Security Information Monitoring System

This section covers how Cisco IDS can monitor and identify intruder-based attacks and how security information is monitored and acted upon. Cisco IDS uses multilayer protection options to prevent an attack from successfully reaching the end target system such as a file server or desktop computer. After the attack or intruder-based traffic is identified and determined to be intrusive, the network administrator can stop the attack before any serious damage occurs. This can involve dropping the...

Virtual Private Networks

A virtual private network (VPN) enables IP traffic to travel securely over a public TCP IP network by encrypting all traffic from one network to another. A VPN uses tunneling to encrypt all information at the IP level. VPN communication is encrypted, private and secure, even though it traverses the public network. VPN is very loosely defined as a network in which a customer or end user connects to one or more sites through a public infrastructure, such as the Internet or World Wide Web. VPNs...

Telephony Best Practices

IP networks are a prime target for intruders and hackers. Traditionally, voice networks were secure because the PBXs in place did not have any IP connectivity. In today's Voice over IP (VoIP) telephony-based networks, every IP phone contains a routable IP address and thus is a prime target. For example, a hacker could program the Cisco Call Manager (CCM) to make every IP phone call the number 911 (or 000, depending on what part of the world you are in). If you do not secure the voice networks...

About the Technical Reviewers

Yusuf Bhaiji, CCIE No. 9305, has been with Cisco Systems, Inc., for four years and is currently the content manager, CCIE security, and proctor in the Cisco Systems Sydney, Australia Lab. Prior to this, he was technical lead for the Sydney TAC Security and VPN team. Yusuf's passion for security- and VPN-related technologies has played a dominant role in his 14 years of industry experience, from as far back as his initial master's degree in computer science, and since is reflected in his...

Secure Shell and Cisco Ios Ssh

Secure Shell (SSH) is a protocol that provides a secure connection to a router. Cisco IOS supports version 1 and 2 of SSH, which enables clients to make a secure and encrypted connection to a Cisco router. Cisco refers to this SSH support as Cisco IOS SSH. Before SSH was implemented, the only form of security available when accessing devices such as routers was Telnet username password authentication, which is clearly visible with a network sniffer. Telnet is insecure because a protocol...

CCIE Security Written Exam Blueprint

Table I-1 lists the CCIE Security written exam blueprint topics and the corresponding chapters where you can find the material covered in this book. As you can see, the blueprint places the objectives into eight categories. The book covers all of these topics. This blueprint is a guideline for the type of content that is likely to appear on the exam. You can also find it at Remote Authentication Dial-In User Service (RADIUS) Terminal Access Controller Access Control System Plus (TACACS+)...

ISDN Layer 2 Protocols

ISDN can use a number of Layer 2 encapsulation types. Point-to-Point Protocol (PPP) and HighLevel Data Link Control (HDLC) are the only methods tested in the qualification exam. NOTE X.25 is not tested in the CCIE Security written exam. HDLC is a WAN protocol encapsulation method that allows point-to-point connections between two remote sites. Typically, HDLC is used in a leased-line setup. HDLC is a connectionless protocol that relies on upper layers to recover any frames that have encountered...

How to Prepare for the CCIE Security Written Exam Using This Book and CDROM

The chapters open by identifying the exam blueprint topics covered in that chapter. You can begin by taking the Do I Know This Already quiz to immediately evaluate how familiar you are with the chapter's subjects. Use the quiz instructions in each chapter to decide how to proceed. If you feel unfamiliar with the material and you need to learn a lot about the topics, start by reading the Foundation Topics section, which goes into detail about the objectives covered in that chapter. If your quiz...

Do I Know This Already

When defining an extended access list, what TCP port numbers can you use Answer c. 0 to 65,535 TCP port numbers from 0 to 65,535 can be used when defining an extended access list devices such as PCs go from 1023 to 65535. 3. When defining an extended access list, what UDP port numbers can you use Answer c. 0 to 65,535 UDP port numbers from 0 to 65,535 can be used when defining an extended access list. 4. Which of the following is not a TCP service Answer a. who 5. Which of the following is not...

