Cart
Notice: The streaming format of this product is now viewable on your iPad, iPhone, and other Android devices. Streaming products are available for the life of current blueprint.
About Our CCNP Security Video on Demand Course
IPexpert has been the Global leader in the CCIE training industry for over a decade, helping more students pass their CCIE lab exam than any other institution. With over 1,800 successful CCIEs, we are now expanding our product line to share in Cisco’s growing knowledge base of certifications. We are looking to take our company to the next level by adding new types of certification success stories to our consistently expanding list. This journey begins with you, our valued student. Join your colleagues in the increasingly popular World of Cisco IT certifications with one of our products today.
IPexpert's CCNP Security Video on Demand Course is designed for CCNP Security candidates who wish to learn about the protocols and technologies included in the exam blueprint at their own pace. IPexpert's CCNP Security Video on Demand is the industry's most comprehensive VoD Course on the market.
Listen as industry experts lecture on every technology and protocol seen in the new blueprint. The lectures are a comprehensive video training solution, and each topic covered dives into lab exercises designed to explain both the fundamentals and complex implementations of the challenging protocols encountered in the CCNP Security exams.
The CCNP Security Video on Demand material contains detailed lecture topics including Pre-product Design, Choosing Cisco IOS technologies to implement HDL, Integrate Cisco network security solutions with other features, Configure and verify ASA VPN feature configurations, Optimize Cisco IOS security infrastructure device performance, Complex network security rules, Configure and verify Classic IOS Firewall and NAT, Maintain, update and tune IPS signatures, Configure and verify IOS VPN features, ASA Perimeter Security technologies and features, Implement HLD based on given security requirements, Create and test initial ASA appliance configurations using CLI, Determine ASA licenses, Perform initial setup on the AIP-SSM and CSC-SSM using CLI or ASDM, Troubleshoot High Availability ASAs, Verify static routing and dynamic routing protocols, Integrate ASA VPN solutions with other security technologies, Optimize ASA VPN performance, functions, and configurations, and Create complex ASA network security rules to name just a few. In addition, this VoD will provide invaluable tips on lab strategy and test preparation techniques maximizing the opportunity to pass the CCNP Security exams.
There is a reason why Cisco has the most popular IT Certifications in the industry. There is also a reason why IPexpert is the leader in Cisco training. So what will your certification be? When will you decide to take your career to the next level and become an IPexpert?
Why Choose IPexpert
Enjoying nearly a decade of success and boasting the world's largest list of successful candidates, IPexpert has expanded their product line and is pleased to offer you the world's most proven, content-rich CCNP Security Lab preparation Video on Demand Course. The industry's most recognized video training solution for the CCNP Security Lab is explained as follows:
- A designed training solution in which our industry-recognized Instructor delivers 38 hours of lecture and thorough configuration examples on nearly every topic covered on the CCNP Security blueprint
- A training solution with extremely detailed slides and diagrams that are thorough are easy to comprehend
- Hints, tips and tricks outline what to watch for are explained in detail by an Author / Instructor
- An amazing training solution that is kept current by the world's most elite team of technical Instructors, all of which hold multiple certifications, degrees and multiple CCIE certifications
- The world's most proven product and methodology, boasting more CCIE success stories and testimonials than any other company
- A "must have" training product backed by IPepxert's Investment Assurance program that has raised the bar and set the precedence for training guarantees!
Closing Statements on Why You Should Use IPexpert's Training Solutions
As we expand our product lines we continue to serve our clients with the most up-to-date, content rich materials for the CCNP Security Lab Exam. We would like to highlight a few key points you should consider when selecting a CCNP training vendor:
- Which vendor's products have been (and is currently) used by more candidates to pass the Lab exam for each particular track?
- Which vendor includes their full printed slides and topology diagrams along with their video training solution free of charge?
- Can you find another vendor that offers the level of support, guidance and authenticity that comes close to IPexpert?
- Which vendor's products have scaled the world and have been delivered to every developed country in the world?
- What vendor can match the level of competency as it relates to our dedicated, full time team of industry-recognized and accredited CCIE Instructors?
Our Training Advisors, Support Engineers, Instructors and Developers will stand with you, by your side, during the entire process of your journey, regardless of how long it takes you!
Table of Contents
At IPexpert, we take great pride in being known as the industry's most up-to-date and thorough Cisco training provider. We guarantee that all training materials we ship to our clients are current and up-to-date, reflecting all of the topics that are outlined on the most recent Lab blueprint. If, at any time, you have questions pertaining to our content, we invite you to contact one of our Training Advisors who will be happy to assist you in creating a customized study plan that fits your learning preferences and your training budget.
Below, you will find the topics, technologies and protocols that are currently included in IPexpert's CCNP Security Video on Demand Course.
Firewall
Introduction to the ASA 5500 Series
This section provides an introduction to the ASA 5500 series and provides an overview of the capabilities of each of the firewalls in Cisco’s ASA series. Licensing on the ASA series is also covered.
