A five day workshop course designed to give engineers and IT administrators the hands-on experience necessary to design secure networks using devices such as firewalls, Intrusion Detection/Prevention Systems (IDS/IPS), email filters and Virtual Private Networks (VPNs).  Beyond the design aspect, students will build and configure secure networks using VLANs to create security zones and Firewall hardware to both secure network access and to terminate Virtual Private Networks (VPNs).  Basic traffic handling theory is covered, as is the security concepts required to understand the operation of VPNs.

Each attendee will receive a free copy of the book Cisco Security Specialist’s Guide to PIX Firewall.


Who Should Attend:

The Designing & Implementing a Secure Network is ideal for anyone who wants to become familiar with the design and implementation concepts and strategies required to successfully run a secured network.  This includes engineers, IT managers and IT administrators.


50% lecture, 50% exercises and hands-on labs with one Cisco VLAN switch, one PIX Firewall and two PCs per pod. (Two students per pod).

Course Content:


Secure Network Design

• The Importance of Security

• Creating a Security Policy

• Firewall Concepts

• Intrusion Detection

• Email Filtering

• Proxy servers

• Workgroup servers

• Layer 2 Security

• Using VLANs to create security zones


Introduction to Firewalls

• Overview of Firewalls

• Controlling Traffic

• Types of Firewalls

• Packet Filtering Firewalls

• Stateful Firewalls

• Application Gateways (Proxy Firewalls)

• Host-Based Firewalls

• Firewall Design

• ASA/PIX Firewall Features

Firewall Setup and Traffic Filtering

Firewall Configurations

• Handling Access to the PIX

• Command-Line Interface

• Setup Script Utility

• Configuration Files

• Basic PIX Configuration Commands

• Management Commands

• Viewing PIX Information  PIX Characteristics

• Network Configuration Example

Traffic Flow and Address Translation

• Protocol Overview

• Translations and Connections

• Address Translation

• Configuring Your PIX for Inside-to-Outside Access

• Traffic Entering Your Network

• Viewing the PIX's Translations and Connections

Filtering Traffic with Access Lists

• ACLs and the PIX

• Object Grouping

• ICMP Traffic and the PIX

Configuring VPNs

IPSec Overview

• Security and Cryptography Tutorial

• VPN Overview

• IPSec Overview

• Methods of IPSec Data Protection

• Setting Up an IPSec VPN Connection

IPSec Configuration

• Preparing for IPSec Connections

• Site-to-Site Connections

• Remote Access Connections

Advanced Firewall Features

Web Traffic Filtering

• HTTP Traffic

• Filtering Java Applets and ActiveX Scripts

• Filtering Web Content

Protocol Fixup Feature

• Issues with Protocols and Applications

• Established Connections

• Application Inspection

• Application Inspection Configuration

• Application Inspection for FTP

Attack Guard and IDS Features

• Attack Guard Features

• Intrusion Detection System (IDS)

• Spoofing Protection

Firewall Management

PIX Device Manger

• PDM Overview

• Requirements for PDM

• Preparing to Use PDM

• Accessing PDM

• Using PDM

Centralising Security

• Centralizing Security

• Server and Authentication Configuration

• Shell Access

• Cut-Through Proxy

• Other Types of Traffic

• Changing Authentication Parameters

• Configuring Accounting

• Testing and Troubleshooting AAA

Configuring System Management

• Configuring Logging

• Configuring Remote Access


• Basic Firewall Configuration

• Basic PIX Firewall Configuration

• Configuring PIX Firewall Interfaces

• Configuring NAT

• Configuring PAT

• Logical Interfaces and the DMZ

• Configuring (ACLs) to control traffic

• Configuring a PIX Firewall VPN

• Configuring a PIX Remote Access VPN

• Configuring PIX Device Manager (PDM)