1 © 2003 Cisco Systems, Inc. All rights reserved. Session Number Presentation_ID Overview of FNS/FWL and Teaching Experiences in KHU, Korea Intae Ryoo, LMC, KHU, Korea

222 © 2003 Cisco Systems, Inc. All rights reserved. Presentation_ID FNS v1.1 Course Vitals 15 Chapters 40 Hands-on Labs 53 Interactive, Simulation Activities 46 Demonstration Activities 11 Product PhotoZooms 87 Learning Objectives 397 Target Indicators 15 Chapter Quizzes

333 © 2003 Cisco Systems, Inc. All rights reserved. Presentation_ID FNS Target Audience and Prerequisites Target Audience: High School (N/A in Korea), Community College, Military and University students as well as transitional workers. Prerequisites: Students should have completed the Academy program’s CCNA 4: WAN technologies or hold current CCNA certification.

444 © 2003 Cisco Systems, Inc. All rights reserved. Presentation_ID Curriculum Map

555 © 2003 Cisco Systems, Inc. All rights reserved. Presentation_ID Course Main Topics Security Policy Design & Management Security Technologies, Design, Products & Solutions Firewall and secure router design, installation, configuration,management and maintenance AAA implementation using routers and firewalls VPN implementation using routers and firewalls IDS implementation using routers and firewalls

666 © 2003 Cisco Systems, Inc. All rights reserved. Presentation_ID FNS V1.1 Changes Demonstration Activities: Inclusion of topology and command syntax button for the topic being demonstrated. Approximately 30 new activities added to the course. Figures: Over 100 additional graphic figures covering new topologies, commands and new devices. PhotoZooms: New Photozooms to cover the PIX 501, 515E, 525 and 535 Revision & Addition to TI’s: ie : Security Device Manager (SDM), ACS Solutions Engine, SNMP v3, VMS 2.2 Update, Change of PIX Firewall to PIX Security Appliance

777 © 2003 Cisco Systems, Inc. All rights reserved. Presentation_ID FNS Assessments The FNS course will have two required exams. Batch activation will be turned on for all chapter exams. For FNS, the maximum activation window for chapter exams is 7 days.

888 © 2003 Cisco Systems, Inc. All rights reserved. Presentation_ID FNS Assessments Some items on the FNS exams are pulled from material contained in the command reference. When teaching it will be important for instructors to reference and explain material in the command reference.

999 © 2003 Cisco Systems, Inc. All rights reserved. Presentation_ID Career Certification Mappings Cisco Firewall Specialist* (Stepping Stone to CCSP**) SECUR - Securing Cisco IOS Networks CSPFA – Cisco Secure PIX Firewall Advanced Security+ Vender neutral exam alignment offered by CompTIA (e.g. NSTISSI 4011) FNS will align with: Securing Cisco IOS Networks (SECUR, former MCNS) Exam Cisco Secure PIX Firewall Advanced (CSPFA) Exam

10 © 2003 Cisco Systems, Inc. All rights reserved. Presentation_ID Security+ Prerequisites and Target Audience Prerequisites: At least two years of networking experience. A solid understanding of computer hardware and software. Students should be comfortable installing and troubleshooting various hardware and software components. A solid understanding of network terminology and technologies, including TCP/IP and LAN wiring. Basic knowledge needed to configure and install various network products. Target Audience: Those interested in industry wide security technologies, threats, weaknesses and solutions. Professionals that desire a globally recognized certification and skill set. Employers seeking to validate employees credentials.

11 © 2003 Cisco Systems, Inc. All rights reserved. Session Number Presentation_ID FNS Equipment

12 © 2003 Cisco Systems, Inc. All rights reserved. Presentation_ID Equipment Bundles for the Security Course Standard Security Bundle PIX Pod Bundle Remote Pod Bundle Required Equipment: Optional Equipment:

13 © 2003 Cisco Systems, Inc. All rights reserved. Presentation_ID FNS Standard Lab Bundle Hardware One 2611XM ADSL Bundle Router Two 2611XM VPN Bundle Routers Two PIX 515E-R-DMZ-BUN (Chassis, 3FE Ports) One 2950T-24 Catalyst Switch Software and Maintenance Cisco Secure ACS SMARTnet Pod 1 Pod 2 Backbone PIX 515E-R-DMZ-BUN 2611XM VPN Bundle Router 2611XM ADSL Bundle Router 2950T-24 Catalyst Switch

14 © 2003 Cisco Systems, Inc. All rights reserved. Presentation_ID SMB Price Functionality Gigabit Ethernet PIX Firewall Family Lineup Enterprise ROBO PIX 515E PIX 525 PIX 535 SOHO PIX 501 PIX 506E SP Device to be used in Academy FNS Course

15 © 2003 Cisco Systems, Inc. All rights reserved. Presentation_ID FNS Lab Topology FNS uses a scalable 2 pod architecture based on the 10 pod VPN Security (VSEC) model. The concept of generic labs using a P value as “pod” and Q as “peer pod” is used in the FNS labs. Students will be well equipped to transition to future CLP courses. With the scalable pod architecture Academies can provide more lab equipment with minimal additional cost and setup time. There are 4 primary lab topologies used in FNS: Standard 2 router pod VPN client to router Standard 2 PIX pod VPN client to pix. Backbone switch is configured to allow a student to make a quick physical cabling change as needed without requiring instructor intervention. Instructors can develop optional topologies.

