Elements and Performance Criteria
- Assess the security threats facing network Infrastructure
- Secure edge devices (routers)
- Implement authentication, authorisation and accounting (AAA) and secure access control system (ACS)
- Mitigate threats to routers and networks using access control lists (ACLs)
- Implement secure network management and reporting
- Mitigate common layer 2 attacks
- Implement the router OS firewall-feature set
- Implement the intrusion detection and prevention system (IDPS) feature set in the router OS using secure device manager (SDM)
- Evaluate and compare network based versus host based IDPS to identify malicious activity, log information, attempt to block/stop activity, and report activity
- Explain IDPS technologies, attack responses and monitoring options
- Configure the router OS IDPS operations using secure device manager to monitor network and system activities for malicious activity
- Implement site-to-site virtual private networks (VPNs) using SDM
- Assess the different methods used in cryptography
- Evaluate internet key exchange (IKE) protocol functionality and phases to support authentication and define the binding blocks of IPSec and the security functions it provides
- Configure and verify an IPSec site-to-site VPN with pre-shared key (PSK) authentication to provide a secure channel between the two parties