Detailed Course Outline
Aruba Security Strategy & ClearPass Fundamentals
- Explain Aruba Zero Trust Security
- Explain how Aruba solutions apply to different security vectors
Deploy Trusted Certificates to Aruba Solutions
- Describe PKI dependencies
- Set up appropriate certificates & trusted root CAs on CPPM
Implement Certificate-Based 802.1x
- Deploy AAA for WLANs with ClearPass Policy Manager (CPPM)
- Deploy certificate based authentication for users and devices
Implement Advanced Policies on the Role-Based Aruba OS Firewall
- Deploy AAA for WLANs with ClearPass Policy Manager (CPPM)
- Define and apply advanced firewall policies
Evaluate Endpoint Posture
- Evaluate different endpoint postures
Implement a Trusted Network Infrastructure
- Set up secure authentication and authorization of network infrastructure managers, including,
- Advanced TACACS+ authorization
- Multi-factor authentication
- Secure L2 and L3 protocols, as well as other protocols such as SFTP
Implement 802.1X and Role-Based Access Control on AOS-CX
- Deploy AAA for wired devices using ClearPass Policy Manager (CPPM), including local and downloadable roles
- Explain Dynamic Segmentation, including its benefits and use cases
- Deploy Dynamic Segmentation using VLAN steering
- Configure 802.1X authentication for APs
Implement Dynamic Segmentation on AOS-CXSwitches
- Explain Dynamic Segmentation, including its benefits and use cases
- Deploy Dynamic Segmentation, including:
- User-based tunneling (UBT)
- Virtual network-based tunneling (VNBT)
Monitor with Network Analytics Engine(NAE)
- Deploy and use Network Analytics
- Engine (NAE) agents for monitoring
Implement WIDS/WIPS
- Explain the Aruba WIPS and WIDS technology
- Configure AP rogue detection and mitigation
Use CPPM and Third-Party Integration to Mitigate Threats
- Describe log types and levels and use the CPPM Ingress Event Engine to integrate with third-party logging solutions
- Set up integration between the Aruba infrastructure and CPPM, allowing CPPM
Implement Device Profiling with CPPM
- Explain benefits and methods of endpoint classification on CPPM, including active and passive methods
- Deploy and apply endpoint classification to devices
- Analyze endpoint classification data on CPPM to identify risks
Introduction to ClearPass Device Insight
- Define ClearPass Device Insight (CPDI)
- Analyze endpoint classification data on CPDI
Deploy ClearPass Device Insight
- Define and deploy ClearPass Device Insight (CPDI)
- Analyze endpoint classification data on CPDI
Integrate CPDI with CPPM
- Integrate ClearPass Policy Manager (CPPM) and ClearPass Device Insight (CPDI)
- Mitigate threats by using CPDI to identify traffic flows and apply tags and CPPM to take actions based on tags
Use Packet Captures To Investigate Security Issues
- Perform packet capture on Aruba infrastructure locally and using Central
- Interpret packet captures
Establish a Secure Remote Access
- Explain VPN concepts
- Understand that Aruba SD-WAN solutions automate VPN deployment for the WAN
- Describe the Aruba 9x00 Series Gateways
- Design and deploy remote VPNs using Aruba VIA
Configure Aruba Gateway IDS/IPS
- Describe the Aruba 9x00 Series Gateways
- Define and apply UTM policies
Use Central Alerts to Investigate Security Issues
- Investigate Central alerts
- Recommend action based on the analysis of Central alerts