MAC Spoofing Attack

A MAC spoofing attack is where the intruder sniffs the network for valid MAC addresses and attempts to act as one of the valid MAC addresses. The intruder then presents itself as the default gateway and copies all of the data forwarded to the default gateway without being detected. This provides the intruder valuable details about applications in use and destination host IP addresses. This enables the spoofed CAM entry on the switch to be overwritten as well. This is best illustrated in Figure...

Do I Know This Already Quiz

The purpose of this assessment quiz is to help you determine how to spend your limited study time. If you can answer most or all of these questions, you might want to skim the Foundation Topics section and return to it later, as necessary. Review the Foundation Summary section and answer the questions at the end of the chapter to ensure that you have a strong grasp of the material covered. If you already intend to read the entire chapter, you do not necessarily need to answer these questions...

Cisco Ios Ssh

The Cisco IOS implementation of SSH (which has been available for several years now), called Cisco IOS SSH (available in S, E, and T trains of Cisco IOS software), is a service feature that is available in the service provider Cisco IOS revision levels. Cisco IOS SSH is used to ensure that remote devices are managed securely Telnet is a very insecure protocol, because all segments are sent in clear text. Cisco IOS SSH allows an administrator to remotely manage a Cisco IOS device, such as a...

Network Address Translation and Port Address Translation

NAT is a router function, which allows it to translate the addresses of hosts behind a firewall. This also helps to overcome IP address shortage, and provides security by hiding the entire network and its real IP addresses. NAT is typically used for internal IP networks that have unregistered (not globally unique) IP addresses. NAT translates these unregistered addresses into legal addresses on the outside (public) network. PAT provides additional address expansion but is less flexible than...

CCIE Security Written Exam

The CCIE Security written exam uses the typical certification test format of asking multiple-choice questions with one or more correct answers per question. What makes some of the questions more difficult is that more than five answer choices are listed on some questions. This reduces the power of eliminating answers and choosing from those remaining. However, the number of required answers is given for each question. You might be required to give only one answer or select a couple of correct...

Enhanced Interior Gateway Routing Protocol

EIGRP is a Cisco-developed routing protocol that uses the same metric defined by IGRP multiplied by 256. The routing metric in EIGRP is based on bandwidth, delay, load, and reliability. The CCIE Security written exam does not test your understanding of EIGRP too greatly, so this section includes only the relevant topics for the exam. EIGRP is a Cisco proprietary routing protocol that can be used to route a number of Layer 3 protocols, including IP, IPX, and AppleTalk. This section is concerned...

Cisco VPN 3000 Concentrator

Mgate W5108 W5208 Series

The Cisco VPN 3000 Series Concentrators are purpose-built, remote access virtual private network (VPN) platforms that incorporate high availability, high performance, and scalability with the most advanced encryption and authentication techniques available today. The VPN 3000 supports a number of secure protocols Point-to-Point Tunneling Protocol (PPTP) Layer 2 Tunneling Protocol (L2TP) over IPSec The Cisco VPN 3000 Series Concentrator supports the widest range of connectivity options,...

IDS Tuning

Tuning IDS sensors is critical to a successful network implementation. IDS sensors generate alerts in response to all traffic matching established criteria without tuning, this will not be as reliable as possible. This could result in a large number of false positives, which could easily overwhelm security personnel and reduce the value of the information the IDS provides, resulting in a relaxed attitude by security support and administration staff until a real event occurs. But that could be...

IGP Routing 18 Points

After this section is completed, all routers must have full IP connectivity between every routing domain, including the ISDN backup interfaces when operational. Basic RIP Configuration (6 of 18 Points) Configure RIP on Router R1 and the PIX only Authenticate RIP between R1 and the PIX. VLAN_A resides in a RIPv2 domain only. Redistribute the RIP routes into the IGP network. Make sure that you can see distributed RIP routes throughout your topology and that the OSPF cost metric is set to 1000 for...

