This course is for network administrators, network operators, and system administrators responsible for securing their networks to assure authorised access only by authenticated users, with accounting of their activities. The following are the primary audience for this course:
- Network Administrators & Operators
This course has been written for network administrators, network operators, and system administrators who are responsible for the security of their networks. Network administrators or operators should have these basic skills:
- Understanding of TCP/IP networking
- Basic Cisco router and switch configuration (CCNA-equivalent)
- Basic understanding of security challenges facing networks
- Windows system administration
Upon completion of this course, you will be able to:
- Describe the importance of network access security, and the security needs and challenges associated with a network.
- Understand the features, functions and benefits of the CiscoSecure Access Control System.
- Understand the considerations in deployment of CS ACS servers.
- Understand the protocols used to establish network security, including:
- Understand the methods that can be used to secure a network and the services that operate over the network.
- Effectively use CiscoSecure Access Control System to:
- Control access to the network and to network services by remote, dial-in, wireless, or wired users.
- Control the authority to perform specific functions.
- Record and audit the activity of users on the network and on services.
- Restrict access to network devices to authorised network administrators or programmatic interfaces.
- Configure CS ACS and IOS network devices to implement AAA features and network admission control.
After completing this two-day course, the students will be able to use the CiscoSecure ACS to implement security policies for authentication of users, authorisation of activities, and accounting of network and services use.
The Cisco Secure Access Control System (CSACS) training course teaches students how to provide secure access to their network using the CiscoSecure Access Control System, interoperating with security features in Cisco IOS. The focus of the course is to provide a thorough understanding of the operation of the ACS System to control access to network services and devices.
Course subjects include the principals of Authentication, to restrict users access to networks, services, and devices; Authorisation, to restrict the functions that users can perform on services and devices; and Accounting, to track the activities of users. The RADIUS, TACACS+, EAP, and 802.1x protocols are discussed in theory and practice as the basis of network security. Specific methods and configurations are shown that can be used in the students’ production networks to achieve targeted and detailed restrictions.
The course includes hands-on labs to provide personal experience in configuring the ACS server and Cisco network devices, and to reinforce what is discussed in the lectures.
Course Outline
- Module 1: Secure Network Access and RADIUS Protocol
Lesson 1: Network Access Security Challenges
Lesson 2: Network Security Concepts and AAA
Lesson 3: The RADIUS Protocol
- Module 2: CiscoSecure ACS
Lesson 1: Access Policy Management
Lesson 2: CS ACS Features and Benefits
Lesson 1: 802.1X and EAP Overview
Lesson 2: EAP Authentication Methods
Lesson 1: Access Types and Network Topology
Lesson 2: Scalability
Lesson 3: Failover Design
Lesson 4: Network Access Profiles and Additional Topics
- Module 5: Secure Network Device Administration
Lesson 1: Secure Device Administration with TACACS+
Lesson 2: Configuring TACACS+ in IOS and ACS
Lesson 3: IOS Methods of Secure Device Administration
Lab 1: CS-ACS Installation and Configuration
Lab 2: Certificates, RADIUS, and 802.1X
Lab 3: Dynamic VLAN Assignment, External Databases, and Network Access Profiles
Lab 4: TACACS+
