Security Home Lab

Still alive, just been busy with work and various other stuff.

For the last couple of months my study has been mainly some light reading here and there. Virtually no labbing yet because for one I don’t have any study material yet (ie: workbooks) and secondly I don’t have a lab to study on. Work are supporting my second IE, but there’s just some finalization to be done before the material is purchased – which will be from Internetwork Expert. With regard to practical study, unless I have a fully functional lab at my disposal anytime I want it, then there’s very little chance I’ll study at all. But that has all changed since yesterday!

A few days ago IE release the specs for their new Security racks. So with some free time off, and using what I already had prepared a few months ago, I’ve now got a fully functioning lab that almost matches their topology exactly. And the best part is that its pretty much all virtual, idling on my Windows XP Quad core 3GB at 30% utilization.

So here’s what I have:

Virtual (Dynamips)

R1 – 3725 (c3725-adventerprisek9-mz.124-15.T8.image)
R2 – 3725 (c3725-adventerprisek9-mz.124-15.T8.image)
R3 – 3725 (c3725-adventerprisek9-mz.124-15.T8.image)
R4 – 3725 (c3725-adventerprisek9-mz.124-15.T8.image)
R5 – 3725 (c3725-adventerprisek9-mz.124-15.T8.image)
R6 – 3725 (c3725-adventerprisek9-mz.124-15.T8.image)
BB1 – 3640 (c3640-is-mz.124-23)
BB2 – 3640 (c3640-is-mz.124-23)
BB3 – 3640 (c3640-is-mz.124-23)

Virtual (Other)

ACS Server 4.2 Trial – Running on Windows 2003 Server in VMware
IPS 5.1 – Running in VMware
2 x ASA 8.0(2) – Running in QEMU

Real Equipment

Cisco 3548XL Switch
2 x Cisco 3550 24 Port EMI
Test PC (my home laptop)

Now in terms of how I get all this working, I’ll start with a diagram:

The key to getting the whole topology working is in the Intel Server NIC and the 3548XL switch. I created a VLAN (which shows as a logical interface in windows) for every device that needs to ‘physically’ connects to the 3550 switches. In total there are 21 VLAN interfaces.

Each virtual device’s interface is then mapped to one of these VLAN interfaces either through dynamips, Qemu, or VMware.

The physical Intel NIC (which is set to trunk all the VLAN’s) connects to the 3548XL. So now we have 21 separate vlans for 21 seperate interfaces all being trunked through to a physical switch. At this point the devices still have no way of communicating with each other…..

I’ve then configure 21 ports on the 3548XL switch using the same VLAN id’s and then used very short Ethernet cables to patch each port to the corresponding ports on the real 3550’s as per the Internetwork experts racks.

For example, ASA1 port E0/1 is supposed to be on SW Fa0/13. So I assigned it VLAN 113 on on the PC and then assigned port Fa0/13 VLAN 113 on the 3548XL, and then patched it through to SW1 Fa0/13. Oh, and I turned off spanning-tree for all the VLAN’s to make sure BPDU’s dont start coming in on the 3550’s. They are all host ports remember :)

As far as getting the other virtual devices running here’s what I did:

ASA
- http://7200emu.hacki.at/viewtopic.php?t=4936&postdays=0&postorder=asc&start=0 – Look for the posts by ‘thumpercisco’
- QEMU is configured to map ASA interfaces to MS Loopback interfaces (3 for each ASA)

IPS
- http://7200emu.hacki.at/viewtopic.php?t=3095
- 3 VMware virtual adapters (only two required for topology)
- Enable VNC on the VMware instance so you dont need to go though the host machine every time.

ACS
- Trial version from Cisco, just save the VMware image once installed so you can reload it after 90 days
- Enable VNC on the VMware instance so you dont need to go though the host machine every time.

Other Stuff

To make things even easier I purchased a 2 port RS232 PCI card from eBay and installed it in my server. I then use a program called “Serial to Ethernet connector” so that I cant telnet from my Test PC to a TCP port on the server and it maps my session to the Serial ports of the physical switches.

.NET file

If you want a copy of my .NET file please look at more recent posts.

Fully virtual?

I did consider doing the whole thing in dynamips, and it is very possible. The only thing that annoyed me was the switch ports would be different on my setup than they would be in the workbooks (16 ports on the NM modules as opposed to 24). This meant some ports would be changed, meaning the diagrams would all be wrong, and the initial configs would all need to be changed.

