Elements and Performance Criteria
- Implement layer 2 security
- Configure router OS intrusion prevention system (OS-IPS) to mitigate threats to network resources
- Evaluate the advanced capabilities of router OS-IPS firewall feature set to include event action processing (EAP) for threats to network resources
- Configure and verify IPS features to identify threats and dynamically block them from entering the network
- Maintain, update and tune the IPS signatures
- Configure and verify context-based access control (CBAC) and network address translation (NAT) to dynamically mitigate identified threats to the network
- Configure and verify zone-based firewall (ZFW) to include advanced application inspections and uniform resource locator (URL) filtering for improved network security
- Configure virtual private networks (VPNs) to provide secure connectivity for site-to-site and remote access communications
- Analyse and evaluate internet protocol security (IPSec) and generic routing encapsulation (IPSec/GRE) features and functionality
- Configure secure connectivity for site-to-site VPN using certificate authorities
- Analyse dynamic multipoint VPN (DMVPN) features and capabilities
- Configure and verify secure connectivity for site-to-site VPN operations
- Provide highly secure network access with secure socket layer (SSL) VPN to deliver remote access connectivity features and benefits
- Evaluate EasyVPN benefits and configure EasyVPN server with dynamic virtual tunnel interface (DVTI) to create a virtual access interface on the virtual tunnel interface
- Configure and verify EasyVPN remote to establish a site-to-site connection using both router and VPN software clients
- Implement group-encrypted transport (GET) VPN features to simplify the provisioning and management of VPN
- Implement network foundation protection (NFP)