Re: Security Lab Exam Blueprint, year 2007

From: Narbik Kocharians (narbikk@gmail.com)
Date: Fri Sep 29 2006 - 11:55:00 ART

That's what i heard.

On 9/29/06, Brad Ellis <brad@ccbootcamp.com> wrote:
>
> Petr,
>
> At networkers, I was told they are NOT going to have any AIPs or CSCs in
> the
> ASAs.
>
> thanks,
> Brad Ellis
> CCIE#5796 (R&S / Security)
> CCSI#30482
> brad@ccbootcamp.com
> www.ccbootcamp.com (Cisco Training and Advanced Technology Rental Racks)
> Voice: 702-968-5100
> FAX: 702-446-8012
> ----- Original Message -----
> From: "Petr Lapukhov" <petr@internetworkexpert.com>
> To: "Narbik Kocharians" <narbikk@gmail.com>
> Cc: "Scott Morris" <swm@emanon.com>; "ccielab" <ccielab@groupstudy.com>;
> <security@groupstudy.com>
> Sent: Friday, September 29, 2006 3:08 AM
> Subject: Re: Security Lab Exam Blueprint, year 2007
> [bcc][faked-from][bayes]
>
>
> I got a reply from Cisco ;)
>
> Definitely, they won't change IOS, and all routers will run 12.2T.
>
> NAC will be supported on PIX/ASA v 7.x, VPN3000 v 4.7 and
> 3550 switches (12.2SEE).
>
> [ Just wondering how could they position ISR series as top enterprise
> platform with security-on-board, and still test 12.2T in Security Lab :) ]
>
> Now I just have to wait for reply to my ASA-related question:
> are they going to use AIP/CSC SSMs for ASAs or not :)
>
> 2006/9/29, Narbik Kocharians <narbikk@gmail.com>:
> >
> > I think based on what i heard in the networkers (This is from the
> > proctors), there will be 5 to 7 percent R&S and the rest will be
> Security
> > related only.
> >
> > On 9/28/06, Scott Morris <swm@emanon.com> wrote:
> > >
> > > Don't sell things short though. If you start with an "unsecure"
> network
> > > and
> > > all of a sudden you are inserting things like ASA/PIX/VPN devices, you
> > > will
> > > have to modify SOME basic routing. While that may not be the large
> > chunk
> > > of
> > > your exam any longer I would certainly never tell anyone to just blow
> it
> > > off!
> > >
> > > Yes, some things are implied, but even with other routing protocols
> that
> > > great mention of "route filtering" certainly leaves a lot to the
> > > imagination.
> > >
> > >
> > > Scott Morris, CCIE4 (R&S/ISP-Dial/Security/Service Provider) #4713,
> > JNCIE
> > > #153, CISSP, et al.
> > > CCSI/JNCI-M/JNCI-J
> > > IPExpert VP - Curriculum Development
> > > IPExpert Sr. Technical Instructor
> > > smorris@ipexpert.com
> > > http://www.ipexpert.com
> > >
> > >
> > > _____
> > >
> > > From: petrsoft@gmail.com [mailto:petrsoft@gmail.com] On Behalf Of Petr
> > > Lapukhov
> > > Sent: Thursday, September 28, 2006 12:54 AM
> > > To: Scott Morris
> > > Cc: ccielab; security@groupstudy.com
> > > Subject: Re: Security Lab Exam Blueprint, year 2007
> > >
> > >
> > > Looking at new blueprint, I'd say that Bridging/Switching and IGP/BGP
> > > stuff
> > >
> > > is _not_ explicitly mentioned anymore (like it was many years before).
> > >
> > > The only thing they talk about is PIX/ASA/VPN3k routing. BGP is
> > implicitly
> > > mentioned in topics like "Network Attacks: Blackholes/Sinkholes, RTBH"
> > >
> > > This definitely should mean that accents are moving away from R&S...
> > > I think at least people should stop thinking about redistribution and
> > IGP
> > > fine-tuning, as well as all those crazy OSPF configurations :)
> > >
> > >
> > > 2006/9/27, Scott Morris <swm@emanon.com>:
> > >
> > > Reduce? That's all relative. Rearrange. Some labs may be heavy in
> > 'em,
> > > others may not. I think the basics will all be done now, but there's
> > > still
> > > a lot of things that COULD be security within R&S topics.
> > >
> > > More coins to toss around I guess! :)
> > >
> > > Scott
> > >
> > > -----Original Message-----
> > > From: nobody@groupstudy.com [mailto:nobody@groupstudy.com
> > > <mailto:nobody@groupstudy.com> ] On Behalf Of Petr
> > > Lapukhov
> > > Sent: Wednesday, September 27, 2006 11:31 AM
> > > To: Scott Morris
> > > Cc: ccielab; security@groupstudy.com
> > > Subject: Re: Security Lab Exam Blueprint, year 2007
> > >
> > > Quite a relief :)
> > >
> > > Though it sounds ridiculous to keep that old version of IOS, they
> > still
> > > do
> > > it :) I wonder if they plan to reduce the amount of R&S tasks in
> > Security
> > > Track.
> > > [I think in present track there is about 30-40% of R&S in lab exam]
> > >
> > > Aside from all that, it looks like new lab is going to be all about
> > > PIX/ASAs/VPN3000/IPS. Mix, but don't shake :)
> > >
> > > Anyway, quite a bunch of new things to learn. More fun and great stuff
> > :)
> > >
> > > 2006/9/27, Scott Morris < swm@emanon.com>:
> > > >
> > > > I think you've noticed the dilemma of the security lab changes!
> > > >
> > > > Layer 2 Transparent firewalls are specifically mentioned under
> PIX/ASA
> > > > Firewalls, NOT the IOS Firewall.
> > > >
> > > > For NAC, the reference is quite generic and what I would therefore