Hot Standby Router Protocol

HSRP allows networks with more than one gateway to provide redundancy in case of interface or router failure on any given router. HSRP allows router redundancy in a network. It is a Cisco proprietary solution that existed before the IETF defined the Virtual Router Redundancy Protocol (VRRP). To illustrate HSRP, Figure 1-12 displays a six-router network with clients on segments on Ethernet networks, Sydney and San Jose. Cisco exams typically test Cisco proprietary protocols more heavily than...

Advanced PIX Configuration 5 Points

In any security exam, you can be sure that the PIX will be a core device (only one PIX Firewall in the real CCIE exam), so the next few question highlight the areas of the PIX you should be proficient with to ensure that you are ready for the many scenarios that you might be asked to configure. The next section concentrates on a sample PIX topology to guide you in areas you should concentrate on in your study preparation. Configure the PIX to accept SSH connections. Make sure sessions are...

ACS Configuration 5 Points

The AAA ACS server is located on the R5 network with the IP address 144.254.6.2, and the server key is set to ccie. Configure the Router R2 so that it provides a TACACS-like username and encrypted password authentication system for networks that cannot support TACACS+. Limit this only to users on VLAN_D. Non-AAA Authentication Methods Solution Cisco IOS routers can be configured to authorize usernames with the following command username name password password encryption-type This IOS command...

Network Time Protocol

NTP is used for accurate time-keeping and can, for example, reference atomic clocks that are present on the Internet. NTP is capable of synchronizing clocks within milliseconds and is a useful protocol when reporting error logs (for instance, from Cisco routers). NTP is useful for security incident event correlation across multiple security devices and helps to determine the exact time of the event. For NTP, the defined ports are UDP port 123 and TCP port 123. NTP can support a...

Domain Name System

This section covers the Domain Name System (DNS) and sample DNS configurations used on Cisco IOS routers. The primary use of DNS is to manage Internet names across the World Wide Web. To enable users or clients to use names instead of 32-bit IP addresses, the TCP IP model designers developed DNS to translate names into IP addresses. DNS uses TCP and UDP port number 53. TCP port 53 is also used for DNS zone transfers. UDP 53 is used for DNS lookups and browsing. In a large IP environment,...

Time Based Access List 4 Points

Employees connected to VLAN_C on R5 don't need web access while at work. Block web traffic from Monday through Friday between the hours of 7 00 a.m. and 5 00 p.m. On Fast Ethernet 0 1 VLAN_C, you need to apply an extended access list. Example 8-75 displays the extended access list configuration on R5 Fast0 1. Use a named access list to make things a little more interesting and easy to read. Example 8-75 Access List Configuration on R5 R5(config) interface fastethernet 0 1 R5(config-if) ip...

Basic ISDN Configuration 6 Points

The basic ISDN configuration task information is as follows ISDN switch type basic-5ess Configure the ISDN interfaces on R3 and R5 as follows Ensure that only R3 can call R5, and R3 should never challenge R5 for a username or password pairing. ISDN switch type is basic-5ess. Do not configure any SPIDs. If traffic exceeds more than 65 percent, the second ISDN B channel will be used. (Hint Enable ppp multilink.) If there is an error rate of 20 percent or higher, the interface on R3 should show...

Final Configurations

Finally, all lab components have been completed. For your reference, here are the full working configuration files of all routers, the Catalyst 3550 switch, and the PIX Firewall. Please note that these configurations are a guide, and you might have found other correct solutions, as well. It is the end goal of every CCIE lab to provide a working solution, be it on routing, switching, security, or voice. Example 8-111 displays the full working configuration for R1. Example 8-111 R1's Full Working...

IP Security

IPSec provides security services at the IP layer by enabling a system to select required security protocols, determine the algorithm(s) to use for the service(s), and put in place any cryptographic keys required to provide the requested services. -RFC 2401, Security Architecture for the Internet Protocol IPSec is a defined encryption standard that encrypts the upper layers of the OSI model by adding a new predefined set of headers. IPSec is not just an encryption standard IPSec provides a...

