LernIX Solutions

Course Overview

This three-day course discusses the configuration of Juniper Networks JSA Series Secure Analytics (formerly known as Security Threat Response Manager [STRM]) in a typical network environment.

Key topics include deploying a JSA Series device in the network, configuring flows, running reports, and troubleshooting.

Through demonstrations and hands-on labs, students will gain experience in configuring, testing, and troubleshooting the JSA Series device.

This course uses the Juniper Networks Secure Analytics (JSA) VM virtual appliance for the hands-on component.

This course is based on JSA software 2014.2R4.

Implementing Juniper Networks Secure Analytics is an introductory level course

Related Juniper Product:

• Network Management

• JSA Series

• STRM Series

• Instructor-Led Training

Course Objectives

• Describe the JSA system and its basic functionality

• Describe the hardware used with the JSA system

• Identify the technology behind the JSA system.

• Identify the JSA system’s primary design divisions—display versus detection,and events versus traffic.

• Plan and prepare for a new installation.

• Access the administration console.

• Configure the network hierarchy.

• Configure the automatic update process.

• Access the Deployment Editor.

• Describe the JSA system’s internal processes.

• Describe event and flow source configuration.

• List key features of the JSA architecture.

• Describe the JSA system’s processing logic.

• Interpret the correlation of flow and event data.

• List the architectural component that provides each key function.

• Describe Events and explain where they come from.

• Access the Log Activity interface.

• Describe flows and their origin.

• Configure the Network Activity interface.

• Execute Flow searches.

• Specify the JSA system’s Asset Management and Vulnerability Assessment functionality.

• Access the Assets interface.

• View Asset Profile data.

• View Server Discovery.

• Access the Vulnerability Assessment Scan Manager to produce vulnerability assessments (VAs).

• Access vulnerability scanner configuration.

• View vulnerability profiles.

• Describe rules.

• Configure rules.

• Configure Building Blocks (BBs).

• Explain how rules and flows work together.

• Access the Offense Manager interface.

• Understand Offense types.

• Configure Offense actions.

• Navigate the Offense interface.

• Explain the Offense summary screen.

• Search Offenses.

• Use the JSA system’s Reporting functionality to produce graphs and reports.

• Navigate the Reporting interface.

• Configure Report Groups.

• Demonstrate Report Branding.

• View Report formats.

• Identify the basic information on maintaining and troubleshooting the JSA system.

• Navigate the JSA dashboard.

• List flow and event troubleshooting steps.

• Access the Event Mapping Tool.

• Configure Event Collection for Junos devices.

• Configure Flow Collection for Junos devices.

• Explain high availability (HA) functionality on a JSA device.

Course Content

Day 1

Course Introduction

Product Overview

• Overview of the JSA Series Device

• Hardware

• Collection

• Operational Flow

Initial Configuration

• A New Installation

• Administration Console

• Platform Configuration

• Deployment Editor

LAB 1: Initial Configuration

Architecture

• Processing Log Activity

• Processing Network Activity

• JSA Deployment Options

Log Activity

• Log Activity Overview

• Configuring Log Activity

LAB 2: Log Activity

Day 2

Network Activity

• Network Activity Overview

• Configuring Network Activity

LAB 3: Network Activity

Assets and Vulnerability Assessment

• Asset Interface

• Vulnerability Assessment

• Vulnerability Scanners

LAB 4: Assets and Vulnerability Assessment

Rules

• Rules

• Configure Rules and Building Blocks

LAB 5: Rules

Offense Manager

• Offense Manager

• Offense Manager Configuration

• Offense Investigation

LAB 6: Configure the Offense Manager

Day 3

JSA Reporting

• Reporting Functionality

• Reporting Interface

LAB 7: Reporting

Configuring Junos Devices for Use with JSA

• Collecting Junos Events

• Collecting Junos Flows

LAB 8: Configuring Junos Devices for JSA

Basic Tuning and Troubleshooting

• Basic Tuning

• Troubleshooting

Appendix A: High Availability

• High Availability

• Configuring High Availability

Course Overview

The Implementing Cisco SD-WAN Security and Cloud Solutions (SDWSCS) course is an advanced training course focused on Cisco SD-WAN security and cloud services. Through a series of labs and lectures you will learn about on-box security services, including application aware enterprise firewall, intrusion prevention, URL filtering, malware protection, and TLS or SSL decryption. Cloud integration with multiple cloud services providers and multiple use-cases is also covered.

The labs will allow you to configure and deploy local security services and cloud security services with the Cisco Umbrella Secure Internet Gateway (SIG), as well as integrate the Cisco SD-WAN fabric with a cloud service provider using the Cisco vManage automated workflows.

Course Objectives

After completing this course, you should be able to:

Describe Cisco SD-WAN security functions and deployment options
Understand how to deploy on-premises threat prevention
Describe content filtering options
Implement secure Direct Internet Access (DIA)
Explain and implement service chaining
Explore Secure Access Service Edge (SASE) and identify use cases
Describe Umbrella Secure Internet Gateway (SIG) and deployment options
Implement Cisco Umbrella SIG and DNS policies
Explore and implement Cloud Access Security Broker (CASB) and identify use cases (including Microsoft 365)
Discover how to use Cisco ThousandEyes to monitor cloud services
Configure Cisco ThousandEyes to monitor Microsoft 365 applications
Examine how to protect and optimize access to the software as a service (SaaS) application with Cisco SD-WAN Cloud OnRamp
Discover and deploy Cloud OnRamp for multi-cloud, including interconnect and collocation use cases
Examine Cisco SD-WAN monitoring capabilities and features with vManage and vAnalytics.

