CCSP gear

opers13 · January 2007

guys,

I'm trying to put together a CCSP lab. I currently have:

3640 12.4 IOS firewall
PIX515 v. 7.1
Cat 2950
3x 2612

what should I get next...IDS or concentrator appliance?

tx

opers13

Ahriakin · January 2007

I'd say IDS. You'll cover a lot of the VPN course basics in the PIX exam, and the GUI is relatively simple. The IPS (I'm studying it at the moment) is a whole different kettle of fish and pretty much nothing from the other devices will prepare you for it (The PIX/ASA exam only really covers the intrusion protection areas from a VERY basic setup standpoint).
I don't have access to a Cisco IDS/IPS device at all so I'm trying to wing it, though I have done a lot of work in the last week or 2 on setting up an efficient Windows Snort box so I'm hoping that will help a little (at least with the mindsets of tuning/working signatures etc.)

mikej412 · January 2007

opers13 wrote:

what should I get next...IDS or concentrator appliance?

Whichever one you can get the best deal on -- if you're shopping on eBay.

I initially got a VPN3002 Hardware Client for $100, and used that until I scored a $700 VPN3005 in mint condition.

I failed the IDS exam by 5 points..... and then hunted down a bargin (missing faceplate) 4210 IDS. The funny thing -- I had no problem with the SIMs or the software interface questions. A month later I stomped the IPS exam.

sexion8 · January 2007

FYI for an IPS if you're looking just for the *gist* of things, you could also kick out about $75 for an older Intrusion PDS5100 appliance and modify it with snort_inline. The PDS is running Redhat. And FYI Snort has never been an IPS, IDS yes. Snort_Inline now... That's a different story. I wrote a realtime shell script to backend Snort, mod_apache, and block out XSS attacks

... For those working in the compsec industry, if you're interested let me know I will send you a link. Currently I'm doing a realtime IPS for SIP on Asterisk. I have an nCite SBC that touts the ability to block garbage out, but I've been able to pass garbage through... As for Asterisk and SIP in general... I made Asteroid out of kicks and giggles to learn the transactional phases and shred them to smithereens... http://www.infiltrated.net/asteroid/ (for those into VoIP security)...

Slowhand · January 2007

sexion8 wrote:

FYI for an IPS if you're looking just for the *gist* of things, you could also kick out about $75 for an older Intrusion PDS5100 appliance and modify it with snort_inline. The PDS is running Redhat. And FYI Snort has never been an IPS, IDS yes. Snort_Inline now... That's a different story. I wrote a realtime shell script to backend Snort, mod_apache, and block out XSS attacks ... For those working in the compsec industry, if you're interested let me know I will send you a link. Currently I'm doing a realtime IPS for SIP on Asterisk. I have an nCite SBC that touts the ability to block garbage out, but I've been able to pass garbage through... As for Asterisk and SIP in general... I made Asteroid out of kicks and giggles to learn the transactional phases and shred them to smithereens... http://www.infiltrated.net/asteroid/ (for those into VoIP security)...

I don't think an appliance running Redhat and Snort_inline is going to do much towards studying for, and passing, any Cisco exams. It'll be very helpful for general security practices, but that's probably best saved for after he's got the CCSP knocked out, and doesn't need to focus so heavily on "the Cisco way" of doing things.

opers13 · January 2007

Slowhand wrote:

I don't think an appliance running Redhat and Snort_inline is going to do much towards studying for, and passing, any Cisco exams. It'll be very helpful for general security practices, but that's probably best saved for after he's got the CCSP knocked out, and doesn't need to focus so heavily on "the Cisco way" of doing things.

True

CCSP gear

Comments