Password Recovery

Sometimes, the Cisco enable or secret password is unknown and thus you must use password recovery to attain or change the enable or secret password. Password recovery allows the network administrator to recover a lost or unknown password on a Cisco router. For password recovery, an administrator must have physical access to the router through the console or auxiliary port. When an EXEC user enters an incorrect enable password, the user receives an error message similar to the message shown in...

SNMP Notifications

SNMP's key feature is that it enables you to generate notifications from SNMP agents. Cisco routers can be configured to send SNMP traps or informed requests to a network management system (NMS), where a network administrator can view the data. Figure 2-6 displays the typical communication between an SNMP manager and the SNMP agent (for example, a Cisco-enabled SNMP router). Figure 2-6 Communication Between SNMP Manager and SNMP Agent Trap (no acknowledge) or Inform Requests (acknowledgment...

NAT Operation on Cisco Routers

When a packet leaves the inside network, NAT translates the inside address to a unique InterNIC address for use on the outside network, as previously shown in Figure 6-2. The R1 Router in Figure 6-2 will be configured for an address translation and will maintain a NAT table. When an IP packet returns from the outside network, the NAT router will then perform an address translation from the valid InterNIC address to the original local inside address. Several internal addresses can be translated...

Networking Basics The OSI Reference Model

This section covers the Open System Interconnection (OSI) seven-layer reference model and common examples of each Individual OSI layer. CCIE candidates must fully understand and appreciate the OSI model, because almost every routed protocol in use today is based on its architecture. The OSI model was developed by a standards body called the International Organization for Standardization (ISO) to provide software developers with a standard architecture to develop protocols (such as IP). For...

Conclusion

You should be able to complete the sample CCIE Routing and Switching lab in this appendix within 8 hours. The difficulty level presented here is similar to what you can expect in any CCIE lab examination in fact, the difficulty level here might be higher. Focus your attention on time management and the ability to configure a set number of Cisco IOS features very quickly. If you complete this lab successfully, try it again by modifying the questions and changing the IP routing algorithm. For...

Routing Information Protocol

RIP is one the oldest routing protocols in use today. RIP is a distance vector protocol. Table 1-9 defines the characteristics of a distance vector protocol. Table 1-9 Distance Vector Protocol Characteristics Table 1-9 Distance Vector Protocol Characteristics Periodic updates are sent at a set interval for IP RIP, this interval is 30 seconds. Updates are sent to the broadcast address 255.255.255.255. Only devices running routing algorithms listen to these updates. When an update is sent, the...

Access Lists on Cisco Routers

By default, a Cisco router permits all IP and TCP traffic unless an access list is defined and applied to the appropriate interface. Figure 3-4 illustrates the steps taken if an access list is configured on a Cisco router. If an incoming IP packet is received on a router and no access list is defined, the packet is forwarded to the IP routing software. If an access list is defined and applied, the packet is checked against the access list, and the appropriate permit or deny action is taken. The...

Warning and Disclaimer

This book is designed to provide information about the CCIE Security written exam. Every effort has been made to make this book as complete and as accurate as possible, but no warranty or fitness is implied. The information is provided on an as is basis. The author, Cisco Press, and Cisco Systems, Inc. shall have neither liability nor responsibility to any person or entity with respect to any loss or damages arising from the information contained in this book or from the use of the discs or...

Remote Authentication DialIn User Service

RADIUS is a client server-based system that secures a Cisco network against intruders. Implemented in Cisco IOS, RADIUS sends authentication requests to a RADIUS server. RADIUS was created by Livingston Enterprises and is now defined in RFCs 2865 2866 (RFCs 2138 2139 are now obsolete). A RADIUS server is a device that has the RADIUS daemon or application installed. RADIUS must be used with AAA to enable the authentication, authorization, and accounting of remote users when using Cisco IOS...

