Re: VPN and IDS boxes!!!!
From: Ricardo Ferreira (ricardo.ferreira@quadcomm.com.br)
Date: Thu May 13 2004 - 09:34:19 GMT-3
I do not want to put more fire on this but I have collected certfications
over the years. Actually my first certification - MCSE - dates back 1995 and
have been working even with others , - RHCE, MCP, MCSE+I, etc.... Regarding
Cisco got my CCNA in 1998 and started working harder to get DA, DP and NP
and even CCIE written and Lab ( do not worry I failed my first attempt in
December 2001 ) and I can say very comfortably and safely the CCIE is the
most difficult certification to achieve into this industry. I understand why
some people feel bad when they do other certifications and the beast - CCIE
lab - is something that they still do not have done succesfully. But that is
the price you have to pay for being an expert as you have in other areas of
the knowledge such as Law, Business, etc...
To be considered an expert into the neworking industry you must have passed
the Cisco expert certification. Does not matter what the industry not
myself is calling paper or book certifications you may have. Unfortunately
this is what I have heard some companies saying when they go contracting
high level techical people. The other players should change how the market
see their certification programs and Cisco has the responsability to keep
CCIE certification exactly how it's been over the years. Very, very hard to
achieve but not impossible to be achieved.
By the way I already scheduled my second lab attempt...
Ricardo
----- Original Message -----
From: "Scott Morris" <swm@emanon.com>
To: "'Brad Spencer'" <bradsp@outworks.net>; "'Dmitry Volkov'"
<dmitry.volkov@rogers.com>; "'CCIE# 12388'" <Nettable_walker@hotmail.com>;
"'Church, Chuck'" <cchurch@wamnetgov.com>; "'Teck PhrEAk!!'"
<phreakinphunk@hotmail.com>; <groupstudy@cconlinelabs.com>;
<ccielab@groupstudy.com>; <security@groupstudy.com>
Sent: Wednesday, May 12, 2004 11:37 PM
Subject: RE: VPN and IDS boxes!!!!
> Don't assume. Safer that way.
>
> I wasn't bashing those certifications. Belaboring the obvious points that
> you had noted about being able to memorize the material makes them
> inherently more straightforward. I did my MCSE, so been-there-done-that.
> It served a purpose, as do all other certifications. However, by offering
a
> multiple choice test, statisticaly, a monkey does indeed have a chance of
> passing the exams. (Note, I am not intending to offend monkeys either!)
>
> My opinions about the matter have nothing to do with the quantity of
> certifications that I have... I have done a number of the multiple choice
> tests... A long time ago it was Novell tests, then it was Microsoft
> tests... In the Cisco world alone, I've gone through CCNA (WAN
Switching),
> CCDA, CCDP, CQS - Cable, CQS - Remote Access, IP Tel Design, IP Tel
Support,
> CCSP and a number of other tests because I'm a certified Cisco instructor.
> So it's not an opinion that I put out there without a significant amount
of
> experience to back it up. I don't think badly of any of those
> certifications that I have.
>
> However, the phiosophy behind the creation of the exams is different. In
> all of the NA/NP/DA/DP/Specialist certification exams, the tests are owned
> by the same people who created the courseware. There is often a direct
> correlation between the two. Having created much of the existing (and
> revised) cable modem courseware for Cisco, I also was lucky enough to
> participate in the exam creation. A fun process all in all, but there is
a
> lot of debate that goes on at both ends of the process for what the goal
is.
> All of this falls within the ILSG folks at Cisco.
>
> The CCIE program is a completely different beast designed and maintained
by
> completely different people. Their goal in life is to certify and
maintain
> people who are capable of expert-level work on Cisco devices. As you've
> noted, there are many different tracks to cover different focus topics in
> the industry. A "typical" enterprise network engineer would have little
> hope of creating an MPLS-based network (no offense to enterprise folks),
> while a service-provider infrastructure engineer would have equally little
> hope creating a DLSW-based network. Tracks are debated and created to
> address popular shifts like that in the marketplace(s) that Cisco sells
> within.
>
> As for the requirements that are listed on Cisco's web site, once you look
> at the lab you get, you can see that things are very clearly delineated
> there. Knowing enough about whatever track you are studying for, and
> gaining the expert-level experience within that, you'll also be able to
more
> readily predict what kinds of topics and scenarios may be on your exam.