- After viewing this module you’ll be able to
- Describe the ASA command line interface
- Configure interfaces and DHCP server settings
- Explain connections
- Describe the Adaptive Security Algorithm and how traffic flows between different security levels
- Explain licensing on the ASA 5500 series
Basic ASA 5500 Series Configuration
This section covers basic ASA 5500 series configuration with sections on routing, controlling traffic with ACLs and NAT configuration.
After viewing this module you’ll be able to:
- Describe and configure static routes
- Enable dynamic routing using RIP, EIGRP and OSPF
- Manage access control lists
- Understand and configure NAT including dynamic Port Address Translation (PAT), static PAT, Static Network
- Address Translation (NAT).
- Explain the purpose of NAT exemption
- Describe Cut-Through Authentication
- Explain and configure Transparent Firewall
- Configure Active/Standby Failover
Advanced Configuration
This section contains information on the Modular Policy Framework (MPF) and how to use policy and class maps to perform advanced traffic inspection, Active/Active Failover, the Botnet Filter, QoS.
After viewing this module you’ll be able to:
- Explain the Botnet Filter
- Understand Advanced Traffic Inspection
- Describe and configure Security Contexts and Active/Active Failover
- Explain how Threat Detection works and understand the various modes
- Prevent IP spoofing using RPF
- Explain Quality of Service on the ASA 5500 series
Administering the ASA 5500 Series
After implementing an ASA 5500 series firewall managing and troubleshooting comes next. This module will go over using AAA to manage access to the ASA as well as the logging options available including Syslog and SNMP. Finally, troubleshooting tools like packet tracer and packet capture are covered to determine where problems are occurring on the ASA.
After viewing this module you’ll be able to:
- Explain and configure Authentication, Authorization and Accounting (AAA) on the ASA 5500 series
- Describe the logging options available
- Understand the troubleshooting tools available on the ASA
IPS
Introduction and Setup
This module is an overview of Cisco IPS models including the appliances as well as the modules available for the ASA firewalls and ISR router platforms. A comparison of the management tools including the IPS Manager Express (IME), IPS Device Manager (IDM) and Cisco Security Manager (CSM) is covered. Basic initialization of the IPS sensor is also covered.
After viewing this module you will be able to:
- Select the correct IPS module or appliance according to the High Level Design
- Describe the use of the CLI
- Describe the authentication modes available on the IPS sensor
- Initialize the IPS sensor
- Configure time
IPS Basic Configuration
This module covers connecting to the IDM and IME as well as a demonstration of the management tools. The Signature Policy is discussed and the sensor modes are discussed.
After viewing this module you will be able to:
- Connect to the IME and IDM
- Describe how the IPS sensor is licensed
- Explain the components that make up a Signature Policy
- Describe the default policies
- Use virtual sensors to apply different policies for IPS inspection
- Describe the options for sensor interface modes
- Maintain an IPS sensor
- Monitor threats on the IPS sensor
Advanced IPS Configuration
Risk Assessment and how threats are rated on the sensor and the components that make up the risk rating are discussed. In addition, signature tuning is discussed which covers both modifying the signatures directly and the Event Action Overrides are also covered.
- Describe the components that make up a signature definition
- Explain how the IPS determines how severe a detected threat is
- Clone and modify signatures
- Tune signatures to reduce false positives
- Use Anomaly Detection to detect worm infected hosts
- Describe the signature engines available on the IPS sensor and how they work
- Create new signatures using the signature wizard
- Upgrade the sensor to take advantage of the latest signatures
MARS and CSM
The Monitoring, Analysis and Response System (MARS) is the logging and analysis portion of the Cisco Secure portfolio and provides correlation based on events received from multiple devices across the network reducing the number of event the security analyst needs to review. The Cisco Security Manager (CSM) is a centralized configuration element that is a single point to manage Cisco security hardware in the network. The MARS can be used to collect events from the IPS sensor and the CSM can configure multiple sensors on the network.
After viewing this module you will be able to:
Explain how a Security Information and Event Management (SIEM) correlates events
- Describe how the MARS uses rules to correlate events
- Connect to the MARS appliance and navigate the GUI
- View and respond to events on the MARS
- Query events on the MARS for historical analysis
- Determine if a CSM is required based on HLD requirements
- Add managed devices to the CSM
- Configure integration between the CSM and the MARS
VPN
Overview
This module provides an overview of Virtual Private Networks (VPN) and provides information on the VPN options available on the ASA platform. This module also provides information on Public Key Cryptography and configuring Trustpoints to manage certificate authorities on the ASA 5500 series. VPN licensing on the ASA 5500 series is also covered.
After viewing this module you will be able to:
- Describe the advantages of using a VPN
- Explain how Public Key Cryptography can be used for message signing and encryption
- Describe a Certificate Authority and what it would be used for
- Configure a trustpoint in an ASA
- Configure a local Certificate Authority on an ASA
- Explain IPSec VPN
- Describe VPN Licensing on the ASA
Site-to-Site VPN
Site-to-Site VPNs can be used to connect networks across an unsecure medium like the Internet. The ASA can be deployed in a number of different modes and this module will explain these modes and describe how to configure them.