Catalyst Services Module

The Cisco Catalyst 6500 Series Switch is the Cisco frontline router and switch. Although not yet used in the CCIE Security lab exam, the Catalyst 6500 is covered in the written exam. The Catalyst 6500 security features are very enhanced and widely deployed across the globe. Cisco supports IDS in the Catalyst 6500 Series Switch with the Cisco Catalyst 6500 Series IDS Services Module (IDSM-2), shown in Figure 5-4. The original version of the same card was IDSM. The IDSM-2 module works in concert...

Q A

Where is the running configuration stored on a Cisco router Answer The running configuration is stored in RAM. For all newer Cisco hardware platforms, the running configuration is stored in dynamic RAM (DRAM). 2. What IOS command displays the startup configuration Answer The IOS command show startup-config or show config displays the configuration stored in NVRAM. System flash directory File Length Name status 1 9558976 c2500-ajs40-l.12-17.bin 9559040 bytes used, 7218176 available, 16777216...

Asynchronous Communications and Access Devices

An asynchronous (async) communication is a digital signal that is transmitted without precise clocking. The RS-232 session between a router and PC through the console connection is an example of async communications. Such signals generally have different frequencies and phase relationships. Asynchronous transmissions usually encapsulate individual characters in control bits (called start and stop bits) that designate the beginning and the end of each character. For example, the auxiliary port...

Configuration Registers

The configuration register is a 16-bit number that defines how a router operates on a power cycle. These options include whether the IOS image will be loaded from Flash or ROM. Configuration registers advise the CPU to load the configuration file from the NVRAM or to ignore the configuration file stored in memory, for example. The default configuration register is displayed as 0x2102. Table 3-1 lists the binary conversion from 0x2102. Table 3-1 x2102 Binary Conversion (Continued) Table 3-1...

CAM Table Overflow

This section first reviews exactly how the CAM table operates, so that you appreciate how easily it can be comprised. Figure 3-6 displays a typical Layer 2 switch network with one switch and three PCs labeled with MAC addresses A, B, and C to simplify the figure. Figure 3-6 CAM Table Operation Step 1 Figure 3-6 CAM Table Operation Step 1 CAM Table Port 1 A Port 2 B Port 3 - CAM Table Port 1 A Port 2 B Port 3 C Figure 3-6 displays the typical CAM table population by a Cisco switch. When Device...

Additional Advanced Lab Topics No Solutions Provided

Presented here are some advanced CCIE Security questions with no lab solutions so that you may investigate and try to solve them on your own, just as you would have to do in the lab exam. These bonus CCIE Security lab topics are added because they are not covered in the main section of this chapter. Hopefully they will provide you with some example questions and help you discover your own exam techniques to help you achieve maximum success in the CCIE Security lab. In every CCIE lab exam that I...

Cisco Secure for Windows NT and Cisco Secure ACS

Cisco Systems has developed a number of scalable security software products to help protect and ensure a secured network in relation to Cisco products. Cisco Secure provides additional network security when managing IP networks designed with Cisco devices. Cisco Secure can run on Windows NT 2000 and UNIX platforms. The latest CCIE Security examination no longer requires a candidate to be proficient in the UNIX version. Some details are left in this guide for completeness so that in the real...

Prevent Denialof Service Attacks 4 Points

Legitimate users from Company A no longer have access to their internal website on VLAN_A. A network sniffer analyzer advises that attacks have taken place on VLAN_A in your network subnet 144.254.1.0 30. E-mail server and FTP services (VLAN 2) are unavailable because a hacker is flooding the server with a number of requests for connections. Configure your router to prevent TCP servers from accepting TCP SYN attacks and flooding VLAN_A. Prevent Denial-of-Service Attacks Solution TCP Intercept...