Course Content

Introducing Cisco SD-WAN Security

Deploying On-Premises Threat Prevention

Examining Content Filtering

Exploring Cisco SD-WAN Dedicated Security Options

Examining SASE

Exploring Cisco Umbrella SIG

Securing Cloud Applications with Cisco Umbrella SIG

Exploring Cisco SD-Wan ThousandEyes

Optimizing SaaS Applications

Connecting Cisco SD-WAN to Public Cloud

Examining Cloud Interconnect Solutions

Exploring Cisco Cloud OnRamp for Colocation

Monitoring Cisco SD-WAN Cloud and Security Solutions

Course Overview

The Implementing Aruba Network Security course covers intermediate security concepts and prepares candidates to take the exam to achieve Aruba Certified Networking Security Professional (ACNSP) certification. This course helps admins use the Aruba portfolio to implement Zero Trust Security (ZTS) and protect their networks from threats. It explains how to configure Aruba network infrastructure and ClearPass solutions to authenticate and control both wired and wireless users, as well as remote users on a client-to-site VPN. The course further explains how to collect a variety of contextual information on ClearPass Policy Manager (CPPM) and implement advanced role mapping and enforcement policies. The course also covers using ClearPass Device Insight to enhance visibility. Learners will learn how to set up features such as the ArubaOS-CX Network Analytics Engine (NAE), Aruba Wireless Intrusion Detection System/Intrusion Prevention System (WIDS/WIPS), and Aruba gateway IDS/IPS, as well as how to investigate alerts.

Course Objectives

After you successfully complete this course, expect to be able to:

1. Protect and Defend

Define security terminologies
- PKI
- Zero Trust Security
- WIPS & WIDS

Harden devices
- Securing network infrastructure
- Securing L2 & L3 protocols
Secure a WLAN
- Deploy AAA with CPPM
Secure a wired LAN
- Deploy AAA with CPPM
- Deploy 802.1x
- Deploy certificate based authentication for users & devices
Secure the WAN
- Understand Aruba’s SD-Branch for automating VPN deployment
- Design and deploy VPN with Aruba’s VIA client
Classify endpoints
- Deploy endpoint classification to devices
- Integrate ClearPass and CPDI

2. Analyze

Threat detection
- Investigate Central alerts
- Interpret packet captures Evaluate endpoint postures
Troubleshooting
- Deploy and analyze results from NAE scripts
Endpoint classification
- Analyze endpoint classification data to identify risks
- Analyze endpoint classification data on CPDI

3. Investigate

Forensics
- Explain CPDI capabilities of showing network conversations on supported Aruba devices

Course Content

Aruba Security Strategy & ClearPass Fundamentals

Explain Aruba Zero Trust Security
Explain how Aruba solutions apply to different security vectors

Deploy Trusted Certificates to Aruba Solutions

Describe PKI dependencies
Set up appropriate certificates & trusted root CAs on CPPM

Implement Certificate-Based 802.1x

Deploy AAA for WLANs with ClearPass Policy Manager (CPPM)
Deploy certificate based authentication for users and devices

Implement Advanced Policies one the Role-Based ArubaOS Firewall

Deploy AAA for WLANs with ClearPass Policy Manager (CPPM)
Define and apply advanced firewall policies

Evaluate Endpoint Posture

Evaluate different endpoint postures

Implement a Trusted Network Infrastructure

Set up secure authentication and authorization of network infrastructure managers, including,

Advanced TACACS+ authorization
Multi-factor authentication
Secure L2 and L3 protocols, as well as other protocols such as SFTP

Implement 802.1X and Role-Based Access Control on AOS-CX

Deploy AAA for wired devices using ClearPass Policy Manager (CPPM), including local and downloadable roles
Explain Dynamic Segmentation, including its benefits and use cases
Deploy Dynamic Segmentation using VLAN steering
Configure 802.1X authentication for APs

Implement Dynamic Segmentation on AOS-CX Switches

Explain Dynamic Segmentation, including its benefits and use cases
Deploy Dynamic Segmentation, including:

User-based tunneling (UBT)
Virtual network-based tunneling (VNBT)

Monitor with Network Analytics Engine (NAE)

Deploy and use Network Analytics
Engine (NAE) agents for monitoring

Implement WIDS/WIPS

Explain the Aruba WIPS and WIDS technology
Configure AP rogue detection and mitigation

Use CPPM and Third-Party Integration to Mitigate Threats

Describe log types and levels and use the CPPM Ingress Event Engine to integrate with third-party logging solutions
Set up integration between the Aruba infrastructure and CPPM, allowing CPPM

Implement Device Profiling with CPPM

Explain benefits and methods of endpoint classification on CPPM, including active and passive methods
Deploy and apply endpoint classification to devices
Analyze endpoint classification data on CPPM to identify risks

Introduction to ClearPass Device Insight

Define ClearPass Device Insight (CPDI)
Analyze endpoint classification data on CPDI

Deploy ClearPass Device Insight Define and deploy

ClearPass Device Insight (CPDI)
Analyze endpoint classification data on CPDI

Integrate CPDI with CPPM

Integrate ClearPass Policy Manager (CPPM) and ClearPass Device Insight (CPDI)
Mitigate threats by using CPDI to identify traffic flows and apply tags and CPPM to take actions based on tags

Use Packet Captures To Investigate Security Issues

Perform packet capture on Aruba infrastructure locally and using Central
Interpret packet captures

Establish a Secure Remote Access

Explain VPN concepts
Understand that Aruba SD-WAN solutions automate VPN deployment for the WAN
Describe the Aruba 9×00 Series Gateways
Design and deploy remote VPNs using Aruba VIA

Configure Aruba Gateway IDS/IPS

Describe the Aruba 9×00 Series Gateways
Define and apply UTM policies

Use Central Alerts to Investigate Security Issues

Investigate Central alerts
Recommend action based on the analysis of Central alerts

Course Overview

The Implementing and Troubleshooting Networks Using Cisco ThousandEyes (ENTEIT) course is designed to introduce you to Cisco® ThousandEyes. Through a combination of lectures and hands-on experience, you will learn to install and configure the Cisco ThousandEyes agents with different test types and perform root cause analysis when troubleshooting.

