Pierce College - Course CNE 238

Designing Security for a Network

5 Credits
Instructor:
Office Hours:
E-mail Address:

Ciaran Bloomer

Web Site:

www.netacad.com

Course Delivery
Site:

This course is delivered through the NetSpace learning management system, which is the
online learning and collaboration environment provided by the Cisco Networking
Academy. It is based on Canvas, so its structure should be familiar to you.

cbloomer@pierce.ctc.edu
Netspace learning management system web site

As soon as your instructor has enrolled you in the CCNA Security class on NetSpace, you
will receive an email from the Networking Academy Team (from: noreply@netacad.com),
at your Pierce College email address. The email will give you the URL link, username and
password to allow you to login to Netspace, where you may access the online course
materials.
Overview:

This course provides an introduction to the core security concepts and skills needed for the
installation, troubleshooting, and monitoring of network devices to maintain the integrity,
confidentiality, and availability of data and devices.
This course prepares students to take Ciscos 640-554 Implementing Cisco IOS Network
Security (IINS) exam that is associated with the CCNA Security certification.

Objectives:

Upon successful completion of this course you will be able to:

Grading:

Describe security threats facing modern network infrastructures

Secure network device access
Implement AAA on network devices
Mitigate threats to networks using ACLs
Implement secure network management and reporting
Mitigate common Layer 2 attacks
Implement the Cisco IOS firewall feature set
Implement an adaptive security appliance (ASA)
Implement the Cisco IOS Intrusion Prevention System (IPS) feature set
Implement site-to-site IP Sec VPNs
Administer effective security policies

To be decided

CNE 238 Designing Security for a Network

Course Outline
Assignments:

Lab assignments:
1.

There are sixteen lab assignments to be performed, in class, on the CNE

departments routers, switches and ASA devices.

2.

There are ten Packet Tracer lab assignments to be performed. These

assignments may be performed, in class, on the CNE departments
computers or on your own Windows or Linux machine with Packet Tracer
installed.

The 26 lab sheets are embedded in the online course materials and are also
available on computers in the CNE lab. Email your completed lab worksheet
for each lab to the instructor no later than Friday June 5, 2015.
Chapter Quizzes (known in Netspace as Chapter Exams):
Chapter quizzes are taken online at the Netspace web site. They are found by
clicking on Assignments in the navigation bar down the left side of the home
page on Netspace. Note that the chapter quizzes are referred to as Chapter
Exams in Netspace. Do not confuse them with the Practice Quizzes that are
found by clicking on Quizzes in the navigation bar. It would be beneficial for
you to try the Practice Quizzes before doing the Chapter Exams. The Practice
Quizzes do not contribute to your final grade. The Chapter Exams do contribute
to your final grade. The Chapter Exams must be completed no later than Friday
June 5, 2015.
Book:

Title:
Author:
Publisher:
ISBN 13:
Date:
Required:

CCNA Security 640-554 Official Cert Guide

Keith Barker
Cisco Press
978-1587204463
2012
Yes

Access and Disability Services

Students with disabilities who believe they may need academic adjustments, auxiliary aids or
services to fully participate in course activities or meet course requirements are encouraged to
register with the Access and Disability Services (ADS) Office. Students requesting accommodations
must obtain the "Approved Quarterly Academic Adjustments, Auxiliary Aids or Services Green
Form" provided by ADS.
For more information contact one of the ADS Office Fort Steilacoom/JBLM, Cascade Building,
Welcome Center, 253-964-6526/6527 or Puyallup, Gaspard Building, Room A106, 253-8408335/3301.

CNE 238 Designing Security for a Network

Course Outline

Week
1

Date
Tue Mar 31

Activity
Chapter 1: Modern Network Security Threats
1.1 Fundamental Principles of a Secure Network
1.2 Viruses, Worms, and Trojan horses
1.3 Attack Methodologies
1.4 Cisco Network Foundation Protection Framework

Labs and Chapter Quizzes

1.5.1.1 Lab - Researching Network Attacks and Security Audit Tools

Thur Apr 2

Chapter 2: Securing Network Devices

2.1 Securing Device Access
2.2 Assigning Administrative Roles
2.3 Monitoring and Managing Devices
2.4 Using Automated Security Features

2.5.1.1 Lab - Securing the Router for Administrative Access

2.5.1.2 Packet Tracer - Configure Cisco Routers for Syslog, NTP, and SSH
Operations

Tue Apr 7

Chapter 3: Authentication, Authorization, and

Accounting
3.1 Purpose of AAA
3.2 Local AAA Authentication
3.3 Server-Based AAA
3.4 Server-Based AAA Authentication
3.5 Server-Based AAA Authorization and Accounting