——

The CPU’s idle nicely at 30% (full topology), and memory usage is about 1.5GB total.

With this i’ll be able to test most technologies and even be able to do most full scale labs with this setup.

I hope this helps anyone thinking about or pursuing their Security track. Feel free to drop me a line if you have any questions.

Security blueprint, quality books, and general thoughts

For the last two weeks I’ve been working at the new Westfield shopping centre in London. Apart from having Christmas day off I’ve been at work every other day. Fortunately, because its only a very short contract to fill in for the usual guy while he’s on leave I only have a few key things to look after; and if nothing goes wrong I don’t have to do a single thing! So overall its been a pretty quiet two weeks, and because most of management is away its very peaceful on my floor of the building which has given me a LOT of time to get immersed in my new books.

Most of this free time has been spent reading Yusuf Bhaiji’s Network Security Technologies and Solutions which is just fantastic. Considering how many different products, and technologies he covers I think it goes into just the right amount of detail on each one. The book can be used as a quick reference, or it can be used to get a baseline understanding of new security concepts. If you are looking to get a lot of coverage on the written blueprint then this is the book you need, and even if you aren’t studying for the security lab, I would highly recommend it for any budding network professional in the Cisco areana.

In addition to this I got myself a Safari account and started reading Network Security Principals and Practices by Saadat Malik, and after seeing various Amazon reviews I went straight to the IPSEC section to see what all the fuss was about. If you had any doubts about how ISAKMP, IPSEC, ESP, AH or any other related topic function…this book will sort you out. Although it is a few years old, it’s written extremely well and goes into a lot of detail on most of the technologies that make up the 2.0 blueprint.

—-

Considering my progress so far and how much I’m enjoying studying, I anticipate that i’ll be sitting the written a lot sooner than April. February seems more realistic. If I wait 3-4 months before taking the written, its just going to mean that i’ll need do do a lot more review for stuff that I’ve learnt in the last two weeks…its better to strike while the irons hot! And since the written is mostly theory there is no real need to be hammering away on the CLI playing with stuff, which is really what I want to get stuck into.

My Dynamips machine is slowly coming together. I’m probably going to do most of my study on a virtualized system so that I can go at my own pace for next to nothing. Dynamips will run my routers, PEMU will run PIX’s with 8.x images (i’m not going to worry about ASA’s at this stage), and VMware will run both the ACS server on Windows 2003 and IPS with the 5.x image. Obviously i’ll be missing some key things for the 3.x lab, but most of it is going to be there and in the beginning its plenty to start with.

Intro

Let me start off appropriately with some form of introduction….

My name is Paul. I’m 27, Aussie, and going bald.

I decided to start this site in order to serve as journal for my studies towards obtaining CCIE for Cisco’s routing and switching track. If I document my progress and findings I figure I can use the site as a review prior to my labb exam, and at the same time hope that the information (or random dribble) contained can also assist others with their studies.

For the last 8 or so years up until two months ago I worked in Melbourne at an ISP doing support and implementation with mostly Cisco equipment for small to medium businesses. I’m now living in London on a 2 year working holiday visa hoping to get some good work experience, do some travelling, and of course, get my CCIE. I have been looking for work, but apart from a short two week contract I’ve been unemployed.

In the last two years I really focused on furthering myself and worked my way up the certification ladder. I currently hold a CCDA, CCNP, CCIP, IPTX (Callmanager Express), and I passed my written exam in April.

I decided to get my CCIE for a lot of reasons. The main one being that I actually do enjoy studying, plus all the jobs that catch my eye stipulate that a CCIE qualification is an ‘advantage’ or ‘highly desirable’ :)

So my lab date is on the 11th of December, I’m in London, a bum with no job, what better time to study. I had my Cisco press books sent over and hopped right into it.

What I’m using

I don’t have a rack of equipment so Dynamips is my primary form of practical study. I’ll also be purchasing rack time for 3550/3560 practice, and mock labs. To run Dynamips I purchased a dedicated machine which included a 22″ LCD screen that I use for dual display on my laptop. It’s a Dell Inspiron 530 with an Intel 2.4ghz Quad Core processor and 3GB of RAM running Vista. I can run a full IE lab in Dynamips without a hitch.