This course will help you:

Course Objectives

After completing this course, you should be able to:

Describe the Cisco ThousandEyes solution and its high-level use cases
Identify different types of ThousandEyes agents and supported tests
Describe different Enterprise Agent deployment options, requirements, and procedures for agent deployment
Describe different ThousandEyes test types
Compare Thousand Eyes web layer tests
Describe the role of an Endpoint Agent
Deploy and Configure an Endpoint Agent
Utilize ThousandEyes when performing the root cause analysis
Discuss the challenges that ThousandEyes Internet Insights can address
Describe the role and configuration of default and custom alerts
Distinguish between usability of dashboards and reports
Utilize ThousandEyes to monitor solutions end-to-end
Describe how to perform system administration

Course Content

Introducing Cisco ThousandEyes

Modern Network Challenges
Cisco ThousandEyes Overview
See Inside-Out Use Case
See Outside-In Use Case
WAN Experience Use Case
How Cisco ThousandEyes Does It
Cisco ThousandEyes Visibility
Modern IT Visibility Architecture

Introducing Cisco ThousandEyes Agents and Tests

Cisco ThousandEyes Cloud Agents
Cisco ThousandEyes Enterprise Agents
Cisco ThousandEyes Endpoint Agents
Cisco ThousandEyes Tests
Agent Test Capabilities
Agent Locations

Deploying Enterprise Agents

Enterprise Agent Operation
Enterprise Agent Firewall Requirements
Enterprise Agent Network Utilization
Enterprise Agent Deployment Options
Enterprise Agent on Cisco IOS XE Platforms
Virtual Appliance Setup
Custom Virtual Appliance
Embedded Enterprise Agent CLI Deployment
Embedded Enterprise Agent Deployment with Cisco DNA Center
Enterprise Agent Deployment in Proxy Environments
Agent Labels
Enterprise Agent Utilization
Enterprise Agent Clusters

Describing ThousandEyes Routing, Network, DNS and Voice Tests

Routing BGP Test
BGP Test – Configuration
Network Tests
Agent-to-Server Network Test – Data Collection
Agent-to-Agent Network Test – Data Collection
Network Test – Path Visualization View
Agent-to-Server Network Test- Configuration
Agent-to-Agent Network Test – Configuration
DNS Tests
DNS Test – Metrics
DNS Test – Configuration
Voice Tests
Vocie Tests – Metrics
Voice Tests – Configuration

Describing Cisco ThousandEyes Web Tests

Web Layer Tests
HTTP Server Test – Metrics
HTTP Server Test – Configuration
Page Load Test – Metrics
Page Load Test – Configuration
Transaction Test – Metrics
Transaction Test – Configuration
Transaction Test – ThousandEyes Recorder
Web Layer Tests – Proxy Metrics

Introducing Endpoint Agents

Endpoint Agent Overview
Browser Session Monitoring – Monitored Domains and Monitored Networks
Endpoint Agent Use Cases – Last Mile Monitoring
Endpoint Agent Use Cases – Performance Troubleshooting
Endpoint Agent Use Cases – Application Experience Monitoring
Endpoint Agent – Collected Data

Deploying Endpoint Agents

Endpoint Agent System Requirements
Endpoint Agent Installation
Endpoint Agent Operation
Endpoint Agent Configuration
Endpoint Agent Proxy Configuration
Endpoint Agent Views

Troubleshooting with Cisco ThousandEyes

Practice Activity – Scenario A
Troubleshooting Analysis – Scenario A
Practice Activity – Scenario B
Troubleshooting Analysis – Scenario B
Practice Activity – Scenario C
Troubleshooting Analysis – Scenario C
Share Links and Saved Events
Multi-Service Views

Using Internet Insights

Challenges with Internet Monitoring
Internet Insights Packages
Internet Insights Dashboard
Internet Insights View

Configuring Alerts

Alerts Overview
Notification Triggers
Alert Rule Configuration
Dynamic Baselines
Alert Views
Alert Suppression Window
Enterprise Agent Notifications

Customizing Dashboards and Reports

Data Retention
Dashsboards and Reports Comparison
Report Snapshots
Baseline Metrics with Reports
Data Aggregation
Widget Configuration
Dashboard Examples

Monitoring Solutions

Microsoft 365 Solution Monitoring
Microsoft 365 Test Targets
Microsoft 365 Service Level Metrics
Cisco Webex Monitoring
Cisco Webex Web Zone Testing
Cisco Webex CB and MMP Testing
Cisco Webex Test Targets
Cisco Webex Service Level Metrics
SD-WAN Monitoring
SD-WAN Overlay Monitoring
SD-WAN Underlay Monitoring
SD-WAN Service-Level Metrics

Administrating the System

Role Based Access Control
Account Groups
User Account Settings
Organization Settings
Time Zone Settings
Activity Log
Cisco ThousandEyes Billing
Unit Calculator

Labs

Schedule a Test
Deploy Enterprise Agent
Configure Network, DNS, and Voice Tests
Configure Web Tests
Deploy and Configure an Endpoint Agent
Examine Internet Insights
Configure Alerts
Build a Dashboard and Report
Account Administration

Course Overview

This Meraki SD-WAN training is targeted to engineers and technical personnel involved in deploying, implementing, operating and optimizing Meraki SD-WAN solution, both in enterprise and Service Provider environments. This training is specially designed for implementing Meraki SD-WAN in integration with the complete feature set of Cisco Umbrella including DNS Security, Cloud Based Firewall and Secure Internet Gateway. The course walks you through how each integration works and how to design and implement it step-by-step.

