Cisco - Security (CCIE)

Curriculum

Module 1: Network security

• Explain common threats against on-premises and cloud environments
  • On-premises: viruses, trojans, DoS/DDoS attacks, phishing, rootkits, man-in-the-middle attacks, SQL injection, cross-site scripting, malware
  • Cloud: data breaches, insecure APIs, DoS/DDoS, compromised credentials
• Compare common security vulnerabilities such as software bugs, weak and/or hardcoded passwords, SQL injection, missing encryption, buffer overflow, path traversal, cross-site scripting/forgery
• Describe functions of the cryptography components such as hashing, encryption, PKI, SSL, IPsec, NAT-T IPv4 for IPsec, pre-shared key and certificate based authorization
• Compare site-to-site VPN and remote access VPN deployment types such as sVTI, IPsec, Cryptomap, DMVPN, FLEXVPN including high availability considerations, and AnyConnect
• Describe security intelligence authoring, sharing, and consumption
• Explain the role of the endpoint in protecting humans from phishing and social engineering attacks
• Explain North Bound and South Bound APIs in the SDN architecture
• Explain DNAC APIs for network provisioning, optimization, monitoring, and troubleshooting
• Interpret basic Python scripts used to call Cisco Security appliances APIs

Module 2: Cloud security

• Compare network security solutions that provide intrusion prevention and firewall capabilities
• Describe deployment models of network security solutions and architectures that provide intrusion prevention and firewall capabilities
• Describe the components, capabilities, and benefits of NetFlow and Flexible NetFlow records
• Configure and verify network infrastructure security methods (router, switch, wireless)
• Layer 2 methods (Network segmentation using VLANs and VRF-lite; Layer 2 and port security; DHCP snooping; Dynamic ARP inspection; storm control; PVLANs to segregate network traffic; and defenses against MAC, ARP, VLAN hopping, STP, and DHCP rogue attacks
  • Device hardening of network infrastructure security devices (control plane, data plane, management plane, and routing protocol security)
• Implement segmentation, access control policies, AVC, URL filtering, and malware protection
• Implement management options for network security solutions such as intrusion prevention and perimeter security (Single vs. multidevice manager, in-band vs. out-of-band, CDP, DNS, SCP, SFTP, and DHCP security and risks)
• Configure AAA for device and network access (authentication and authorization, TACACS+, RADIUS and RADIUS flows, accounting, and dACL)
• Configure secure network management of perimeter security and infrastructure devices (secure device management, SNMPv3, views, groups, users, authentication, and encryption, secure logging, and NTP with authentication)
• Configure and verify site-to-site VPN and remote access VPN
  • Site-to-site VPN utilizing Cisco routers and IOS
  • 2.9.b Remote access VPN using Cisco AnyConnect Secure Mobility client
  • 2.9.c Debug commands to view IPsec tunnel establishment and troubleshooting

Module 3: Content security

• Identify security solutions for cloud environments
  • Public, private, hybrid, and community clouds
  • Cloud service models: SaaS, PaaS, IaaS (NIST 800-145)
• Compare the customer vs. provider security responsibility for the different cloud service models
• Patch management in the cloud
  • Security assessment in the cloud
  • Cloud-delivered security solutions such as firewall, management, proxy, security intelligence, and CASB
• Describe the concept of DevSecOps (CI/CD pipeline, container orchestration, and security
• Implement application and data security in cloud environments
• Identify security capabilities, deployment models, and policy management to secure the cloud
• Configure cloud logging and monitoring methodologies
• Describe application and workload security concepts

Module 4: Endpoint protection and detection

• Compare Endpoint Protection Platforms (EPP) and Endpoint Detection & Response (EDR) solutions
• Explain antimalware, retrospective security, Indication of Compromise (IOC), antivirus, dynamic file analysis, and endpoint-sourced telemetry
• Configure and verify outbreak control and quarantines to limit infection
• Describe justifications for endpoint-based security
• Describe the value of endpoint device management and asset inventory such as MDM
• Describe the uses and importance of a multifactor authentication (MFA) strategy
• Describe endpoint posture assessment solutions to ensure endpoint security
• Explain the importance of an endpoint patching strategy

Module 5: Secure network access and Visibility and enforcement

• Describe identity management and secure network access concepts such as guest services, profiling, posture assessment and BYOD
• Configure and verify network access device functionality such as 802.1X, MAB, WebAuth
• Describe network access with CoA
• Describe the benefits of device compliance and application control
• Explain exfiltration techniques (DNS tunneling, HTTPS, email, FTP/SSH/SCP/SFTP, ICMP, Messenger, IRC, NTP)
• Describe the benefits of network telemetry
• Describe the components, capabilities, and benefits of these security products and solutions
• Cisco Stealthwatch
  • Cisco Stealthwatch Cloud
  • Cisco pxGrid
  • Cisco Umbrella Investigate
  • Cisco Cognitive Threat Analytics
  • Cisco Encrypted Traffic Analytics
  • Cisco AnyConnect Network Visibility Module (NVM)