PIX Configuration 6 Points

PIX1 is connected to R1 by the inside interface, and the outside interface is connected to a managed router through a 10-Mbps connection on the outside interface. Use the IP address 144.254.1.2 30 for the inside interface the outside interface should be set to 9.1.1.1 24. PIX1 should use RIPv2 to communicate to R1 and supply a default route to R1. (Note that with PIX 6.3 in the current exam, OSPF may be required also. Ensure that you have the skill set for OSPF as well.) Ensure that all RIP...

Steps Required to Achieve CCIE Security Certification

The CCIE Security certification requires a candidate to pass two exams A 2-hour, computer-based written exam ( 350-018) consisting of 100 questions. The pass mark is approximately 70 percent, but varies according to statistics and could float between 65 and 75 percent. This book is designed to help prepare you for this written exam. An 8-hour lab exam. The passing score is set at 80 percent. Historically, the lab exam was a full 2-day lab that changed October 1, 2001. All CCIE lab exam versions...

IPSec Configuration 6 Points

The Frame Relay network between R2, R3, and R4 requires IPSec to ensure that no data between these routers is susceptible to intruders. Set up IPSec using preshared keys between R2, R3, and R4, and ensure that the following points are taken into account Use MD5 as the hashing algorithm. Authentication will be preshared. The authentication key is CciE use a 56-bit key. Use SHA to calculate the hashes on the actual packet payloads in ESP. Set up IPSec in transport mode. Set the security...

Troubleshooting PIX Firewall Log Files

The PIX Firewall can be configured to send system messages to three different output locations. The first is the hardware-based console. Typically, organizations always maintain a remote connection to the console interface of the core firewall within their network. The second is through an active Telnet session, which is insecure, of course, because Telnet is a clear-text protocol. Finally to gather system log messages is through the PIX Device Manager (PDM). PIX logs can also be sent through...

Scenario Configuring Dns Tftp Ntp and SNMP

This scenario uses a configuration taken from a working Cisco IOS router and tests your skills with DNS, TFTP, NTP, and SNMP. Example 2-14 displays the configuration of a Cisco router named R1. Example 2-14 R1 Running Configuration version 12.1 hostname R1 clock timezone UTC 10 no ip domain-lookup ip domain-name cisco.com ip host CCIE 131.108.1.1 ip host Router3 131.108.1.3 ip host Router2 131.108.1.2 ip host Router1 131.108.1.1 ip name-server 131.108.255.1 ip name-server 131.108.255.2...

Sample CCIE Routing and Switching Lab II

Sample Ccie Route Switch Lab Layout

This appendix is designed to assist you in your final preparation for the lab portion of the most popular CCIE certification to date, CCIE Routing and Switching (CCIE R& S). This second bonus version of the R& S lab examination contains only four routers, for those readers who do not have access to a large number of routers. This sample lab has been added after receiving many e-mails from readers who bought the previous edition of this book. I hope that it proves to be a useful...

CCIE Security Lab Exam

NOTE Although the focus of this book is to prepare you for the CCIE Security written exam only, you can find bonus material, such as this section, that helps start your preparation for the lab exam. Passing the written exam is the easier part of the CCIE Security certification journey. For the lab exam, your life needs to change dramatically, and you need to study on routers full time for at least 3 to 6 months. The good news is that the format of the lab exam has changed from 2 full days to 1...

General Networking Topics

This chapter covers general networking concepts listed in the CCIE Security blueprint for the written exam. The CCIE Security blueprint lists some example topics that define general networking, including switching, TCP IP, routed and routing protocols, PPP, ISDN, asynchronous communications, and telephony and wireless best practices. The CCIE Security written exam contains approximately 50 percent security questions and approximately 50 percent general networking questions. This chapter...

Organization of this Book

Each chapter starts by testing your current knowledge on the chapter's topics with a Do I Know This Already quiz. This quiz is aimed at helping you decide whether you need to cover the whole chapter, read only parts of the chapter, or just skip the chapter altogether. See the introduction to each Do I Know This Already quiz for more details. Each chapter then contains a Foundation Topics section with extensive coverage of the CCIE Security exam topics covered in that chapter. This is followed...

