Security (CCNA)

Cisco Certified Network Associate Security (CCNA Security) validates associate-level knowledge and skills required to secure Cisco networks. With a CCNA Security certification, a network professional demonstrates the skills required to develop a security infrastructure, recognize threats and vulnerabilities to networks, and mitigate security threats. The CCNA Security curriculum emphasizes core security technologies, the installation, troubleshooting and monitoring of network devices to maintain integrity, confidentiality and availability of data and devices, and competency in the technologies that Cisco uses in its security structure.

CCNA SECURITY IINS 2.0 – Implementing Cisco IOS Network Security
What You'll Learn
Who Needs to Attend

What You'll Learn

  • Develop a comprehensive network security policy to counter threats against information security
  • Configure routers with Cisco IOS Software security features, including management and reporting functions
  • Configure IPv6 addressing, routing, and access control in Cisco network routers
  • Bootstrap the Cisco Adaptive Security Appliance (ASA) Firewall for use in a production network
  • Configure the Cisco ASA Firewall for remote access SSL VPN
  • Configure a Cisco IOS zone-based firewall (ZBF) to perform basic security operations on a network
  • Configure site-to-site VPNs using Cisco IOS features
  • Configure IOS IPS on Cisco network routers
  • Configure security features on IOS switches to mitigate various Layer 2 attacks
  • How a network can be compromised using freely available tools
  • Implement line passwords, and enable passwords and secrets
  • Examine Authentication, Authorization, and Accounting (AAA) concepts and features using the local database as well as Cisco Secure ACS 5.2
  • Run a CCP security audit and analyze the results
  • Configure packet filtering on the Perimeter Router
  • Define a virtual tunnel interface Using GRE with IPsec

Who Needs to Attend

  • Network designers
  • Network SAN security administrators
  • Network, systems, and security engineers
  • Network and security managers


  • Working knowledge of the Windows operating system
  • ICND1 v2.0 – Interconnecting Cisco Networking Devices, Part 1


Common Security Threats

1.1 Describe common security threats

Security and Cisco Routers

2.1 Implement Security on Cisco routers
2.2 Describe securing the control, data and management plane
2.3 Describe CSM
2.4 Describe IPv4 to IPv6 transition

AAA on Cisco Devices

3.1 Implement authentication, authorization, and accounting (AAA)
3.2 Describe TACACS+
3.3 Describe RADIUS
3.4 Describe AAA
3.5 Verify AAA functionality


4.1 Describe standard, extended, and named IP IOS ACLs to filter packets
4.2 Describe considerations when building ACLs
4.3 Implement IP ACLs to mitigate threats in a network

Secure Network Management and Reporting

5.1 Describe secure network management
5.2 Implement secure network management

Common Layer 2 Attacks

6.1 Describe Layer 2 security using Cisco switches
6.2 Describe VLAN Security
6.3 Implement VLANs and trunking
6.4 Implement Spanning Tree

Cisco Firewall Technologies

7.1 Describe operational strengths and weaknesses of the different firewall technologies
7.2 Describe stateful firewalls
7.3 Describe the types of NAT used in firewall technologies
7.4 Implement Zone Based Firewall using CCP
7.5 Implement the Cisco Adaptive Security Appliance (ASA)
7.6 Implement NAT and PAT

Cisco IPS

8.1 Describe IPS deployment considerations
8.2 Describe IPS technologies
8.3 Configure Cisco IOS IPS using CCP

VPN Technologies

9.1 Describe the different methods used in cryptography
9.2 Describe VPN technologies
9.3 Describe the building blocks of IPSec
9.4 Implement an IOS IPSec site-to-site VPN with pre-shared key authentication
9.5 Verify VPN operations
9.6 Implement SSL VPN using ASA device manager