Friends and Marko, Sorry I posted the link. Below is the technical contents.
This is the content of our workbook vol1 and Adv tech bootcamp.
Module 1: ASA FirewallASA Initialization (Include redundant interface & ether
channeling)Static and Default Routing With Route TrackingRouting on ASA
(Unicast & Multicast)Management Access & Setup (SSH, Telnet, ASDM)DHCP
Configuration & Relay ConfigurationTraffic Filtering on ASANetwork Address
Translation (8.2)Network Address Translation (8.4/8.6)Single-Mode Transparent
FirewallAdvance Features in Transparent FirewallNAT in Transparent
FirewallApplication Inspection using MPFTCP Normalization using MPFContent
FilteringHigh Availability b� Active/Standby (Routed & Transparent
Mode)Multi-Context Routed ModeMulti-Context Transparent ModeHigh Availability
b� Active/Active (Routed Mode)High Availability b� Active/Active
(Transparent Mode)Resource Allocation for ContextsThreat DetectionQoS on
ASAIdentity Based FirewallContext Aware FirewallSystem Management (e.g., SNMP
v3, Logging)Module 2: IOS FirewallBasic ZBF ConfigurationAdvance ZBF
Configuration (Connection Limits)ZBF Application InspectionZBF Rate
LimitingZBF (Transparent Mode)Basic CBACAdvance CBACIOS Content
FilteringPAMAccess Control ListsFlexible Packet MatchingIOS Transparent
Firewall (Basic & Advanced)Module 3: Intrusion Prevention System (IPS)IPS
basic InitializationSwitch Settings for SPAN, RSPAN, TrunkPromiscuous Mode
Settings (Basic & Advance)Inline Mode Settings (Basic & Advance)Configuring
Multiple Virtual SensorsTraffic Analysis Settings for different IPS
ModesTweaking IPS Signatures & ResponsesCreating Custom SignaturesConfiguring
Advance Signature ActionsThreat & Risk ManagementConfiguring Event Action
OverridesGlobal correlation and reputation based filteringAnomaly Based
DetectionIPS System ManagementBasic IPS features on ASAEnabling IPS software
module ASA 5515-xIOS IPSModule 4: Identity Services Engine (ISE)ISE
InitializationCertificate ManagementActive Directory IntegrationCreating NDGs
& Configuring AAA Clients (WLC & Switches)Creating User Identity Groups &
Local Network Access UsersCreating Identity Store SequenceConfiguring the
Switch for 802.1xConfiguring WLC for 802.1xConfiguring Authentication Policies
for 802.1xConfiguring Authorization Policies for 802.1x b� BasicConfiguring
Authorization Policies for 802.1x b� Advanced (With Machine authentication
and Machine Access Restrictions)Configuring switch for 802.1x - Flex Auth
(Order & Priority) + (Different host modes)Configuring & understanding 802.1x
Open mode, Low Impact Mode and High Secure modeConfiguring end point identity
groups and adding hostsConfiguring authentication & authorization policies for
MAB on ISEConfiguring profiler services on ISEConfiguring probes on
NADsConfiguring profiler policies and appropriate authentication &
authorization policiesUnderstanding and configuring Central Web
AuthenticationConfiguring MAB fallback authentication & authorization policies
for CWA on ISEConfiguring Guest Services for external guest users on
ISEConfiguring and Tweaking Sponsor & Guess PortalConfiguring ISE for Client
Provisioning Services & PoliciesConfiguring ISE for Posture Services &
Policies using NAC and Web Agents.Configuring Switch and ISE with MAC SEC
option for 802.1xUnderstanding and Configuring ISE for Security Group Tags -
SGT (Config Only)Configuring inline ISE for VPN Services (iPEP /
iPEN)Configuring ISE for Distributed ArchitectureCut-Through Proxy /
Authentication Proxy using ISE as AAA ServerSystem Management / Monitoring and
TroubleshootingModule 5: Access Control Server (ACS)ACS
InitializationConfiguring NAD�s for AAA Device Access Administration
(Routers/Switches/ASA) (Telnet, HTTP, SSH, Privilege levels etc.)Configuring
NDG and Adding AAA Clients on ACSConfiguring Internal Identity Groups & Local
