Cisco VPN Specialist

Cisco security certifications focus on the growing need for knowledgeable network professionals who can implement complete security solutions. Cisco VPN Specialists can configure VPNs across shared ublic networks using Cisco IOS Software and Cisco VPN 3000 Series Concentrator technologies.

642-552 SND	Securing Cisco Network Devices (SND)
642-511 CSVPN	Cisco Secure Virtual Private Networks (CSVPN)

SND

The Securing Cisco Network Devices 642-552 SND is the exam associated with the Cisco Certified Security Professional, Cisco Firewall Specialist, Cisco IPS Specialist, and Cisco VPN Specialist certifications. Candidates can prepare for this exam by taking the Securing Cisco Network Devices v2.0 (SND) course. This exam tests a candidate's knowledge of securing Cisco routers and switches and their associated networks. Topics covered include; Security threats facing modern network infrastructures, Securing Cisco routers, Implementing basic AAA, Using ACLs to mitigate router and network threats, Implementing secure management and reporting, Mitigating common Layer 2 attacks, and Implementing Cisco IOS Firewall features, Cisco IOS IPS features, and IPsec VPN features using Cisco Security Device Manager

Exam Topics

The following information provides general guidelines for the content likely to be included on the exam. However, other related topics may also appear on any specific delivery of the exam. In order to better reflect the contents of the exam and for clarity purposes the guidelines below may change at any time without notice.

Describe the products in the Cisco security portfolio and explain how they mitigate security threats to a network

• Identify the appropriate devices to secure a network
• Identify the appropriate device feature to secure a network
• Describe the difference in functionality and capabilities of the different security devices
• Identify security issues with common management protocols
• Describe threats to a network and network devices
• Identify different techniques to deal with security threats

Describe the security features available for a Cisco Layer 2 device in a secure network

• Identify security features on a Layer 2 device
• Describe basic security feature configurations on a Layer 2 device

Implement security on a Cisco IOS Router

• Identify mitigation techniques for common physical router security threats
• Configure router for secure administrative access
• Implement basic AAA for router administrative authentication
• Configure AutoSecure to harden Cisco routers
• Configure router access lists to secure networks
• Configure security for router services and interfaces
• Implement Syslog logging
• Identify major components of the SDM

Describe and configure Cisco IPS and HIPS

• Configure user accounts
• Describe and configure Network Access lists
• Describe how the sensor device is secure by default
• Install the sensor on the network
• Describe the methods used to access a sensor
• Describe the process for displaying the sensor configuration
• Identify major components of IDM
• Describe basic sensor operations
• Describe the process of using alarms to identify network attacks
• Identify the appropriate platform required to install the CSA MC
• Configure the default group
• Describe the process of agent kit deployment and verifying management of the agent
• Describe key features and concepts of VMS
• Describe the interoperability of the components of VMS
• Describe the hardware and software requirements of VMS

Configure and verify basic remote access on a Cisco VPN 3000 Concentrator

• Perform an initial configuration
• Configure users and groups
• Configure VPN clients
• Verify IPSec tunnel establishment

Implement a Cisco PIX security appliance

• Describe basic PIX security appliance hardware and software architecture
• Identify appropriate PIX security appliance hardware and software configuration
• Configure basic network settings using CLI
• Configure basic interface features on a PIX security appliance
• Verify initial configurations
• Identify major components of the PDM
• Configure static address translation
• Configure Network Address Translation
• Configure firewall to secure inbound traffic
• Verify inbound traffic restrictions
• Describe basic IPSec topologies
• Define the services provided by IPSec
• Describe the IPSec protocol framework
• Describe the IPSec algorithm framework
• Describe the concepts of split tunneling
• Describe the various authentication methods
• Describe how the PIX security appliance uses IPSec to secure networks