KB CCIE Security

Cybersecurity is one of the most critical fields in the IT industry, with a constantly growing need for security professionals. These weekend Live Classes conducted by Khawar Butt will give you the knowledge and skills to master the technologies detailed in the CCIE Security curriculum. All Security Technologies will be taught from scratch. CCIE Security v6 classes will cover the Firewalls (ASA, FTD & ZBF), VPNS (DMVPN, GET VPN, Flex VPN, SSL VPN etc), ESA, WSA, ISE & Umbrella.

What’s included

  • Classes run from 3rd of October, every Saturday

  • The detailed online LIVE classes will last 4-5 hours each

  • The CCIE Security workbook includes 100+ labs

$1999
$999

Subscribers sign-in for $750

Outcome

Upon course completion, students will be able to:

  • Design, Initialize & Configure the ASA Firewall 9.X
  • Design, Initialize & Configure the Firepower Threat Defence (FTD) Firewall
  • Design, Initialize & Configure Zone-based Firewalls
  • Configure VPNs using IPSec, mGRE & DMVPN
  • Configure IKEv2 based VPNs
  • Configure Advanced VPNs like GET VPN, Flex VPNs & SSL VPNs
  • Design, Initialize & Configure the E-Mail Security Appliance (ESA)
  • Design, Initialize & Configure the Web Security Appliance (WSA)
  • Design, Initialize & Configure a Controller-based Wireless LAN
  • Design, Initialize & Configure Endpoint Security using ISE
  • Configure Device Administration using TACACS+ & ISE
  • Design & Configure Umbrella
  • Configure Router & Switch Security
  • Automation using Python Scripting

Prerequisites

Before attending this course students should have some prior knowledge of Routing and Switching Concepts. Security Technologies will be taught from scratch.

Class Outline

Modules

Virtual Private Networks [VPN]

  • Basic VPNs
  • LAN-to-LAN IPSec VPNS [with NAT-T & without NAT-T]
  • GRE, GRE/IPSEC
  • Static-Virtual Tunnel interface [S-VTI]
  • Advanced VPNs
  • DMVPN
  • GET VPN
  • VRF-Aware VPNs
  • VPNs using Certificates with Router as a CA Server
  • IKEv2 VPNs
  • D-VTI /S-VTI based Site-To-Site VPN
  • D-VTI /S-VTI based Spoke-to-Spoke using NHRP

Firewalls – ASA

  • Basic Configuration
  • Interface configuration
  • Security Levels
  • Management [Telnet / SSH]
  • Routing [RIPv2, EIGRP, EIGRP, BGP]
  • NAT
  • Dynamic NAT
  • Static NAT
  • Dynamic PAT
  • Static PAT
  • Destination NAT
  • Manual NAT/Twice-NAT
  • Access Policies
  • Transparent firewall
  • Initialization
  • Access policies/Routing Protocol Access
  • Ethertype ACLs
  • Redundancy
  • Redundant Interfaces
  • Port-channels
  • Security Contexts [Virtual Firewalls]
  • Failover
  • Active/Standby
  • Active/Active
  • Clustering
  • Spanned mode
  • Individual Interface mode
  • Deep-Packet Inspection using MPF
  • Tuning the global policy
  • Configuring custom L7 policy
  • VPNs
  • Site-to-Site IPSec
  • Remote access
  • SSL
  • IKev2

Firewalls – Firepower Threat Defence [FTD]

  • Basic Configuration
  • FMC & FTD Integration
  • Interface configuration
  • Routing [Static Routing, RIPv2, OSPF, BGP]
  • NAT [Dynamic/Static NAT, Dynamic/Static PAT, Destination -NAT, Manual NAT]
  • Access Control Policies - Basic
  • Access Control policies – Advanced
  • Site-to-Site VPN

Content Filtering using WSA & ESA

  • WSA
  • Initialization
  • Integration with Routers/Switches/Firewall using WCCP
  • Configuring traffic policies
  • Configuring custom categories
  • ESA
  • Initialization
  • Integration with E-mail servers and DNS
  • Configuring Mail flow policies
  • Configuring outgoing mail filters
  • Configuring incoming mail filters

Basic Wireless LAN Configuration

  • Configuring the base network
  • Configure the switches for the base network
  • Configure DHCP server
  • WLC Configuration
  • Initialization of the WLC
  • Configuring VLAN interfaces
  • Configuring WLANs

Identity Management using ISE

  • Wired ISE
  • Configuring the relationship between Switch & ISE
  • Configuring Identity groups and users
  • Configuring Dot1x authentication with VLAN assignment and DACL
  • Configuring MAB for IP Phone
  • Wireless ISE
  • Configuring the relationship between WLC & ISE
  • Configuring Dot1x authentication with VLAN assignment
  • Configuring SXP between ISE, WLC & Firewall to implement filtering using SGT
  • Device Administration
  • Router/Switch Authentication
  • Router/Switch Exec & Command authorization
  • Router/Switch Accounting

Router / Switch Security

  • Router Security
  • NTP
  • uRPF
  • DHCP server / DHCP Relay Agent
  • Syslog
  • Switch Security
  • Port-security
  • DHCP snooping
  • ARP Inspection
  • Source guard
  • VLAN ACL