t: +254-710-207061

CCNA Security

Course: CCNA Security

Duration: 5 Days

Sessions:  Evenings 5.30 PM – 7.30 PM

Prerequisites: Networking Knowledge, CCENT or CCNA or CCIE

Course Description

CCNA Security equips students with the knowledge and skills needed to prepare for entry-level security specialist careers. This course is a hands-on, career-oriented e-learning solution that emphasizes practical experience. It is a blended curriculum with both online and classroom learning. CCNA Security aims to develop an in-depth understanding of network security principles as well as the tools and configurations required to secure a network. Various types of hands-on labs provide practical experience, including procedural and troubleshooting labs, skills integration challenges, and model building.

Target Audience

The Cisco CCNA® Security course is designed for Cisco Networking Academy® students seeking career-oriented, entry-level security specialist skills. Target students include individuals enrolled in technology degree programs at institutions of higher education and IT professionals who want to enhance their core routing and switching skills. CCNA Security provides a next step for CCNA Discovery or CCNA Exploration students who want to expand their CCNA-level skill set to prepare for a career in network security.


CCNA Security has no Networking Academy course prerequisites. Students should have the following skills and knowledge:

CCNA-level networking concepts and skills

Basic PC and Internet navigation skills

While there are no required course prerequisites, students are encouraged to complete the CCNA Discovery or CCNA Exploration curricula to acquire the fundamental CCNA-level routing and switching skills needed for success in this course.

Target Certifications

The CCNA Security curriculum prepares students for the Implementing Cisco IOS® Network Security (IINS) certification exam (640-554), leading to the CCNA Security certification.

Course Objectives

CCNA Security helps students develop the skills needed for entry-level network security career opportunities and prepare for the CCNA Security certification. It provides a theoretically rich, hands-on introduction to network security, in a logical sequence driven by technologies. The goals of CCNA Security are as follows: Provide an in-depth, theoretical understanding of network security; Provide students with the knowledge and skills necessary to design and support network security; Provide an experience-oriented course that employs industry-relevant instructional approaches to prepare students for entry-level jobs in the industry; Enable students to have significant hands-on interaction with IT equipment to prepare them for certification exams and career opportunities.

Upon completion of the CCNA Security course, students will be able to perform the following tasks:

  • Describe the security threats facing modern network infrastructures
  • Secure network device access
  • Implement AAA on network devices
  • Mitigate threats to networks using ACLs
  • Implement secure network management and reporting
  • Mitigate common Layer 2 attacks
  • Implement the Cisco IOS firewall feature set
  • Implement an ASA
  • Implement the Cisco IOS IPS feature set
  • Implement site-to-site IPSec VPNs
  • Administer effective security policies


Course Topics

Chapter 1. Modern Network Security Threats

  • Explain network threats, mitigation techniques, and the basics of securing a network
  • Describe the fundamental principles of securing a network
  • Describe the characteristics of worms, viruses, and Trojan ho
  • rses and mitigation methods
  • Describe common network attack methodologies and mitigation techniques such as Reconnaissance, Access, Denial of Service, and DDoS
  • Describe the Cisco Network Foundation Protection framework to include the control, management, and data (forwarding) planes.

Chapter 2. Securing Network Devices

  • Configure secure administrative access on Cisco routers
  • Configure command authorization using privilege levels and role-based CLI
  • Enable secure management and monitoring of network devices and router resiliency.
  • Secure IOS-based routers using automated features

Chapter 3. Authentication, Authorization and Accounting

  • Describe the purpose of AAA and the various implementation techniques
  • Implementing AAA using the local database
  • Describe the characteristics and protocols of server-based AAA
  • Implementing server-based AAA authentication using TACACS+ and RADIUS protocols.
  • Implementing server-based AAA authorization and accounting

Chapter 4. Implementing Firewall Technologies

  • Implement firewall technologies to secure the network perimeter
  • Implement ACLs
  • Describe the purpose and operation of firewall technologies
  • Implement Context-Based Access Control (CBAC)
  • Implement Zone-Based Policy Firewall using CLI and CCP

Chapter 5. Implementing Intrusion Prevention (IPS)

  • Describe the purpose and operation of network-based and host-based Intrusion Prevention Systems
  • Describe how signatures are used to detect malicious network traffic.
  • Implement Cisco IOS IPS operations using CLI and CCP
  • Verify and monitor the Cisco IOS IPS operations using CLI and CCP.

Chapter 6. Securing the Local Area Network

  • Describe endpoint vulnerabilities and protection methods
  • Describe the vulnerabilities of and mitigation techniques for securing the Layer 2 infrastructure.
  • Configure and verify switch security features, including port security and storm control
  • Describe the fundamentals of Wireless, VoIP, and SANs, and the associated security considerations.

Chapter 7. Cryptography

  • Describe how different types of encryption, hashes, and digital signatures work together to provide confidentiality, integrity, and authentication.
  • Describe the mechanisms to ensure data integrity and authentication.
  • Describe the mechanisms used to ensure data confidentiality.
  • Describe the mechanisms used to ensure data confidentiality and authentication using a public key.

Chapter 8. Implementing Virtual Private Networks

  • Describe the purpose and operation of VPN types
  • Describe and configure a GRE VPN
  • Describe the components and operations of IPSec VPNs
  • Configure and verify a site-to-site IPSec VPN, with pre-shared key authentication, using CLI
  • Configure and verify a site-to-site IPSec VPN, with pre-shared key authentication, using CCP
  • Configure and verify a remote-access VPN

Chapter 9. Managing a Secure Network

  • Describe the principles of secure network design
  • Describe the components and benefits of the Cisco SecureX Architecture
  • Describe the role of operations security in a network
  • Describe the various techniques and tools used for network security testing
  • Describe the principles of business continuity planning and disaster recovery
  • Describe the SDLC and how to use it to design a Secure Network Life Cycle management process
  • Describe the functions, goals, role, and structure of a comprehensive security policy

Chapter 10. Implementing the Cisco Adaptive Security Appliance (ASA) Firewall

  • Describe the ASA as an advanced stateful firewall
  • Implement an ASA firewall configuration
  • Implement remote-access VPNs on an ASA