• Home
• Course Catalogue
• Certifications
• Onsite Training
• Scheduled Training
• E-Learning
• Managed Services
• Consulting
• Company
• Special Offers
• News
• Links
• Enquiry And Feedback Form

Training Course Outline

IT Vendor Courses   Cisco Security CCSP Training Courses

DVS: Designing VPN Security

View course dates

Course Duration: 4 days

Course Code: DVS

Course Description:

Designing VPN Security (DVS) is a four-day leader-led course. This task-oriented course teaches the knowledge and skills needed to design a secure Cisco VPN network for an enterprise.

This is a design course; it includes design exercises to apply security policies, design guidelines, and best-practices. Hands-on labs and exercises to test and deploy these designs may be included in the DPS course. Implementation and deployment of security designs is taught and practiced in the Cisco SAFE Implementation (CSI) course. Hands-on deployment labs and exercises are included as standard in the CSI course.
 
Objectives:

• Recognize the services offered by cryptography and recommend those services to an organization to address their specific needs
  
• Describe various encryption, hashing, and signing algorithms and select the best algorithm in a design situation
  
• Explain the role of key management in cryptography
  
• Explain specific guidelines which need to be considered when deploying cryptographic systems
  
• Select the best practices of key management in a design situation
  
• Describe the standards and procedures used with the PKIExplain the limitations of PKI technologies in various security designs
  
• Design secure VPN?s using various VPN technologies.
  
• Identify the benefits and drawbacks of each VPN technology
  
• Implement basic IPSec using all currently supported encryption and authentication mechanisms
  
• Deploy IKE to increase the scalability of IPSec solutions
  
• Design and implement site-to-site VPNs using IPSec
  
• Design and implement remote access VPNs using IPSec
  
• List the software products used to form the management of IPSec devices and solutions
• Design and implement secure wireless networks

Prerequisites:

Delegates are required to meet the following prerequisites:



- BSCI and BCMSN
- CCSP Certification track



Target Audience:


- Engineers who support sales of Cisco VPN and security product solutions
- Cisco Channel Partners who design, sell, implement and maintain VPN networks
- Cisco Customers who design, implement and maintain VPN networks

Prerequisite courses:

BCMSN: Building Cisco Multilayer Switched Networks

BSCI: Building Scalable Cisco Internetworks

Follow on courses:

DPS: Designing Perimeter Security

HIPS: Securing Hosts using Cisco Security Agents

This course includes the following modules:

Course Introduction

• Overview
• Course Objectives
• Course Agenda

Encryption

• Symmetric and Asymmetric Encription Algorithms
• DES
• 3 DES
• AES
• Rivest Ciphers
• RSA

Hashing Algorithms

• Overview of Hash Algorithms and HMACs
• MD 5
• SHA-1

Digital Signatures

• Overview of Signature Algorithms
• RSA
• DSS

Key Generation and Storage

• Key Management
• Manual Key Generation
• Key Generation Using Random Numbers
• Natural Sources of Randomness
• Key Storage in Memory
• Key Stoarge in Non-Volatile Memory
• Key Storage or Smart Cards

Key Exchange and Revocation

• Manual Key Exchange
• The Diffie-Hellman Algorithm
• Secret Key Exchange using Public Key Cryptography
• Key Refresh
• Key Revocation Definition
• Manual Key Revocation
• Automated Key Revocation

PKI Definition and Algorithms

• Public Key Distribution Problem
• Trusted Third-Party Protocol
• PKI Terminology and Components
• PKI Enrollment Procedure
• PKI Revocation Procedure

PKI Standards

• X.509
• PKIX
• PKCS

Dial Connectivity Analysis

• Researching Customer's Requirements
• Identifying Customer's Current Situation
• Example Scenarios

Design Guidelines for Secure Dial Solutions

• Dial Network Security Analysis
• Authentication, Authorization and Accounting Security Guidelines
• Product Guidelines
• Example Scenario

Generic Routing Encapsulation

• Definition and Protocols
• Applications
• Security Functionality
• Example Scenario

