From: Petr Lapukhov (petr@internetworkexpert.com)
Date: Fri Sep 29 2006 - 07:08:41 ART
I got a reply from Cisco ;)
Definitely, they won't change IOS, and all routers will run 12.2T.
NAC will be supported on PIX/ASA v 7.x, VPN3000 v 4.7 and
3550 switches (12.2SEE).
[ Just wondering how could they position ISR series as top enterprise
platform with security-on-board, and still test 12.2T in Security Lab :) ]
Now I just have to wait for reply to my ASA-related question:
are they going to use AIP/CSC SSMs for ASAs or not :)
2006/9/29, Narbik Kocharians <narbikk@gmail.com>:
>
> I think based on what i heard in the networkers (This is from the
> proctors), there will be 5 to 7 percent R&S and the rest will be Security
> related only.
>
> On 9/28/06, Scott Morris <swm@emanon.com> wrote:
> >
> > Don't sell things short though. If you start with an "unsecure" network
> > and
> > all of a sudden you are inserting things like ASA/PIX/VPN devices, you
> > will
> > have to modify SOME basic routing. While that may not be the large
> chunk
> > of
> > your exam any longer I would certainly never tell anyone to just blow it
> > off!
> >
> > Yes, some things are implied, but even with other routing protocols that
> > great mention of "route filtering" certainly leaves a lot to the
> > imagination.
> >
> >
> > Scott Morris, CCIE4 (R&S/ISP-Dial/Security/Service Provider) #4713,
> JNCIE
> > #153, CISSP, et al.
> > CCSI/JNCI-M/JNCI-J
> > IPExpert VP - Curriculum Development
> > IPExpert Sr. Technical Instructor
> > smorris@ipexpert.com
> > http://www.ipexpert.com
> >
> >
> > _____
> >
> > From: petrsoft@gmail.com [mailto:petrsoft@gmail.com] On Behalf Of Petr
> > Lapukhov
> > Sent: Thursday, September 28, 2006 12:54 AM
> > To: Scott Morris
> > Cc: ccielab; security@groupstudy.com
> > Subject: Re: Security Lab Exam Blueprint, year 2007
> >
> >
> > Looking at new blueprint, I'd say that Bridging/Switching and IGP/BGP
> > stuff
> >
> > is _not_ explicitly mentioned anymore (like it was many years before).
> >
> > The only thing they talk about is PIX/ASA/VPN3k routing. BGP is
> implicitly
> > mentioned in topics like "Network Attacks: Blackholes/Sinkholes, RTBH"
> >
> > This definitely should mean that accents are moving away from R&S...
> > I think at least people should stop thinking about redistribution and
> IGP
> > fine-tuning, as well as all those crazy OSPF configurations :)
> >
> >
> > 2006/9/27, Scott Morris <swm@emanon.com>:
> >
> > Reduce? That's all relative. Rearrange. Some labs may be heavy in
> 'em,
> > others may not. I think the basics will all be done now, but there's
> > still
> > a lot of things that COULD be security within R&S topics.
> >
> > More coins to toss around I guess! :)
> >
> > Scott
> >
> > -----Original Message-----
> > From: nobody@groupstudy.com [mailto:nobody@groupstudy.com
> > <mailto:nobody@groupstudy.com> ] On Behalf Of Petr
> > Lapukhov
> > Sent: Wednesday, September 27, 2006 11:31 AM
> > To: Scott Morris
> > Cc: ccielab; security@groupstudy.com
> > Subject: Re: Security Lab Exam Blueprint, year 2007
> >
> > Quite a relief :)
> >
> > Though it sounds ridiculous to keep that old version of IOS, they
> still
> > do
> > it :) I wonder if they plan to reduce the amount of R&S tasks in
> Security
> > Track.
> > [I think in present track there is about 30-40% of R&S in lab exam]
> >
> > Aside from all that, it looks like new lab is going to be all about
> > PIX/ASAs/VPN3000/IPS. Mix, but don't shake :)
> >
> > Anyway, quite a bunch of new things to learn. More fun and great stuff
> :)
> >
> > 2006/9/27, Scott Morris < swm@emanon.com>:
> > >
> > > I think you've noticed the dilemma of the security lab changes!
> > >
> > > Layer 2 Transparent firewalls are specifically mentioned under PIX/ASA
> > > Firewalls, NOT the IOS Firewall.
> > >
> > > For NAC, the reference is quite generic and what I would therefore
> > > anticipate is that the PIX and/or ASAs will be your choke point for
> > > NAC testing. NAC commands were introduced in 7.2(1), which certainly
> > > falls in that "7.x" specified on the web page.
