CCNA Security Curriculum
🔐 CCNA Security Curriculum (Main Modules)
🧩 1. Network Security Fundamentals
This is the base of security knowledge.
Topics:
- Security concepts (CIA triad: Confidentiality, Integrity, Availability)
-
Types of attacks:
- DoS / DDoS
- Man-in-the-Middle
- Malware (virus, worm, trojan)
- Security policies and risk management
- Network vulnerabilities
👉 Goal: Understand what threats exist and why security is needed
🔑 2. Cryptography & VPNs
Very important module.
Topics:
- Encryption concepts (symmetric vs asymmetric)
- Hashing (MD5, SHA)
- Public Key Infrastructure (PKI)
- IPsec fundamentals
- IKE (Phase 1 & Phase 2)
VPN types:
- Site-to-Site VPN
- Remote Access VPN (AnyConnect)
👉 Goal: Secure communication over public networks
🔥 3. Cisco ASA Firewall (Very important)
Focus on Cisco ASA devices like ASA 5505.
Topics:
- Firewall concepts (stateful inspection)
- ASA basic configuration
- NAT on ASA
- Access Control Lists (ACLs)
- Modular Policy Framework (MPF)
- Security levels (inside/outside)
👉 Goal: Control and filter network traffic
🔐 4. Secure Routing and Switching
This is LAN/WAN security at device level.
Topics:
-
Switch security:
- Port security
- VLAN security
- DHCP snooping
- Dynamic ARP inspection (DAI)
-
Router security:
- Secure management access (SSH, disable Telnet)
- Password encryption
- ACLs for traffic filtering
- Secure routing protocols (OSPF security basics)
👉 Goal: Protect internal network infrastructure
👤 5. AAA (Authentication, Authorization, Accounting)
Very important in enterprises and NOC.
Topics:
- AAA framework
- RADIUS vs TACACS+
- Local database authentication
- User login security
- Privilege levels
👉 Goal: Control who can access network devices and what they can do
🌐 6. Secure Network Access
Focus on controlling user access.
Topics:
- 802.1X authentication (port-based access control)
- Network access control (NAC)
- Guest access
- Device authentication
👉 Goal: Only authorized users/devices can access network
🛡️ 7. Content & Endpoint Security (basic awareness)
Less configuration-heavy, more theory.
Topics:
- Email security (spam, phishing)
- Web filtering
- Antivirus concepts
- Endpoint protection
- Data loss prevention (DLP basics)
👉 Goal: Protect users and applications from threats
📡 8. Intrusion Detection & Prevention (IPS/IDS)
Topics:
- IDS vs IPS
- Signature-based detection
- Inline inspection
- Basic Cisco IPS concepts
👉 Goal: Detect and block attacks in real time
📊 Exam Focus Areas (Important)
From Cisco CCNA Security (IINS exam structure):
- 🔐 VPNs → ~15–20%
- 🔥 Firewall / ASA → ~15–20%
- 🔒 Secure routing & switching → ~15–20%
- 👤 AAA / authentication → ~10–15%
- 🌐 Security concepts → ~10–15%
- 🛡️ IPS + endpoint security → remaining %
🧠 Simple Summary
CCNA Security teaches you:
✔ How to secure routers and switches
✔ How VPN tunnels work
✔ How ASA firewalls control traffic
✔ How authentication works (AAA)
✔ How to protect LAN/WAN from attacks
Comments
Post a Comment