Items i picked up from work

JZegers

I picked up 2x 506e Pix Firewalls and 2x Pix 501 firewalls. Are these still good for CCNA: security or no?

QHalo

The majority of CCNA security is SDM, which is for a router. Those PIX devices are awesome but not within items to know based on the blueprint. That's not to say that you couldn't mess around with them and setup some things, but for the exam they're not necessary.

[B]Exam Topics[/B]

 The  following topics are general guidelines for the content likely  to be  included on the Implementing Cisco IOS Network Security (IINS)  exam.  However, other related topics may also appear on any specific  delivery  of the exam. In order to better reflect the contents of the  exam and for  clarity purposes, the guidelines below may change at any  time without  notice.
 [B]Describe the security threats facing modern network infrastructures[/B]

 
[LIST]
[*]Describe and list mitigation methods for common network attacks
[*]Describe and list mitigation methods for Worm, Virus, and Trojan Horse attacks
[*]Describe the Cisco Self Defending Network architecture
[/LIST]
 [B]Secure Cisco routers[/B]

 
[LIST]
[*]Secure Cisco routers using the SDM Security Audit feature
[*]Use the One-Step Lockdown feature in SDM to secure a Cisco router
[*]Secure  administrative access to Cisco routers by setting strong  encrypted  passwords, exec timeout, login failure rate and using IOS  login  enhancements
[*]Secure administrative access to Cisco routers by configuring multiple privilege levels
[*]Secure administrative access to Cisco routers by configuring role based CLI
[*]Secure the Cisco IOS image and configuration file
[/LIST]
 [B]Implement AAA on Cisco routers using local router database and external ACS[/B]

 
[LIST]
[*]Explain the functions and importance of AAA
[*]Describe the features of TACACS+ and RADIUS AAA protocols
[*]Configure AAA authentication
[*]Configure AAA authorization
[*]Configure AAA accounting
[/LIST]
 [B]Mitigate threats to Cisco routers and networks using ACLs[/B]

 
[LIST]
[*]Explain the functionality of standard, extended, and named IP ACLs used by routers to filter packets
[*]Configure  and verify IP ACLs to mitigate given threats (filter IP  traffic  destined for Telnet, SNMP, and DDoS attacks) in a network using  CLI
[*]Configure IP ACLs to prevent IP address spoofing using CLI
[*]Discuss the caveats to be considered when building ACLs
[/LIST]
 [B]Implement secure network management and reporting[/B]

 
[LIST]
[*]Use CLI and SDM to configure SSH on Cisco routers to enable secured management access
[*]Use CLI and SDM to configure Cisco routers to send Syslog messages to a Syslog server
[/LIST]
 [B]Mitigate common Layer 2 attacks[/B]

 
[LIST]
[*]Describe how to prevent layer 2 attacks by configuring basic Catalyst switch security features
[/LIST]
 [B]Implement the Cisco IOS firewall feature set using SDM[/B]

 
[LIST]
[*]Describe the operational strengths and weaknesses of the different firewall technologies
[*]Explain stateful firewall operations and the function of the state table
[*]Implement Zone Based Firewall using SDM
[/LIST]
 [B]Implement the Cisco IOS IPS feature set using SDM[/B]

 
[LIST]
[*]Define network based vs. host based intrusion detection and prevention
[*]Explain IPS technologies, attack responses, and monitoring options
[*]Enable and verify Cisco IOS IPS operations using SDM
[/LIST]
 [B]Implement site-to-site VPNs on Cisco Routers using SDM[/B]

 
[LIST]
[*]Explain the different methods used in cryptography
[*]Explain IKE protocol functionality and phases
[*]Describe the building blocks of IPSec and the security functions it provides
[*]Configure and verify an IPSec site-to-site VPN with pre-shared key authentication using SDM
[/LIST]

tiersten

JZegers wrote: »

I picked up 2x 506e Pix Firewalls and 2x Pix 501 firewalls. Are these still good for CCNA: security or no?

No. CCNA:Security is mostly about the IOS firewall in recent routers and not PIX (or ASA) boxes. The 506e and 501 are both pretty limited and only support up to 6.3. The 506e can unofficially have early 7.0 versions wedged on if you remove PDM.