD-WAN training course details Who will benefit: Anyone wishing to learn about SD-WAN. Prerequisites: Network fundamentals. Duration 1 day Essential SD-WAN training course contents What is SD-WAN? What is SD and SDN? What is WAN? Branch/ Office. MPLS, MPLS vs Internet, Ethernet, Broadband, LTE/4G, Cable, Satellite. The impact of the cloud. Single console, Dynamic path selection, automation. Why SD-WAN? Single console Network management, orchestration, administration. Example GUI interfaces. Northbound and southbound APIs. Dynamic path selection SD-WAN transports, Overlay networks, security. VPNs, IPsec. QoS and prioritization. Policies, traffic path rules. Application specific routing, bonding, optimisation. Automation Time saving, removing errors. Zero touch, ZOOM, ZTP. The role of the orchestrator. Real time monitoring of the network. APIs. Architecture and products Hardware solutions, software solutions, virtual appliances. Clouds. SD-WAN edge devices, SDWAN controllers, Orchestrators. HA and SD-WAN. Riverbed, Cisco, Juniper, others. Summary SD-WAN doesn't replace MPLS, virtualisation and SD-WAN. Relationship with SDN and NFV. SDWAN versus WAN optimisation.

WAN training course description A hands on Introduction to Wide Area Networks for engineers. This course covers all current major WAN technologies from a perspective of design, evaluating technologies available as well as hands on to consolidate the theory What will you learn Describe the seven-layer model and realise how it applies to the real world. Evaluate and describe WAN technologies. Describe the architecture of WANs in the core. Use WANS to interconnect LANS. WAN training course details Who will benefit: Technical staff wishing to find out more about how their WAN works. Prerequisites: Intro to data communications & networking Duration 5 days WAN training course contents Introduction LANs, MANS and WANS, protocols, the OSI seven layer model, ITU-T, ETSI, DTE, DCE, and the overall picture. WAN architectures Service providers, core, access, DTE, DCE, CPE, dialup, circuit switched, packet switched, how to choose a WAN, common bandwidths, site to site, remote access. Topologies: Star, Full mesh, partial mesh. History of WANs Before IP was ubiquitous, The PSTN, Dial up networks, modems, ISDN, Stat mux, TDM, 64k, N*64, E1, X25, Frame Relay The role of IP and routers The growth of IP, the role of routers, routing tables, routing protocols. Hands on: IP and routing. Layer 1 Physical Copper, Fibre, Wireless, Microwave, Phone lines, FTTC, FTTH, mobile networks. Service provider technologies The transport plane, SDH, SONET, DWDM. WAN access Phone lines, leased lines, xDSL, WiMax, satellite, the role of PPP. Broadband adband xDSL, ADSL, SDSL, local loops, DSLAM, DSL architecture. ATM Cell switching principles, ATM switching, Virtual paths, QOS, CBR, VBR, ABR, UBR, AAL1 to AAL5, MPOA, LANE, Voice over ATM. The Internet VPNs, IPSEC, QOS. What is MPLS? Core MPLS, MPLS and the 7 layer model, MPLS protocol, MPLS standard, MPLS runs on routers, MPLS history, Why MPLS? MPLS architecture LSRs, PE and P router roles, FEC, swapping labels, MPLS packet format, Loops, TTL control. Ethernet What is Ethernet? LANs, MANs, WANs, Ethernet and switches in the LAN. Traditional LAN/WAN integration, routers. The Ethernet interface for the WAN. Standards: Transporting carrier Ethernet.

