K2-108

Security Policy Module

Sponsored by Cisco Systems, Inc.

Course Description

This module should allow the attendee to understand what he/she needs to put in place in his/her company, what are the issues and what type of products or designs can solve a given problem. This module can be seen as an agenda for the rest of the workshop.

Issues to be resolved:

Encryption technologies (mainly IP SEC)

Definitions

Type of algorithms

Type of keys

Certification authority

X500 architecture

Type of attacks

Cisco's implementation

Designs

Hub and spoke topologies

VPN Clients

Any to any

Mixt topologies

Back-up architectures

Voice integration (maybe)

Authentication

Tacacs+ and Radius protocol

Token card

Public/private keys

Smart cards

Windows NT

Kerberos

Cisco products integration with other vendors solution

Firewall

Access List

Stateful technologies

General design

When to use ACL or Stateful

Cisco IOS Firewall versus PIX firewall

Intrusion detection

Description of well known TCP or UDP attacks

Knowing weaknesses

Security inventory

Active audit

Attack response

Network management

How to secure the network itself

SSH

SNMP 1-3

Access control

E-Commerce (maybe)

SET

SSL

Vendor/user authentication

Digital signature

Non-repudiation

Organization

Computer Emergency Response Team Recovery

Orientation

April 7, 2000

Training Dates

April 10-14, 2000

Location

San Jose, California

Suggested Course Sequence

K2-102, K2-104, K2-105, K2-108