CCIE Sec Lab Diary - or how to make Ahriakin's brain implode

Turgon

Ahriakin wrote: »

It is getting more common, the old blueprint had you configuring a lot of the layer 2 and 3 topology so you really needed top level R&S but the current one really just needs you to understand enough to secure it without breaking it.

That's right. A lot of people who went 'dual' years back found one track helping out quite a bit with the next undertaking providing they boned up on the specifics for the subsequent track. I think as the tracks have evolved and gone their own way the labs really do stand more on their own these days. Mind you, back in the day there were far less materials available to prepare so I suppose it evens out!

wera711

Ahriakin,

Good work. I noticed you don't have an IPS listed in your equipment. Do you feel you can pass without one?

Ahriakin

Sorry for the delay in replying but for anyone else reading this in future it's best to PM me, I consider this thread finished and left for posterity so I don't check it for replies anymore.

As you have probably seen IPS' are still extremely expensive. You can emulate one in VMWare but it's apparently quite a slog to get it going. For this (And my CCSP IPS exam back in the day) I relied on rack rental. Much easier and pretty cost effective. The thing about the IPS is it's not really that complicated (compare the depth of options to say an ASA and you'll see what I mean). Yes some of the concepts are hard to get to grips with and the interface/command structure is fairly different to the IOS/FOS that you might be used to but there really aren't a lot of options with them. Once you get some hands on with one and are comfortable with the interface the only thing you are likely to repeatedly find challenging is just how to write an efficient Sig.

ncsugrad2002

Ahriakin wrote: »

So I'm going to add something else and I've been debating with myself whether to or not for the last 2 days.
One thing you will ask yourself before and then constantly during the trek is 'Is it worth it?'. Leaving the personal achievement aside I can now definitely say yes. You all know what the economy is currently like, news of massive layoffs across the world etc. Well since I updated my Linkedin Profile and resume on just Dice and Careerbuilder last week I've had 6 cold calls from recruiters (I wasn't in a hurry to get a new job and hadn't applied for any or updated the other major job sites). I had a phone interview on Friday and did the final tech-test (a mini lab) yesterday morning for a position in Dallas and knew by yesterday afternoon I had been hired. The fastest employment process I've ever been through and for a substantial boost over my previous salary.
The reason I was debating putting this up is I don't want this to sound like blowing my own horn, I just want to show that there are very tangeable and immediate benefits to achieving the CCIE even in the worst of markets.

I am quite interested in how big the salary increase was. Can you PM more information? Just curious..

kkndka

Ahriakin, Richard Deal came out with a book titled Cisco ASA Configuration (published in June 2009). If possible please review the book and compare it with the ASA All in One guide by Fahim and Santos.
I would like your opinion on using Deal's book as a one stop shop for learning to configure the ASA.

I have found your recommended reading list to be perfect for my prep. Thanks so much.

Ahriakin

It's on my list, I love his books, but I don't know when I'll get a chance to read it. I'm working my way up the R&S track at the moment, though I do still try to go back and review the security material when I can so maybe later in the summer....Thinking about how to recertify already, wow, time's flying by

god_of_thunder

Ahriakin, when you're ready, I'm sure a lot of people on this forum would appreciate some updates on your CCIE R&S Prep. Do start a new Diary for it if you find the time.

Ahriakin

It's going sloooowwww. Still trying to finish up the CCNP level stuff, about halfway through those. Too much else to do at work, I need to recertify on this one (I can't believe it's coming up on 2 years ) and the next new cert for is the Tippingpoint Expert hopefully in October....excuses excuses....
As for a blog on my own R&S there are plenty here already with much better info than I could provide. Not much point adding to my own I think.

gorebrush

So you are going for the R&S as well? The more the merrier, I say!

Turgon

Ahriakin wrote: »

It's going sloooowwww. Still trying to finish up the CCNP level stuff, about halfway through those. Too much else to do at work, I need to recertify on this one (I can't believe it's coming up on 2 years ) and the next new cert for is the Tippingpoint Expert hopefully in October....excuses excuses....
As for a blog on my own R&S there are plenty here already with much better info than I could provide. Not much point adding to my own I think.

hehehehe..dont let them pressure you. I know about work busy. You have one IE dont be greedy! Once you get the bandwidth it will all fall into place Im sure. That's half the battle!

Ahriakin

Just a quick update (yes I'm still alive ). I recertified (Security again) on Saturday. I thought they would have improved things when they moved from Blueprint 2 to 3 and changed the written format to the Cisco standard....nope, it's still the most annoying and least relevant Cisco exam I've ever done. The lab is actually enjoyable compared to it

mikej412

Ahriakin wrote: »

I thought they would have improved things when they moved from Blueprint 2 to 3 and changed the written format to the Cisco standard....nope

What! No v4 R&S written to re-certify?

Ahriakin

Nah, it was getting unrealistic, the issues that kept me away from here also got in the way of studying as much as I would need to cross-certify even on 'just' the written (that's my excuse anyway ). Besides I really needed to refresh my security knowledge in some areas.

