Cisco CCNA Security: AAA and IP Security

Part 2 of 3 in the Cisco CCNA Security (640-554) series. This course will teach you how to identify, lockdown, and secure vulnerabilities in a small to medium enterprise branch network.
Course info
Rating
(45)
Level
Intermediate
Updated
Nov 20, 2012
Duration
3h 4m
Table of contents
Authentication, Authorization, and Accounting (AAA)
VLAN Security
Spanning-Tree Security
Securing IPv4 Routing
IPv4 Services Vulnerabilities
Securing IPv6
Access-List Fundamentals
IPv4 Standard Access-Lists
IPv4 Extended Access-Lists
IPv6 Access-Lists
Description
Course info
Rating
(45)
Level
Intermediate
Updated
Nov 20, 2012
Duration
3h 4m
Description

Part 2 of 3 in the Cisco CCNA Security (640-554) series. This course will teach you how to identify, lockdown, and secure vulnerabilities in a small to medium enterprise branch network. This course will also help you to enhance your skills in developing security infrastructure, recognizing threats, and mitigating security threats. This course is ideal for network administrators or aspiring network administrators who wish to build a stronger foundation of advanced security concepts.

About the author
About the author

Joe is a seasoned Cisco professional with over 15 years of experience, supporting Fortune 500 Companies in deploying routing, switching, unified communications, security, and data center technologies.

Section Introduction Transcripts
Section Introduction Transcripts

Securing IPv4 Routing
One of the things I've tended to say over the years of my brief life thus far, is that sometimes strengths and weaknesses can be related to the same trait. Here's what I mean by that. Someone that, for example, is great with details may have a difficult time focusing on the big picture, same behavior different issues. IP Version 4 is a lot like that. One of the greatest things about IP Version 4 is its flexibility. One of the biggest drawbacks to IP Version 4 is also its flexibility. On the one hand, it's open, it's flexible, you can get a lot of things done, but it also is inherently insecure. Security IP sec, which we'll talk about later, actually was an add-on to IP Version 4. And so there are a lot of different vulnerabilities that automatically come up when you're discussing IP Version 4. One of these areas is routing and so you want to take a good examination of potential vulnerabilities in dealing with IP Version 4 Routing and how to defend against those.

Securing IPv6
Many people throughout the world use cars as transportation. They come in different shapes and sizes, different capabilities, and different models. One of the things that you'll note is newer models have a lot of features, have a certain appearance to them, and then much older cars, specifically those manufactured a number of years ago, are considered more of what's called classics. They still function, they still do all the things a car needs to do in terms of transportation, but they're not considered the cutting edge anymore. And this is actually what's happened to IP Version 4. It has done a number of wonderful things over the years, but it started to show its age and it's slated to be replaced. In its place is IP Version 6, which has not yet reached widespread adoption, but is certainly on the horizon as the dominant version of the Internet Protocol. As such, there are some things about IP Version 6 that are unique and need to be addressed from a securities perspective and that's what we want to do in this particular lesson.

IPv6 Access-Lists
As I've already mentioned, Access-Lists are an important tool that you have to be able to address security in IP based networks. It's true for IP Version 4, it is still true with IP Version 6. So understanding how access-lists fit into the IP Version 6 protocol is also important for you as a security professional and as a CCNA security student. First, we want to be able to look at some of the basics that are involved with IP Version 6 access-lists.