> But, like in real life, you still need to be able to deal with the unknown
> hitting you from behind. If it were simple, there would be a million
CCIEs.
> What fun would that be?
>
> For the general knowledge and specific knowledge, you are referring only
to
> the written qualifying exam (which, by the way, I thought you needed to
pass
> before joining these lists (shrug)). While you aren't expected to know
> detailed DLSW configurations for the Security exam, you are still expected
> to know things like BGP configuration. I mean, you are going to maintain
> security THROUGHOUT a network, are you not? If you only expect to ever
deal
> with one microcosm, there are more appropriate certs. (No offense
intended,
> just a plethora of topic-focussed certifications to demonstrate your
> expertise in the areas you wish to play in)
>
> All that being said, the quote was in context. :) Philosophically
anyway.
>
> Cheers,
>
> Scott
>
> -----Original Message-----
> From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
Brad
> Spencer
> Sent: Wednesday, May 12, 2004 6:41 PM
> To: swm@emanon.com; 'Dmitry Volkov'; 'CCIE# 12388'; 'Church, Chuck'; 'Teck
> PhrEAk!!'; groupstudy@cconlinelabs.com; ccielab@groupstudy.com;
> security@groupstudy.com
> Subject: RE: VPN and IDS boxes!!!!
>
> I assume the reasoning behind separating the CCIE exams into the tracks
> marketed by Cisco is to place a testable focus on a particular networking
> direction. To obtain the knowledge for a particular CCIE tract, general
> knowledge and specific tract knowledge is needed. As I said before an over
> generalized tract would not (the keyword here is over) prepare a CCIE
> candidate for the tract being tested. One wouldn't study all the other
> tracks in order to obtain a CCIE Security cert so there is indeed the need
> to be specific about the technologies being tested. I have never sat the
> CCIE lab but I would expect that they follow the outline they provide with
> minimal marketing spin.
>
>
> Scott,
> I have sat and passed two CCSP tests and I found them similar to the MCSE
> exams. I don't see precedence in this thread to justify bashing the
> certifications you mentioned below then attribute any 'person' requiring
> 'straight forward' 'simple' certifications. At least you felt hate for
> coming off 'that' way...
>
> I see where your arguments come from being you already have 4 CCIE
> certifications and it is now important for you to show that a widely
> generalized information set of skills is important. I want you to feel
> important about your knowledge but keep in mind some people on this list
do
> not value generalized CCIE Cisco knowledge but are pure security
> professionals. I have read the CCIE outlines and I found that when I pass
> the CCIE Security I will still have a _massive_ hole in my security
> knowledge and my first direction in filling this void will not be to sit
> more unrelated CCIE exams.
>
>
> Cheers,
> Brad
>
> Anonymous
> ... Any fool can regurgitate Einstein quotes, but only the person that
truly
> listens can mention them in context.
>
> -----Original Message-----
> From: Scott Morris [mailto:swm@emanon.com]
> Sent: Wednesday, May 12, 2004 3:52 PM
> To: 'Brad Spencer'; 'Dmitry Volkov'; 'CCIE# 12388'; 'Church, Chuck'; 'Teck
> PhrEAk!!'; groupstudy@cconlinelabs.com; ccielab@groupstudy.com;
> security@groupstudy.com
> Subject: RE: VPN and IDS boxes!!!!
>
> You're missing the point then... And I really hate to come off this way,
> but if you are looking for simple, straight-forward certifications, go
look
> at the A+ or Microsoft or TIA certs.
>
> Now, that being said... There's a LOT of information that could be on the
> CCIE lab. It's not up to those of us who come up with prep lab stuff,
it's
> up to Cisco. When you go through things in real life, you don't always
get
> to pick and choose the best stuff to work with.
>
> Prep material, by definition, should be thorough but also leave room for
> differences. Are you going to get pissed because your prep lab made you
> learn FST encapsulation for DLSW but your real lab 'only' did TCP? What
> about the other way around?
>
> Kind of along the lines that you can't please everyone all the time, you
> can't always pick what's going to be on a lab. Cisco has a huge amount of
> things to choose from. And being an Expert does not mean that you really
> care whether FST or TCP is used, but the fact that you can adapt and
> implement either of them if the requirements call for it. The R&S is
> Enterprise focussed. There is the widest breadth of topics that appear
> here. Security, Voice and Service Provider are a bit more tightly
focussed
> if that helps any.
