CCIE Security Course Outline: -

I. Firewall
A. PIX and ASA Firewall
• Basic Initialization
• Access Management
• Address Translation
• ACLs
• IP Routing
• Object Groups
• VLANs
• AAA
• VPNs
• Filtering
• Failover
• Layer 2 Transparent Firewall
• Security Contexts (Virtual Firewall)
• Modular Policy Framework
• Application-Aware Inspection
• High Availability Scenarios
• QoS Policies
• Other Advanced Features

B. IOS Firewall
• CBAC
• Audit
• Auth Proxy
• PAM
• Access Control
• Performance Tuning
• Advanced Features

II. VPN
• IPSec LAN-to-LAN
• SSL VPN
• DMVPN
• CA (PKI)
• Remote Access VPN
• VPN3000 Concentrator
• VPN3000 IP Routing
• Unity Client
• WebVPN
• EzVPN Hardware Client
• XAuth, Split-tunnel, RRI, NAT-T
• High Availability
• QoS for VPN
• GRE, mGRE
• L2TP
• PPTP
• Advanced VPN Features

III. Intrusion Prevention System (IPS)
• IPS 4200 Series Sensor Appliance
• Basic Initialization
• Sensor Configuration
• Sensor Management
• Promiscuous and Inline Monitoring
• Signature Tuning
• Custom Signatures
• Blocking
• TCP Resets
• Rate Limiting
• Signature Engines
• IDM
• Event Action
• Event Monitoring
• IOS IPS
• PIX IDS
• SPAN, RSPAN
• Advanced Features

IV. Identity Management
• Security Protocols (RADIUS and TACACS+)
• Cisco Secure ACS Configuration
• Access Management (Telnet, SSH, Pwds, Priv Levels)
• Proxy Authentication
• Service Authentication (FTP, Telnet, HTTP, other)
• Network Admission Control (NAC Framework solution)
• 802.1x
• Advanced Features

V. Advanced Security
• Mitigation Techniques
• Packet Marking Techniques
• Security RFCs (RFC1918, RFC2827, RFC2401)
• Service Provider Security
• Black Holes, Sink Holes
• RTBH Filtering (Remote Triggered Black Hole)
• Traffic Filtering using Access-lists
• NAT
• TCP Intercept
• uRPF
• CAR
• NBAR
• NetFlow
• Flooding
• Spoofing
• Policing
• Fragmentation
• Sniffer Traces
• Catalyst Management and Security
• Traffic Control and Congestion Management
• Catalyst Features and Advanced Configuration
• IOS Security Features

VI. Network Attacks
• Network Reconnaissance
• IP Spoofing Attacks
• MAC Spoofing Attacks
• ARP Spoofing Attacks
• Denial of Service (DoS)
• Distributed Denial of Service (DDoS)
• Man-in-the-Middle (MiM) Attacks
• Port Redirection Attacks
• DHCP Attacks
• DNS Attacks
• Fragment Attacks
• Smurf Attacks
• SYN Attacks
• MAC Attacks
• VLAN Hopping Attacks
• Other Layer2 and Layer3 Attacks