CCSP gear

opers13opers13 Member Posts: 100
guys,

I'm trying to put together a CCSP lab. I currently have:

3640 12.4 IOS firewall
PIX515 v. 7.1
Cat 2950
3x 2612

what should I get next...IDS or concentrator appliance?

tx

opers13

Comments

  • AhriakinAhriakin Member Posts: 1,799 ■■■■■■■■□□
    I'd say IDS. You'll cover a lot of the VPN course basics in the PIX exam, and the GUI is relatively simple. The IPS (I'm studying it at the moment) is a whole different kettle of fish and pretty much nothing from the other devices will prepare you for it (The PIX/ASA exam only really covers the intrusion protection areas from a VERY basic setup standpoint).
    I don't have access to a Cisco IDS/IPS device at all so I'm trying to wing it, though I have done a lot of work in the last week or 2 on setting up an efficient Windows Snort box so I'm hoping that will help a little (at least with the mindsets of tuning/working signatures etc.)
    We responded to the Year 2000 issue with "Y2K" solutions...isn't this the kind of thinking that got us into trouble in the first place?
  • mikej412mikej412 Member Posts: 10,086 ■■■■■■■■■■
    opers13 wrote:
    what should I get next...IDS or concentrator appliance?
    Whichever one you can get the best deal on -- if you're shopping on eBay.

    I initially got a VPN3002 Hardware Client for $100, and used that until I scored a $700 VPN3005 in mint condition.

    I failed the IDS exam by 5 points..... and then hunted down a bargin (missing faceplate) 4210 IDS. The funny thing -- I had no problem with the SIMs or the software interface questions. A month later I stomped the IPS exam.
    :mike: Cisco Certifications -- Collect the Entire Set!
  • sexion8sexion8 Member Posts: 242
    FYI for an IPS if you're looking just for the *gist* of things, you could also kick out about $75 for an older Intrusion PDS5100 appliance and modify it with snort_inline. The PDS is running Redhat. And FYI Snort has never been an IPS, IDS yes. Snort_Inline now... That's a different story. I wrote a realtime shell script to backend Snort, mod_apache, and block out XSS attacks :D ... For those working in the compsec industry, if you're interested let me know I will send you a link. Currently I'm doing a realtime IPS for SIP on Asterisk. I have an nCite SBC that touts the ability to block garbage out, but I've been able to pass garbage through... As for Asterisk and SIP in general... I made Asteroid out of kicks and giggles to learn the transactional phases and shred them to smithereens... http://www.infiltrated.net/asteroid/ (for those into VoIP security)...
    "Everything we hear is an opinion, not a fact. Everything we see is a perspective, not the truth." - Marcus Aurelius
  • SlowhandSlowhand Mod Posts: 5,161 Mod
    sexion8 wrote:
    FYI for an IPS if you're looking just for the *gist* of things, you could also kick out about $75 for an older Intrusion PDS5100 appliance and modify it with snort_inline. The PDS is running Redhat. And FYI Snort has never been an IPS, IDS yes. Snort_Inline now... That's a different story. I wrote a realtime shell script to backend Snort, mod_apache, and block out XSS attacks :D ... For those working in the compsec industry, if you're interested let me know I will send you a link. Currently I'm doing a realtime IPS for SIP on Asterisk. I have an nCite SBC that touts the ability to block garbage out, but I've been able to pass garbage through... As for Asterisk and SIP in general... I made Asteroid out of kicks and giggles to learn the transactional phases and shred them to smithereens... http://www.infiltrated.net/asteroid/ (for those into VoIP security)...

    I don't think an appliance running Redhat and Snort_inline is going to do much towards studying for, and passing, any Cisco exams. It'll be very helpful for general security practices, but that's probably best saved for after he's got the CCSP knocked out, and doesn't need to focus so heavily on "the Cisco way" of doing things.

    Free Microsoft Training: Microsoft Learn
    Free PowerShell Resources: Top PowerShell Blogs
    Free DevOps/Azure Resources: Visual Studio Dev Essentials

    Let it never be said that I didn't do the very least I could do.
  • opers13opers13 Member Posts: 100
    Slowhand wrote:
    I don't think an appliance running Redhat and Snort_inline is going to do much towards studying for, and passing, any Cisco exams. It'll be very helpful for general security practices, but that's probably best saved for after he's got the CCSP knocked out, and doesn't need to focus so heavily on "the Cisco way" of doing things.

    True
Sign In or Register to comment.