IPv6 training course description IPv6 is the next generation Internet Protocol. This hands-on course looks at the benefits and features of the new protocol along with an assessment of the likely impact of the protocol and migration strategies. Practical exercises using PCs and routers follow the major sessions in order to reinforce the theory. What will you learn Configure PCs and routers for IPv6. Troubleshoot IPv6 networks. Analyse IPv6 packets. Plan migration strategies for IPv6. Integrate IPv6 and IPv4 networks. IPv6 training course details Who will benefit: Anyone working in the field of networking. Prerequisites: TCP/IP Foundation for engineers Duration 3 days IPv6 training course contents Introduction Reasons for IPv6, IPv4 weaknesses, what is IPv6? IPv4 solutions for solving address wastage, the origins of IPv6. hands on IPv6 on a PC, IPv6 on a router. IPv6 addressing IPv6 address allocation, address format, Prefixes but no masks, address categories, scope zones, aggregatable global unicast, link local, Unicast, Multicast, Anycast. Prefix delegation. hands on Link local addresses, manual address configuration, name resolution. Plug and play Plug and play addressing, ICMP neighbour discovery, router solicitation, DHCPv6, stateful autoconfiguration and stateless autoconfiguration. hands on Plug and play addresses and default gateways. The IPv6 header The IPv4 header, IPv6 header format, QoS, flow control, priority field, extension headers, hop by hop, destinations header, fragmentation header, security, IPsec, AH, ESP, TCP and UDP, ICMPv6. hands on IPv6 packet analysis. Migrating to IPv6 Overview, migration, dual stack, IPv4 compatible addresses, DNS, IPv6 DNS issues, AAAA records, IPv6 reverse delegation, DNS transport, protocol translators, NAT-PT, NAPT-PT, NAT64, DNS64, tunnelling, tunnel establishment, tunnel brokers, Tunnel types. hands on Dual stack operation, tunnelling, IPv6 name resolution. IPv6 routing IPv6 routing, RIPng packet format, RIPng for IPv6, OSPF for IPv6, MBGP, multiprotocol routing, MBGP and multicasts, MBGP and IPv6. hands on Base router setup for IPv6, IPv6 static routes, RIPng, OSPFv3. MBGP

Security+ training course description A hands on course aimed at getting delegates successfully through the CompTia Security+ examination. What will you learn Explain general security concepts. Describe the security concepts in communications. Describe how to secure an infrastructure. Recognise the role of cryptography. Describe operational/organisational security. Security+ training course details Who will benefit: Those wishing to pass the Security+ exam. Prerequisites: TCP/IP foundation for engineers Duration 5 days Security+ training course contents General security concepts Non-essential services and protocols. Access control: MAC, DAC, RBAC. Security attacks: DOS, DDOS, back doors, spoofing, man in the middle, replay, hijacking, weak keys, social engineering, mathematical, password guessing, brute force, dictionary, software exploitation. Authentication: Kerberos, CHAP, certificates, usernames/ passwords, tokens, biometrics. Malicious code: Viruses, trojan horses, logic bombs, worms. Auditing, logging, scanning. Communication security Remote access: 802.1x, VPNs, L2TP, PPTP, IPsec, RADIUS, TACACS, SSH. Email: S/MIME, PGP, spam, hoaxes. Internet: SSL, TLS, HTTPS, IM, packet sniffing, privacy, Javascript, ActiveX, buffer overflows, cookies, signed applets, CGI, SMTP relay. LDAP. sftp, anon ftp, file sharing, sniffing, 8.3 names. Wireless: WTLS, 802.11, 802.11x, WEP/WAP. Infrastructure security Firewalls, routers, switches, wireless, modems, RAS, PBX, VPN, IDS, networking monitoring, workstations, servers, mobile devices. Media security: Coax, UTP, STP, fibre. Removable media. Topologies: Security zones, DMZ, Intranet, Extranet, VLANs, NAT, Tunnelling. IDS: Active/ passive, network/host based, honey pots, incident response. Security baselines: Hardening OS/NOS, networks and applications. Cryptography basics Integrity, confidentiality, access control, authentication, non-repudiation. Standards and protocols. Hashing, symmetric, asymmetric. PKI: Certificates, policies, practice statements, revocation, trust models. Key management and certificate lifecycles. Storage: h/w, s/w, private key protection. Escrow, expiration, revocation, suspension, recovery, destruction, key usage. Operational/Organisation security Physical security: Access control, social engineering, environment. Disaster recovery: Backups, secure disaster recovery plans. Business continuity: Utilities, high availability, backups. Security policies: AU, due care, privacy, separation of duties, need to know, password management, SLAs, disposal, destruction, HR policies. Incident response policy. Privilege management: Users, groups, roles, single sign on, centralised/decentralised. Auditing. Forensics: Chain of custody, preserving and collecting evidence. Identifying risks: Assets, risks, threats, vulnerabilities. Role of education/training. Security documentation.