Course Content

Module 1: Introduction to Meraki SD-WAN and Meraki Key Concepts

Meraki Centralized Dashboard
Meraki key concepts
- Meraki Concentrator Modes
- VPN Topology
- Split Tunnel and Full Tunnel
- Hub and Spoke and VPN Mesh
Meraki Connection Monitor
Data Center Redundancy (DC-DC Failover)
Warm Spare for VPN Concentrators
Deployment Models:
- Deploying vMX in the Public and Private Cloud

Module 2: Meraki SD-WAN Deployment Models

Introduction
Data Center Deployment
MX Deployment Considerations
MX Deployment Considerations
- Upstream DC Switching Considerations
- Routing Considerations
- Firewall Considerations
Branch Deployment
- AutoVPN at the Branch
- Hub and Spoke VPN Deployment
- Hub Priorities and Design considerations
Meraki Centralized Policies
- DIA traffic steering using Smart Path
- Implementing QoS from the dashboard
- Configuring arbitrary topologies

Module 3: Meraki SD-WAN Security

Exploring the SD-WAN and Security Dashboard
Site-to-site VPN Deep Dive
Client VPN Technologies
Access control and Splash Page
NAT and Port Forwarding
Firewall and Traffic Shaping
Content Filtering and Threat Protection
Meraki and Cisco Umbrella Integration

Module 4: Designing and Implementing DNS Security

Pre-requisite check before integrating Umbrella with Meraki SD-WAN
- Making sure you have the correct licensing
- Platform support check
- Internet Connectivity check
Walking through the Umbrella Dashboard
- Dashboard Overview
- DNS Policy GUI Overview
- Firewall Policy GUI Overview
- Web Policy GUI Overview
- Umbrella AD/SAML Integration Overview (optional)
Integrating Cisco Umbrella for DNS Security
- Umbrella API Integration
Configuring the DNS Encryption Policy
- Excluding the local domains
- Configuring the Security Policy in Meraki
- Implementing the policy at the DIA Sites

Module 5: Meraki MX and Cisco Umbrella SIG IPSEC Tunnels

Cisco Umbrella SIG Overview
Phase 1: IPSEC plus Cloud Security
Licensing requirement for Phase1
Meraki MX IPSEC integration with Cisco Umbrella
Enhanced DNS protection with Selective Proxy
Security Policy: URL Inspection, HTTPS Inspection, Cloud Delivered Firewall, Granular Content Filtering, Non-Web Traffic Security
Phase 2: SIG Integration with Meraki SD-WAN
Verification
- Checking the logs on Umbrella Dashboard

Module 6: Troubleshooting Umbrella Integration

Troubleshooting DNS Security
- API Integration not working
- DNS for local domain failing
- No redirection to Cisco Umbrella for external domains
Troubleshooting SIG and Firewall
Making sure the IPSec Tunnels to Umbrella are operational
Troubleshooting the policies for redirection
Reviewing logs in Umbrella
Checking Alarms and Notifications
- Checking Alarms on Meraki Dashboard
- Checking Alarms on Cisco Umbrella
Leveraging Meraki Insights for
- Network Visibility
- Traffic Analytics using DPI
- Faster Resolution

Course Overview

This course is designed for students who are planning to take the Implement security through a pipeline using Azure DevOps assessment, and provides a bridge between fundamental level skills and intermediate skills. This course helps learners progress in multiple IT roles, including development, infrastructure, and security.

Course Objectives

In this course, the students will have many opportunities to practice configuring and securing pipelines using Azure DevOps. These skills include configuring secure access to pipeline resources, configuring, and validating permissions, configuring a project and repository structure, extending a pipeline, configuring pipelines to securely use variables and parameters, and managing identity for projects, pipelines, and agents.

Course Content

This course will cover;

Configure a project and repository structure to support secure pipelines
Manage identity for projects, pipelines, and agents
Configure secure access to pipeline resources
Configure and validate permissions
Extend a pipeline to use multiple templates

Course Overview

The Implementing and Operating Cisco Security Core Technologies (SCOR) course helps you prepare for the Cisco® CCNP® Security and CCIE® Security certifications and for senior-level security roles. In this course, you will master the skills and technologies you need to implement core Cisco security solutions to provide advanced threat protection against cybersecurity attacks. You will learn security for networks, cloud and content, endpoint protection, secure network access, visibility and enforcements. You will get extensive hands-on experience deploying Cisco Secure Firewall ASA and Cisco Secure Firewall Threat Defense; configuring access control policies, mail policies, and 802.1X Authentication; and more. You will get introductory practice on Cisco Network Analytics and and Cisco Secure Cloud Analytics features.

Please note that this course is a combination of Instructor-Led and Self-Paced Study – 5 days in the classroom and approx 3 days of self study. The self-study content will be provided as part of the digital courseware that you will recieve at the beginning of the course and should be part of your preparation for the exam.

This course is worth 64 Continuing Education (CE) Credits

Course Objectives

After completing this course you should be able to:

Describe information security concepts and strategies within the network
Describe security flaws in the transmission protocol/internet protocol (TCP/IP) and how they can be used to attack networks and hosts
Describe network application-based attacks
Describe how various network security technologies work together to guard against attacks
Implement access control on Cisco Secure Firewall Adaptive Security Appliance (ASA)
Deploy Cisco Secure Firewall Threat Defense basic configurations
Deploy Cisco Secure Firewall Threat Defense IPS, malware, and fire policies
Deploy Cisco Secure Email Gateway basic configurations
Deploy Cisco Secure Email Gateway policy configurations
Describe and implement basic web content security features and functions provided by Cisco Secure Web Appliance
Describe various attack techniques against the endpoints
Describe Cisco Umbrella® security capabilities, deployment models, policy management, and Investigate console
Provide basic understanding of endpoint security and be familiar with common endpoint security technologies
Describe Cisco Secure Endpoint architecture and basic features
Describe Cisco Secure Network Access solutions
Describe 802.1X and extensible authentication protocol (EAP) authentication
Configure devices for 802.1X operations
Introduce VPNs and describe cryptography solutions and algorithms
Describe Cisco secure site-to-site connectivity solutions
Deploy Cisco Internetwork Operating System (Cisco IOS®) Virtual Tunnel Interface (VTI)-based point-to-point IPsec VPNs
Configure point-to-point IPsec VPNs on the Cisco Secure Firewall ASA and Cisco Secure Firewall Threat Defense
Describe Cisco secure remote access connectivity solutions
Deploy Cisco secure remote access connectivity solutions
Provide an overview of network infrastructure protection controls
Examine various defenses on Cisco devices that protect the control plane
Configure and verify Cisco IOS software layer 2 data plane controls
Configure and verify Cisco IOS software and Cisco ASA layer 3 data plane controls
Examine various defenses on Cisco devices that protect the management plane
Describe the baseline forms of telemetry recommended for network infrastructure and security devices
Describe deploying Cisco Secure Network Analytics
Describe basics of cloud computing and common cloud attacks
Describe how to secure cloud environment
Describe the deployment of Cisco Secure Cloud Analytics
Describe basics of software-defined networks and network programmability