> > > > anticipate is that the PIX and/or ASAs will be your choke point for
> > > > NAC testing. NAC commands were introduced in 7.2(1), which
> certainly
> > > > falls in that "7.x" specified on the web page.
> > > >
> > > >
> > > >
> http://www.cisco.com/en/US/products/ps6120/products_configuration_guid
> > > <
> http://www.cisco.com/en/US/products/ps6120/products_configuration_guid>
> > > > e_chap
> > > > ter09186a008066ebb8.html
> > > >
> > > > On the VPN Concentrator, 4.7 introduced NAC features (4.7, 4.71,
> > > > 4.72) and those are on that list of OS versions as well.
> > > >
> > > > http://www.cisco.com/warp/public/471/vpn3k-nac-config-471.html
> > > >
> > > > So my thought is that IOS will not be doing NAC at this point in
> time.
> > > >
> > > > HTH,
> > > >
> > > >
> > > > Scott Morris, CCIE4 (R&S/ISP-Dial/Security/Service Provider) #4713,
> > > > JNCIE #153, CISSP, et al.
> > > > CCSI/JNCI-M/JNCI-J
> > > > IPExpert VP - Curriculum Development
> > > > IPExpert Sr. Technical Instructor
> > > > smorris@ipexpert.com
> > > > http://www.ipexpert.com
> > > >
> > > >
> > > >
> > > > -----Original Message-----
> > > > From: nobody@groupstudy.com [mailto: nobody@groupstudy.com
> > > <mailto:nobody@groupstudy.com> ] On Behalf
> > > > Of Petr Lapukhov
> > > > Sent: Wednesday, September 27, 2006 5:25 AM
> > > > To: ccielab; security@groupstudy.com
> > > > Subject: Security Lab Exam Blueprint, year 2007
> > > >
> > > > Hello group,
> > > >
> > > > I'm sorry to bother you guys with a minor question, but has anyone
> > > > noted some discrepancy in new security blueprint and lab equipment
> > > > software versions?
> > > >
> > > > <lab equipment>
> > > > Software Versions Cisco IOS Software Version 12.2T
> > > > Enterprise/IPSec/FW/IDS*feature set is used on all routers
> > > >
> > > > < /lab equipment>
> > > >
> > > > IOS version is 12.2T.
> > > > And, for instance, lab exam topic:
> > > >
> > > > <blueprint2007>
> > > > ...
> > > > Network Admission Control (NAC Framework solution) ...
> > > > </blueprint2007>
> > > >
> > > > NAC is supported in IOS only since 12.3(8)T
> > > >
> > > > Does anyone have more information on the subject. I'm especially
> > > > worried with IOS versions, which *really* make big difference (e.g.
> > > > IPS, L2 transparent firewall, VTI, etc, etc, etc).
> > > >
> > > > I also sent a letter to ccie-lab@cisco.com but Cisco guys are
> usually
> > > > slow in response and probably too busy to answer such questions ;)
> > > >
> > > > Thanks in advance,
> > > >
> > > > --
> > > > Petr Lapukhov, CCIE #16379
> > > > petr@internetworkexpert.com
> > > >
> > > > Internetwork Expert, Inc.
> > > > http://www.InternetworkExpert.com
> > > > Toll Free: 877-224-8987
> > > > Outside US: 775-826-4344
> > > >
> > > >
> ______________________________________________________________________
> > > > _ Subscription information may be found at:
> > > > http://www.groupstudy.com/list/CCIELab.html
> > > >
> > > >
> ______________________________________________________________________
> > > > _ Subscription information may be found at:
> > > > http://www.groupstudy.com/list/CCIELab.html
> > > >
> > >
> > >
> > >
> > > --
> > > Petr Lapukhov, CCIE #16379
> > > petr@internetworkexpert.com <mailto:petr@internetworkexpert.com>
> > >
> > > Internetwork Expert, Inc.
> > > http://www.InternetworkExpert.com
> > > Toll Free: 877-224-8987
> > > Outside US: 775-826-4344
> > >
> > >
> _______________________________________________________________________
> > > Subscription information may be found at:
> > > http://www.groupstudy.com/list/CCIELab.html
> > >
> > >
> > >
> > >
> > >
> > > --
> > > Petr Lapukhov, CCIE #16379
> > > petr@internetworkexpert.com
> > >
> > > Internetwork Expert, Inc.
> > > http://www.InternetworkExpert.com
> > > Toll Free: 877-224-8987
> > > Outside US: 775-826-4344
> > >
> > >
> _______________________________________________________________________
> > > Subscription information may be found at:
> > > http://www.groupstudy.com/list/CCIELab.html
> > >
> >
> >
> >
> > --
> > Narbik Kocharians
> > CCIE# 12410 (R&S, SP, Security)
> > CCSI# 30832
> > Network Learning, Inc. (CCIE class Instructor)
> > www.ccbootcamp.com (CCIE Training)
> >
> > _______________________________________________________________________
> > Subscription information may be found at:
> > http://www.groupstudy.com/list/CCIELab.html
> >
>
>
>
> --
> Petr Lapukhov, CCIE #16379
> petr@internetworkexpert.com
>
> Internetwork Expert, Inc.
> http://www.InternetworkExpert.com
> Toll Free: 877-224-8987
> Outside US: 775-826-4344
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
>
>
> 

-- 
Narbik Kocharians
CCIE# 12410 (R&S, SP, Security)
CCSI# 30832
Network Learning, Inc. (CCIE class Instructor)
www.ccbootcamp.com (CCIE Training)

This archive was generated by hypermail 2.1.4 : Sun Oct 01 2006 - 16:55:41 ART