Год выпуска: 04/26/2011
Производитель: CBT Nuggets
Сайт производителя: http://www.cbtnuggets.com
Автор: Michael J. Shannon
Продолжительность: 11 hrs
Тип раздаваемого материала: Видеоурок
Описание:Take your first big step towards CCNP Security certification by passing Cisco's 642-637 exam. You'll be advancing your security knowledge and career, upping your odds for scoring a promotion and building your clout within any IT team.
Introduction to SECURE - 12:09
This introductory nugget to the CCNP Security 642-637 SECURE series covers an exam and certification overview, exam objectives, and best practices for the getting the most out of this SECURE CBT Nugget.
NFP Controls - 34:42
This first "official" nugget covers the infrastructure and implementation of Network Foundation Protection (NFP) controls, the network functionality planes (data, control, management), the NFP deployment model, and the availability of NFP controls.
Private VLANs and PVLAN Edge - 39:27
Here we explore OSI layer 2 security for VLANs. First, we look at layer 2 attacks and countermeasures; then Private VLANs are explained; PVLAN is configured on a 3750 multilayer switch; and PVLAN Edge is discussed as well.
Additional Advanced Switched Data Plane Controls - 47:15
In this continuation of the previous nugget, you will learn about DHCP control, ARP control, source IP address control, and finish up with an introduction to Identity-Based Networking Services (IBNS) - otherwise known as 802.1X.
802.1X Configuration on ACS for Windows 4.2 - 42:29
This module contains the following topics: a continuing discussion of Cisco IBNS; configuring an 802.1X authenticator; configuring ACS 4.2 for EAP-FAST; and configuring a Cisco SSC supplicant.
Advanced Routed Data Plane Security - 43:27
These are topics that are particularly relevant to the Service Provider but are also valuable for the enterprise organization. Data plane security countermeasures are explored here including Unicast Reverse Path-Forwarding (uRPF), Flexible Packet Matching (FPM), and IOS NetFlow.
Routed Control Plane Security: iACLs and CPPR
This may be one of the most important nuggets in the series, from a real-world as well as testing standpoint. You will learn all about the meaning of control planes on routers, how to deploy infrastructure ACLs, Control Plane Policing (CoPP), and the new Control Plane Protection (CPPr) feature on a 2921 ISR G2 running IOS 15.
Routed Control Plane Security: Routing Protocol Authentication - 25:15
This nugget continues the exploration of control plane protection as you configure routing protocol authentication for RIPv2, EIGRP, OSPF, and BGP.
Management Plane Security - 27:11
This module covers the following topics: understanding the management plane; iACLs for management access; control plane protection for management; using IOS MPP; Role-Based CLI access control; and SNMP security.
Basic Zone-Based Policy Firewall - 33:07
This nugget takes up where the IINS nugget left off with the new router firewall paradigm known as Zone-Based Policy Firewall which somewhat replaces and enhances elaborate ACLs and CBAC configurations on ISR G1 and G2 routers.
Advanced Zone-Based Policy Firewall - 26:19
Here is part two of ZPF where we learn application-layer filtering (advanced protocol filtering), URL filtering, and User-Based Firewalling features.
Deploying Software IOS IPS - 48:38
Here is a very heavily tested area of 642-637: the IOS Intrusion Prevention feature of the ISR. You will learn how to prepare the ISR, configure IPS policies, tune the IOS IPS, perform event monitoring, and troubleshoot IOS IPS. This nugget is also an excellent precursor to the CCNP Security IPS exam.
Overview of Site-to-Site VPN Technologies - 27:25
Welcome to the first of 8 - count them - 8 CCNP Security SECURE nuggets on VPN technologies. In lucky number 13, we summarize VPN WAN topologies, VPN WAN technology, IPSec VPN technology, and cryptographic mechanisms.
VTI-Based Site-to-Site VPNs - 32:03
Here we first answer the age-old...ok...very recent question: "What is a VTI?". You will learn how to configure IKE peering with PSK, static P2P VTI tunnels, and dynamic P2P VTI tunnels.
Scalable VPN Authentication - 43:22
What does the term "scalable authentication" mean exactly? Well, three letters: PKI. In this vital nugget you will deploy a certificate server for the purposes of a VPN headend solutions. You will also learn how to configure the PKI client and configure a PKI-Based Site-to-Site VPN.
Dynamic Multipoint VPNs - 46:34
If I could produce a commercial for this one, the tagline would say: "Stay Scalable My Friends". We will look at a newer - very flexible - robust solution for point-to-point, partial-mesh, and even full-mesh overlay VPN solutions with Cisco DMVPN. Some of the keywords for this nugget are: Multipoint GRE, NHRP, NHS, and DMVPN Hub and DMVPN Spoke. We will also explore dynamic routing and high-availability for DMVPN.
GET VPN - 40:02
No this isn't an advertisement from Cisco telling you to "Get" a VPN. This is Group Encrypted Transport VPN which is in fact a highly scalable, any-to-any, tunnel-less security solution. We will get an understanding of this extension to IPSec ISAKMP; then we will configure a key server, configure a group member, and take a peek at GET VPN high-availability.
Cisco SSL VPN - 43:28
Here is the "artist formerly known as WebVPN" in some of its glory. You will learn how to configure an SSL VPN gateway on a 2921 ISR G2. You will configure basic user authentication along with full-tunneling and clientless access to the SSL VPN gateway.
Cisco Easy VPN Server - 34:19
This nugget includes an overview of Easy VPN, an important configuration of a dynamic VTI-based Easy VPN Server solution, and the steps to verify your implementation.
Cisco Easy VPN Client and Remote - 24:58
The final nugget in the Cisco CCNP Security SECURE series explores the client and remote side of the Easy VPN deployment.
Аудио: Microsoft PCM, 22.050 kHz, ~350 kbps avg, 1 ch