Course Details

Candidates preparing for the CCIE Security Lab exam who already possess most of the theoretical knowledge required for the exam.

Candidates who have been preparing for the CCIE Security Lab exam who wish to assess their level of preparedness and who require additional practice.

This course is part of the following Certifications:

• CCIE (Cisco Certified Internetwork Expert) Security

CCIE Prerequisites
Candidates must have passed the CCIE written exam before attempting the lab boot camp (CCIE Security Written Exam Boot Camp)
Minimum of 3 – 5 years hands-on experience in respective field
Ideally CCNP certified
Determined attitude
Patience
Strong will

Cisco has responded to the challenge in the internetworking technology with the Cisco Certified Internetwork Expert (CCIE) Program.

This is a high-level certification program designed to identify and serve the best of the internetworking experts and to improve your hands-on skills. The CCIE certification is currently the most significant certification in the industry.

The CCIE Security Lab Boot Camp consists of a set of practice exercises covering all protocols tested in the CCIE lab exam. They are aimed at engineers preparing for the CCIE lab exam who already understand the theory of the protocols being tested and wish to practice implementing them in CCIE Lab style scenarios.

After completing this boot camp, delegates will be in a position to identify whether they are ready to sit the eight-hour lab exam which will test your ability to configure actual equipment and get the network running in a timed test situation. You must pass the lab within three years of passing the written to achieve certification. Your first lab attempt must be made within 18 months.

A first class Cisco instructor (CCIE) will conduct the lab, which is equipped with Cisco routers, switches and miscellaneous networking equipment.

The CCIE Security Lab Boot Camp is not a training session, but is designed for the purpose of practicing for the lab portion of the CCIE exam. Delegates should be prepared to work beyond the usual classroom hours.

Candidates will be expected to work at their own pace on the topics they feel they need the most practice on. It is not anticipated that all labs can be completed in the time provided; however complete solutions and associated comments will be provided for all exercises!

This 10 day boot camp contains extensive labs which will cover all technology areas in order to prepare delegates for the practical lab exam. As outlined by Cisco, this will be an eight-hour, hands-on exam which requires you to configure a series of complex networks to given specifications. Knowledge of troubleshooting is an important skill and candidates are expected to diagnose and solve issues as part of the CCIE lab exam.

Firewall
PIX and ASA Firewall, Basic Initialization, Access Management, Address Translation, ACLs, IP Routing, Object Groups, VLANs, AAA, VPNs, Filtering, Failover, Layer 2 Transparent Firewall, Security Contexts (Virtual Firewall), Modular Policy Framework, Application-Aware Inspection, High Availability Scenarios, QoS Policies, Other Advanced Features

IOS Firewall
CBAC, Audit, Auth Proxy, PAM, Access Control, Performance Tuning, Advanced Features

VPN
IPSec LAN-to-LAN, SSL VPN, DMVPN, CA (PKI), Remote Access VPN, VPN3000 Concentrator, VPN3000 IP Routing, Unity Client, WebVPN, EzVPN Hardware Client, XAuth, Split-tunnel, RRI, NAT-T, High Availability, QoS for VPN, GRE, mGRE, L2TP, PPTP, Advanced VPN Features

Intrusion Prevention System (IPS)
IPS 4200 Series Sensor Appliance, Basic Initialization, Sensor Configuration, Sensor Management, Promiscuous and Inline Monitoring, Signature Tuning, Custom Signatures, Blocking, TCP Resets, Rate Limiting, Signature Engines, IDM, Event Action, Event Monitoring, IOS IPS, PIX IDS, SPAN, RSPAN, Advanced Features

Identity Management
Security Protocols (RADIUS and TACACS+), Cisco Secure ACS, Configuration, Access Management (Telnet, SSH, Pwds, Priv Levels), Proxy Authentication, Service Authentication (FTP, Telnet, HTTP, other), Network Admission Control (NAC Framework solution), 802.1x, Advanced Features

Advanced Security
Mitigation Techniques, Packet Marking Techniques, Security RFCs (RFC1918, RFC2827, RFC2401), Service Provider Security, Black Holes, Sink Holes, RTBH Filtering (Remote Triggered Black Hole), Traffic Filtering using Access-lists, NAT, TCP Intercept, uRPF, CAR, NBAR, NetFlow, Flooding, Spoofing, Policing, Fragmentation, Sniffer Traces, Catalyst Management and Security, Traffic Control and Congestion Management, Catalyst Features and Advanced Configuration, IOS Security Features

Network Attacks
Network Reconnaissance, IP Spoofing Attacks, MAC Spoofing Attacks, ARP Spoofing Attacks, Denial of Service (DoS), Distributed Denial of Service (DDoS), Man-in-the-Middle (MiM) Attacks, Port Redirection Attacks, DHCP Attacks, DNS Attacks, Fragment Attacks, Smurf Attacks, SYN Attacks, MAC Attacks, VLAN Hopping Attacks, Other Layer2 and Layer3 Attacks