After viewing this module you’ll be able to:
- Describe how to configure a basic Site-to-Site VPN with static IP addresses
- Explain why NAT exemption is required
- Configure site-to-site VPN with one node as a host with a DHCP assigned address
- Configure EasyVPN in Network Extension Mode
- Implement spoke-to-spoke traffic in a VPN network
- Describe how to implement certificate authentication for Site-to-Site VPN
Remote Access VPN
Remote access VPNs are used to allow secure access to a corporate network over an unsecure medium like the Internet. Traditionally this has been provided using the Cisco VPN Client but the emergence of VPN technologies over SSL have provided a number of new options for secure remote access connectivity.
After viewing this module you’ll be able to:
- Configure tunnel groups, group policies and NAT to enable VPN client connectivity
- Explain the advantages of using Clientless SSLVPN access over the Cisco VPN Client
- Describe the methods available to enable application access in a Clientless session
- Enable AnyConnect client access
- Use AAA to centrally authenticate VPN users
Advanced Configuration
The Cisco ASA has a number of powerful options to manage user access to the network during initial user login. These options can be based on information gained during the login process. Troubleshooting VPN connections is also discussed.
After viewing this module you’ll be able to:
- Explain the Cisco Secure Desktop
- Install CSD on an ASA firewall
- Configure Dynamic Access Policies and explain their use
- Use the Vault to wipe information from remote computers after logout
- Perform troubleshooting for VPN
SECURE
Securing IOS
This module provides an overview of the IOS platform and the differences between the ISR routers and the Catalyst switching platforms. Security features specific to each platform are discussed and these include Catalyst specific features like Storm Control and Port Security. Identity Based Network Services (IBNS) which allow network access based on user identity is also covered.
After viewing this module you’ll be able to:
- Explain the options available when using Cisco AutoSecure
- Describe the configuration applied by AutoSecure and how it increases security of the router
- Use Identity Based Network Service (IBNS) to authenticate users
- Describe the component of the IBNS
- Use 802.1x to authenticate switch ports
- Secure the management plane using AAA and SSH
- Describe and configure the IOS Certificate Authority
- Explain the security features on Catalyst switches
- Secure routing updates using passwords
Securing the Data Plane
The data plane refers to the user traffic crossing the IOS router. IOS provides a large number of features available to secure user traffic and this module will provide the information on these features.
After viewing this module you’ll be able to:
- Configure basic traffic filtering using ACLs
- Explain the difference between standard and extended ACLs
- Describe the NAT configuration on the IOS router
- Configure firewall features using the Context Based Access Control (CBAC).
- Configure advanced firewall features using Zone-Based Firewall (ZBF)
IOS VPN
This module covers the Site-to-Site VPN options available on the IOS routers. These options include using GRE tunnels, IPSec VPN, Dynamic Multipoint VPN (DMVPN) and Group Encrypted Transport (GETVPN). In addition, enabling Zone-Based Firewall inspection for VPN connections is also discussed.
After viewing this module you’ll be able to:
- Describe the tunneling protocols available on the IOS router platforms
- Configure IPSec tunnels to secure traffic between IOS routers
- Use Virtual Tunnel Interfaces (VTI) to apply ZBF traffic inspection for Site-to-Site VPN traffic
- Explain how to configure certificate authentication for Site-to-Site VPNs
- Describe and configure a DMVPN hub and spoke VPN
- Describe and configure Group Encrypted Transport (GET) VPN
Remote Access VPN
IOS routers have a number of options available to enable Remote Access VPN. This module will go over the options available and contains demonstrations of configuring each of the Remote Access VPN types.
After viewing this module you’ll be able to:
- Explain the configuration components required to implement Remote Access VPN on an IOS router
- Use virtual templates to apply ZBF to Remote Access VPN traffic
- Configure SSLVPN Remote Access on IOS routers
- Enable network access using the AnyConnect client
IPexpert's Client Support Techniques
Although this product is specifically designed to be utilized as a self-study learning tool, IPexpert clients are never left on their own. In fact, IPexpert's commitment to top-notch customer support is a cornerstone of our mission statement.
Many CCIE training entities promise support on their forums or within their communities. IPexpert is different. We go above and beyond our competition by being available to serve you in many different ways.
- 24x7 peer group and Instructor support through our active email list community (www.OnlineStudyList.com)
- Tech support available directly through support@ipexpert.com
- Friendly and knowledgeable support via phone, live chat or email by CCIE-focused Training Advisors, Support Engineers or Instructors, available Monday through Friday from 8am to 6pm Eastern.
- Hardware and delivery issues addressed by Support Engineers 24x7 via telephone, live chat or email.
- Our active blog provides insight, guidance and announcements pertaining to CCIE news, product updates or lab changes.
- Dedicated Fulfillment Coordinators ensure that your order (whether hard copy or digital) is processed and delivered in a timely and accurate manner.
- IPexpert also releases news and information to clients through its Facebook group and Twitter accounts, which can be subscribed to by clicking on those appropriate links.
In summary, you can be confident that IPexpert will stand by your side from the beginning of your CCIE preparation until you earn your numbers! The CCIE certification is a long journey. Having helped over a thousand CCIE hopefuls actually pass the real CCIE Lab exam, IPexpert knows what it takes to get you there and we are DEDICATED to your success!