>
> As I've said in many posts before, nobody can know it all. But when you
> break things down to general technologies and learn those, you'll find
that
> there are many similarities throughout the stuff we have to learn. The
> details can be found on the DocCD. If you're familiar with it though, you
> won't be caught off guard by anything. THAT is the type of skillset
(IMHO)
> that Cisco is looking for in an Expert. Not the fact that you have
> memorized what the SAP values are in order to crank down a DLSW peer.
>
> The functionality of Cisco's equipment has NOTHING to do with what you get
> hit with on the exam. You're looking for something real life, but
> unfortunately, you seem to be forming your opinion around your perception
of
> real life. Which is completely different than my perception, which is
> likely a lot different than many other people's perceptions on this
list...
>
> The point, as you have illustrated there, is that you "nearly memorize for
> each exam." That's not an expert.
>
> As Albert Einstein once said, "Any fool can know. The point is to
> understand."
>
>
> Scott Morris, CCIE4 (R&S/ISP-Dial/Security/Service Provider) #4713, CISSP,
> JNCIP, et al.
> IPExpert CCIE Program Manager
> IPExpert Sr. Technical Instructor
> swm@emanon.com/smorris@ipexpert.net
> http://www.ipexpert.net
>
>
>
> -----Original Message-----
> From: Brad Spencer [mailto:bradsp@outworks.net]
> Sent: Wednesday, May 12, 2004 2:50 PM
> To: 'Dmitry Volkov'; 'Scott Morris'; 'CCIE# 12388'; 'Church, Chuck'; 'Teck
> PhrEAk!!'; groupstudy@cconlinelabs.com; ccielab@groupstudy.com;
> security@groupstudy.com
> Subject: RE: VPN and IDS boxes!!!!
>
> As paying CCIE lab customers we need to see a well documented hardware and
> knowledge list that consistently matches CCIE lab preparation
> recommendations. Over generalizing or under generalizing the recommended
> preparation material is counterproductive and makes for unhappy CCIE
> customers.
>
> I have invested many thousands to be a Cisco aficionado, but I don't see
> myself being so diehard in recommending Cisco equipment if I ever fail any
> Cisco exam due to over generalized or under generalized Cisco test
> preparation material.
>
> I have only seen the CCSP tests so far and I found the preparation
material
> to be fairly deep, enough to give me enough knowledge to figure things out
> in the field. The actual test questions I found were either too easy to be
> on the exam or were questions that did not belong on the exam based on the
> Cisco press study book - which I nearly memorize for each exam.
>
> Anyway, that is my experience and concerns with Cisco certs so far.
>
> Brad
>
> -----Original Message-----
> From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
> Dmitry Volkov
> Sent: Wednesday, May 12, 2004 12:35 PM
> To: 'Scott Morris'; 'CCIE# 12388'; 'Church, Chuck'; 'Teck PhrEAk!!';
> groupstudy@cconlinelabs.com; ccielab@groupstudy.com;
security@groupstudy.com
> Subject: RE: VPN and IDS boxes!!!!
>
> IDS and Conc were announced since Sept 29 2003. And it passed MANY months
> until they actually appeared (actually I don't know if it actually
happened
> at all :) This was NOT fair game. People had to buy all this stuff despite
> it was not tested at all.
> I believe that CCIE Sec should know Conc and Appliance and It's right way
> that it's in the list know and year ago it was not in the hardware list.
> Nobody can know everything and if test includes something - it must be
> tested - in general. It perfectly reasonable that somebody gets some
stuff
> on lab and somebody else - doesn't (like IDS on IOS or IDS on Linux),
> however it's not reasonable if it's listed but actually is never tested.
> Otherwise - why Lab equipment is listed on "Prepare for the Lab exam" page
> at all ?
>
> P.S. Despite I'm kind of grumpy here - I'm personally happy that I learned
> Conc and ids 4.1 :o)
>
>
> Dmitry
> R&S/Sec
>
>
>
> > -----Original Message-----
> > From: nobody@groupstudy.com [mailto:nobody@groupstudy.com]On Behalf Of
> > Scott Morris
> > Sent: Wednesday, May 12, 2004 11:56 AM
> > To: 'CCIE# 12388'; 'Church, Chuck'; 'Teck PhrEAk!!';
> > groupstudy@cconlinelabs.com; ccielab@groupstudy.com;
> > security@groupstudy.com
> > Subject: RE: VPN and IDS boxes!!!!
