Implementing Cisco Network Security

I.     Course Prefix/Number: CNS 181

       Course Name: Implementing Cisco Network Security

       Credits: 3 (3 lecture; 1 lab)

II.    Prerequisite

CNS 142 with a minimum grade of C or a valid CCENT or a valid CCNA R& S Certification or consent of instructor

III.   Course (Catalog) Description

Course provides the knowledge and hands-on skills required to install, troubleshoot, and monitor Cisco security network devices. Students who complete this course will be prepared to sit for the Implementing Cisco Network Security (ICNS) certification exam.

IV.   Learning Objectives

Upon completion of this course the student will be able to:

  1. Implement AAA on Cisco routers using local router database and server-based ACS or Identity Service Engine (ISE).
  2. Implement firewall technologies to secure network perimeter.
  3. Implement IPS to mitigate attacks on networks.
  4. Implement secure endpoints and mitigate common Layer 2 attacks.
  5. Implement secure communications to ensure integrity, authenticity and confidentiality.
  6. Implement secure Virtual Private Networks.
  7. Implement an ASA firewall configuration using the CLI.
  8. Implement an ASA firewall configuration and VPNs using ASDM.
  9. Test network security and create a technical security policy.

V.    Academic Integrity and Student Conduct

Students and employees at Oakton Community College are required to demonstrate academic integrity and follow Oakton's Code of Academic Conduct. This code prohibits:

• cheating,
• plagiarism (turning in work not written by you, or lacking proper citation),
• falsification and fabrication (lying or distorting the truth),
• helping others to cheat,
• unauthorized changes on official documents,
• pretending to be someone else or having someone else pretend to be you,
• making or accepting bribes, special favors, or threats, and
• any other behavior that violates academic integrity.

There are serious consequences to violations of the academic integrity policy. Oakton's policies and procedures provide students a fair hearing if a complaint is made against you. If you are found to have violated the policy, the minimum penalty is failure on the assignment and, a disciplinary record will be established and kept on file in the office of the Vice President for Student Affairs for a period of 3 years.

Please review the Code of Academic Conduct and the Code of Student Conduct, both located online at

VI.   Sequence of Topics

  • Fundamental principles of securing a network
  • Characteristics of worms, viruses, and Trojan horses and mitigation methods
  • Common network attack methodologies and mitigation techniques such as Reconnaissance, Access, Denial of Service, and DDoS
  • Configuring secure administrative access and router resiliency
  • Configuring command authorization using privilege levels and role-based CLI
  • Configuring network devices for monitoring
  • Securing IOS-based routers using automated features
  • Purpose of AAA and the various implementation techniques
  • Implementing AAA using the local database
  • Implementing AAA using TACACS+ and RADIUS protocols
  • Implementing ACLs
  • Purpose and operation of firewall technologies
  • Implementing CBAC
  • Implementing Zone-based policy Firewall using SDM, CCP and CLI
  • Describe the purpose and operation of network-based and host-based Intrusion Prevention Systems
  • Implementing Cisco IOS IPS operations using SDM, CCP and CLI
  • Endpoint vulnerabilities and protection methods
  • Basic Catalyst switch vulnerabilities such as VLAN attacks, STP manipulation, CAM table overflow attacks, and MAC address spoofing attacks
  • Fundamentals of Wireless, VoIP and SANs, and the associated security considerations
  • Configuring switch security features, including port security and storm control
  • Switched Port Analyzer (SPAN) and Remote SPAN (RSPAN)
  • Different types of encryption, hashes, and digital signatures to provide confidentiality, integrity, and non-repudiation
  • Mechanisms used to ensure data integrity and data confidentiality
  • Purpose and operation of VPN types
  • Components and operations of IPSec VPNs
  • Configuring a site-to-site IPSec VPN with pre-shared key authentication using SDM and CLI
  • Configuring a remote access VPN and SSL VPN
  • Describing the secure network lifecycle
  • Describing the components of a self-defending network and business continuity plans
  • Establishing a comprehensive security policy to meet the security needs of a given enterprise
  • Implementing firewall technologies using the ASA to secure the network perimeter
  • Describing the ASA as an advanced stateful firewall
  • Implementing an ASA firewall configuration
  • Implementing remote-access VPNs on an ASA

VII.  Methods of Instruction

Methods of presentation can include lectures, discussions, demonstrations, experimentation, audio-visual aids and regularly assigned homework.  Computers will be used.
Course may be taught as face-to-face, hybrid or online course.

VIII. Course Practices Required

Course practices include attending class, completing homework assignments, participating in discussions and taking quizzes and exams.

Course may be taught as face-to-face, hybrid or online course..

IX.   Instructional Materials

Note: Current textbook information for each course and section is available on Oakton's Schedule of Classes.

Cisco Networking Academy course materials.

X.    Methods of Evaluating Student Progress

Evaluation methods can include grading homework, chapter or major tests, quizzes, individual or small group projects and a final exam.

XI.   Other Course Information

If you have a documented learning, psychological, or physical disability you may be entitled to reasonable academic accommodations or services. To request accommodations or services, contact the Access and Disability Resource Center at the Des Plaines or Skokie campus. All students are expected to fulfill essential course requirements. The College will not waive any essential skill or requirement of a course or degree program.

Oakton Community College is committed to maintaining a campus environment emphasizing the dignity and worth of all members of the community, and complies with all federal and state Title IX requirements.

Resources and support for
  • pregnancy-related and parenting accommodations; and
  • victims of sexual misconduct
can be found at

Resources and support for LGBTQ+ students can be found at

Electronic video and/or audio recording is not permitted during class unless the student obtains written permission from the instructor. In cases where recordings are allowed, such content is restricted to personal use only. Any distribution of such recordings is strictly prohibited. Personal use is defined as use by an individual student for the purpose of studying or completing course assignments.

For students who have been approved for audio and/or video recording of lectures and other classroom activities as a reasonable accommodation by Oakton’s Access Disabilities Resource Center (ADRC), applicable federal law requires instructors to permit those recordings. Such recordings are also limited to personal use. Any distribution of such recordings is strictly prohibited.

Violation of this policy will result in disciplinary action through the Code of Student Conduct.