CCNA Security Curriculum

 

🔐 CCNA Security Curriculum (Main Modules)

🧩 1. Network Security Fundamentals

This is the base of security knowledge.

Topics:

  • Security concepts (CIA triad: Confidentiality, Integrity, Availability)
  • Types of attacks:
    • DoS / DDoS
    • Man-in-the-Middle
    • Malware (virus, worm, trojan)
  • Security policies and risk management
  • Network vulnerabilities

👉 Goal: Understand what threats exist and why security is needed


🔑 2. Cryptography & VPNs

Very important module.

Topics:

  • Encryption concepts (symmetric vs asymmetric)
  • Hashing (MD5, SHA)
  • Public Key Infrastructure (PKI)
  • IPsec fundamentals
  • IKE (Phase 1 & Phase 2)

VPN types:

  • Site-to-Site VPN
  • Remote Access VPN (AnyConnect)

👉 Goal: Secure communication over public networks


🔥 3. Cisco ASA Firewall (Very important)

Focus on Cisco ASA devices like ASA 5505.

Topics:

  • Firewall concepts (stateful inspection)
  • ASA basic configuration
  • NAT on ASA
  • Access Control Lists (ACLs)
  • Modular Policy Framework (MPF)
  • Security levels (inside/outside)

👉 Goal: Control and filter network traffic


🔐 4. Secure Routing and Switching

This is LAN/WAN security at device level.

Topics:

  • Switch security:
    • Port security
    • VLAN security
    • DHCP snooping
    • Dynamic ARP inspection (DAI)
  • Router security:
    • Secure management access (SSH, disable Telnet)
    • Password encryption
    • ACLs for traffic filtering
  • Secure routing protocols (OSPF security basics)

👉 Goal: Protect internal network infrastructure


👤 5. AAA (Authentication, Authorization, Accounting)

Very important in enterprises and NOC.

Topics:

  • AAA framework
  • RADIUS vs TACACS+
  • Local database authentication
  • User login security
  • Privilege levels

👉 Goal: Control who can access network devices and what they can do


🌐 6. Secure Network Access

Focus on controlling user access.

Topics:

  • 802.1X authentication (port-based access control)
  • Network access control (NAC)
  • Guest access
  • Device authentication

👉 Goal: Only authorized users/devices can access network


🛡️ 7. Content & Endpoint Security (basic awareness)

Less configuration-heavy, more theory.

Topics:

  • Email security (spam, phishing)
  • Web filtering
  • Antivirus concepts
  • Endpoint protection
  • Data loss prevention (DLP basics)

👉 Goal: Protect users and applications from threats


📡 8. Intrusion Detection & Prevention (IPS/IDS)

Topics:

  • IDS vs IPS
  • Signature-based detection
  • Inline inspection
  • Basic Cisco IPS concepts

👉 Goal: Detect and block attacks in real time


📊 Exam Focus Areas (Important)

From Cisco CCNA Security (IINS exam structure):

  • 🔐 VPNs → ~15–20%
  • 🔥 Firewall / ASA → ~15–20%
  • 🔒 Secure routing & switching → ~15–20%
  • 👤 AAA / authentication → ~10–15%
  • 🌐 Security concepts → ~10–15%
  • 🛡️ IPS + endpoint security → remaining %

🧠 Simple Summary

CCNA Security teaches you:

✔ How to secure routers and switches
✔ How VPN tunnels work
✔ How ASA firewalls control traffic
✔ How authentication works (AAA)
✔ How to protect LAN/WAN from attacks

Comments