3.6.1.1 Lab - Securing Administrative Access Using AAA and RADIUS

3.6.1.2 Packet Tracer - Configure AAA Authentication on Cisco Routers

Thur Apr 9

Complete chapter 3

Complete chapter 3 labs

Tue Apr 14

Chapter 4: Implementing Firewall Technologies

4.1 Access Control Lists
4.2 Firewall Technologies
4.3 Zone-Based Policy Firewall

4.4.1.1 Lab - Configuring Zone-Based Policy Firewalls

4.4.1.2 Packet Tracer - Configure IP ACLs to Mitigate Attacks
4.4.1.3 Packet Tracer - Configuring a Zone-Based Policy Firewall (ZPF)

Thur Apr 16

Complete chapter 4

Complete chapter 4 labs

Tue Apr 21

Chapter 5: Implementing Intrusion Prevention

5.1 IPS Technologies
5.2 IPS Signatures
5.3 Implement IPS
5.4 Verify and Monitor IPS

5.5.1.1 Lab - Configuring an Intrusion Prevention System (IPS) Using the

CLI and CCP
5.5.1.2 Packet Tracer - Configure IOS Intrusion Prevention System (IPS)
using CLI

Thur Apr 23

Complete chapter 5

Complete chapter 5 labs

Tue Apr 28

Chapter 6: Securing the Local Area Network

6.1 Endpoint Security
6.2 Layer 2 Security Considerations

6.5.1.1 Lab - Securing Layer 2 Switches

6.5.1.2 Packet Tracer - Layer 2 Security
6.5.1.3 Packet Tracer - Layer 2 VLAN Security

CNE 238 Designing Security for a Network

Course Outline

Week

Date

Activity
6.3 Configuring Layer 2 Security
6.4 Wireless, VoIP, and SAN Security

Labs and Chapter Quizzes

Thur April 30

Complete chapter 6

Complete chapter 6 labs

Tue May 5

Chapter 7: Cryptographic Systems

7.1 Cryptographic Services
7.2 Basic Integrity and Authenticity
7.3 Confidentiality
7.4 Public Key Cryptography

7.5.1.1 Lab - Exploring Encryption Methods

Thur May 7

Complete chapter 7

Complete chapter 7 labs

Tue May 12

Chapter 8: Implementing Virtual Private Networks

8.1 VPNs
8.2 GRE VPNs
8.3 IPSec VPN Components and Operation
8.4 Implementing Site-to-Site IPSec VPNs with CLI
8.5 Implementing Site-to-Site IPSec VPNs with CCP
8.6 Implementing Remote-Access VPNs

8.7.1.1 Lab - Configuring a Site-to-Site VPN Using Cisco IOS and CCP
8.7.1.2 Lab - Configuring a Remote Access VPN Server and Client
8.7.1.3 Lab - (Optional) Configuring a Remote Access VPN Server and Client
8.7.1.4 Packet Tracer - Configure and Verify a Site-to-Site IPsec VPN using
CLI

Thur May 14

Complete chapter 8

Complete chapter 8 labs

Tue May 19

Chapter 9: Implementing the Cisco Adaptive Security

Appliance (ASA)
9.1 Introduction to the ASA
9.2 ASA Firewall Configuration
9.3 ASA VPN Configuration

9.4.1.1 Lab - Configuring ASA Basic Settings and Firewall Using CLI
9.4.1.2 Lab - Configuring ASA Basic Settings and Firewall Using ASDM
9.4.1.3 Lab - Configuring Clientless and AnyConnect Remote Access SSL
VPNs Using ASDM
9.4.1.4 Lab - Configuring a Site-to-Site IPsec VPN Using CCP and ASDM
9.4.1.5 Packet Tracer - Configuring ASA Basic Settings and Firewall Using
CLI

Thur May 21

Complete chapter 9

Complete chapter 9 labs

Tue May 26

Day After Memorial Day, Labs etc

Thur May 28

Chapter 10: Managing a Secure Network

10.1 Principles of Secure Network Design
10.2 Security Architecture
10.3 Operations Security

CNE 238 Designing Security for a Network

10.8.1.1 Lab - CCNA Security Comprehensive Lab

10.8.1.2 Packet Tracer - Skills Integration Challenge

Course Outline

Week

10

Date

Tue Jun 2

Activity
10.4 Network Security Testing
10.5 Business Continuity Planning and Disaster Recovery
10.6 System Development Life Cycle
10.7 Developing a Comprehensive Security Policy
Complete chapter 10

Labs and Chapter Quizzes

Complete chapter 10 labs

Thur Jun 4
11

Tue Jun 9
Thur June 11

Final Exam

Ciaran Bloomer
March 2015

CNE 238 Designing Security for a Network