Course Content

Network Security Technologies

Defense-in-Depth Strategy
Defending Across the Attack Continuum
Network Segmentation and Virtualization Overview
Stateful Firewall Overview
Cisco IOS Zone-Based Policy Firewall Overview
Security Intelligence Overview
Threat Information Standardization
Network-Based Malware Protection Overview
IPS Overview
Next Generation Firewall Overview
Email Content Security Overview
Web Content Security Overview
Threat Analytic Systems Overview
DNS Security Overview
Authentication, Authorization, and Accounting Overview
Identity and Access Management Overview
Virtual Private Network (VPN) Technology Overview
Network Security Device Form Factors Overview

Cisco Secure Firewall ASA Deployment

Cisco Secure Firewall ASA Deployment Types
Cisco Secure Firewall ASA Interface Security Levels
Cisco Secure Firewall ASA Objects and Object Groups
Network Address Translation
Cisco Secure Firewall ASA Interface ACLs
Cisco Secure Firewall ASA Global ACLs
Cisco Secure Firewall ASA Advanced Access Policies
Cisco Secure Firewall ASA High Availability Overview

Cisco Secure Firewall Threat Defense Basics

Cisco Secure Firewall Threat Defense Deployments
Cisco Secure Firewall Threat Defense Packet Processing and Policies
Cisco Secure Firewall Threat Defense Objects
Cisco Secure Firewall Threat Defense NAT
Cisco Secure Firewall Threat Defense Prefilter Policies
Cisco Secure Firewall Threat Defense Access Control Policies
Cisco Secure Firewall Threat Defense Security Intelligence
Cisco Secure Firewall Threat Defense Discovery Polices

Cisco Cisco Secure Firewall Threat Defense IPS, Malware and File Policies

Cisco Secure Firewall Threat Defense IPS Policies
Cisco Secure Firewall Threat Defense Malware and File Policies

Cisco Secure Email Gateway Basics

Cisco Secure Email Overview
SMTP Overview
Email Pipeline Overview
Public and Private Listeners
Host Access Table Overview
Recipient Access Table Overview

Cisco Secure Email Policy Configuration

Mail Policies Overview
Protection Against Spam and Graymail
Anti-virus and Anti-malware Protection
Outbreak Filters
Content Filters
Data Loss Prevention
Email Encryption

Cisco Secure Web Appliance Deployment

Cisco Secure Web Appliance Overview
Deployment Options
Network Users Authentication
HTTPS Traffic Decryption
Access Policies and Identification Profiles
Acceptable Use Controls Settings
Anti-Malware Protection

VPN Technologies and Cryptography Concepts

VPN Definition
VPN Types
Secure Communication and Cryptographic Services
Keys in Cryptography
Public Key Infrastructure

Cisco Secure Site-to-Site VPN Solutions

Site-to-Site VPN Topologies
IPsec VPN Overview
IPsec Static Crypto Maps
IPsec Static Virtual Tunnel Interface
Dynamic Multipoint VPN
Cisco IOS FlexVPN

Cisco IOS VTI-Based Point-to-Point IPsec VPNs

Cisco IOS VTIs
Static VTI Point-to-Point IPsec IKEv2 VPN Configuration

Point-to-Point IPsec VPNs on the Cisco Secure Firewall ASA and Cisco Secure Firewall Threat Defense

Point-to-Point VPNs on the Cisco Secure Firewall ASA and Cisco Secure Firewall Threat Defense
Cisco Secure Firewall ASA Point-to-Point VPN Configuration
Cisco Secure Firewall Threat Defense Point-to-Point VPN Configuration

Cisco Secure Remote Access VPN Solutions

Remote Access VPN Components
Remote Access VPN Technologies
SSL Overview

Remote Access SSL VPNs on the Cisco Secure Firewall ASA and Cisco Secure Firewall Threat Defense

Remote Access Configuration Concepts
Connection Profiles
Group Policies
Cisco Secure Firewall ASA Remote Access VPN Configuration
Cisco Secure Firewall Threat Defense Remote Access VPN Configuration

Describing Information Security Concepts (Self-Study)

Information Security Overview
Assets, Vulnerabilities and Countermeasures
Managing Risk
Vulnerability Assessment
Understanding CVSS

Describe Common TCP/IP Attacks (Self-Study)

Legacy TCP/IP Vulnerabilities
IP Vulnerabilities
ICMP Vulnerabilities
UDP Vulnerabilities
Attack Surface and Attack Vectors
Reconnaissance Attacks
Access Attacks
Man-In-The-Middle Attacks
Denial of Service and Distributed Denial of Service Attacks
Reflection and Amplification Attacks
Spoofing Attacks
DHCP Attacks

Describe Common Network Application Attacks (Self-Study)

Password Attacks
DNS Tunneling
Web-Based Attacks
HTTP 302 Cushioning
Command Injections
SQL Injections
Cross-Site Scripting and Request Forgery
Email-Based Attacks

Common Endpoint Attacks (Self-Study)

Buffer Overflow
Malware
Reconnaissance Attack
Gaining Access and Control
Gaining Access via Social Engineering
Gaining Access via Web-Based Attacks
Exploit Kits and Rootkits
Privilege Escalation
Post-Exploitation Phase
Angler Exploit Kit

