Start with 7 free days of training.

Gain instant access to our entire IT training library, free for your first week.
Train anytime on your desktop, tablet, or mobile devices.

Implementing Cisco IOS Network Security (IINS)

The exam associated with this course was retired December 1, 2015. However, this course still retains value as a training resource. For our most up-to-date training, see Keith Barker’s Cisco CCNA Security 210-260 IINS course....
The exam associated with this course was retired December 1, 2015. However, this course still retains value as a training resource. For our most up-to-date training, see Keith Barker’s Cisco CCNA Security 210-260 IINS course.

This CCNA security training course, produced by Cisco expert Keith Barker, helps prepare you for the 640-554 Cisco exam, and prepares you to address many of the real world vulnerabilities you come across today.

Keith dives into the Cisco Configuration Professional (CCP), the latest GUI (Graphical User Interface) software which will help you manage your Cisco routers. Not only does this training focus on switch security and router security, it also explains and demonstrates how to configure the ASA (Adaptive Security Appliance) firewall. Keith, author of the CCNA Security Cert guide, covers the material in a way that is thorough, fun and engaging.

Whether you're fairly new to the network security world, or you've been in it for a while and simply want to fill in the gaps and see how all the pieces can be integrated together to build a fortress of security using a defense in depth approach, this course is for you.

Keith Barker has been a CBT Nuggets trainer since 2012 and holds a variety of Cisco certifications, including Cisco CCIE Routing and Switching, Cisco CCIE Security, and Cisco CCDP.
 show less
1. Introduction to CCNA Security (7 min)
2. Network Foundation Protection (38 min)
3. Fortifying the Local Router (42 min)
4. AAA, RADIUS and TACACS+ (47 min)
5. Securing the Switched Data-plane (50 min)
6. Tools to Protect the Management-plane (43 min)
7. Controlling the IPv4 Data-plane with ACLs (34 min)
8. Protecting IPv6 Networks (53 min)
9. IOS Firewall Fundamentals (31 min)
10. Zone Based Firewall Implementation (25 min)
11. ASA Firewall (47 min)
12. Intrusion Prevention Systems (IPS) (45 min)
13. IOS-based IPS (48 min)
14. Cryptography Essentials (42 min)
15. IPsec Site to Site VPNs (53 min)
16. SSL VPNs (51 min)
17. Defense in Depth (24 min)
18. The Parka Principle (4 min)

Introduction to CCNA Security


CCNA Security. On behalf of the entire CBT Nuggets team, welcome aboard. Thank you for joining me on this journey we're going to take together through the world of CCNA security. Let's take a moment and identify where CCNA Security fits in the big picture.


Let's say somebody was just starting or wanted to start in networking. They come up and they ask us, hey, can you tell me what should I take, where should I start? What we might do if they have no exposure at all or no experience with computer networks, we might say, maybe they CompTIA Network Plus is a great place to start because it's going to teach you the basics and help build a foundation which you can build on.


We want the foundation to be nice and solid. Now after Network Plus, in a Cisco environment they've got the CCNA. Now when people say, oh, I've got a CCNA or I'm working on a CCNA, they're normally referring to the route switch. You know how the Kentucky Fried Chicken, they have the original and then they have the extra crispy?


Well, I kind of think when people talk about the CCNA and they don't follow it by something, they're normally referring to the original flavor. That's the route switch, the basic foundation components of routing and switching. There's other CCNAs too, like CCNA Wireless, CCNA Service Provider, and there's a CCNA Security.


So where exactly does CCNA Security fit in? CCNA Security is about right here. So This is CCNA Security. So Cisco's expecting, based on the CCNA security certification, they're expecting that you have a basic fundamental knowledge of how networks operate and how Cisco operates.


In fact, they're expecting you be a CCNA and route switch before they'll let you even be awarded a CCNA Security. So I wanted to give you a heads up that I'm also going to presume that you have some basic knowledge of how to access a Cisco router and how to do basic functionality at the command line and you understand the basics of IP and routing protocols so that when we focus on the security aspects we're going to assume a little bit on the back end about the basic routing and switching.


So that's where CCNA Security fits in. Now where do we go beyond there? Beyond there, there's a CCNP for security. And let me tell you the best way to prepare for a CCNP Security. It's in this series right now, focus and make sure you learn it to know it.


So my goal for you is when you're done is that you'll be able to go out into your network and say, you know what, I recognize we have these vulnerabilities and I know in measurable terms how to fix it. And start putting in the technical controls to mitigate the risk that the vulnerabilities in the past were presenting.


So we want to secure our networks and build, again, that best possible fortress of security. And after CCNP Security there's CCIE security. Which I also strongly recommend. It's awesome. And here's what I discovered. Back in 2003 I got my second CCNA.


It was a security at that time. And I thought to myself, wow, I really don't know anything. Because it opened my eyes to the world of what could possibly happen and the fact that security isn't a one time discussion. Security is an ongoing discussion that needs to be involved in every aspect of our network.


