SIMOS - Implementing Cisco Secure Mobility Solutions v1.0

Cisco Certifications - Security

Sobre o Curso

Implementing Cisco Secure Mobility Solutions (SIMOS) v1.0 é um curso de 5 dias desenhado para engenheiros de segurança de rede visando obter conhecimentos e habilidades para proteger dados atravessando uma infraestrutura pública ou compartilhada tal como a Internet através da implementação e manutenção de soluções de VPN Cisco. Os alunos deste curso ganharão experiência prática (Hands-on) de configuração e troubleshooting de acesso remoto e soluções de VPN site-to-site, usando os dispositivos Cisco ASA e roteadores com Cisco IOS. 

O aluno vai aprender os conceitos de VPN, e os procedimentos e configurações necessárias para disponibilizar soluções para acesso remoto de usuários (Remote Access VPN) e acesso para redes (Site-to-Site VPN), configuradas em roteadores 
Cisco e Cisco ASA Firewall. São abordadas soluções envolvendo os protocolos e arquiteturas IPSEC e SSL VPN.

Após a conclusão deste curso, o aluno será capaz de atender aos seguintes objetivos gerais:
Descrever as várias tecnologias e implantações em VPN, bem como os algoritmos de criptografia e protocolos que fornecem segurança em uma solução de VPN; Implantar e prestar suporte em soluções de VPN Cisco Site-to-Site; Implantar e prestar suporte em soluções de VPN Cisco Site-to-Site; Implantar e prestar suporte em soluções Remote Access VPN SSL na arquitetura Portal (ClientLess); Implantar e prestar suporte em soluções Remote Access VPN SSL e IPSEC utilizando software cliente (Cisco AnyConnect e VPN Client); Implantar e prestar suporte em soluções de acesso VPN utilizando as políticas de segurança fornecidas pelas ferramentas Cisco DAP e Cisco Secure Desktop.

Inscreva-se Agora

Conteúdo Programático

The Role of VPNs in Network Security

  • VPN Definition
  • Key Threats to WANs and Remote Access
  • Cisco Modular Network Architecture and VPNs
  • VPN Types
  • VPN Components
  • Secure Communication and Cryptographic Services
  • Cryptographic Algorithms
  • Cryptography and Confidentiality
  • Cryptography and Integrity
  • Cryptography and Authentication
  • Cryptography and Nonrepudiation
  • Keys in Cryptography
  • Public Key Infrastructure
  • Next-Generation Encryption
  • Dependencies in Cryptographic Services
  • Cryptographic Controls Guidelines

Deploying Secure Site-to-Site Connectivity Solutions

  • Site-to-Site VPN Topologies
  • Site-to-Site VPN Technologies
  • IPsec VPN Overview
  • Internet Key Exchange v1 and v2
  • Encapsulating Security Payload
  • IPsec Virtual Tunnel Interface
  • Dynamic Multipoint VPN
  • Cisco IOS FlexVPN
  • Overview of Point-to-Point IPsec VPNs on the Cisco ASA
  • Configuration Tasks for Basic Point-to-Point Tunnels on the Cisco ASA
  • Enable IKE on an Interface
  • Configure IKE Policy
  • Configure PSKs
  • Choose Transform Set and VPN Peer
  • Choose Traffic for VPN
  • Configuring Site-to-Site VPN with Connection Profiles Menu
  • Verify and Troubleshoot Basic Point-to-Point Tunnels on the Cisco ASA
  • Overview of Cisco IOS VTIs
  • Configure Static VTI Point-to-Point Tunnels
  • Verify Static VTI Point-to-Point Tunnels
  • Configure Dynamic VTI Point-to-Point Tunnels
  • Verify Dynamic VTI Point-to-Point Tunnels
  • Overview of Cisco IOS DMVPN
  • DMVPN Solution Components
  • GRE
  • NHRP
  • DMVPN Operations
  • Types of Authentication
  • Configure DMVPN on Hub
  • Configure DMVPN on Spoke
  • Configure Routing in DMVPN
  • Verify DMVPN

Deploying Cisco IOS Site-to-Site FlexVPN Solutions

  • FlexVPN Overview
  • Public Key Infrastructure (PKI)
  • Site-to-Site VPN Topologies
  • FlexVPN Architecture
  • FlexVPN Configuration Overview
  • FlexVPN Capabilities
  • IKEv2 vs. IKEv1 Overview
  • IKEv2 Message Exchange
  • IKEv2 DoS Prevention
  • IKEv1 and IKEv2 Comparison
  • FlexVPN Use Cases
  • Point-to-Point FlexVPN
  • FlexVPN Configuration Blocks
  • IKEv2 Profile
  • Smart Defaults
  • Manipulating Default Values
  • Negotiating IKEv2 Proposals
  • Point-to-Point VPN Scenario with IPv4 Static Routes
  • Configure and Verify Point-to-Point VPN with IPv4 Static Routes
  • Point-to-Point VPN Scenario with OSPFv3
  • Configure and Verify Point-to-Point VPN with OSPFv3
  • Enroll Devices to ECDSA PKI
  • Configure Router for ECDSA
  • Configure ASA for ECDSA
  • Verify EC Key Pairs and Certificates
  • Verify IKEv2 SA
  • Verify IPsec SA
  • Verify Point-to-Point FlexVPN (just flowchart and important show/debug command output)
  • Cisco IOS FlexVPN
  • IKEv2 Configuration Payload
  • Locally Managed Hub-and-Spoke Scenario
  • Configure a Spoke in a Hub-and-Spoke Scenario
  • Configure a Hub in a Hub-and-Spoke Scenario
  • Configuration Exchange
  • Verify and Troubleshoot Hub-and-Spoke FlexVPN
  • Spoke-to-Spoke Shortcut Scenario
  • NHRP in FlexVPN
  • Configure and Verify a Spoke in a Spoke-to-Spoke Shortcut Scenario
  • Configure and Verify a Hub in a Spoke-to-Spoke Shortcut Scenario
  • RADIUS-Managed FlexVPN Scenario
  • Verify Spoke-to-Spoke Shortcut Switching
  • Troubleshoot Spoke-to-Spoke Shortcut Switching (just flowchart and important show/debug command output)