Turgon

Ahriakin wrote: »

Nah, it was getting unrealistic, the issues that kept me away from here also got in the way of studying as much as I would need to cross-certify even on 'just' the written (that's my excuse anyway ). Besides I really needed to refresh my security knowledge in some areas.

Congrats on the recertify man

Ahriakin

Thanks.

I'll do up a review of Richard Deal's ASA book too next week (an earlier request), I used it for the ASA side of this one and it's definitely my go-to ASA reference now.

jakeichan1986

Wow.. Reading through a path that has been paved into history..
Thanks a lot for sharing this information...

Am starting my journey soooooon....
Thanks for the guidelines.!!!

Ahriakin

Dusting this off as I'm getting ready to re-certify again...wow....time flies. I've been focusing mostly on Juniper for about the last year so my Cisco Fu is getting weak, I'm kinda glad for the excuse to prioritize catching back up again but it is putting some other study plans on hold. Anyway my aim is to get the written done before the end of October (got the CEH to knockout too so that will get in the way). I've started (about halfway through now) with Richard Deal's ASA book again, as I've mentioned many times I like his writing style so it's a good way to ease back into the flow.I picked up the kindle edition of "CCIE Security V3.0 Quick Reference" so that will be next. I know my specific knowledge is not as good as it was when I first did this but it's so much easier now to absorb the information again (a few things that I just memorized previously now make more sense and click into place), I guess those braincells aren't completely dead....yet .

jamesp1983

Nice! Good luck!

Ahriakin

Thanks.

About 3/4 through it now focusing more on principals than exact config since that's where the written lies. last night was primarily over things like Remote-Access VPN since I haven't done one outside of a lab for oh...about 4 years. I still hate the way they laid out SSL VPN configs, I've seen the same mentality with the way they changed NAT etc. for 8.3+ in that they're kinda looking at grouping config now for objects and functions (which is a good thing) but haven't gone far enough to actually modify the CLI and heirarchy to really leverage that. So you end up using a CLI with commands and options built for a flat config navigating around subsections that really work best as heirarchical/stanza based. Ah well.
Spent some time on MPF again, I have worked with that more so not as steep a hike as the first time around. I should have that book finished this weekend then onto I might go to Richard Deal's Router Security book instead and keep the flashcards and quick-notes until last.

Ahriakin

Well had to postpone the exam due to some family issues (it has not been a good month) but I'll try to finish it off this or next week at the latest. The cutoff for the current blueprint is right around the corner so I don't really have much choice, besides I need to get back to the CEH and JNCIE-Sec so it's annoying me I've had this drag on. Anyway. I've been through the latest Cisco Quick-Reference (3.0) a few times and am on the 2nd run through "Network Security Technologies and Solutions", interspersed with trips to the Cisco online docs. I ended up getting the Ucertify package also (kind've an impulse thing) but tbh have not been overly impressed, there are whole segments missing from the course material and what there is is extremely sparse. The exam questions aren't bad though, some weak and badly worded scenarios/questions in there but overall so far they've been reasonable.

Ahriakin

Have to say I'm really loving having the Kindle client on my phone. Very handy for filling up free time bubbles during the day. I think I'll cave on Black Friday and finally buy a Pad, then pop it on there too. I think I'm okay on the core technologies so I'm going to focus on the peripheral stuff like MARS, CSA etc. today.

Roguetadhg

You might want to look at the Surface, for a tablet.

The reviews of the RT model look great. The Pro model is what i'm hoping for - mmm, programs I need on a tablet. yay.

Ahriakin

Aye Surface does look good but I ended up getting an Asus Transformer TF300 instead. It'll do what I need and I got a good deal on it, plus I like the crossover between my Phone and the pad, I don't need that so much with my Desktops since I plan to just RDP to them for apps that are Windows only.
Anyway coming down to the final stages, orderly study has gone out the window in lieu of hunting down specific topics from the blueprint.

Ahriakin

Passed again, so it's down for another 2 years. It remains the worst security exam I've ever sat, I never come out of it feeling like it was an achievement, just a hurdle. Pointless questions on areas that are way out of scope for what they should be covering. Absolutely written by folks who do not, or likely never have, worked in a production security environment.

Here are the resources I used this time (in order of usefulness):

Network Security Technologies and Solutions (definitely the central source for this exam).
Cisco ASA Configuration
The Complete Cisco VPN Configuration Guide
Cisco Router Firewall Security
Lan Switch Security
Security Monitoring with Cisco MARS
Cisco Online DOCs, Wikipedia and other Internet sources for hunting down specifics from the blueprint (management systems in particular are not really covered very well in the preceding books, online was better)
Cisco Security V3.1 Quick Reference (really not very good a all, no real detail).

jamesp1983

congrats...again!

Iristheangel

Ignore the spammer. I messaged him this morning to try to see what this "training" involved. Claimed in broken english to have the "real lab workbooks" for the all low price of $1500 and he accepts Paypal! Oh of course he has a CCIE (according to him) but he won't provide the number :P

Idiots like this will never get far in the professional world and I don't think anyone on this forum would be dumb enough to send $1500 to some random guy on the internet

serraparker

i strongly think juniper is taking over and it makes a lot of sense than cisco , these cisco lab is just creating dumpsters