We're going to make a change. How does is that going to affect security? There's new attacks that are coming our way. How are we going to deal with That How are we going to mitigate those risks? Let's take a look at what we're going to do, Nugget by Nugget, you and I, to build this best possible fortress of security.


If we have a network like this, how do we start? What do you say? Like, well, where do we begin? And what we're going to do is we're going to take a look at a methodology called NFP. NFP. Network Foundation Protection. Network Foundation Protection is going to help us to break down this large networking to small, manageable chunks.


And then we look at each of those chunks and say, what are the vulnerabilities in this area? And then, what are the counter measures or defense mechanisms we can put in to protect and to basically make that vulnerability go away? So once we take a look at NFP, that will be great framework to start from, we're going to take a look at everything.


We're going to go look at what could happen at Layer 2 with our switches, how to mitigate that. Things like Man in the Middle attacks, things like a rogue DHCP servers, MAC flooding for CAM table overflow attacks. All those and more we'll take a look at and how to protect against those in our infrastructure.


We'll also take a look at AAA. And I'm not talking about the Automobile Association of America. We're talking about authentication, authorization, and accounting. It's the lifeblood of managing our network and controlling who can get in, who can get out, what users can do what, including administrators.


And we're going to use the local routers config for storing information as well as RADIUS and TACACS to reach out to an ACS server. We'll also take a look at what the heck is stateful filtering and why would we care about stateful filtering. And we'll learn the zone based firewall can do it, the adaptive security appliance can do it.


And on that topic that's one of the big changes from the old exam, the old certification. Now we have a beautiful adaptive security appliance, a dedicated firewall from Cisco that we will not only learn in class how to bring up, but we'll get it fully functional from 0 to on the network in just a matter of minutes.


Not just to do it, but also don't understand the characteristics of the firewall. What does the firewall think about the outside? What does it think about the Inside? And what are the flows of traffic that are allowed by default inside of an ASA and how can we control that?


All that and more Nugget by Nugget in our series coming up. One of the last portions of this Nugget series we're going to do is we're going to focus on IPS, Intrusion Prevention Systems, and how they work, and cryptography. Cryptography is amazing and it's fascinating and it's important.


We use it all the time to protect the network on the data plane of our network to make sure that eavesdroppers can't read the data and make sense of it and also that eavesdroppers can't manipulate the data without our knowledge of it. Cryptography has some basic components.


We'll study them together. We'll get some great demonstrations of how they work piece by piece. And then we'll apply them with SSLV VPNs and also IPsec VPNs. As you and I enjoy our journey together going through these Nuggets, something amazing is going to happen to us.


We are going to change. What do you mean, Keith, we're going to change? Our perspective and our awareness of the security threats that are surrounding us regarding our network and information security, our perspective is going to change. And what that's going to translate into is not just fear, but it's going to translate into action.


Because not only will we have identified the attacks and the security vulnerabilities that exist, we'll also have identified how to fix them. And when we leave a router or leave a switch, it will not be the same. We're going to be implementing as we go these security measures to build a better fortress of security every step along the way.


And that's exciting to me, the fact we're not just going to be aware of attacks, we're actually going to be able to solve and prevent the attacks from causing damage to the networks that we live on. I'm keeping this introduction fairly short. Why? Because I want you and I to get right into the meat of the matter starting with Network Foundation Protection.


Once again I'm grateful to be your partner in this journey to the world of CCNA security. I look forward to our sessions together. I hope this has been informative for you, and I'd like to thank you for viewing.

Network Foundation Protection

Fortifying the Local Router


Securing the Switched Data-plane

Tools to Protect the Management-plane

Controlling the IPv4 Data-plane with ACLs

Protecting IPv6 Networks

IOS Firewall Fundamentals

Zone Based Firewall Implementation

ASA Firewall

Intrusion Prevention Systems (IPS)

IOS-based IPS

Cryptography Essentials

IPsec Site to Site VPNs


Defense in Depth

The Parka Principle

Please help us improve by sharing your feedback on training courses and videos. For customer service questions, please contact our support team. The views expressed in comments reflect those of the author and not of CBT Nuggets. We reserve the right to remove comments that do not adhere to our community standards.

comments powered by Disqus
Intermediate 11 hrs 18 videos


Training Features

Practice Exams
These practice tests help you review your knowledge and prepare you for exams.

Virtual Lab
Use a virtual environment to reinforce what you are learning and get hands-on experience.

Offline Training
Our iOS and Android mobile apps offer the ability to download videos and train anytime, anywhere offline.

Accountability Coaching
Develop and maintain a study plan with one-to-one assistance from coaches.

Supplemental Files
Files/materials that supplement the video training.

Speed Control
Play videos at a faster or slower pace.

Included in this course
Pick up where you left off watching a video.

Included in this course
Jot down information to refer back to at a later time.

Closed Captions
Follow what the trainers are saying with ease.
Keith Barker
Nugget trainer since 2012