Which is my best course of action?

tdean

i recently earned my CCNA, im pretty good with server 08 stuff, have Sec+.... which security cert do you think would be the easiest for me to get at this point? i was thinking SSCP--> CISSP but read keatrons post about CEH, CHFI and Cisco security first. i dont have the equipment for a good CCNA:Sec lab, but the info is fresh in my head. uuuggh... i need to study something that will enhance my employment status as well as help me define a career path.

i know its an almost impossible question. ultimately, i'd like to get CISSP.

any suggestions?

dynamik

What do you think you're missing for a CCNA: Security lab from a CCNA lab? That seems like the next logical step.

tdean

well... its pretty outdated. heres what i have.....

(2) 2503 routers
(1) 2520
(1) 2511 as access server
(1) catalyst 2900 XL switch.

i'd need something with the SDM... i'm broke and out of work though. i dont know how cheap i could get myself up and running for.

tdean

after thinking about it.... im going for the CCNA:Sec, i'll just do my best with what i have and Packet Tracer. the only thing i dont like about PT is the learning curve for that might be more than the exam itself!

dynamik

You could always rent rack time as-needed or use dynamips.

Bl8ckr0uter

tdean wrote: »

after thinking about it.... im going for the CCNA:Sec, i'll just do my best with what i have and Packet Tracer. the only thing i dont like about PT is the learning curve for that might be more than the exam itself!

I don't think you will be able to cover all of the objectives in PT. Last time I check, PT didn't support IPSEC vpns,zone based firewalls or IDS which is pretty much the entire test. I suggest you sell the routers you have and try to get some 1721s. They are cheap and will carry you through at least the CCNA:S if you are on a budget.What's so impossible about a CISSP? You just need time and experience and studying.

tdean

knwminus wrote: »

I don't think you will be able to cover all of the objectives in PT. Last time I check, PT didn't support IPSEC vpns,zone based firewalls or IDS which is pretty much the entire test. I suggest you sell the routers you have and try to get some 1721s. They are cheap and will carry you through at least the CCNA:S if you are on a budget.What's so impossible about a CISSP? You just need time and experience and studying.

hmmm, i could ask Chris Bryan about rack time... how many 1700's would i need? you think 1 of those and 2 2950 switches will get it done?

i dont think the CISSp is impossible... i just want to make sure im prepared before starting. i actually think i'd have an easier time with something like that, than all the lab work i get overwhelmed with... i never know where to start.

dynamik

There's a CCNA: Security lab-manual that will walk you through all that: Amazon.com: CCNA Security Lab Manual (9781587132490): Cisco Networking Academy: Books

tdean

dynamik wrote: »

There's a CCNA: Security lab-manual that will walk you through all that: Amazon.com: CCNA Security Lab Manual (9781587132490): Cisco Networking Academy: Books

nice.... ordered!

thanks.

docrice

I have a 1721 as my home router, and it's nice and cheap for sure. I don't manage it via SDM though (not a big fan of Java). You can also use a 2600XM series and with the right IOS variation, you should be able to do all the CBAC and zone-based FW stuff as long as the hardware has enough flash space and RAM.

As for switches, you probably only need one 2950. It's been a while since I've taken the CCNA Security exam so I don't remember exactly what was needed. I think it was mostly focused around port security and other not-so-commonly-talked-about features such as VACLS, DHCP snooping, ARP inspection, etc..