CCNA Security certifications are assumed as recognized Certifications throughout the networking industry since it involves a rigorous test of a candidate’s knowledge and ability to handle various Network scenarios with Cisco technology. If you want to Download CCNA Security Certification Syllabus PDF
About the CCNA Security Exam
To achieve CCNA Security Certification, you need to clear the exam conducted by Cisco (210-260 IINS). The CCNA Security exam is a 90-minute assessment with 60-70 questions.The Cisco CCNA Security Syllabus is an entry-level network security certification offered by Cisco Systems. The Cisco CCNA Security certification is useful for Information/ Network Security professionals who want to enhance their skills.
CCNA Security Syllabus
The Syllabus broadly contains below topics
- Security Concepts
- Secure Access
- Virtual Private Network
- Secure Routing and Switching
- Cisco Firewall Technologies
- Intrusion Prevention System
- Content and Endpoint Security
Now We will discuss the topics mentioned above briefly to have a bit more clarity and understanding of the subject.
As a Network Administrator, you need to have a very clear understanding of Concepts, Procedures, and Terminologies used in Network Security.
The ultimate objective of Security is in CIA Triad, which is Confidentiality, Integrity, and Availability. Ensuring Confidentiality means Information would not be disclosed to the users other than the intended ones. Integrity Means the Information reaches the destination without any alteration, and Availability says the information needs to be available as and when needed.
Malware’s are Malicious Software used for malicious activity to hamper either or all elements of the CIA. Depending on the functionality and its use there are various types of malware such as viruses, Trojan, Spyware, Botnet, etc.
Incorrectly configured devices and Services are the main threat to Information Security. As a Network Administrator, you need to understand various Network Topologies. You need to identify the threat to Network Infrastructure and Defend Network attacks.
Secure Access (Protecting the Network Infrastructure )
Network Services such as NTP, SNMP are used to provide facilities such as time synchronization among all devices, health status, etc. If these Services are not configured properly, these become vulnerable to attacks. RADIUS and TACACS+ are used to provide Secure Authentication, Authorization and Auditing facilities. RADIUS is Open Standard Protocol whereas TACACS+ is Cisco Proprietary.
Virtual Private Network (Secure Connectivity Over Insecure Medium)
VPN can be used within an organization or to connect many organizations to transfer the data to and fro securely even over the unsecured network. Understanding of Cryptographic Algorithms and hashes used in VPN, VPN Deployments modes, Digital Signatures is required. The Ability to Configure and Troubleshoot VPN Deployments is also required.
Secure Routing and Switching
To achieve Network Security, we need to Secure every element involved, be it data plane or Control Plane. Control plane traffic is used to control the flow of network Services.
Router Security involves securing user, configuration and user sessions on the Router. To secure Routing Protocols we need to create a key-chain that needs to be attached to the interfaces where the Routes are Advertised.
Cisco Firewall Technologies using Adaptive Security Appliance
The Cisco ASA family of security devices are advanced devices from Cisco. These can be configured to provide secure access. It offers Offers integrated IPS, VPN, and Unified Communications capabilities.
As a Network Administrator, you need to understand various configurations such as NAT, PAT, zone-based configurations and Modular Policy Framework.You also need to understand the mechanism and benefits of Stateful firewall, packet filtering, Security Context and Modes of Firewall Deployments.
Intrusion Prevention System
Understanding of Operation of Host-Based and Network-Based Intrusion Prevention Systems is needed. Depending on the various needs we need to tune their placement and the modes of deployment.
One needs to understand how the signatures are used by the Intrusion Prevention Mechanism. One needs to understand various underlying terminologies such as false positive, false negative, etc.
Content and Endpoint Security
Endpoints are under continuous threats via Email, Web-Based, etc. There are tools such as Anti-Virus, Anti-Malware, Encryption. Proper Configuration of these Network Security Devices and Tools is critical for Securing Endpoints.
Strategy to clear the CCNA Security Exam
It is advised to practice extensively along with the studies, since the Exam has Scenario based Questions, and one should be capable enough to understand and handle various scenarios.