IPS without lab

wintermute000wintermute000 Posts: 172Banned
Anyone have any thoughts re: passing the IPS exam without shelling out for a lab (via rack time)?

Ordinarily I'd feel like a fraud and I'm the first to criticise dumpers but I really have zero interest in it + I have never seen any org (in Australia at least) use Cisco for IPS whereas plenty of real life use for ASA and Cisco VPN (whether ASA or routers) expertise. I am doing this track as I enjoy firewalls and VPNs, also my employer has zero interest in cisco IPS as well. No worries with labbing ASAs and IOS VPNs etc. but for IPS its looking like rack time or bust (I had no luck trying to get it to run in GNS3 and you can't get a second hand IPS for any reasonable price) and I'd rather save my lab costs for SP track (IOS XR!!!) and CCIE.

TBH it would be a much better course if the IPS module was replaced with a full blown DMVPN/Get VPN module (the content in SECURE only scratches the surface of what you'd need to throw in a proper full blown DMVPN implementation IMO) including VPN specific routing scenarios, but I digress.

Anyone done the IPS exam purely on books/practice exams/IDM demo mode? Is it do-able?

Comments

  • doverdover Posts: 184Member
    I still feel a little like a fraud. IPS was the first exam I took without having real, physical access to the technology. I did use rack time and I was able to get a feel for it, but it was nothing like living with the equipment every day for a couple of hours a day - tearing it down, reloading the OS, using the recovery image, etc. When I first started at my current job we ripped out a bunch of Cisco 4200 IPSs and replaced with another manufacturer - but we weren't allowed to keep them as spares/test equipment.

    To answer the question, it IS doable to pass just using books, practice and the IME demo...but it'll probably still feel a little bit like you took a shortcut - at least that's how I feel.

    With that said, I think about it this way: I have learned the IPS material and I have an understanding of the technology, its capabilities and how to configure an IPS appliance/module/IOS IPS to meet a given scenario - so I'm ok. There are some parts of the Cisco IPS that I think are awesome - the intuitive way of handling risk ratings, OS relevancy, threat ratings and event action filters - that are a breeze to setup and offer some great options. I still prefer other IPS/IDS options though - for both cost effectiveness and ability to customize.

    With your experience and certification history, this exam won't be hard - I thought it was the easiest of the 4 CCNP Security exams.
  • wintermute000wintermute000 Posts: 172Banned
    Thanks mate for the encouragement. VPN next and then IPS!
  • spiderjerichospiderjericho CCNP, CCDP, CCNA R&S, CCNA Security, CCDA, CISSP, CISM, CISA, CRISC, Network+, Security+, CySa+, Pen San DiegoPosts: 839Member ■■■■□□□□□□
    Dover, where did you do your IPS rack renting? I want to pursue the CCNP S and want some exposure.
  • wintermute000wintermute000 Posts: 172Banned
    Just a question, how much use is IOS IPS for purposes of lab time for the IPS exam (as opposed to SECURE)?
  • doverdover Posts: 184Member
    spiderjericho,

    Maced turned me on to Proctorlabs.com. They were the first to have the refreshed CCIE Security rack stuff - so they had IPS 7 instead of 6. Its the rack rental offshoot of IPExpert.

    Wintermute000,

    I spent a little time in the IOS IPS just because I had access to a decent router with the right feature set. I'd say it helped a bit, it is just a stripped down IOS version of the IPS OS/Software.

    Good luck with VPN, I had some trouble staying 'into' it but so far it has really helped in my job - not so much for me doing the implementation but because people have started to ask me for help on VPN setups and troubleshooting. Never hurts to be the guy/girl with some answers.
  • wintermute000wintermute000 Posts: 172Banned
    OK sweet as I can easily spin up IOS IPS for lab purposes. I just want to get over line
  • gorebrushgorebrush Posts: 2,741Member
    I'll have a similar problem so have read this topic with interest.

    There are probably a few pieces of kit here with IPS modules (we are a large outsourcer) so I might be able to get my hands on something, but it'll all be production environment stuff.
  • wintermute000wintermute000 Posts: 172Banned
    Passed, thanks to all the tips above. The exam is actually a breeze if you do enough practice exams and read the material thoroughly to understand what you're answering wrong in the exams. For labbing all I did was flick through the IME demo through all the relevant bits that kept coming up in exam questions. It does still feel a bit like a fraud but like I said, Cisco IPS in my market = dead, nobody uses it.

    I do feel that the course did give me a lot more understanding of IPS logic/concepts though TBH a lot of it feels like the equivalent of stateful firewall which right now is being wiped out by application aware Palo Alto etc. and I think similar thing is happening in the IPS market.
  • cisco_troopercisco_trooper Too many Posts: 1,443Member ■■■■□□□□□□
    yeah, there honestly isn't much to the IPS interface. I imagine the test on this one to mostly be the IDM so I can't imagine it to be too difficult. I'm actually saving this one for last for the "easy win" for the last CCNP Security exam.
  • Maced129Maced129 Posts: 78Member ■■□□□□□□□□
    Congrats wintermute. I am working on IPS myself now, I was working pretty hard on VPN but I managed to get into a ILT IPS course through work. I'm going to also go through some IPexpert VoD for the course and rent some lab rack time from proctorlabs. Hopefully I can pass and move back into VPN...I thought I was ready but after taking a look at the exam topics for VPN recently, I still have a bit of work to do!
  • seittitseittit Posts: 11Member ■□□□□□□□□□
    please excuse me as I raise this thread from teh dead (insert zombie emoticon here)

    I am fortunate enough to have an expendable budget for my home lab, and was able to scoop an IPS (4240) on eBay for under three hundred dollars. Cisco was kind enough to give me a temp license (60 days) which has allowed me to update the signatures from the previous owner's last update in 2011.

    the sucker is loud (20db operating), but it's completely operational and i feel like a kid again. i love getting my hands on new technology.

    the official CCNP IPS book is fantastic; quite possibly the best written in the series and is co-authored from Keith Barker (of YouTube and CBT Nuggets fame).

    Are there any good labs that you all know of for implentation of setups like Inline Pairs, Vlan groups, etc?
Sign In or Register to comment.