Course Details

Previous Page


SENSS 1.0: Deploying Cisco IOS Control and Management Plane Security Controls


Overview/Description
Target Audience
Prerequisites
Expected Duration
Lesson Objectives
Course Number



Overview/Description
The control plane in an OSI Layer 3 device provides traffic-routing functions by building the device routing and forwarding tables, and often involves cooperation with nearby devices using dynamic routing protocols. These interactions must be controlled by authenticating the associations between devices, discarding malicious routing information, and protecting the resources of each device against excessive use. In this course you will examine various defenses in Cisco IOS Software that protect the control plane. You will also learn strategies for protecting routing protocols using routing protocol authentication and filtering. The management plane performs all of the management functions for a device and coordinates functions between the control and data planes making the management plane a prime target for attacks. This course introduces you to some strategies to protect the management plane by limiting access to it and to its individual. Similarly as Cisco IOS Software devices, you can access the Cisco adaptive security appliance 5500-X management interface locally, using the console connection, or you can access it remotely over an IP network. Configuring remote management access in a secure fashion is of paramount importance to ensure the integrity of the adaptive security appliance in a possibly hostile environment, such as when management paths use an untrusted network. Last you will learn how to configure remote management access to the adaptive security appliance, and how to configure and use management access AAA features.

Target Audience
Anyone wishing to obtain the Implementing Cisco Edge Network Security Solutions (SENSS) v1.0 certification; one of four designed for the CCNP Security track from Cisco. Knowledge of Cisco Certified Network Associate (CCNA) certification is required and knowledge of Cisco Certified Network Associate (CCNA) Security certification and Knowledge of Microsoft Windows Operating System are helpful. Note: Candidates who have a valid CCNA Routing and Switching certification AND have passed either Securing Cisco Network Devices exams 642-551 or 642-552 can act as a prerequisite valid only through December 31, 2014.

Prerequisites
None

Expected Duration (hours)
2.4

Lesson Objectives

SENSS 1.0: Deploying Cisco IOS Control and Management Plane Security Controls

  • start the course
  • describe characteristics of control plane security attacks
  • identify the role of infrastructure ACLs
  • describe characteristics of control plane policing
  • describe characteristics of control plane protection
  • identify the tasks involved in configuring control plane protection
  • identify how the routing protocol authentication can be used as a control plane countermeasure
  • identify how the routing protocol filtering can be used as a control plane countermeasure
  • describe characteristics of the management plane and its security controls
  • identify methods used to secure management access to Cisco IOS devices
  • identify the benefits of using management plane access control features
  • describe secure management protocols
  • identify the Cisco IOS commands involved in configuring Secure Management Access
  • match the SNMP security levels to the authentication events that happen at each level
  • identify the tasks involved in configuring SNMPv3 on Cisco IOS devices
  • describe characteristics of management access AAA
  • sequence the tasks in configuring management access AAA on the Cisco IOS software
  • match the commands used in configuring management access AAA on the Cisco IOS software to their function
  • identify how management access to Cisco adaptive security appliance devices can be secured
  • sequence the tasks in configuring secure management access on the Cisco adaptive security appliance
  • describe how SSH can be configured to provide remote management of the Cisco ASA
  • configure administrative access to the ASA using a username and password as an authentication method
  • sequence the steps to enable local authentication on the ASA for SSH and HTTPS
  • describe how to configure the ASA to allow the SNMP clients to poll or to receive traps from the ASA
  • describe how to granularly control management access to the ASA using management access AAA
  • sequence the tasks to configure Cisco ASA management access AAA
  • configure external authentication for management access
  • enable exec and command authorization using a TACACS+ server
  • enable the remote AAA accounting feature on the Cisco ASA
  • verify a Cisco ASA management access AAA configuration
  • configure control and management plane security controls in a given scenario
  • Course Number:
    cc_sens_a02_it_enus