> >
> >
> > Absolutely true! Look at the economics. :)
> >
> > I know it's been a while since anyone mentioned it, but these things
> > all fall into the category of "Anything is Fair Game"... Know it all!
> >
> > You may get a lab that doesn't have IDS. You may get a lab that has a
> > LOT of IDS. Do you know before you show up which lab you're getting?
> > No.
> >
> > In the R&S.... You may get DLSW, or you may not. You may have L3
> > stuff spread throughout your switches, you may have a simple L2
> > architecture. You never know.
> >
> > Just like the Boy Scouts say... "Be Prepared"
> >
> >
> > Scott Morris, CCIE4 (R&S/ISP-Dial/Security/Service Provider) #4713,
> > CISSP, JNCIP, et al.
> > IPExpert CCIE Program Manager
> > IPExpert Sr. Technical Instructor
> > swm@emanon.com/smorris@ipexpert.net
> > http://www.ipexpert.net
> >
> >
> >
> > -----Original Message-----
> > From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf
> > Of CCIE# 12388
> > Sent: Tuesday, May 11, 2004 10:00 PM
> > To: Church, Chuck; Teck PhrEAk!!; groupstudy@cconlinelabs.com;
> > ccielab@groupstudy.com; security@groupstudy.com
> > Subject: Re: VPN and IDS boxes!!!!
> >
> > ----- Original Message -----
> > From: "Church, Chuck" <cchurch@wamnetgov.com>
> > To: "Teck PhrEAk!!" <phreakinphunk@hotmail.com>;
> > <groupstudy@cconlinelabs.com>; <ccielab@groupstudy.com>;
> > <security@groupstudy.com>
> > Sent: Monday, May 10, 2004 8:20 AM
> > Subject: RE: VPN and IDS boxes!!!!
> >
> >
> > > Sumit,
> > >
> > > The NDA pretty much states that you're not allowed to describe
> > > anything you see or hear in the lab. Asking other people these
> > > questions is asking them to violate the NDA. Your best and
> > safest bet
> > > is to know everything on the blueprint/equipment list
> > inside and out.
> > > On the bright side, looks like you can get an IDS on EBAY
> > for about $350
> > > right now. VPN conc is around $1500. If you plan on reselling them
> > > when you're done, it's probably cheaper in the long run
> > than a wasted
> > > lab attempt.
> > >
> > >
> > > Chuck Church
> > > Lead Design Engineer
> > > CCIE #8776, MCNE, MCSE
> > > Wam!Net Government Services - Design & Implementation Team
> > > 13665 Dulles Technology Dr. Ste 250
> > > Herndon, VA 20171
> > > Office: 703-480-2569
> > > Cell: 703-819-3495
> > > cchurch@wamnetgov.com
> > > PGP key:
> > >
> > http://pgp.mit.edu:11371/pks/lookup?op=index&search=cchurch%40
> > wamnetgov.
> > > com
> > > -----Original Message-----
> > > From: nobody@groupstudy.com [mailto:nobody@groupstudy.com]
> > On Behalf Of
> > > Teck PhrEAk!!
> > > Sent: Monday, May 10, 2004 3:25 AM
> > > To: groupstudy@cconlinelabs.com; ccielab@groupstudy.com;
> > > security@groupstudy.com
> > > Subject: VPN and IDS boxes!!!!
> > >
> > > Man!
> > >
> > > I dont see how asking for what topics to study for, for the exam is
> > > breaking the NDA??
> > > Even if someone wants to ask a question with all the right
> > intentions
> > > and without crossing the line.....someone always brings up the NDA
> > > thingy........guilt??........maybe.
> > >
> > > Would you appear for an exam (costing $1250) not to mention
> > > international air tickets and accomodation and the oh! so expensive
> > > training/books and equipment rentals without knowing what to study??
> > > Without knowing all the topics covered??
> > >
> > > I WOULDNT....for me its in excess of $5000/attempt...have to travel
> > > half-way around the globe for an attempt.....and dont
> > expect to shock
> > > myself with hardware that i have never worked on before.
> > >
> > > Sumit P. Ahuja
> > > CCIE(R&S)#11125,CCDP,CCNP,RHCE,SCSA,MCSE,IBM e-Com CCIE Security
> > > Candidate.
