DVS: Designing VPN Security

4 Day Course
Official Curriculum
Code DVS

This course has been retired. Please view currently available Cisco Security Training Courses.

Modules

Hide all

Course Introduction (4 topics)

  • Overview
  • Course Objectives
  • Course Agenda

Encryption (6 topics)

  • Symmetric and Asymmetric Encription Algorithms
  • DES
  • 3 DES
  • AES
  • Rivest Ciphers
  • RSA

Hashing Algorithms (5 topics)

  • Overview of Hash Algorithms and HMACs
  • MD 5
  • SHA-1

Digital Signatures (3 topics)

  • Overview of Signature Algorithms
  • RSA
  • DSS

Key Generation and Storage (7 topics)

  • Key Management
  • Manual Key Generation
  • Key Generation Using Random Numbers
  • Natural Sources of Randomness
  • Key Storage in Memory
  • Key Stoarge in Non-Volatile Memory
  • Key Storage or Smart Cards

Key Exchange and Revocation (7 topics)

  • Manual Key Exchange
  • The Diffie-Hellman Algorithm
  • Secret Key Exchange using Public Key Cryptography
  • Key Refresh
  • Key Revocation Definition
  • Manual Key Revocation
  • Automated Key Revocation

PKI Definition and Algorithms (5 topics)

  • Public Key Distribution Problem
  • Trusted Third-Party Protocol
  • PKI Terminology and Components
  • PKI Enrollment Procedure
  • PKI Revocation Procedure

PKI Standards (3 topics)

  • X.509
  • PKIX
  • PKCS

Dial Connectivity Analysis (5 topics)

  • Researching Customer's Requirements
  • Identifying Customer's Current Situation
  • Example Scenarios

Design Guidelines for Secure Dial Solutions (4 topics)

  • Dial Network Security Analysis
  • Authentication, Authorization and Accounting Security Guidelines
  • Product Guidelines
  • Example Scenario

Generic Routing Encapsulation (4 topics)

  • Definition and Protocols
  • Applications
  • Security Functionality
  • Example Scenario

Point-to-Point Tunneling Protocol and Layer 2 Tunneling Proctocol (4 topics)

  • PPTP
  • L2TP
  • Applications of PPTP and L2TP
  • Security Functionality Example Scenario

MPLS VPNS (5 topics)

  • Definition and Protocols
  • Applications
  • Quality of Service
  • Security Functionality
  • MPLS VPN Deployment Example Scenarios

IPSEC (4 topics)

  • Definition and Protocols
  • Applications
  • Quality of Service
  • Security Functionality

IPSEC/IKE Concepts and Configuration Refresher (4 topics)

  • Topic (8pt Arial) around 4 per module
  • Topic (8pt Arial) around 4 per module
  • Topic (8pt Arial) around 4 per module

IKE MODES (5 topics)

  • IKE Modes Overview
  • Main Mode
  • Aggressive Mode
  • Quick Mode
  • Example Scenarios

IKE Extensions (8 topics)

  • Extended Authentication (XAUTH)
  • Cisco IOS Configuration of XAUTH
  • Mode Configuration
  • Cisco IOS Configuration of Mode Config
  • Tunnel Endpoint Discovery (TED)
  • Cisco IOS Configuration of TED
  • Dead Peer Detection
  • Cisco IOS Configuration of DPD

IKE-PKI Interoperability (8 topics)

  • PKI Refresher
  • IKE PKI-Facilitated Authentication
  • Cisco IOS PKI Trustpoint Definition
  • Cisco IOS Enrollment Procedures
  • Cisco IOS PKI Revocation Procedures
  • Cisco IOS Advanced PKI-Enabled Features Configuration
  • Cisco IOS PKI Monitoring and Troubleshooting
  • Cisco Pix and VPN 3000 PKI Features

Scalability and Manageability Considerations (5 topics)

  • Peer Authentication Scalability
  • Configuration Manageability in Fully Meshed Networks
  • Dynamic Multipoint VPN
  • Designing and Implementing DMVPNs
  • Routing in DMVPNsProduct Guidelines

High Availability Considerations (12 topics)

  • VPN High Availability Scenarios
  • Mitigating VPN Link Failure
  • Mitigating VPN Device Failure
  • Mitigating VPN Path failure
  • Mitigating VPN Interface Failure
  • Mitigating VPN Peer Failure
  • Mitigating VPN Connectivity Failure
  • Product Guidelines
  • WAN Augmentation Example Scenario
  • Mixed VPN Example Scenario
  • VPN High Availability Scenarios
  • High Availability Deployment Example Scenario

Security Considerations (2 topics)

  • Choice of Protection and Tunneling Protocol
  • Integration of VPNs with Perimeter Devices

Application Considerations (3 topics)

  • Multimedia Applications
  • Multiprotocol VPNs
  • Product Guidelines

Quality of Service Considerations (5 topics)

  • Classification and Marking
  • Bandwidth and Delay Management
  • IP Payload Compression
  • Product Guidelines
  • VPN QoS Deployment Example Scenario

Performance Considerations (6 topics)

  • Cryptographic Performance
  • Load Balancing
  • Load Balancing and Backup
  • Implementing Load Balancing
  • IP Fragmentation
  • Product Guidelines

Remote Access VPN Analysis (3 topics)

  • Researching Customer Requirements
  • Identifying Current Customer Situation
  • Remote Access VPN Example Scenario

Scalability and Manageability Considerations (3 topics)

  • Peer Authentication Scalability
  • Configuration Manageability in Hub-and-spoke Networks
  • Product Guidelines

Secure Connectivity VPN Management (8 topics)

  • Performance Considerations
  • VPN Device Manager
  • Management Center for PIX Firewalls
  • Pix Device Manager
  • Management Center for VPN Routers
  • VPN Monitor
  • VPN Solution Center
  • Other Management Products

Wireless Network Security Analysis (3 topics)

  • Researching Customer Requirements
  • Identifying Current Customer Situation
  • Inter-client Communication Example Scenario

Design Guidelines for Secure Wireless Solutions (6 topics)

  • Wired Equivalent Privacy Security
  • Client and Acces Point Authentication
  • Security Design Guidelines for Native Wireless Networks
  • Product Guidelines
  • Enhancing Security with VPN Integration
  • Example Scenario

Prerequisites

Delegates are required to meet the following prerequisites:
  • BSCI and BCMSN
  • CCSP Certification track
Target Audience:
  • Engineers who support sales of Cisco VPN and security product solutions
  • Cisco Channel Partners who design, sell, implement and maintain VPN networks
  • Cisco Customers who design, implement and maintain VPN networks

Sections