Opleiding: Cisco Security Fundamentals [SECFNDU]

OVERVIEW

Stay ahead of evolving threats with Cisco Security Fundamentals (SECFNDU), a course crafted for IT professionals who want actionable skills in modern network security. Delve into the latest technologies, including virtualization, next-generation firewalls, VPNs, and endpoint protection. You’ll master the deployment and management of Cisco Secure Firewall ASA and Umbrella, learning how to implement robust security policies and respond to real-world attack scenarios.

SECFNDU goes beyond theory, offering practical insights into attack vectors, reconnaissance techniques, and infrastructure protection. By the end of the course, you’ll be ready to secure networks, endpoints, and cloud environments with confidence—making you an indispensable asset to any organization.

This course is worth 24 Continuing Education (CE) Credits

OBJECTIVES

After completing this course you should be able to:

• Understand and articulate the principles of defense-in-depth and the attack continuum in modern network security.
• Identify and describe the functions of key network security technologies, including firewalls, intrusion prevention systems, and malware protection.
• Analyze common TCP/IP and network application attacks, recognizing vulnerabilities and attack vectors.
• Implement foundational network infrastructure protection strategies, including control, management, and data plane security controls.
• Deploy and configure Cisco Secure Firewall ASA and Secure Endpoint solutions to enhance organizational security.
• Explain the concepts and applications of VPN technologies and cryptography in securing communications.

AUDIENCE

CERTIFICATION

Recommended as preparation for the following exam:

• There is no exam currently linked to this course.

CONTENT

Network Security Technologies

• Defense-in-Depth Strategy
• Defending Across the Attack Continuum
• Network Segmentation and Virtualization Overview
• Stateful Firewall Overview
• Cisco IOS Zone-Based Policy Firewall Overview
• Security Intelligence Overview
• Threat Information Standardization
• Network-Based Malware Protection Overview
• IPS Overview
• Next Generation Firewall Overview
• Email Content Security Overview
• Web Content Security Overview
• Threat Analytic Systems Overview
• DNS Security Overview
• Authentication, Authorization, and Accounting Overview
• Identity and Access Management Overview
• Virtual Private Network (VPN) Technology Overview
• Network Security Device Form Factors Overview

Describe Common TCP/IP Attacks

• Legacy TCP/IP Vulnerabilities
• IP Vulnerabilities
• ICMP Vulnerabilities
• UDP Vulnerabilities
• Attack Surface and Attack Vectors
• Reconnaissance Attacks
• Access Attacks
• Man-In-The-Middle Attacks
• Denial of Service and Distributed Denial of Service Attacks
• Reflection and Amplification Attacks
• Spoofing Attacks
• DHCP Attacks

Describe Common Network Application Attacks

• Password Attacks
• DNS Tunneling
• Web-Based Attacks
• HTTP 302 Cushioning
• Command Injections
• SQL Injections
• Cross-Site Scripting and Request Forgery
• Email-Based Attacks

Network Infrastructure Protection

• Network Device Planes
• Control Plane Security Controls
• Management Plane Security Controls
• Network Telemetry
• Layer 2 Data Plane Security Controls
• Layer 3 Data Plane Security Controls

Cisco Secure Firewall ASA Deployment

• Cisco Secure Firewall ASA Deployment Types
• Cisco Secure Firewall ASA Interface Security Levels
• Cisco Secure Firewall ASA Objects and Object Groups
• Network Address Translation
• Cisco Secure Firewall ASA Interface ACLs
• Cisco Secure Firewall ASA Global ACLs
• Cisco Secure Firewall ASA Advanced Access Policies
• Cisco Secure Firewall ASA High Availability Overview

VPN Technologies AND Cryptography Concepts

• VPN Definition
• VPN Types
• Secure Communication and Cryptographic Services
• Keys in Cryptography
• Public Key Infrastructure

Cisco Umbrella Deployment

• Cisco Umbrella Capabilities
• Cisco Umbrella Identities and Policies Overview
• Cisco Umbrella DNS Security
• Cisco Umbrella Investigate Overview
• Cisco Umbrella Secure Web Gateway
• Cisco Umbrella CASB Functionalities

Common Endpoint Attacks

• Buffer Overflow
• Malware
• Reconnaissance Attack
• Gaining Access and Control
• Gaining Access via Social Engineering
• Gaining Access via Web-Based Attacks
• Exploit Kits and Rootkits
• Privilege Escalation
• Post-Exploitation Phase
• Angler Exploit Kit

Endpoint Security Technologies

• Host-Based Personal Firewall
• Host-Based Anti-Virus
• Host-Based Intrusion Prevention System
• Application Allowed Lists and Blocked Lists
• Host-Based Malware Protection
• Sandboxing Overview
• File Integrity Checking

Cisco Secure Endpoint

• Cisco Secure Endpoint Architecture
• Cisco Secure Endpoint Engines
• Retrospective Security with Cisco Secure Endpoint
• Cisco Secure Endpoint Device and File Trajectory
• Managing Cisco Secure Endpoint for Endpoints

802.1X Authentication

• Cisco Catalyst Switch 802.1X Configuration
• Cisco IBNS 2.0 Configuration on Cisco Catalyst Switch
• Cisco WLC 802.1X Configuration
• Cisco ISE 802.1X Configuration
• Supplicant 802.1x Configuration
• Cisco Central Web Authentication

Labs:

• Discovery 1: Configure Network Settings and NAT on Cisco Secure Firewall ASA
• Discovery 2: Configure Cisco Secure Firewall ASA Access Control Policies
• Discovery 3: Examine Cisco Umbrella Dashboard and DNS Security
• Discovery 4: Explore Cisco Umbrella Secure Web Gateway and Cloud-Delivered Firewall
• Discovery 5: Explore Cisco Umbrella CASB Functionalities
• Discovery 6: Explore Cisco Secure Endpoint
• Discovery 7: Perform Endpoint Analysis Using Cisco Secure Endpoint Console
• Discovery 8: Explore File Ransomware Protection by Cisco Secure Endpoint Console