Cisco Umbrella Deployment (Self-Study)

Cisco Umbrella Capabilities
Cisco Umbrella Identities and Policies Overview
Cisco Umbrella DNS Security
Cisco Umbrella Investigate Overview
Cisco Umbrella Secure Web Gateway
Cisco Umbrella CASB Functionalities

Endpoint Security Technologies (Self-Study)

Host-Based Personal Firewall
Host-Based Anti-Virus
Host-Based Intrusion Prevention System
Application Allowed Lists and Blocked Lists
Host-Based Malware Protection
Sandboxing Overview
File Integrity Checking

Cisco Secure Endpoint (Self-study)

Cisco Secure Endpoint Architecture
Cisco Secure Endpoint Engines
Retrospective Security with Cisco Secure Endpoint
Cisco Secure Endpoint Device and File Trajectory
Managing Cisco Secure Endpoint for Endpoints

Cisco Secure Network Access Solutions (Self-study)

Cisco Secure Network Access
Cisco Secure Network Access Components
AAA Role in Cisco Secure Network Access Solution
Cisco ISE
Cisco TrustSec

Describing 802.1X Authentication (Self-study)

802.1X and EAP
EAP Methods
Role of RADIUS in 802.1X Communications
RADIUS Change of Authorization

Configuring 802.1X Authentication (Self-study)

Cisco Catalyst Switch 802.1X Configuration
Cisco IBNS 2.0 Configuration on Cisco Catalyst Switch
Cisco WLC 802.1X Configuration
Cisco ISE 802.1X Configuration
Supplicant 802.1x Configuration
Cisco Central Web Authentication

Network Infrastructure Protection (Self-Study)

Network Device Planes
Control Plane Security Controls
Management Plane Security Controls
Network Telemetry
Layer 2 Data Plane Security Controls
Layer 3 Data Plane Security Controls

Control Plane Security Controls (Self-Study)

Infrastructure ACLs
Control Plane Policing
Control Plane Protection
Routing Protocol Security

Layer 2 Data Plane Security Controls (Self-Study)

Overview of Layer 2 Data Plane Security Controls
VLAN-Based Attacks Mitigation
STP Attacks Mitigation
Port Security
Private VLANs
DHCP Snooping
ARP Inspection
Storm Control
MACsec Encryption

Layer 3 Data Plane Security Controls (Self-Study)

Infrastructure Antispoofing ACLs
Unicast Reverse Path Forwarding
IP Source Guard

Management Plane Security Controls (Self-Study)

Cisco Secure Management Access
Simple Network Management Protocol Version 3
Secure Access to Cisco Devices
AAA or Management Access

Traffic Telemetry Methods (Self-Study)

Network Time Protocol
Device and Network Events Logging and Export
Network Traffic Monitoring Using NetFlow

Cisco Secure Network Analytics Deployment (Self-Study)

Cisco Secure Network Analytics Overview
Cisco Secure Network Analytics Required Components
Flow Stitching and Deduplication
Cisco Secure Network Analytics Optional Components
Cisco Secure Network Analytics and ISE Integration
Cisco Secure Network Analytics with Global Threat Alerts
Cisco Encrypted Traffic Analytics (ETA)
Host Groups
Security Events and Alarms
Host, Role and Default Policies

Cloud Computing and Cloud Security (Self-Study)

Evolution of Cloud Computing
Cloud Service Models
Security Responsibilities in the Cloud
Cloud Deployment Models
Patch Management in the Cloud
Security Assessment in the Cloud

Cloud Security (Self-Study)

Cisco Threat-Centric Approach to Network Security
Cloud Physical Environment Security
Application and Workload Security
Cloud Management and API Security
Network Functions Virtualization (NFV) and Virtual Network Function (VNF)
Cisco NFV Examples
Reporting and Threat Visibility in Cloud
Cloud Access Security Broker
Cisco Cloudlock
OAuth and OAuth Attacks

Cisco Secure Cloud Analytics Deployment (Self-Study)

Cisco Secure Cloud Analytics for Public Cloud Monitoring
Cisco Secure Cloud Analytics for Private Network Monitoring
Cisco Secure Cloud Analytics Operations

Software-Defined Networking (Self-Study)

Software-Defined Networking Concepts
Network Programmability and Automation
Cisco Platforms and APIs
Basic Python Scripts for Automation

Labs

Discovery Lab 1: Configure Network Settings And NAT On Cisco Secure Firewall ASA
Discovery Lab 2: Configure Cisco Secure Firewall ASA Access Control Policies
Discovery Lab 3: Configure Cisco Secure Firewall Threat Defense NAT
Discovery Lab 4: Configure Cisco Secure Firewall Threat Defense Access Control Policy
Discovery Lab 5: Configure Cisco Secure Firewall Threat Defense Discovery and IPS Policy
Discovery Lab 6: Configure Cisco Secure Firewall Threat Defense Malware and File Policy
Discovery Lab 7: Configure Listener, HAT, and RAT on Cisco Secure Email Gateway
Discovery Lab 8: Configure Cisco Secure Email Policies
Discovery Lab 9: Configure Proxy Services, Authentication, and HTTPS Decryption
Discovery Lab 10: Enforce Acceptable Use Control and Malware Protection
Discovery Lab 11: Configure Static VTI Point-to-Point IPsec IKEv2 Tunnel
Discovery Lab 12: Configure Point-to-Point VPN between the Cisco Secure Firewall Threat Defense Devices
Discovery Lab 13: Configure Remote Access VPN on the Cisco Secure Firewall Threat Defense
Discovery Lab 14: Examine Cisco Umbrella Dashboard and DNS Security
Discovery Lab 15: Explore Cisco Umbrella Secure Web Gateway and Cloud-Delivered Firewall
Discovery Lab 16: Explore Cisco Umbrella CASB Functionalities
Discovery Lab 17: Explore Cisco Secure Endpoint
Discovery Lab 18: Perform Endpoint Analysis Using Cisco Secure Endpoint Console
Discovery Lab 19: Explore File Ransomware Protection by Cisco Secure Endpoint Console
Discovery Lab 20: Explore Secure Network Analytics v7.4.2
Discovery Lab 21: Explore Global Threat Alerts Integration and ETA Cryptographic Audit
Discovery Lab 22: Explore Cloud Analytics Dashboard and Operations
Discovery Lab 23: Explore Secure Cloud Private and Public Cloud Monitoring

Course Overview

This three-day instructor-led course is aimed at modern device management professionals looking to manage their enterprise devices using Microsoft Intune. This course will cover Enrolment, Application Management, Endpoint Security and Windows Autopilot as well as Microsoft Entra Conditional Access and Identity Protection. The delegates will learn how to enrol devices, deploy applications and manage them to maximise user productivity and device security.