Deploying SSL VPNs

  • SSL VPN Components
  • SSL/TLS
  • Overview of group policies and connection profiles
  • Basic Cisco Clientless SSL VPN
  • Solution Components
  • Configure ASA gateway
  • Configure basic authentication
  • Configure access control (including URL entry and bookmarks)
  • Verify basic clientless SSL VPN
  • Troubleshoot basic clientless SSL VPN
  • Deploying Application Access options (plug-ins, smart tunnels)
  • Configure and verify plugins
  • Configure and verify smart tunnels
  • Troubleshoot plugins and smart tunnel
  • Advanced Authentication in Cisco Clientless SSL VPN Solution Components
  • Configure and verify Certificate based Authentication
  • Configure and Verify External Authentication
  • Troubleshoot Advanced Authentication in Clientless SSL VPN

Deploying Cisco AnyConnect VPNs

  • IP Address assignment
  • Split Tunneling
  • Basic Cisco AnyConnect SSL VPN
  • Solution Components
  • SSL VPN Server Authentication
  • SSL VPN Clients Authentication
  • SSL VPN Clients IP Address Assignment
  • SSL VPN Split Tunneling
  • Configure ASA for Basic AnyConnect SSL VPN
  • Configure Basic Cisco Authentication
  • Configure Access Control
  • Verify and Troubleshoot Basic Cisco AnyConnect SSL VPN
  • DTLS Overview
  • Parallel DTLS and TLS Tunnels
  • Configure DTLS
  • Verify DTLS
  • Cisco AnyConnect Client Configuration Management
  • Cisco AnyConnect Client Operating System Integration Options
  • Cisco AnyConnect Start Before Logon
  • Cisco AnyConnect Trusted Network Detection
  • Configure, Verify, and Troubleshoot Cisco AnyConnect Start Before Logon and Cisco AnyConnect Trusted Network Detection
  • AnyConnect Support for IPSec/IKEv2
  • Configure a Cisco AnyConnect IPsec/IKEv2 VPNs on a Cisco ASA Adaptive Security Appliance
  • Verify and Troubleshoot Cisco AnyConnect IPsec/IKEv2 VPNs on Cisco ASA
  • Cisco AnyConnect Advanced Authentication Scenarios
  • External Authentication
  • Certificate-Based Server Authentication
  • Configure and Verify Certificate-Based Client Authentication
  • SCEP Proxy Overview
  • SCEP Proxy Connection Flow
  • SCEP Proxy Configuration Procedure
  • Configure SCEP Proxy
  • Verify SCEP Proxy
  • Local Authorization Overview
  • Local Authorization Scenario
  • Local Authorization Configuration Procedure
  • Configure Local Authorization
  • External Authentication and Authorization Scenario
  • Configure External Authentication and Authorization
  • Troubleshoot Advanced Authentication and Authorization in Cisco AnyConnect VPNs
  • Accounting

Endpoint Security and Dynamic Access Policies

  • Cisco HostScan Overview
  • Cisco HostScan Prelogin Assessment
  • Install Cisco HostScan
  • Configure Prelogin Criteria and Prelogin Policy
  • Configure Host Scan Endpoint Assessment
  • Configure Host Scan Advanced Endpoint Assessment
  • DAP Overview
  • Integrating DAP with Host Scan
  • Configuring DAP
  • Verifying and Troubleshooting DAP

Training Methods

  • Lecture,  Hands-on exercise
Inscreva-se Agora

Pré-Requisitos

Pré-Requisitos

  • Conhecimentos básicos de PC e sistemas operacionais Microsoft Windows.
  • Conhecimento básico de tecnologias de rede dados.
  • Conhecimentos intermediários de segurança de rede.
  • Certificação CCNA Security ou conhecimento equivalente.
  • Ter participado no curso IINS ou possuir conhecimentos equivalentes em segurança abrangido pelo curso.

Público Alvo

Público Alvo

  • Este curso é destinado a candidatos à certificação CCNP Security (Cisco Certified Network Professional Security).
  • Parceiros, Canais de revenda e Clientes Cisco interessados em Segurança de Rede.
  • Administradores de rede, engenheiros, desenhadores de infraestrutura e sistemas de segurança da informação, System Engineers, Consulting systems engineers e Technical solutions architects.

 

 

Carga Horária

Carga Horária

  • Presencial
  • 40 horas

Turmas

Turmas

  • Semanal: 5 dias (seg a sex) das 9hs às 18hs.

Em Breve! Está interessado?

Avisaremos quando uma nova turma estiver disponível!

Receba nossas
novidades por e-mail!

© 4Bios

by nerit