CCIE Security Examinations

This appendix describes some study tips and options for you to consider while preparing for the CCIE Security written and lab examinations. CCIE is regarded as the most sought-after certification in the industry today more and more vendors are devising their own certification programs and trying to catch up to the industry-leading Cisco Systems. Working in the CCIE program for the past two years, I have seen many changes and challenges facing potential CCIEs every day. At the end of 2004, there...

CCIE Security Self Study

This chapter is designed to assist you in your final preparation for the CCIE Security exam by providing you with an extensive lab that incorporates many of the technologies and concepts covered throughout this book. This lab requires a broad perspective and knowledge base. Any knowledge you have acquired through the practical examples presented in this guide and reallife network implementations will help you achieve the end goal a routable network according to the security design criteria. The...

CBAC Configuration Task List

Configuring CBAC requires the following tasks 1. Pick an interface internal or external. 2. Configure IP access lists at the interface. 3. Configure global timeouts and thresholds. 5. Apply the inspection rule to an interface. 6. Configure logging and audit trail. 7. Following other guidelines for configuring a firewall. Example 6-6 shows a router named R1 with two Ethernet interfaces, one defined as the inside interface (EthernetO) and the other defined as the outside interface (Ethernetl)....

Cisco Router and Security Device Manager

Cisco Router and Security Device Manager (SDM) is an intuitive, secure, web-based embedded device manager of Cisco IOS-enabled devices. SDM provides intelligent wizards, detects mis-configured devices, steps security managers through firewall and VPN configurations, and has been certified and recommended by some key organizations within Cisco, such as the Cisco Network Supported Accounts (NSA), a group of expert engineers within Cisco whose services are sold to high-end clients. SDM is the TAC...

FAQs About the CCIE Security Written Exam

This section answers some common questions about the written CCIE Security exam. These frequently asked questions should help dispel any confusion surrounding this exam. 1. How many questions are on the CCIE Security written exam There are 100 questions. All questions are multiple choice. Some questions require a single answer, whereas other questions require more than one answer to earn a point. Cisco no longer publishes a set passing score for the written exam. Instead, Cisco supplies you...

Network Based Intrusion Detection Systems

You will be forgiven for looking at this new blueprint objective and wondering what exactly is to be expected of a candidate taking the new CCIE Security written exam. This section unravels this objective and provides you with the best preparation possible to ensure that you pass this portion of the exam on your first attempt. Network-based intrusion detection has been defined by many security vendors, such as Cisco, which has defined IDS as a method of detecting an illegal packet within your...

CCIE Security Self Study Lab Part I Goals

The goal of Part I of this sample lab is to ensure that you provide a working IP network solution quickly and adhere to the guidelines given. You should take no longer than 4 hours to complete Part I. Starting in October 2004, the CCIE Security lab exam has some of the basic Frame Relay and routing protocols already configured, to allow candidates more time on security features. The following is a list of technology topics now preconfigured for the lab candidate Basic Frame Relay configuration...

CCIE Security Lab Exam FAQs

The following are some frequently asked questions about the difficult 1-day CCIE Security lab exam. 1. When did the lab format change from 2 days to 1 day October 2001. All CCIE certification labs worldwide now test candidates in the 1-day format. 2. Where can I take the CCIE Security lab exam Locations where you can take the CCIE Security lab exam follow Research Triangle Park (RTP), North Carolina, USA You can find more information at scheduling_lab_exam.html. 3. What is the maximum score and...

Sample CCIE Routing and Switching Lab I

NOTE Although the aim of this book is to help prepare you for the CCIE Security written exam, I include this appendix as bonus material for a few reasons. First, even though this is a sample lab for the CCIE Routing and Switching lab exam, it gives you an idea of the level of tasks involved in a CCIE lab examination. Second, being a triple CCIE myself, I recognize that if you are interested in attaining CCIE Security certification, you might be curious about the other CCIE options, as well....