Essential IMS training course description The IP Multimedia Core Network Subsystem (IMS) is defined by 3GPP as a new mobile infrastructure. This course studies the discreet elements in the IMS. What will you learn Describe the IMS. Describe the IMS architecture. Explain how charging, security and QoS is handled in the IMS. Explain how the IMS supports service enablers such as Push to talk and Presence. Essential IMS training course details Who will benefit: Telecommunications staff. Prerequisites: Mobile communications overview Duration 2 days Essential IMS training course contents Mobile communications review The role of IP in telecommunications. GSM to IMS. Enhanced multimedia services, Push To, convergence, conferencing, roaming. What is IMS? What it is, why IMS, standard bodies: 3GPP, IETF, OMA, IMS services. MMD comparison. IMS architecture blocks Overview, IMS functions, IMS interfaces, IMS protocols, IMS elements, IMS reference points. Access network, IMS in GSM, CDMA, WiFi & PSTN networks. Core network. Application, Control and Call planes. HSS - User database Identification. The user database, role of HSS, SLF and multiple HSSs. 'Normal' identities, IMPI, IMPU. IMS signalling: SIP What is SIP? SIP URI, contact address, UAs, Proxies, basic SIP call flow, SIP sessions. IMS other protocols Megaco, Diameter, XML, XCAP, COPS, RTP/RTCP, SDP, H.324M, IM and MSRP. Call/Session Control Call Session Control Functions (CSCF). Domains. Home networks, visited networks. CSCF and SIP. P-CSCF, P-CSCF discovery, P-CSCF functions. I-CSCF, DNS and I-CSCF. S-CSCF, S-CSCF functions, ENUM lookups. QoS. Example call flows. IMS services Open service platform, Application Servers, profiles, AS interface with S-CSCF. 'Normal' services (Caller ID, Call waiting, transfer…) Push to talk Over Cellular (PoC), IMS conferencing, Group management, IMS Presence, IMS Messaging. Other possible applications. Media servers. (MRFC, MRFP). Gateways IMS PSTN procedures, BGCF, PSTN interface. SGW, MGCF, MGW Charging Architecture, Offline, online and flow based charging, charging reference points, CCF, DIAMETER, ICID, IOI. IMS security IMS security architecture, identities, AAA, public and private user ID, service filters, Cx interface, RADIUS, Diameter protocol, 3GPP AKA, integrity, privacy, NDS, IPSEC, trust, assertion.

WANs training course description A concise overview course covering Wide Area Networks with particular emphasis on the WAN options available including the use of the Internet. What will you learn Choose and evaluate WAN technologies. Recognise the role of service providers. Describe the benefits of VPNs. Describe how the Internet can be used as a WAN. Describe the equipment needed to connect LANS to WANS. List the speeds of various WAN technologies. WANs training course details Who will benefit: Anyone, although the course is particularly aimed at non-technical personnel needing some knowledge of WANS. Prerequisites: Network fundamentals Duration 1 day WANs training course contents WANS WAN architecture, Common WAN terms, Core vs access, service providers, relationship with 7 layer model, WAN equipment, how to choose a WAN. Layer 1 Copper, phone lines, fibre, coaxial, satellite, wireless. Cabling to the building, CPE cabling, interfaces. Layer 2 Dial up vs. Dedicated vs. packet switched networks and when to use them. Packet switching vs. circuit switching. Point to point and point to multipoint. Dialup access technologies Modems, ISDN, BRI, PRI. Access with dedicated lines XDSL, leased lines. WAN services X.25, SMDS, Frame Relay, CIR, ATM, Internet, MANS, dark fibre and other services. Case study: Selecting WAN technologies. Service provider technologies MPLS, SDH, WDM, DWDM. Routers Network addressing, default gateways, routing tables, routing protocols. Internet architecture Service providers, ISPs, private peering, public peering, core WANs in the Internet. VPNs Private networks, public networks, What are VPNs?, benefits of VPNs, tunnelling, encryption, IPSec. Case study: Specifying WAN connectivity.