For study material I’m going with Internetwork Expert for basically everything. Purchasing Volume I,II,III workbooks, their Class-On-Demand videos, and I’m booked to attend the 12 day bootcamp from October 13th to the 24th which I am very much looking forward to.

As reference material I also have the following books:

- Internetworking with TCP/IP
- TCP/IP Illustrated Volume I
- Interconnections, Bridges, Routers, Switches, and Internetworking protocols
- Routing TCP/IP Volume 1 & 2
- Cisco BCMSN Exam Certification Guide
- Cisco QoS Exam Certification Guide
- Internet Routing Architectures
- Developing IP Multicast Networks
- Cisco Router Firewall Security

The Guide

Some would call it a plan, I’m calling it a guide. Most of which is based on the content of this page here and the class on demand video’s. I’ll follow this method for as long as I think I’m benefiting from it and then reassess if its not working out. But the general idea is to understand all the technologies, complete all the labs at least once, take some mock labs and Cisco assessor labs to gauge my progress, and read the DocCD from back to front for 12.4 mainline router IOS, and 12.2(25)SEE switch IOS.

Progress So Far…

Studying for the written exam took me about 6 weeks, and since I arrived in London I’ve been studying for a about six more. The average day for me consists of getting up at about 10:00am, cooking poached eggs on muffins, with spinach, mushrooms, and tomatoes, accompanied by a strong coffee. I’ll then study anywhere between 6 to 10 hours a day depending on whether I do theory or lab work. Weekends do encompass some form of study but I’m more or less treating this as a full time job job so that I can still enjoy my weekends to an extent.

I started my lab study by watching the Class-on-demand videos from start to finish making notes all the way through, and I have to say that these are by far the best learning investment I’ve ever made. I’m a big fan of class based training and watched quite a lot of Jeremy’s CBT Nugget videos during my CCNP / CCIP studies. Internetwork Expert also recently revealed that updates to these videos are coming soon and the content will grow from 80 to around the 120 hours.

After watching the videos and doing some additional research on the topics I had a tough time understanding, I started the Volume I version 5 labs, beginning with frame relay and then using some rack time to do the bridging and switching. Once I was done with these I had a glance at the remaining version 4 technology labs, but they just didn’t compare to the newer ones. The version 4 labs dont have any detailed explanations, breakdowns, comprehensive verifications, or preconfigurations. Because if this, I decided to wait for the new ones – I think I’ll get a lot more out of them.

As I understand Internetwork Expert are working hard to finishing the remaining ones, and only a week or two later they released the RIP and EIGRP versions, both of which I completed. But I’m especially looking forward to the multicast one as its probably my weakest area.

So in the meantime I decided to start doing some labs.

Beginning with lab 1 and working my way through to lab 4 I took the approach of reading an entire section, completing it, and then checking my work with the solutions guide. This made sure that any mistakes I made were corrected before trying to solve the next section. I struggled with the first two labs as the wording of the questions was really throwing me off. My score and completion time wasn’t important for these, but I wanted to make sure I understood exactly what I was doing. So if I came across a question or a technology that I didn’t understand, then I’d read up on it until I did.

The structure of these initial labs are great. They teach you a lot valuable lessons, methods, and techniques in a progressive approach that I think is easy to understand.

By this point I was getting pretty comfortable with question wording, how labs are structured, the importantance of thinking something through before implementing it, and how crucial verification is. My weak areas were definitely multicast, some security, IP services, oh…and of course human error.

Moving on to lab 5 and 6 I completed these fully before checking the solutions guide. I scored 62 & 68 but still made quite a lot of silly mistakes because I wasn’t checking my work or pinging every possible destination from every possible source. Also there were a few things that I knew required the DocCD but had trouble locating the answers. Completion time was just under 8 hours but obviously that’s not fast enough.

Next I went on to Volume III and did labs 1 to 3. In order to set these up I had to run a search and replace the initial configurations because they’re built for real hardware, so interface names and numbers differ from the diagrams and questions which takes some getting used to, but I managed to get over it.

Obviously speed and accuracy were what these are all about so I used a stopwatch and started it before I begun to read the questions. I actually lost the score sheets for these but I completed them in around 3 hours with great accuracy on two, but on the other I dropped 8 points by doing stuff and not checking it. It’s pure laziness, or overconfidence, and I just need be more thourough.