This course has been updated to reflect the change form Azure Active Directory to Microsoft Entra.

Course Content

Module 1: Introduction to Microsoft Intune

This module introduces the Microsoft Intune product family and associated Microsoft Entra features.

Lessons M1:

Mobile Device Management
Microsoft Intune
Microsoft Entra ID
Microsoft Entra Identity Protection
Microsoft Entra Conditional Access

Lab: Environment Setup and Conditional Access

Signup for M365 E5 Trial
Create Users and Groups
Create Identity Protection Policies

Module 2: Microsoft Intune Device Management

This module describes the features and implementation of Mobile Device Management using Microsoft Intune, including enrollment, compliance, configuration and Operating System updates.

Lessons M2:

Enrolling Devices
Device Compliance
Device Profiles
Device Updates

Lab: Enrolling Windows Devices

Prepare for Enrollment
Enroll a Windows Device
Enroll an IOS Device (optional)
Enroll an Android Device (optional)
Create and deploy compliance and conditional access policies
Create and deploy configuration profiles

Module 3: Microsoft Intune Application Management

This module describes deployment and management of applications using Microsoft Intune on enrolled and unenrolled devices.

Lessons M3:

Application Management
Deploying Applications
Application Configuration
Managing Applications
Policy Sets and Guided Scenarios

Lab: Deploying Apps

Deploy Remote Desktop and M365 Apps for Enterprise to managed client machines
Deploy Notepad++ (Optional)
Deploy Apps to IOS (optional)
Deploy Apps to Android (optional)

Module 4: Microsoft Intune Endpoint Security

This module describes the centralized Endpoint Security features and policies within Microsoft Intune.

Lessons M4:

Security Baselines and tasks
Antivirus
Disk Encryption
Firewall
Attack Surface reduction
Endpoint detection and response
Account Protection

Lab: Manage Endpoint Security in Microsoft Intune

Implement Windows Security Baseline
Implement Microsoft Edge Security Baseline
Implement Attack Surface reduction policies

Module 5: Deploying Windows with Windows Autopilot

This module describes the Windows Autopilot suite of products and how to deploy Windows operating systems using Windows Autopilot.

Windows Autopilot overview
Preparing for windows autopilot deployment
Deploying Windows 11 using Windows Autopilot

Lab: Deploying Windows 11 using Windows Autopilot

Prepare Microsoft Entra for Windows Autopilot
Prepare a windows client for windows autopilot
Deploy Windows 11 using Windows Autopilot

Module 6: Microsoft Intune Additional and Premium Features

This module introduces some current and upcoming additional and premium features of Microsoft Intune.

Remote Help
Tunnel for Mobile Application Management
Endpoint Privilege Management
Advanced Endpoint Analytics

Lab: Performing Remote Help on a Windows 11 Client

Sign up for Remote Help Trial
Configure Remote Help
Perform a Remote help session

Course Overview

In the Implementing and Configuring Cisco Identity Services Engine (SISE) course you will learn to deploy and use Cisco Identity Services Engine (ISE) v3.x, an identity and access control policy platform that simplifies the delivery of consistent, highly secure access control across wired, wireless, and VPN connections.

This hands-on course provides you with the knowledge and skills to implement and apply Cisco ISE capabilities to support use cases for Zero Trust security posture. These use cases include tasks such as policy enforcement, profiling services, web authentication and guest access services, BYOD, endpoint compliance services, and TACACS+ device administration.Implementing and Configuring Cisco Identity Services Engine (SISE) course teaches you to deploy and use Cisco® Identity Services Engine (ISE) v3.x, an identity and access control policy platform that simplifies the delivery of consistent, highly secure access control across wired, wireless, and VPN connections.

You will learn how to use Cisco ISE to:

This course also earns you 40 Continuing Education (CE) credits toward recertification

Course Objectives

After completing this course you should be able to:

Explain Cisco ISE deployment
Describe Cisco ISE policy enforcement components
Describe Cisco ISE policy configuration
Troubleshoot Cisco ISE policy and third-party Network Access Device (NAD) support
Configure guest access
Configure hotspots and guest portals
Describe the Cisco ISE profiler services
Describe profiling best practices and reporting
Configure a Cisco ISE BYOD solution
Configure endpoint compliance
Configure client posture services
Configure Cisco ISE device administration
Describe Cisco ISE TrustSec configurations

Course Content

Introducing Cisco ISE Architecture

Introduction
Cisco ISE as a Network Access Policy Engine
Cisco ISE Use Cases
Cisco ISE Functions
Summary
Summary Challenge

Introducing Cisco ISE Deployment

Introduction
Cisco ISE Deployment Models
Cisco ISE Licensing and Network Requirements
Cisco ISE Context Visibility Features
New Features in Cisco ISE 3.X
Configure Initial Cisco ISE Setup and System Certificate Usage
Summary
Summary Challenge

Introducing Cisco ISE Policy Enforcement Components

Introduction
802.1X for Wired and Wireless Access
MAC Authentication Bypass for Wired and Wireless Access
Identity Management
Active Directory Identity Source
Additional Identity Sources
Certificate Services
Integrate Cisco ISE with Active Directory
Summary
Summary Challenge

