Starting CCNA:Security

PhildoBaggins

I'm taking this path so I can better understand how to configure tunnels, mostly site to site more about how ASA's operate and their features.

I heavily use ASA's and Sonicwalls at work, so i'm starting to feel like becoming more knowledgeable in ASA operation will help me succeed, get the power up, and win the game. While you can do complicated things with sonicwalls, they are very easy and require almost no explanation.

I picked up the Exam Cram CCNA: Security guide, I used the exam crams extensively for study on my CCNA, I was really pleased with them.

I have a CBT (non Cioara version) that go's over Pix/ASA setups I will be using as well.

I'm pretty excited, I was never into security stuff before I landed my current gig, now it takes up 90% of my time

powerfool

PhildoBaggins wrote: »

I'm taking this path so I can better understand how to configure tunnels, mostly site to site more about how ASA's operate and their features.

I heavily use ASA's and Sonicwalls at work, so i'm starting to feel like becoming more knowledgeable in ASA operation will help me succeed, get the power up, and win the game. While you can do complicated things with sonicwalls, they are very easy and require almost no explanation.

I picked up the Exam Cram CCNA: Security guide, I used the exam crams extensively for study on my CCNA, I was really pleased with them.

I have a CBT (non Cioara version) that go's over Pix/ASA setups I will be using as well.

I'm pretty excited, I was never into security stuff before I landed my current gig, now it takes up 90% of my time

The ASA is not covered/tested on the CCNA Security. Any material that covers it will really only highlight it and other security devices (like IPS, NAC appliance, etc) for the purpose of giving you insight. You will need to look toward the CCSP/CCNP Security for that, for which the CCNA Security is a prerequisite.

Overall, I really enjoyed my studies for the CCNA Security and I have moved on to the SNRS exam for CCSP; they do have significant overlap. Once I am done there I will be focusing on SNAF and SNAA which cover the ASA (including VPN). I am looking to go ahead and get all four of the CCSP exams done before they are retired, and then I will slowly go through the new exams to keep fresh while I wait to truly go through my studies for CCIE Security.

Best wishes with your studies. PM me if you have any questions.

phoeneous

PhildoBaggins wrote: »

I'm taking this path so I can better understand how to configure tunnels, mostly site to site more about how ASA's operate and their features.

I heavily use ASA's and Sonicwalls at work, so i'm starting to feel like becoming more knowledgeable in ASA operation will help me succeed, get the power up, and win the game. While you can do complicated things with sonicwalls, they are very easy and require almost no explanation.

I picked up the Exam Cram CCNA: Security guide, I used the exam crams extensively for study on my CCNA, I was really pleased with them.

I have a CBT (non Cioara version) that go's over Pix/ASA setups I will be using as well.

I'm pretty excited, I was never into security stuff before I landed my current gig, now it takes up 90% of my time

No pix or asa in ccna:s, that's all covered in ccsp. But knowing zone based firewalls is pretty cool to me.

PhildoBaggins

phoeneous wrote: »

No pix or asa in ccna:s, that's all covered in ccsp. But knowing zone based firewalls is pretty cool to me.

I deal with that pretty heavy with Sonicwalls.

Either way I need to up my security game, i'm pretty excited about it. I like the Exam Cram books, I can usually do a light read through in 2 days then take a few weeks to really break it down.

powerfool

PhildoBaggins wrote: »

I deal with that pretty heavy with Sonicwalls.

Either way I need to up my security game, i'm pretty excited about it. I like the Exam Cram books, I can usually do a light read through in 2 days then take a few weeks to really break it down.

Well, if you have a true interest in network security, the CCNA Security is definitely for you. It offers truly practical solutions to very real threats. You can take these things and just be shocked at how easy it is to perform these attacks and how truly simple it is to protect against them.

Chris_

If you want to know site to site VPNs and tunnelling basics then the CCNA Security will give you a start.

If you can, get Jeremy Cioara's CBT Nuggets; his run through of IPSEC and VPNs is awesome, gave me some real lightbulb moments. The blueprint only covers VPN setup using the SDM (personally, I hate it!) Jeremy covers setting them up in CLI, which is much more straight forward and actually helps you learn the concepts better - the same rules will pretty much apply to a PIX/ASA too.

All I used for the CCNA Security is the CBTs and the official cert guide.I had a router with an IOS firewall for the SDM stuff and a 2950 switch to check the port-security stuff. To be honest, the rest of it is concepts; very little lab or config stuff covered by the blueprint.