Implementing Network Security (IANS)

ArubaSecurity Strategy&ClearPass Fundamentals\n\n\n- Explain Aruba Zero Trust Security\n- Explain how Aruba solutions apply to different security vectors\nDeploy TrustedCertificatestoArubaSolutions\n\n\n- Describe PKI dependencies\n- Set up appropriate certificates & trusted root CAs on CPPM\nImplement Certificate-Based802.1x\n\n\n- Deploy AAA for WLANs with ClearPass Policy Manager (CPPM)\n- Deploy certificate based authentication for users and devices\nImplement Advanced Policies one the Role-Based ArubaOS Firewall\n\n\n- Deploy AAA for WLANs with ClearPass Policy Manager (CPPM)\n- Define and apply advanced firewall policies\nEvaluate Endpoint Posture\n\n\n- Evaluate different endpoint postures\nImplement aTrusted Network Infrastructure\n\n\n- Set up secure authentication and authorization of network infrastructure managers, including,\n- Advanced TACACS+ authorization\n- Multi-factor authentication\n- Secure L2 and L3 protocols, as well as other protocols such as SFTP\nImplement 802.1XandRole-BasedAccess Control onAOS-CX\n\n\n- Deploy AAA for wired devices using ClearPass Policy Manager (CPPM), including local and downloadable roles\n- Explain Dynamic Segmentation, including its benefits and use cases\n- Deploy Dynamic Segmentation using VLAN steering\n- Configure 802.1X authentication for APs\nImplement Dynamic Segmentation on AOS-CXSwitches\n\n\n- Explain Dynamic Segmentation, including its benefits and use cases\n- Deploy Dynamic Segmentation, including:\n- User-based tunneling (UBT)\n- Virtual network-based tunneling (VNBT)\nMonitor with Network Analytics Engine(NAE)\n\n\n- Deploy and use Network Analytics\n- Engine (NAE) agents for monitoring\nImplementWIDS/WIPS\n\n\n- Explain the Aruba WIPS and WIDS technology\n- Configure AP rogue detection and mitigation\nUse CPPM and Third-Party Integration to Mitigate Threats\n\n\n- Describe log types and levels and use the CPPM Ingress Event Engine to integrate with third-party logging solutions\n- Set up integration between the Aruba infrastructure and CPPM, allowing CPPM\nImplement Device Profiling with CPPM\n\n\n- Explain benefits and methods of endpoint classification on CPPM, including active and passive methods\n- Deploy and apply endpoint classification to devices\n- Analyze endpoint classification data on CPPM to identify risks\nIntroduction to ClearPassDeviceInsight\n\n\n- Define ClearPass Device Insight (CPDI)\n- Analyze endpoint classification data on CPDI\nDeploy ClearPassDeviceInsight\n\n\n- Define and deploy ClearPass Device Insight (CPDI)\n- Analyze endpoint classification data on CPDI\nIntegrateCPDIwith CPPM\n\n\n- Integrate ClearPass Policy Manager (CPPM) and ClearPass Device Insight (CPDI)\n- Mitigate threats by using CPDI to identify traffic flows and apply tags and CPPM to take actions based on tags\nUsePacket CapturesTo Investigate Security Issues\n\n\n- Perform packet capture on Aruba infrastructure locally and using Central\n- Interpret packet captures\nEstablish aSecureRemoteAccess\n\n\n- Explain VPN concepts\n- Understand that Aruba SD-WAN solutions automate VPN deployment for the WAN\n- Describe the Aruba 9x00 Series Gateways\n- Design and deploy remote VPNs using Aruba VIA\nConfigureArubaGateway IDS/IPS\n\n\n- Describe the Aruba 9x00 Series Gateways\n- Define and apply UTM policies\nUse Central Alertsto Investigate Security Issues\n\n\n- Investigate Central alerts\n- Recommend action based on the analysis of Central alerts

The following knowledge is recommended for this seminar:\n\nAruba recommends that the candidate has attended the Network Security Fundamentals (ANSF) Rev. 20.41 course prior to attending this professional level course. Or have equivalent experience and knowledge of network security fundamentals.

Network engineer responsible for implementing security controls on enterprise networks. Candidate can describe the network security stack (firewall, proxy, remote access, IDS/IPS, access control, NTA, UEBA).