Introducing Cisco ISE Policy Configuration

Introduction
Cisco ISE Policy
Cisco ISE Authentication Rules
Cisco ISE Authorization Rules
Configure Cisco ISE Policy for MAB
Configure Cisco ISE Policy for 802.1X
Summary
Summary Challenge

Troubleshooting Cisco ISE Policy and Third-Party NAD Support

Introduction
Cisco ISE Third-Party Network Access Device Support
Troubleshooting Cisco ISE Policy Configuration
Summary
Summary Challenge

Introducing Web Authentication and Guest Services

Introduction
Web Access with Cisco ISE
Guest Access Components
Guest Access Settings
Configure Guest Access
Summary
Summary Challenge

Configuring Hotspots and Guest Portals

Introduction
Sponsor and Guest Portals Configuration
Configure Hotspot and Self-Registered Guest Access
Configure Sponsor-Approved and Fully Sponsored Guest Access
Create Guest Reports
Summary
Summary Challenge

Introducing the Cisco ISE Profiler

Introduction
ISE Profiler Overview
Cisco ISE Probes
Profiling Policy
Configure Profiling
Customize the Cisco ISE Profiling Configuration
Summary
Summary Challenge

Introducing Profiling Best Practices and Reporting

Introduction
Profiling Best Practices
Create Cisco ISE Profiling Reports
Summary
Summary Challenge

Configuring Cisco ISE BYOD

Introduction
Cisco ISE BYOD Solution Overview
Cisco ISE BYOD Flow
My Devices Portal Configuration
Certificate Configuration in BYOD Scenarios
Configure BYOD
Manage a Lost or Stolen BYOD Device
Summary
Summary Challenge

Introducing Cisco ISE Endpoint Compliance Services

Introduction
Endpoint Compliance Services Overview
Configure Cisco ISE Compliance Services
Summary
Summary Challenge

Configuring Client Posture Services and Compliance

Introduction
Client Posture Services and Provisioning Configuration
Configure Client Provisioning
Configure Posture Policies
Test and Monitor Compliance-Based Access
Summary
Summary Challenge

Working With Network Access Devices

Introduction
Reviewing AAA
Cisco ISE TACACS+ Device Administration
Configuring TACACS+ Device Administration
TACACS+ Device Administration Guidelines and Best Practices
Migration from Cisco ACS to Cisco ISE
Configure Cisco ISE for Basic Device Administration
Configure Cisco ISE Command Authorization
Summary
Summary Challenge

Exploring Cisco TrustSec

Introduction
Cisco TrustSec Overview
Cisco TrustSec Enhancements
Cisco TrustSec Configuration
Configure Cisco TrustSec
Summary
Summary Challenge

Labs:

Lab 1A: Installation and Basic Setup of Cisco ISE
Lab 1B: Verify Initial Cisco ISE Setup and System Certificate Usage
Lab 2: Integrate Cisco ISE with Active Directory
Lab 3: Configure Cisco ISE Policy for MAB
Lab 4: Configure Cisco ISE Policy for 802.1X
Lab 5: Configure Guest Access
Lab 6: Configure Hotspot and Self-Registered Guest Access
Lab 7: Configure Sponsor-Approved and Fully Sponsored Guest Access
Lab 8: Create Guest Reports
Lab 9: Configure Profiling
Lab 10: Customize the Cisco ISE Profiling Configuration
Lab 11: Create Cisco ISE Profiling Reports
Lab 12: Configure BYOD
Lab 13: Manage a Lost or Stolen BYOD Device
Lab 14: Configure Cisco ISE Compliance Services
Lab 15: Configure Client Provisioning
Lab 16: Configure Posture Policies
Lab 17: Test and Monitor Compliance-Based Access
Lab 18: Configure Cisco ISE for Basic Device Administration
Lab 19: Configure Cisco ISE Command Authorization
Lab 20: Configure Cisco TrustSec

Course Overview

Manage data lifecycle, records management, eDiscovery, and communication compliance with Microsoft Purview.

Course Content

1- Implement and manage retention with Microsoft Purview

Microsoft Purview provides tools to manage data retention and records, ensuring compliance through policies, labels, event-based retention, adaptive and static scopes, and disposition reviews.

Understand the differences between retention policies and retention labels.
Configure retention policies.
Create, publish, and automate retention labels.
Implement event-based retention.
Configure adaptive and static scopes.
Declare items as records and manage them through disposition reviews.

2- Manage Microsoft Purview eDiscovery (Premium)

This module explores how to use Microsoft Purview eDiscovery (Premium) to preserve, collect, analyze, review, and export content that’s responsive to an organization’s internal and external investigations, and communicate with custodians involved in a case.

Describe how Microsoft Purview eDiscovery (Premium) builds on eDiscovery (Standard).
Describe the basic workflow of eDiscovery (Premium).
Create and manage cases in eDiscovery (Premium).
Manage custodians and non-custodial data sources.
Analyze case content and use analytical tools to reduce the size of search result sets.

3- Prepare Microsoft Purview Communication Compliance

Microsoft Purview Communication Compliance is a solution that helps organizations address code-of-conduct policy violations in company communications, while also assisting organizations in regulated industries meet specific supervisory compliance requirements. Communication Compliance uses machine learning to intelligently detect violations across different communication channels such as Microsoft Teams, Exchange Online, or Yammer messages.

List the enhancements in communication compliance over Office 365 Supervision policies, which it will replace.
Explain how to identify and remediate code-of-conduct policy violations.
List the prerequisites that need to be met before creating communication compliance policies.
Describe the types of built-in, pre-defined policy templates.

4- Implement retention, eDiscovery, and Communication compliance in Microsoft Purview

This module guides you through implementing data compliance and governance using Microsoft Purview, ensuring your organization meets regulatory requirements and manages data effectively.

Create retention policies.
Implement retention labels.
Conduct an eDiscovery (Premium) investigation.
Create a communication compliance policy.