CCIE Chapter Two - Security

gorebrush

OK, OK. So I know I dithered about picking what to do initially. After thinking about each of the tracks - Security does actually make the most sense for where I am in the grand scheme of things.

So Security is where I am going - I have a feeling the lab will be changing in the next twelve months (or at least an announcement) but regardless of that, I need to do a written exam anyway - so taking the Security written exam is not a waste of time as we do a lot with ASA's at work. I'm still in the same position I was in when I passed the R&S Lab in Feb - but I have many good personal reasons why that is the case. Whilst I would love a job move, I am not 100% in the position to move... yet.

In the meantime therefore, it is time to get #2 done whilst I've still got the good hours at night to get stuff done (or at least try). Work is a lot busier nowadays but hopefully I can still pursue this.

So DC = I felt this would be too much of a pain to get the rack time, for now.
SP = There's no need to be an SP in my company, and I don't even think there are many SP's in Wales where I am.

So, here we go!

Dieg0M

Good luck man! I was thinking on going for this one too. What is your plan for material/equipment?

JoJoCal19

Good luck gorebrush! I find the Cisco security track intriguing and if you did a journal of your studies I will definitely follow it.

fredrikjj

cool stuff. I'm looking forward to reading about your progress.

atorven

Good luck dude. Out of interest, with your R&S knowledge still fresh, wouldn't SP be much easier (in terms of man hours and how much you have to learn) than Security?

gorebrush

Thanks all! I will be documenting along the way yes. As for SP - it's pretty pointless because there are no real SP opportunities for me in this country. However, having said that, if I get through Security and I'm still looking for something to do then SP would probably be it.

davenull

Chapter Two?

*Looks at the R/S thread*

More like Volume Two!

Good luck man!

silver145

Mwhahaha - think i remember saying security, glad to see you joined the race

gorebrush

Well yeah, Volume two is more like it!

How far along are you Silver?

silver145

not massively as i started new job - Getting my head together with the ASA's and checkpoint. will be hitting the books for specific Exam stuff shortly though

gorebrush

Great stuff - similar position to me, however I probably have a bit of a head start: -

I did CCNA Security and one of the CCNP Sec exams in 2013...

silver145

I did the CCNA sec a while ago also but work never really touched ASA's - thankfully the new job involves alot of playing with them!!! (on a side note i am looking at the CCSA also)

Where are you starting with the SEC path?

Alex90

Good luck mate... you need to get yourself down to London, plenty of SP jobs knocking about down here!

lrb

Good luck mate! Glad to see you are back on the bandwagon

Network_Engineer

When will the next exam version be released?

gorebrush

Nothing has been announced yet so it remains v4 for the foreseeable. Seeing as the CCNP Security has been refreshed and the CCNA also - it'll only be a matter of time before it does.

In the meantime - as with any version change, the bulk of the content will remain the same regardless so I'm safe to go take the written exam. Aiming to take that around November/December and if the lab is the same then I am considering May '16 in London to take the practical assuming all is well.

fredrikjj

What books will you be reading?

JoJoCal19

How will you be prepping for the written? I see that unlike it's R&S IE counterpart, the Security does not have books specifically for the written. I do see there is a long list of recommended books that cover various topics from the written, however it's not exactly ideal to read a bunch of 900 page tomes. I was wondering if one were to go through all of the INE advanced technologies course and are familiar with how to actually do the stuff it covers, if in the course of that you would also be able to answer questions on the written pertaining to those topics.

gorebrush

I have access to video training through work so will use that, but books I think.

May well have to get some workbooks too.

gorebrush

So I need to get on with this. I aim to pass the written by the end of 2015, with a view to taking a lab September '16. There's possibly some very interesting moves that could be made mid '16 at work so I need to get my head down.

Iristheangel

Have you seen the new Zero to Hero Security course by Narbik? It's 14 weeks long and a Cisco AS guy is teaching it. It's $3,500 and is supposed to include current technologies beyond what's on the exam to accommodate potential future changes coming to the CCIE Security. Here's the course information:

Course Outline


Week 1

Class Introduction
LAB Topology
Class Agenda
Basic Student Assessment
Security Certification
Cisco Security Architecture
Network Security - ASA
Basic ASA Configuration
ASA Management
ASA Deployment Scenarios
ASA Traffic Flow


