Detailed Outlines
Course Outlines
Module 1: The Threat Landscape and Goals of Security Engineering
Lesson 1: General Principles
- Risks to Enterprise Business Processes
- Security Terminology
- Types of Attackers
- Value of Assets and Cost of Incidents
- Security Engineering
Lesson 2: Physical Attacks
- Physical Access
- Theft
- Physical Intrusion and Destruction
- Electromagnetic Leakage and Interference
Lesson 3: Network Infrastructure Attacks
- Impact of Network Infrastructure Attacks
- Device- and Link-Focused Attacks
- Attacks Against Network Infrastructure Signaling Processes
- Attacks Against Management Protocols and Supporting Infrastructure Applications
Lesson 4: System and Application Attacks
- Impact of System and Application Attacks
- Attacks Against Network and Application Protocols
- Attacks Against Operating Systems
- Attacks Against Applications Lesson 5: User Attacks
- Impact of User Attacks
- Types of User Attacks
Module 2: Overview of Security Controls
Lesson 1: Organizational Controls
- Security Policies and Procedures
- Organizational Controls
- Security Life-Cycle Management
- Security Life-Cycle Management Models
- Security Regulation
- Security Evaluation and Assurance
Lesson 2: Types of Controls
- Access Control
- Detection and Response
- Proactive and Reactive Controls
- Network, Endpoint, and Data-Centric Controls
Lesson 3: Security Engineering Principles
- Matching Controls to Threats
- Realistic Assumptions
- Simplicity
- Fail-Open and Fail-Closed Controls
- Defense in Depth
- Limiting Damage
Lesson 4: Distribution of Controls Between Network and Endpoints
- Infrastructure-Endpoint Architecture
- Perimeter-Endpoint Architecture
- Endpoint-Only Architecture
- Combining Security Architectures
Lesson 5: Cryptographic Services
- Cryptographic Controls
- Confidentiality as a Cryptographic Service
- Integrity as a Cryptographic Service
- Authentication as a Cryptographic Service
- Nonrepudiation as a Cryptographic Service
- Key Management
Lesson 6: Authentication and Identity Management
- Identity Management
- Subjects and Credentials
- Authentication Protocols
- Authentication Architectures
Lesson 7: Network Controls
- Network Infrastructure Controls
- Network Separation and Boundary Controls
Lesson 8: System Controls
- Native Operating System Controls
- Operating System Security Extensions
Lesson 9: Application Controls
- Secure Application Protocols
- Secure Development, Testing, and Operations
- Data Validation
- Access Control and Auditing
Module 3: Network Infrastructure Protection Solutions
Lesson 1: Overview of Threats, Controls, and Specific Customer Requirements
- Threats Against the Network Infrastructure
- Customer Environment and Requirements
Lesson 2: Architectures and Design Guidelines
- Architecture Components
- Device Hardening Design
- Network Signaling Protection Design
- Permanent Traffic Filtering Design
- On-Demand Traffic Filtering Design
- Edge User Access Control Design
- Edge User Compliance Verification Design
- Secure Management Design
Lesson 3: Case Studies
- The lesson includes these topics:
- Network Infrastructure Security for Enterprise IP Telephony
- Enterprise Infrastructure-Based Worm Defense
Module 4: Enterprise Internet Access Solutions
Lesson 1: Overview of Threats, Controls, and Specific Customer Requirements
- Threats Against Enterprise Internet Access
- Customer Environment and Requirements
Lesson 2: Architectures and Design Guidelines
- Architectural Components
- Resource Separation Design
- Infrastructure Security Design
- Boundary Network Access Control Design
- Endpoint Protection Design
- High-Availability and High-Performance Solutions Design
- Management Support Design
Lesson 3: Case Studies
- Enterprise Internet Access Case Study
- Internet Access Protection Technology Demonstration
Module 5: Solutions for Exposed Enterprise Services and Data Centers
Lesson 1: Overview of Threats, Controls, and Specific Customer Requirements
- Threats with Exposed Enterprise Services and Data Centers
- Customer Environment and Requirements
Lesson 2: Architectures and Design Guidelines
- Architectural Components
- Resource Separation Design
- Infrastructure Security Design
- Boundary Network Access Control Design
- Endpoint Protection Design
- High-Availability and High-Performance Solutions Design
- Management Support Design
Lesson 3: Case Studies
- Exposed Enterprise Service Case Study
- Protection of Enterprise Exposed Services
Module 6: Unified Communications Protection Solutions
Lesson 1: Overview of Threats, Controls, and Specific Customer Requirements
- Threats Against Unified Communications Systems
- Customer Environment and Requirements
Lesson 2: Architectures and Design Guidelines
- Architectural Components
- Physical Security Design
- Resource Separation Design
- Network Infrastructure Security Design
- Boundary Network Access Control Design
- Endpoint Protection Design
- Management Support Design
Lesson 3: Case Studies
- Unified Communications Protection Solutions
Module 7: Secure WAN Solutions
Lesson 1: Overview of Threats, Controls, and Specific Customer Requirements
- Threats Against Enterprise WANs
- Customer Environment and Requirements
Lesson 2: Architectures and Design Guidelines
- Architectural Components
- Authentication and Transmission Protection Design
- Infrastructure Security Design
- Point-to-Point Secure WAN Design
- Hub-and-Spoke Secure WAN Design
- Meshed Secure WAN Design
- High-Availability and High-Performance Design
- Management Support Design
- Secure WAN Feature Matrix
Lesson 3: Case Studies
- Hub-and-Spoke IPsec WAN
- Fully-Meshed IPsec WAN
- Demonstration of an On-Demand Fully Meshed IPsec VPN
Module 8: Secure Remote Access Solutions
Lesson 1: Overview of Threats, Controls, and Specific Customer Requirements
- Threats Against Enterprise Remote Access and Mobility
- Customer Environment and Requirements
Lesson 2: Architectures and Design Guidelines
- Architectural Components
- Authentication and Transmission Protection Design
- Infrastructure Security Design
- Remote Access Solutions Design
- High-Availability and High-Performance Design
- Network and Content Access Control Design
- Remote User Protection and Data Loss Protection Design
- Management Support Design
Lesson 3: Case Studies
- Enterprise Remote Access
- Secure Remote Access Technology Demonstration
Module 9: Enterprise Wireless Security Solutions
Lesson 1: Overview of Threats, Controls, and Specific Customer Requirements
- Threats Against Enterprise Wireless Access
- Customer Environment and Requirements
Lesson 2: Architectures and Design Guidelines
- Architectural Components
- Infrastructure Security Design
- Authentication Design
- Transmission Protection Design
- Endpoint Protection Design
- Guest Access Design
- Management Support Design
Lesson 3: Case Studies
- Enterprise WLAN Case Study
Module 10: Enterprise Security Management Solutions
Lesson 1: Overview of Specific Customer Requirements
- Customer Environment and Requirements
Lesson 2: Architectures and Design Guidelines
- Architectural Components
- Management Network and System Protection Design
- Infrastructure Security Design
- Policy Provisioning Design
- Secure Monitoring and SIM Design
- Design Compliance Assessment
Lesson 3: Case Studies
- Enterprise Security Management Case Study
Objectives and Pre-requisites
Course Objectives
- Recognize modern threats to enterprise business processes
- Recognize modern security controls
- Choose appropriate controls for specific threats and environments
- Apply basic security design guidelines
- Recognize basic customer requirements and environment limitations and build an optimal solution based on them
- Position Cisco security products in basic customer scenarios
Prerequisites
The knowledge and skills you must have before attending this course are as follows: