Implementing Cisco Network Security

I.     Course Prefix/Number: CNS 181

       Course Name: Implementing Cisco Network Security

       Credits: 4 (3 lecture; 2 lab)

II.    Prerequisite

CNS 142 with a minimum grade of C or a valid CCENT or a valid CCNA R& S Certification or consent of instructor

III.   Course (Catalog) Description

Course provides the knowledge and hands-on skills required to install, troubleshoot, and monitor Cisco security network devices. Students who complete this course will be prepared to sit for the Cisco Certified Networking Associate (CCNA) Security Certification exam.

IV.   Learning Objectives

CCNA Security helps students develop the skills needed to succeed in IT-related degree programs and prepare for the CCNA Security certification. It provides a theoretically rich, hands-on introduction to network security, in a logical sequence driven by technologies.

The goals of CCNA Security are as follows:

  • Provide an in-depth, theoretical understanding of network security
  • Provide students with the knowledge and skills necessary to design and support network security
  • Provide an experience-oriented course that employs industry-relevant instructional approaches to prepare students for associate-level jobs in the industry
  • Enable students to have significant hands-on interaction with IT equipment to prepare them for certification exams and career opportunities

Upon completion of this course the student will be able to:

  1. Describe the security threats facing modern network infrastructures.
  2. Explain general network security theory.
  3. Secure network device access.
  4. Implement AAA (Authentication, Authorization, Accounting) on network devices.
  5. Mitigate threats to networks using ACLs  (Access Control Lists).
  6. Implement secure network management and reporting.
  7. Mitigate common Layer 2 attacks (ethernet switch based networks).
  8. Implement the Cisco IOS and IOS IPS (Intrusion Prevention System) firewall feature sets.
  9. Implement an ASA (Adaptive Security Appliance).
  10. Implement site-to-site IPSec VPNs.
  11. Administer effective security policies.

V.    Academic Integrity and Student Conduct

Students and employees at Oakton Community College are required to demonstrate academic integrity and follow Oakton's Code of Academic Conduct. This code prohibits:

• cheating,
• plagiarism (turning in work not written by you, or lacking proper citation),
• falsification and fabrication (lying or distorting the truth),
• helping others to cheat,
• unauthorized changes on official documents,
• pretending to be someone else or having someone else pretend to be you,
• making or accepting bribes, special favors, or threats, and
• any other behavior that violates academic integrity.

There are serious consequences to violations of the academic integrity policy. Oakton's policies and procedures provide students a fair hearing if a complaint is made against you. If you are found to have violated the policy, the minimum penalty is failure on the assignment and, a disciplinary record will be established and kept on file in the office of the Vice President for Student Affairs for a period of 3 years.

Please review the Code of Academic Conduct and the Code of Student Conduct, both located online at
www.oakton.edu/studentlife/student-handbook.pdf

VI.   Sequence of Topics

  • Fundamental principles of securing a network
  • Characteristics of worms, viruses, and Trojan horses and mitigation methods
  • Common network attack methodologies and mitigation techniques such as Reconnaissance, Access, Denial of Service, and DDoS
  • Configuring secure administrative access and router resiliency
  • Configuring command authorization using privilege levels and role-based CLI
  • Configuring network devices for monitoring
  • Securing IOS-based routers using automated features
  • Purpose of AAA and the various implementation techniques
  • Implementing AAA using the local database
  • Implementing AAA using TACACS+ and RADIUS protocols
  • Implementing ACLs
  • Purpose and operation of firewall technologies
  • Implementing CBAC
  • Implementing Zone-based policy Firewall using SDM, CCP and CLI
  • Describe the purpose and operation of network-based and host-based Intrusion Prevention Systems
  • Implementing Cisco IOS IPS operations using SDM, CCP and CLI
  • Endpoint vulnerabilities and protection methods
  • Basic Catalyst switch vulnerabilities such as VLAN attacks, STP manipulation, CAM table overflow attacks, and MAC address spoofing attacks
  • Fundamentals of Wireless, VoIP and SANs, and the associated security considerations
  • Configuring switch security features, including port security and storm control
  • Switched Port Analyzer (SPAN) and Remote SPAN (RSPAN)
  • Different types of encryption, hashes, and digital signatures to provide confidentiality, integrity, and non-repudiation
  • Mechanisms used to ensure data integrity and data confidentiality
  • Purpose and operation of VPN types
  • Components and operations of IPSec VPNs
  • Configuring a site-to-site IPSec VPN with pre-shared key authentication using SDM and CLI
  • Configuring a remote access VPN and SSL VPN
  • Describing the secure network lifecycle
  • Describing the components of a self-defending network and business continuity plans
  • Establishing a comprehensive security policy to meet the security needs of a given enterprise
  • Implementing firewall technologies using the ASA to secure the network perimeter
  • Describing the ASA as an advanced stateful firewall
  • Implementing an ASA firewall configuration
  • Implementing remote-access VPNs on an ASA

VII.  Methods of Instruction

Methods of presentation can include lectures, discussions, demonstrations, experimentation, audio-visual aids and regularly assigned homework.  Computers will be used.
Course may be taught as face-to-face, hybrid or online course.

VIII. Course Practices Required

Course practices include attending class, completing homework assignments, participating in discussions and taking quizzes and exams.

Course may be taught as face-to-face, hybrid or online course..

IX.   Instructional Materials

Note: Current textbook information for each course and section is available on Oakton's Schedule of Classes.

Cisco Networking Academy course materials.

X.    Methods of Evaluating Student Progress

Evaluation methods can include grading homework, chapter or major tests, quizzes, individual or small group projects and a final exam.

XI.   Other Course Information



If you have a documented learning, psychological, or physical disability you may be entitled to reasonable academic accommodations or services. To request accommodations or services, contact the Access and Disability Resource Center at the Des Plaines or Skokie campus. All students are expected to fulfill essential course requirements. The College will not waive any essential skill or requirement of a course or degree program.

Oakton Community College is committed to maintaining a campus environment emphasizing the dignity and worth of all members of the community, and complies with all federal and state Title IX requirements.

Resources and support for
  • pregnancy-related and parenting accommodations; and
  • victims of sexual misconduct
can be found at www.oakton.edu/title9/.

Resources and support for LGBTQ+ students can be found at www.oakton.edu/lgbtq.