Advanced Junos Security training course description This course provides students with intermediate routing knowledge and configuration examples. The course includes an overview of protocol-independent routing features, load balancing and filter-based forwarding, OSPF, BGP, IP tunneling, and high availability (HA) features. Junos Intermediate Routing (JIR) is an intermediate-level course. What will you learn Demonstrate the understanding of integrated user firewall. Implement next generation Layer 2 security features. Implement virtual routing instances in a security setting. Utilize Junos tools for troubleshooting Junos security implementations. Implement IPS policy. Advanced Junos Security training course details Who will benefit: Individuals responsible for implementing, monitoring, and troubleshooting Junos security components. Prerequisites: Intro to the Junos Operating System Duration 5 days Advanced Junos Security training course contents Junos Layer 2 Packet Handling and Security Features Transparent Mode Security Secure Wire Layer 2 Next Generation Ethernet Switching MACsec Lab 2 Implementing Layer 2 Security Virtualization Virtualization Overview Routing Instances Logical Systems Lab 3 Implementing Junos Virtual Routing AppSecure Theory AppSecure Overview AppID Overview AppID Techniques Application System Cache Custom Application Signatures AppSecure Implementation AppTrack AppFW AppQoS APBR SSL Proxy Lab 4 Implementing AppSecure Working with Log Director Log Director Overview Log Director Components Installing and setting up Log Director Clustering with the Log Concentrator VM Administrating Log Director Lab 5 Deploying Log Director Sky ATP Theory Sky ATP Overview Monitoring Sky ATP Analysis and Detection of Malware Sky ATP Implementation Configuring Sky ATP Installing Sky ATP Analysis and detection of Malware Infected Host Case Study Lab 6 Instructor Led Sky ATP Demo Implementing UTM UTM Overview AntiSpam AntiVirus Content and Web Filtering Lab 7 Implementing UTM Introduction to IPS IPS Overview Network Asset Protection Intrusion Attack Methods Intrusion Prevention Systems IPS Inspection Walkthrough IPS Policy and Configuration SRX IPS Requirements IPS Operation Modes Basic IPS Policy Review IPS Rulebase Operations Lab 8 Implementing Basic IPS Policy SDSN SDSN Overview, Components & Configuration Policy Enforcer Troubleshooting SDSN Use Cases Lab 9 Implementing SDSN Enforcement, Monitoring, and Reporting User Role Firewall and Integrated User Firewall Overview User Role Firewall Implementation Monitoring User Role Firewall Integrated User Firewall Implementation Monitoring Integrated User Firewall Lab 10 Configure User Role Firewall and Integrated User Firewall Troubleshooting Junos Security Troubleshooting Methodology Troubleshooting Tools Identifying IPsec Issues Lab 11 Performing Security Troubleshooting Techniques Appendix A: SRX Series Hardware and Interfaces Branch SRX Platform Overview High End SRX Platform Overview SRX Traffic Flow and Distribution SRX Interfaces

Advanced TCP/IP training course description An intensive advanced TCP/IP course focusing on the details of the protocols according to the RFCs. This course is designed to go into the technical details of the protocols and is not for those that are new to TCP/IP. A particular focus is on TCP and performance. Those more interested in routing protocols should see our Definitive IP routing for engineers course. It is expected that delegates are totally familiar with configuration addressing. Hands on sessions consist of protocol analysis using Wireshark. What will you learn Analyse packets and protocols in detail. Troubleshoot networks using Wireshark. Find performance problems using Wireshark. Perform network forensics. Advanced TCP/IP training course details Who will benefit: Advanced technical staff. Prerequisites: TCP/IP Foundation for engineers Duration 5 days Advanced TCP/IP training course contents IP Fragmentation and MTU issues, Path MTU discovery, Geolocation, unusual IP addresses, forwarding