From: Scott Morris (swm@emanon.com)
Date: Thu Sep 28 2006 - 13:04:21 ART
Don't sell things short though. If you start with an "unsecure" network and
all of a sudden you are inserting things like ASA/PIX/VPN devices, you will
have to modify SOME basic routing. While that may not be the large chunk of
your exam any longer I would certainly never tell anyone to just blow it
off!
Yes, some things are implied, but even with other routing protocols that
great mention of "route filtering" certainly leaves a lot to the
imagination.
Scott Morris, CCIE4 (R&S/ISP-Dial/Security/Service Provider) #4713, JNCIE
#153, CISSP, et al.
CCSI/JNCI-M/JNCI-J
IPExpert VP - Curriculum Development
IPExpert Sr. Technical Instructor
smorris@ipexpert.com
http://www.ipexpert.com
_____
From: petrsoft@gmail.com [mailto:petrsoft@gmail.com] On Behalf Of Petr
Lapukhov
Sent: Thursday, September 28, 2006 12:54 AM
To: Scott Morris
Cc: ccielab; security@groupstudy.com
Subject: Re: Security Lab Exam Blueprint, year 2007
Looking at new blueprint, I'd say that Bridging/Switching and IGP/BGP stuff
is _not_ explicitly mentioned anymore (like it was many years before).
The only thing they talk about is PIX/ASA/VPN3k routing. BGP is implicitly
mentioned in topics like "Network Attacks: Blackholes/Sinkholes, RTBH"
This definitely should mean that accents are moving away from R&S...
I think at least people should stop thinking about redistribution and IGP
fine-tuning, as well as all those crazy OSPF configurations :)
2006/9/27, Scott Morris <swm@emanon.com>:
Reduce? That's all relative. Rearrange. Some labs may be heavy in 'em,
others may not. I think the basics will all be done now, but there's still
a lot of things that COULD be security within R&S topics.
More coins to toss around I guess! :)
Scott
-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com
<mailto:nobody@groupstudy.com> ] On Behalf Of Petr
Lapukhov
Sent: Wednesday, September 27, 2006 11:31 AM
To: Scott Morris
Cc: ccielab; security@groupstudy.com
Subject: Re: Security Lab Exam Blueprint, year 2007
Quite a relief :)
Though it sounds ridiculous to keep that old version of IOS, they still do
it :) I wonder if they plan to reduce the amount of R&S tasks in Security
Track.
[I think in present track there is about 30-40% of R&S in lab exam]
Aside from all that, it looks like new lab is going to be all about
PIX/ASAs/VPN3000/IPS. Mix, but don't shake :)
Anyway, quite a bunch of new things to learn. More fun and great stuff :)
2006/9/27, Scott Morris < swm@emanon.com>:
>
> I think you've noticed the dilemma of the security lab changes!
>
> Layer 2 Transparent firewalls are specifically mentioned under PIX/ASA
> Firewalls, NOT the IOS Firewall.
>
> For NAC, the reference is quite generic and what I would therefore
> anticipate is that the PIX and/or ASAs will be your choke point for
> NAC testing. NAC commands were introduced in 7.2(1), which certainly
> falls in that "7.x" specified on the web page.
>
>
> http://www.cisco.com/en/US/products/ps6120/products_configuration_guid
<http://www.cisco.com/en/US/products/ps6120/products_configuration_guid>
> e_chap
> ter09186a008066ebb8.html
>
> On the VPN Concentrator, 4.7 introduced NAC features (4.7, 4.71,
> 4.72) and those are on that list of OS versions as well.
>
> http://www.cisco.com/warp/public/471/vpn3k-nac-config-471.html
>
> So my thought is that IOS will not be doing NAC at this point in time.
>
> HTH,
>
>
> Scott Morris, CCIE4 (R&S/ISP-Dial/Security/Service Provider) #4713,
> JNCIE #153, CISSP, et al.
> CCSI/JNCI-M/JNCI-J
> IPExpert VP - Curriculum Development
> IPExpert Sr. Technical Instructor
> smorris@ipexpert.com
> http://www.ipexpert.com
>
>
>
> -----Original Message-----
> From: nobody@groupstudy.com [mailto: nobody@groupstudy.com
<mailto:nobody@groupstudy.com> ] On Behalf
> Of Petr Lapukhov
> Sent: Wednesday, September 27, 2006 5:25 AM
> To: ccielab; security@groupstudy.com
> Subject: Security Lab Exam Blueprint, year 2007
>
> Hello group,
>
> I'm sorry to bother you guys with a minor question, but has anyone
> noted some discrepancy in new security blueprint and lab equipment
> software versions?
>
> <lab equipment>
> Software Versions Cisco IOS Software Version 12.2T
> Enterprise/IPSec/FW/IDS*feature set is used on all routers
>
> < /lab equipment>
>
> IOS version is 12.2T.
> And, for instance, lab exam topic:
>
> <blueprint2007>
> ...
> Network Admission Control (NAC Framework solution) ...
> </blueprint2007>
>
> NAC is supported in IOS only since 12.3(8)T
>
> Does anyone have more information on the subject. I'm especially
> worried with IOS versions, which *really* make big difference (e.g.
> IPS, L2 transparent firewall, VTI, etc, etc, etc).
>
> I also sent a letter to ccie-lab@cisco.com but Cisco guys are usually
> slow in response and probably too busy to answer such questions ;)
>
> Thanks in advance,
>
> --
> Petr Lapukhov, CCIE #16379
> petr@internetworkexpert.com
>
> Internetwork Expert, Inc.
> http://www.InternetworkExpert.com
> Toll Free: 877-224-8987
> Outside US: 775-826-4344
>
> ______________________________________________________________________
> _ Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
>
> ______________________________________________________________________
> _ Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
>
-- Petr Lapukhov, CCIE #16379 petr@internetworkexpert.com <mailto:petr@internetworkexpert.com>Internetwork Expert, Inc. http://www.InternetworkExpert.com Toll Free: 877-224-8987 Outside US: 775-826-4344
This archive was generated by hypermail 2.1.4 : Sun Oct 01 2006 - 16:55:41 ART