> > >
> > >
> > >
> > > >From: "Tony Schaffran" <groupstudy@cconlinelabs.com>
> > > >Reply-To: "Tony Schaffran" <groupstudy@cconlinelabs.com>
> > > >To: "'Teck PhrEAk!!'" <phreakinphunk@hotmail.com>,
> > > ><ccielab@groupstudy.com>, <security@groupstudy.com>
> > > >Subject: RE: VPN and IDS boxes in Security Lab.
> > > >Date: Sun, 9 May 2004 18:51:13 -0700
> > > >
> > > >I am certain that someone mentioned this the last time you asked.
> > > >
> > > >Please do not ask specifics about the lab. For someone
> > that has taken
> > > >the lab and answer you, it would be a violation of the NDA.
> > > >
> > > >If it is on the equipment list, then consider it in the lab.
> > > >
> > > >Tony Schaffran
> > > >Network Analyst
> > > >CCIE #11071
> > > >CCNP, CCNA, CCDA,
> > > >NNCDS, NNCSS, CNE, MCSE
> > > >
> > > >www.cconlinelabs.com
> > > >Your #1 choice for online Cisco rack rentals.
> > > >
> > > >
> > > >-----Original Message-----
> > > >From: nobody@groupstudy.com [mailto:nobody@groupstudy.com]
> > On Behalf Of
> > >
> > > >Teck PhrEAk!!
> > > >Sent: Friday, May 07, 2004 11:49 PM
> > > >To: ccielab@groupstudy.com; security@groupstudy.com
> > > >Subject: VPN and IDS boxes in Security Lab.
> > > >
> > > >Does any one know if the VPN and the IDS boxes have been
> > introduced in
> > > >the Lab exam yet??
> > > >
> > > >I am getting conflicting reports bout this...so dont know
> > to prepare
> > > >for it or not. Also i dont have access to these boxes.
> > > >
> > > >On the Cisco web-site it DOES appear in the equipment list though.
> > > >
> > > >
> > > >HAALLLLPPPP!!!!!
> > > >
> > > >_________________________________________________________________
> > > >Getting married? Find tips, tools and the latest trends at MSN Life
> > > Events.
> > > >http://lifeevents.msn.com/category.aspx?cid=married
> > > >
> > >
> > >_____________________________________________________________
> > __________
> > > >Please help support GroupStudy by purchasing your study
> > materials from:
> > > >http://shop.groupstudy.com
> > > >
> > > >Subscription information may be found at:
> > > >http://www.groupstudy.com/list/CCIELab.html
> > > >
> > >
> > >_____________________________________________________________
> > __________
> > > >Please help support GroupStudy by purchasing your study
> > materials from:
> > > >http://shop.groupstudy.com
> > > >
> > > >Subscription information may be found at:
> > > >http://www.groupstudy.com/list/CCIELab.html
> > >
> > > _________________________________________________________________
> > > FREE pop-up blocking with the new MSN Toolbar � get it now!
> > > http://toolbar.msn.com/go/onm00200415ave/direct/01/
> > >
> > >
> > ______________________________________________________________
> > _________
> > > Please help support GroupStudy by purchasing your study
> > materials from:
> > > http://shop.groupstudy.com
> > >
> > > Subscription information may be found at:
> > > http://www.groupstudy.com/list/CCIELab.html
> > >
> > >
> > ______________________________________________________________
> > _________
> > > Please help support GroupStudy by purchasing your study
> > materials from:
> > > http://shop.groupstudy.com
> > >
> > > Subscription information may be found at:
> > > http://www.groupstudy.com/list/CCIELab.html
> >
> > ______________________________________________________________
> > _________
> > Please help support GroupStudy by purchasing your study materials
> > from:
> > http://shop.groupstudy.com
> >
> > Subscription information may be found at:
> > http://www.groupstudy.com/list/CCIELab.html
> >
> > ______________________________________________________________
> > _________
> > Please help support GroupStudy by purchasing your study materials
> > from:
> > http://shop.groupstudy.com
> >
> > Subscription information may be found at:
> > http://www.groupstudy.com/list/CCIELab.html
>
> _______________________________________________________________________
> Please help support GroupStudy by purchasing your study materials from:
> http://shop.groupstudy.com
>
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
>
> _______________________________________________________________________
> Please help support GroupStudy by purchasing your study materials from:
> http://shop.groupstudy.com
>
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
This archive was generated by hypermail 2.1.4
: Wed Jun 02 2004 - 11:12:11 GMT-3