broadcasts, DiffServ, DSCP, ECN, assured and expedited forwarding. TTL usage in traceroute, Protocol field. Sanitising IP addresses in trace files. Wireshark and checksum errors. IPv6 The header. Extension headers. Traffic class and flow labels. Tunnelling. IPv6 and fragmentation. ARP Requests, responses, gratuitous ARP, Proxy ARP, ARP poisoning. ICMP ping, Round Trip Times, ICMP redirect, ICMP router advertisement and solicitation, Time Exceeded, Destination unreachable. ICMPv6: Similarity to ICMPv4, Neighbor discovery and the replacement of ARP. MLD. First hop redundancy ICMP discovery, HSRP, VRRP, GLBP. IGMP Multicast overview, multicast architecture, multicast addresses, IGMP v1, IGMPv2, IGMPv3. UDP Use in broadcasts and multicasts. Port numbers. TCP Connections, RST, FIN, sequence numbering, packet loss recovery, Fast recovery, RTO timeout, SACK, TCP flow control, receive window, congestion window, van Jacobsen, nagle, delayed ACKs, PSH, URG, TCP options, MSS, Window scaling, TCP timestamps. Congestion notification. Hands on Troubleshooting with sequence numbers, Wireshark IO and TCP graphs to analyse performance. Window size issues. DHCP DHCP header. Relationship to BOOTP. Discover, offer, request, decline, ACK, release. Lease, renewal and rebind times. Relay agents. DHCPv6 DNS Names and addresses, Resource Records, queries, responses, problems. MDNS. HTTP Requests, methods, request modifiers, response codes. HTTPS. SSL, TLS. Proxies. Hands on Redirects, recreating pages from packets. FTP Commands, responses, passive/active mode. Email SMTP, POP3, IMAP, commands responses. Voice and Video RTP, RTCP, SIP. IP PBXs. Traffic flows. Hands on Voice playback. SNMP MIBs, GET, TRAP, polling. Performance Baselining, high latency, Wireshark and timings, packet loss, redirections, small packets, congestion, name resolution. Security Network forensics, scanning and discovery, suspect traffic. IPsec, SSH.

Duration 5 Days 30 CPD hours This course is intended for This course is designed for professionals in the following job roles: Network security engineer CCNP Security candidate Channel Partner Overview After taking this course, you should be able to: Introduce site-to-site VPN options available on Cisco router and firewalls Introduce remote access VPN options available on Cisco router and firewalls Review site-to-site and remote access VPN design options Review troubleshooting processes for various VPN options available on Cisco router and firewalls The Implementing Secure Solutions with Virtual Private Networks (SVPN) v1.0 course teaches you how to implement, configure, monitor, and support enterprise Virtual Private Network (VPN) solutions. Through a combination of lessons and hands-on experiences you will acquire the knowledge and skills to deploy and troubleshoot traditional Internet Protocol Security (IPsec), Dynamic Multipoint Virtual Private Network (DMVPN), FlexVPN, and remote access VPN to create secure and encrypted data, remote accessibility, and increased privacy. Course Outline Introducing VPN Technology Fundamentals Implementing Site-to-Site VPN Solutions Implementing Cisco Internetwork Operating System (Cisco IOS©) Site-to-Site FlexVPN Solutions Implement Cisco IOS Group Encrypted Transport (GET) VPN Solutions Implementing Cisco AnyConnect VPNs Implementing Clientless VPNs Lab Outline Explore IPsec Technologies Implement and Verify Cisco IOS Point-to-Point VPN Implement and Verify Cisco Adaptive Security Appliance (ASA) Point-to-Point VPN Implement and Verify Cisco IOS Virtual Tunnel Interface (VTI) VPN Implement and Verify Dynamic Multipoint VPN (DMVPN) Troubleshoot DMVPN Implement and Verify FlexVPN with Smart Defaults Implement and Verify Point-to-Point FlexVPN Implement and Verify Hub and Spoke FlexVPN Implement and Verify Spoke-to-Spoke FlexVPN Troubleshoot Cisco IOS FlexVPN Implement and Verify AnyConnect Transport Layer Security (TLS) VPN on ASA Implement and Verify Advanced Authentication, Authorization, and Accounting (AAA) on Cisco AnyConnect VPN Implement and Verify Clientless VPN on ASA