Point-to-Point Tunneling Protocol and Layer 2 Tunneling Proctocol

• PPTP
• L2TP
• Applications of PPTP and L2TP
• Security Functionality Example Scenario

MPLS VPNS

• Definition and Protocols
• Applications
• Quality of Service
• Security Functionality
• MPLS VPN Deployment Example Scenarios

IPSEC

• Definition and Protocols
• Applications
• Quality of Service
• Security Functionality

IPSEC/IKE Concepts and Configuration Refresher

• Topic (8pt Arial) around 4 per module
• Topic (8pt Arial) around 4 per module
• Topic (8pt Arial) around 4 per module

IKE MODES

• IKE Modes Overview
• Main Mode
• Aggressive Mode
• Quick Mode
• Example Scenarios

IKE Extensions

• Extended Authentication (XAUTH)
• Cisco IOS Configuration of XAUTH
• Mode Configuration
• Cisco IOS Configuration of Mode Config
• Tunnel Endpoint Discovery (TED)
• Cisco IOS Configuration of TED
• Dead Peer Detection
• Cisco IOS Configuration of DPD

IKE-PKI Interoperability

• PKI Refresher
• IKE PKI-Facilitated Authentication
• Cisco IOS PKI Trustpoint Definition
• Cisco IOS Enrollment Procedures
• Cisco IOS PKI Revocation Procedures
• Cisco IOS Advanced PKI-Enabled Features Configuration
• Cisco IOS PKI Monitoring and Troubleshooting
• Cisco Pix and VPN 3000 PKI Features

Scalability and Manageability Considerations

• Peer Authentication Scalability
• Configuration Manageability in Fully Meshed Networks
• Dynamic Multipoint VPN
• Designing and Implementing DMVPNs
• Routing in DMVPNsProduct Guidelines

High Availability Considerations

• VPN High Availability Scenarios
• Mitigating VPN Link Failure
• Mitigating VPN Device Failure
• Mitigating VPN Path failure
• Mitigating VPN Interface Failure
• Mitigating VPN Peer Failure
• Mitigating VPN Connectivity Failure
• Product Guidelines
• WAN Augmentation Example Scenario
• Mixed VPN Example Scenario
• VPN High Availability Scenarios
• High Availability Deployment Example Scenario

Security Considerations

• Choice of Protection and Tunneling Protocol
• Integration of VPNs with Perimeter Devices

Application Considerations

• Multimedia Applications
• Multiprotocol VPNs
• Product Guidelines

Quality of Service Considerations

• Classification and Marking
• Bandwidth and Delay Management
• IP Payload Compression
• Product Guidelines
• VPN QoS Deployment Example Scenario

Performance Considerations

• Cryptographic Performance
• Load Balancing
• Load Balancing and Backup
• Implementing Load Balancing
• IP Fragmentation
• Product Guidelines

Remote Access VPN Analysis

• Researching Customer Requirements
• Identifying Current Customer Situation
• Remote Access VPN Example Scenario

Scalability and Manageability Considerations

• Peer Authentication Scalability
• Configuration Manageability in Hub-and-spoke Networks
• Product Guidelines

Secure Connectivity VPN Management

• Performance Considerations
• VPN Device Manager
• Management Center for PIX Firewalls
• Pix Device Manager
• Management Center for VPN Routers
• VPN Monitor
• VPN Solution Center
• Other Management Products

Wireless Network Security Analysis

• Researching Customer Requirements
• Identifying Current Customer Situation
• Inter-client Communication Example Scenario

Design Guidelines for Secure Wireless Solutions

• Wired Equivalent Privacy Security
• Client and Acces Point Authentication
• Security Design Guidelines for Native Wireless Networks
• Product Guidelines
• Enhancing Security with VPN Integration
• Example Scenario

To make an enquiry for this course to be run ONSITE at your location, click here or call Sales on +44 (0) 20 7620 0033.

Perpetual Solutions are a global provider of onsite training solutions throughout London, UK and the rest of the world. For scheduled training our UK partner network provides an unrivalled choice of courses.

Save as PDF

Print this course