16 © 2003 Cisco Systems, Inc. All rights reserved. Presentation_ID FNS Lab Topology—Logical PC1PC2 RBB (Optional RTS) P P P P P P CSACS DHCP P.0 WEB FTP Multi VLAN WEB/FTP Server POD 1POD P.0 SS.11 or.12 FNS uses a scalable pod architecture based on the VSEC model. Students will be well equipped to transition to future CLP courses.

17 © 2003 Cisco Systems, Inc. All rights reserved. Presentation_ID FNS Lab Topology—Physical CSACS DHCP CA.50.1 WEB FTP Multi VLAN (802.1q) SuperServer Student PC SS Catalyst 2950T PC1 RBB Router1 Remote Access* using: AUX port with Modem, WIC card options, or available FastEthernet port *Remote Bundle required Student PC TRUNK PIX PC2 Router2 PIX2 0/0 0/1 0/0 0/1 e0 e1 e0 e2 With a central connection point and IEEE 802.1q trunking, academies can add more lab equipment with minimal cost and setup time. Cable changes can be made rapidly as needed, without instructor intervention or switch re-configuration.

18 © 2003 Cisco Systems, Inc. All rights reserved. Presentation_ID Requirements for the Servers

19 © 2003 Cisco Systems, Inc. All rights reserved. Presentation_ID Common Equipment Questions Can I reuse any of my CCNP or CCNA equipment? With compatible IOS version and Memory Upgrades What is ACS and do I need to purchase this? CSACS. Have to verify that CSACS can be distributed for FNS class operation. How many VLANs do I need to support? 8 VLANS; 101,102,201,202,301,302,401,402 Can we use 501’s instead of 515e’s? Maybe. But, 515e is preferable.

20 © 2003 Cisco Systems, Inc. All rights reserved. Presentation_ID Sample Occupations Network Security Analyst Senior System Analyst Systems Architect Network Design and Admin Technical Support Technical Writing Network Services & Operations Internet & e-Business

21 © 2003 Cisco Systems, Inc. All rights reserved. Presentation_ID Cisco Security Certifications Earn $$$ TCPMag’s 2 nd annual salary survey shows Cisco Security professionals earning $86,000/year, an increase of 8% over the previous year’s survey.

22 © 2003 Cisco Systems, Inc. All rights reserved. Presentation_ID Cisco Security Solutions – FNS Coverage Cisco VPN Concentrators Cisco PIX™ Firewalls Cisco VPN Concentrators Cisco PIX™ Firewalls Cisco IDS Appliances Cisco Access Control Server Cisco Works—VPN Mgmt Solution Cisco Secure Policy Manager Web Device Managers Cisco Works—VPN Mgmt Solution Cisco Secure Policy Manager Web Device Managers Cisco PIX™ Firewalls Cisco IOS VPN Cisco IOS IDS Cisco IOS Firewall Firewalls VPN Intrusion Detection Scanning Authentication Policy IdentitySecure Connectivity Perimeter Security Monitoring Security Management

23 © 2003 Cisco Systems, Inc. All rights reserved. Presentation_ID Class Operation in KHU, Korea For students, 6 (3 + 3) credits course –1-year course –Semester 1: IOS Router Firewall Chapters 1 through 7: 16 weeks, 4 hours per week –Semester 2: PIX Firewall Chapters 8 through 15: 16 weeks, 4 hours per week For Instructors –2 weeks course –First week for IOS Router Firewall –Second week for PIX Firewall

24 © 2003 Cisco Systems, Inc. All rights reserved. Presentation_ID Chapter 1 through 7 Overview of Network Security Basic Router and Switch Security Router ACLs and CBAC Router AAA Security Router Intrusion Detection, Monitoring and management Router Site-to-Site VPN Router Remote Access VPN

25 © 2003 Cisco Systems, Inc. All rights reserved. Presentation_ID Chapter 8 through 15 PIX Firewall PIX Firewall Translations and Connections PIX Firewall ACLs PIX Firewall AAA PIX Firewall Advanced Protocols and Intrusion Detection PIX Firewall Failover and System Maintenance PIX Firewall VPN PIX Firewall Management

26 © 2003 Cisco Systems, Inc. All rights reserved. Presentation_ID Considerations Some students forget advanced ACL configurations already introduced in CCNA Semester 3. Some instructors who have not yet acquainted with the VLAN configuration must verify their proficiency in VLAN configurations introduced in CCNA Version 3.0. PIX Firewall LABs are mandatory or not? –Because this needs additional budgets. Can IOS Router Firewall do the same role as PIX Firewall?

27 © 2003 Cisco Systems, Inc. All rights reserved. Presentation_ID More Information? Course Catalog Post Login - FAQs - Scope and Sequence - Course Demo - Cost Calculator - Equipment List - Curriculum Calendar