> > >
> > >
> > > http://www.cisco.com/en/US/products/ps6120/products_configuration_guid
> > <http://www.cisco.com/en/US/products/ps6120/products_configuration_guid>
> > > e_chap
> > > ter09186a008066ebb8.html
> > >
> > > On the VPN Concentrator, 4.7 introduced NAC features (4.7, 4.71,
> > > 4.72) and those are on that list of OS versions as well.
> > >
> > > http://www.cisco.com/warp/public/471/vpn3k-nac-config-471.html
> > >
> > > So my thought is that IOS will not be doing NAC at this point in time.
> > >
> > > HTH,
> > >
> > >
> > > Scott Morris, CCIE4 (R&S/ISP-Dial/Security/Service Provider) #4713,
> > > JNCIE #153, CISSP, et al.
> > > CCSI/JNCI-M/JNCI-J
> > > IPExpert VP - Curriculum Development
> > > IPExpert Sr. Technical Instructor
> > > smorris@ipexpert.com
> > > http://www.ipexpert.com
> > >
> > >
> > >
> > > -----Original Message-----
> > > From: nobody@groupstudy.com [mailto: nobody@groupstudy.com
> > <mailto:nobody@groupstudy.com> ] On Behalf
> > > Of Petr Lapukhov
> > > Sent: Wednesday, September 27, 2006 5:25 AM
> > > To: ccielab; security@groupstudy.com
> > > Subject: Security Lab Exam Blueprint, year 2007
> > >
> > > Hello group,
> > >
> > > I'm sorry to bother you guys with a minor question, but has anyone
> > > noted some discrepancy in new security blueprint and lab equipment
> > > software versions?
> > >
> > > <lab equipment>
> > > Software Versions Cisco IOS Software Version 12.2T
> > > Enterprise/IPSec/FW/IDS*feature set is used on all routers
> > >
> > > < /lab equipment>
> > >
> > > IOS version is 12.2T.
> > > And, for instance, lab exam topic:
> > >
> > > <blueprint2007>
> > > ...
> > > Network Admission Control (NAC Framework solution) ...
> > > </blueprint2007>
> > >
> > > NAC is supported in IOS only since 12.3(8)T
> > >
> > > Does anyone have more information on the subject. I'm especially
> > > worried with IOS versions, which *really* make big difference (e.g.
> > > IPS, L2 transparent firewall, VTI, etc, etc, etc).
> > >
> > > I also sent a letter to ccie-lab@cisco.com but Cisco guys are usually
> > > slow in response and probably too busy to answer such questions ;)
> > >
> > > Thanks in advance,
> > >
> > > --
> > > Petr Lapukhov, CCIE #16379
> > > petr@internetworkexpert.com
> > >
> > > Internetwork Expert, Inc.
> > > http://www.InternetworkExpert.com
> > > Toll Free: 877-224-8987
> > > Outside US: 775-826-4344
> > >
> > > ______________________________________________________________________
> > > _ Subscription information may be found at:
> > > http://www.groupstudy.com/list/CCIELab.html
> > >
> > > ______________________________________________________________________
> > > _ Subscription information may be found at:
> > > http://www.groupstudy.com/list/CCIELab.html
> > >
> >
> >
> >
> > --
> > Petr Lapukhov, CCIE #16379
> > petr@internetworkexpert.com <mailto:petr@internetworkexpert.com>
> >
> > Internetwork Expert, Inc.
> > http://www.InternetworkExpert.com
> > Toll Free: 877-224-8987
> > Outside US: 775-826-4344
> >
> > _______________________________________________________________________
> > Subscription information may be found at:
> > http://www.groupstudy.com/list/CCIELab.html
> >
> >
> >
> >
> >
> > --
> > Petr Lapukhov, CCIE #16379
> > petr@internetworkexpert.com
> >
> > Internetwork Expert, Inc.
> > http://www.InternetworkExpert.com
> > Toll Free: 877-224-8987
> > Outside US: 775-826-4344
> >
> > _______________________________________________________________________
> > Subscription information may be found at:
> > http://www.groupstudy.com/list/CCIELab.html
> >
>
>
>
> --
> Narbik Kocharians
> CCIE# 12410 (R&S, SP, Security)
> CCSI# 30832
> Network Learning, Inc. (CCIE class Instructor)
> www.ccbootcamp.com (CCIE Training)
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
>
-- Petr Lapukhov, CCIE #16379 petr@internetworkexpert.comInternetwork Expert, Inc. http://www.InternetworkExpert.com Toll Free: 877-224-8987 Outside US: 775-826-4344
This archive was generated by hypermail 2.1.4 : Sun Oct 01 2006 - 16:55:41 ART