Archive for December, 2008

More books

Posted in CCIE on December 26, 2008 by cciejournal

Purchased another couple of books for my security studies.

Cisco Router Firewall Security – Richard Deal
CCSP IPS Exam Certification Guide – Earl Carter

The IPS book was actually hard to track down for a decent price, the cheapest on amazon was $120 US! In the end I managed to find it on ebay. I won the sale for .99 cents, but shipping from the states was $32….still, thats not too bad :)

After doing a fair amount of research I think i’ll be purchasing the following titles aswell:

Cisco Network Security Troubleshooting Handbook – Mynul Hoda
Network Security Principles and Practices – Gregg Schudel

Leave A Comment »

CCIE Security

Posted in CCIE with tags on December 23, 2008 by cciejournal

After much thought I’ve decided to skip the CCNA Security/CCSP path and just go straight for CCIE Security. There’s a few reasons behind my decision and I thought I’d share them along with how I’m getting started.

1) Cost
The cost of sitting the CCNA Security exam plus the 4 exams for CCSP is $750 US. On top of that there’s the study material required for each one. Granted some of the books I buy for CCIE could be used for both, but I’d rather spend all that money on CCIE.

2) Time
I just cant be bothered doing 5 separate exams just to move on and do 2 more. I’m now fully aware of whats required to do a CCIE and what I’m getting myself into. It may be an advantage to work my way up if I thought that I might be in the market for a new job at some stage next year, but the fact is I wont be. In the end a CCIE is worth 10 times more than the associate and professional certs.

3) Content
Apart from the elective exams in CCSP, virtually everything you find in the lesser exams is part of the CCIE blueprint anyway. Also I dont really need or want to know how to set things up in the SDM (which is more of a focus in associate and professional) so I’m quite happy to skip those parts :)

4) Work
With my new job just around the corner I’m going to have access to a  plethora of mentors and e-learning tools that will no doubt be able to speed up the learning process for me.

——–

Strategy
I’m going to focus entirely on the 3.0 version of the blueprint and my first milestone is to sit the written exam once it changes in April. So really all I need to worry about at this stage is building a foundation of all the topics by doing plenty of reading. I’ll be updating my study material list at the top right of this page, but at the moment I have the following titles:

Network Security Technologies and Solutions (CCIE Professional Development) – Yusuf Bhaiji
Cisco ASA, PIX, and FWSM Firewall Handbook – David Huccaby
Cisco ASA – All-in-One Firewall, IPS, and VPN Adaptive Security Appliance – Jazib Frahim

Once I get a bit more cash I’ll invest in some class-on-demand videos too.

For the lab I’m not sure what vendor I’ll use. It’s most likely going to be InternetwWork Expert since they are now working on the 3.0 material and plan to have it released before the new exam kicks in. I’ll use Dynamips for random ASA and IOS stuff, but unless I get access to some real equipment with my new job I’ll settle with rack time for most of my lab preparation.

My goal is to sit and pass the lab by Q3 of next year, but we’ll wait and see. I’m not going to let this one rule my life for nine months :)

Leave A Comment »

SNAF Topology in GNS3

Posted in CCSP with tags , , , , on December 5, 2008 by cciejournal

After a bit of screwing around and reading about PEMU/VMware I managed to get my topology working as intended. GNS and virtual adapters don’t seem to like on the fly changes. The solution in the end was to configure all the adapters/IP’s etc, reboot the VMware host machine, then create the topology in GNS from scratch.

My laptop is directly connected to my Dynamips/GNS machine (running Vista) which is is bridged to the inside interface of the PIX. The Dynamips/GNS machine also runs a virtual instance of Windows 2003 server with Cisco ACS installed which is bridged to the DMZ interface of the PIX.

The PIX 525 is running release 8.0(4) with ASDM 6.1(3).

Apart from testing failover (which doesn’t really work properly in Dynamips) I can play with just about everything required for the first ASA exam (SNAF).

drawing1

After about 10 solid hours of messing about and doing a shitload of reading I’m pretty comfortable with just about every topic. The next step is to do some labs from the Cisco Partner e-learning connection (PEC) and then book the exam as soon once I’ve done a solid review.

At the same time I’ve been studying for SNAF I’ve been going through the CCNA Security certification guide. I think for anyone that’s completed the ISCW exam from CCNP, providing you have a basic understanding of security copncepts I’d say you’re probably 3/4 of the way there to obtaining this cert. Definitely worth the effort imo…

7 Comments »