| Cisco has responded to the challenge in the internetworking technology with the Cisco Certified Internetwork Expert (CCIE) Program.
|
|
|
|
|
|
|
|
|
|
|
| This is a high-level certification program designed to identify and serve the best of the internetworking experts and to improve your hands-on skills. The CCIE certification is currently the most significant certification in the industry.
|
|
|
|
|
|
|
|
|
|
|
|
|
| The Fast Lane CCIE Security Lab Boot Camp consists of a set of practice exercises covering all protocols tested in the CCIE lab exam. They are aimed at engineers preparing for the CCIE lab exam who already understand the theory of the protocols being tested and wish to practice implementing them in CCIE Lab style scenarios.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| After completing this boot camp, delegates will be in a position to identify whether they are ready to sit the eight-hour lab exam which will test your ability to get a secure network running in a timed test situation. You must pass the lab within three years of passing the written to achieve certification. Your first lab attempt must be made within 18 months.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| A first class Cisco instructor will conduct the lab, which is equipped with Cisco routers, switches and miscellaneous networking equipment.
|
|
|
|
|
|
|
|
|
|
|
|
|
| The CCIE Security Lab Boot Camp is not a training session, but is designed for the purpose of practicing for the lab portion of the CCIE exam. Delegates should be prepared to work beyond the usual classroom hours.
|
|
|
|
|
|
|
|
|
|
|
|
|
| Candidates will be expected to work at their own pace on the topics they feel they need the most practice on. It is not anticipated that all labs can be completed in the time provided; however complete solutions and associated comments will be provided for all exercises! |
| This 10 day boot camp contains extensive labs which will cover all technology areas in order to prepare delegates for the practical lab exam. As outlined by Cisco, this will be an eight-hour, hands-on exam which requires you to configure a series of secure networks to given specifications. Knowledge of troubleshooting is an important skill and candidates are expected to diagnose and solve issues as part of the CCIE lab exam. Point values and testing criteria are provided. The physical rack for Security is similar to the rack for Routing and Switching with the addition of the PIX, VPN concentrator, intrusion detection sensor and authentication server.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| The course outline is as follows:
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
 |
Firewall
|
| PIX and ASA Firewall
|
| Basic Initialization
|
| Access Management
|
| Address Translation
|
| ACLs
|
| IP Routing
|
| Object Groups
|
| VLANs
|
| AAA
|
| VPNs
|
| Filtering
|
| Failover
|
| Layer 2 Transparent Firewall
|
| Security Contexts (Virtual Firewall)
|
| Modular Policy Framework
|
| Application-Aware Inspection
|
| High Availability Scenarios
|
| QoS Policies
|
| Other Advanced Features
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
IOS Firewall
|
| CBAC
|
| Audit
|
| Auth Proxy
|
| PAM
|
| Access Control
|
| Performance Tuning
|
| Advanced Features
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
VPN
|
| IPSec LAN-to-LAN
|
| SSL VPN
|
| DMVPN
|
| CA (PKI)
|
| Remote Access VPN
|
| VPN3000 Concentrator
|
| VPN3000 IP Routing
|
| Unity Client
|
| WebVPN
|
| EzVPN Hardware Client
|
| XAuth, Split-tunnel, RRI, NAT-T
|
| High Availability
|
| QoS for VPN
|
| GRE, mGRE
|
| L2TP
|
| PPTP
|
| Advanced VPN Features
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Intrusion Prevention System (IPS)
|
| IPS 4200 Series Sensor Appliance
|
| Basic Initialization
|
| Sensor Configuration
|
| Sensor Management
|
| Promiscuous and Inline Monitoring
|
| Signature Tuning
|
| Custom Signatures
|
| Blocking
|
| TCP Resets
|
| Rate Limiting
|
| Signature Engines
|
| IDM
|
| Event Action
|
| Event Monitoring
|
| IOS IPS
|
| PIX IDS
|
| SPAN, RSPAN
|
| Advanced Features
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Identity Management
|
| Security Protocols (RADIUS and TACACS+)
|
| Cisco Secure ACS Configuration
|
| Access Management (Telnet, SSH, Pwds, Priv Levels)
|
| Proxy Authentication
|
| Service Authentication (FTP, Telnet, HTTP, other)
|
| Network Admission Control (NAC Framework solution)
|
| 802.1x
|
| Advanced Features
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Advanced Security
|
| Mitigation Techniques
|
| Packet Marking Techniques
|
| Security RFCs (RFC1918, RFC2827, RFC2401)
|
| Service Provider Security
|
| Black Holes, Sink Holes
|
| RTBH Filtering (Remote Triggered Black Hole)
|
| Traffic Filtering using Access-lists
|
| NAT
|
| TCP Intercept
|
| uRPF
|
| CAR
|
| NBAR
|
| NetFlow
|
| Flooding
|
| Spoofing
|
| Policing
|
| Fragmentation
|
| Sniffer Traces
|
| Catalyst Management and Security
|
| Traffic Control and Congestion Management
|
| Catalyst Features and Advanced Configuration
|
| IOS Security Features
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Network Attacks
|
| Network Reconnaissance
|
| IP Spoofing Attacks
|
| MAC Spoofing Attacks
|
| ARP Spoofing Attacks
|
| Denial of Service (DoS)
|
| Distributed Denial of Service (DDoS)
|
| Man-in-the-Middle (MiM) Attacks
|
| Port Redirection Attacks
|
| DHCP Attacks
|
| DNS Attacks
|
| Fragment Attacks
|
| Smurf Attacks
|
| SYN Attacks
|
| MAC Attacks
|
| VLAN Hopping Attacks
|
| Other Layer2 and Layer3 Attacks |