Week 2

Network Security - ASA
Dynamic Routing (RIP, OSPF, EIGRP, BGP)
NAT
Modular Policy Framework (Inspection Policy)
Virtual Firewall
Active/Active Failover
Transparent Firewall
Threat Detection & Botnet Traffic Filtering
QoS
ID Firewall
Firewall Clustering
PBR on ASA


Week 3
Network Security - Next Generation Firewall (NGFW)
Introduction to FirePOWER
FirePOWER on ASA
FirePOWER Traffic Flow
Device Management
Object Management
Access Control Policy
AD Integration


Week 4
Network Security - Next Generation Firewall (NGFW)
FireSIGHT Technology
File Detection and FireAMP
IPS Policy and Preprocessors
SSL Decryption
Correlation Policies
Event Analysis and Reporting


Week 5
Network Security - VPN
IPSec theory
PKI
VPN types and modes
Configuring Site-to-Site VPNs


Week 6
Network Security - VPN
EasyVPN for S2S VPN
DMVPN


Week 7
Network Security - VPN
GET VPN
IKEv2 theory
FlexVPN


Week 8
Network Security - Remote Access VPN
EasyVPN (DVTI)
SSL VPN theory
Clientless VPN


Week 9
Network Security - Remote Access VPN
Introduction to AnyConnect
Mobile User Security
VPN Load Balancing and HA


Week 10
Content Security - Web Security
Web proxy deployment modes
L4TM
User Identity & Authentication
Web Security Policies
URL Filtering
Bandwidth Control
Application Visibility & Control (AVC)
Content Security - Web Security
SSL Decryption
Outbound Data Security


Week 11
Content Security - Email Security
How SMTP works
SMTP Relay deployment
ESA Packet Flow
Reputation Filters
Message Filters
Anti-Spam & Anti-Virus
Content Security - Email Security
Content Filters
Outbreak Filters
Data Loss Prevention (DLP)
Email Encryption (CRES)


Week 12
Secure Access - AAA
Introducing to AAA
Setup AAA Clients
Using TACACS+ for Administrators
Using RADIUS for Network Access (802.1x)
Introducing to Cisco ISE
AD Integration
Configuring MAB


Week 13
Secure Access - AAA
Configuring Wired 802.1x
Configuring Wireless 802.1x
Guest Access
Device Profiling
BYOD & MDM
L2 Security


Week 14
Network Security - Routers
Router ACL
Configuring Zone-Based Firewall on Router
Router Hardening
Configuring NAT on Routers
NetFlow and Traffic Monitoring


Week 15
All-in-one LAB #1


Week 16
All-in-one LAB #2

gorebrush

Cool! I hadn't seen this, but tomorrow I start in earnest. I need to get on with it now, properly. I've had way too long a break now, but work and other life pressures have meant I've needed a break for a while. Aiming for written in Feb, lab Sept '16, or Dec '16.

Here's to it. I've got books ready and videos.

JoJoCal19

Can you list out your study material?

Iristheangel

gorebrush wrote: »

Cool! I hadn't seen this, but tomorrow I start in earnest. I need to get on with it now, properly. I've had way too long a break now, but work and other life pressures have meant I've needed a break for a while. Aiming for written in Feb, lab Sept '16, or Dec '16.

Here's to it. I've got books ready and videos.

Yep. I already signed up. It's more for fun for me than certification tho

lrb

IPX also has some sale on for the rest of October with 40% of bundles and 2-4-1 rack rental tokens. I picked up the pre-order for the CCIE-SP bundle plus an extra 200 hours (so an 400 hundred hours in total) for just around 750 USD.

I have no idea what the quality of their SP or SEC tracks are like, but I have heard great things about their DC track

Network_Engineer

Has anyone noticed the low amount of CCIE Security success stories and posts on INE forums? Why is there a such a low interest? Do you know of anyone passing the Security lab recently with a success story write up? Do you think the Security lab will be easier or harder than R/S?

gorebrush

I think we all know that R/S is the most popular of the tracks. It's also true that you don't see many success stories in Security. I'm not sure why that is. Maybe it's because Security engineers are secretive..

Network_Engineer

How soon until you take the written?

gorebrush

Shooting for Late Feb '16

gorebrush

This target is a bit of a moving one dependent on how much I get done... Still Late Feb.. for now. Started this week by looking at some videos, PKI and stuff I've not done with an IOS device before.

gorebrush

So there are now dates for September 2016 in London for CCIE Security. That is my goal now, unless the version changes between now and then. I figure if I pass the written exam very early '16 and book a slot for then I should be able to beat any cut off, assuming of course any new version change is announced after March of course.