Users, HostsIntegrating with Active DirectoryCertificate Management &
Certificate Authentication Profiles with attribute retrievalCreating Identity
Store SequenceConfiguring Policy Elements Parameters for AAA Device
Administration (Shell Profile, Command Authorization Sets, Date and Time,
DACL, Radius Attributes)Configuring Service Selection Policy (SSP) & Access
ServicesConfiguring identity and authorization policies for AAA device
administration (Authentication, Exec and Command authorization)Configuring
policy elements parameters for Network Access AAA (cut-through proxy,
authentication proxy and 802.1x)Configuring identity and authorization
policies for cut through proxyConfiguring identity and authorization policies
for 802.1x & MABIOS role based CLI using Local Database and ACSMonitoring,
Reports and System AdministrationModule 6: Web Security Appliance
(WSA)Configure WCCP (Needed for transparent mode of WSA)WSA Initialization
using setup wizardUnderstanding explicit proxy deployment and transparent
proxy deploymentEnable proxy services with basic URL filteringConfiguring
proxy server information in web browsersConfigure acknowledgment and custom
end-user notificationsConfiguring native FTP proxyConfiguring NTLM and LDAP
based authenticationConfiguring authentication based access
policiesConfiguring access policiesConfiguring identitiesConfiguring
authentication exemptionsConfiguring acceptable use policiesConfiguring URL
filtersConfiguring custom URL categoriesConfiguring media bandwidth
limitsConfiguring application visibility and controlConfiguring proxy bypass
list for WSA in transparent deploymentEnabling Web Reputation Scores
(WBRS)Configuring anti-malware scanning (DVS, Access Policies, Outbound
Malware Scanning)Configuring HTTPS proxy, HTTP decryption policies and
inspectionConfiguring Iron Port data securityConfiguring Data Loss Prevention
(DLP)Understanding and interpreting ACL tags/logsSystem
ManagementUnderstanding L4TM (Brief)Module 7: Virtual Private Network
(VPN)IPSec LAN-to-LAN Tunnel on IOS (Classical & VTI method)IPSec LAN-to-LAN
Tunnel between IOS and ASA (WithB and Without NAT-T)IPSec hub and spoke on
ASAIPSec redundancy features (link failure, node failure and SSO)Remote access
IPSec VPN on IOS (Classical and DVTI)Remote access IPSec VPN on ASAIPSec
Tunnels using ISAKMP profilesGRE over IPSec using ISAKMP profilesVRF Aware
IPSec (LAN-LAN + Remote Access)CA Certificate Authority and IOS Sub CA
ServerIOS certificate map & IOS DN based crypto mapsTunnel group mapping on
ASAIPSec VPN Tunnels using IOS CADMVPN Phase-2 & Phase-3VRF Aware DMVPNDMVPN
Phase-3 with hierarchical hubsGET VPN & Advance GET VPNFlexVPN (IKE v2)Misc
IPSec Features and Options on IOS and ASAClientless SSL VPN on IOS and
ASAAnyConnect BasicAnyConnect AdvancedRemote Access VPN authentication using
AAA serverModule 8: System Hardening and AvailabilityRouting protocol security
featuresControl Plane Protection and Management Plane ProtectionBroadcast
control and switchport securityAdditional CPU protection mechanisms (options
drop, logging interval)Disable unnecessary servicesDevice system services
(SNMP, Syslog, NTP)Transit Traffic Control and Congestion ManagementModule 9:
Threat Identification and MitigationMitigate or prevent fragmentation
attacksMitigate or prevent against malicious IP option usageMitigate or
prevent network reconnaissance attacksMitigate or prevent IP spoofing
attacksMitigate or prevent MAC spoofing attacksMitigate or prevent ARP
spoofing attacksMitigate or prevent DoS and DDoS attacksMitigate or prevent
Man-in-the-Middle (MiM) attacksIdentify and protect port redirection
attacksMitigate or prevent DHCP attacksMitigate or prevent DNS attacksMitigate
or prevent MAC Flooding attacksMitigate or prevent VLAN hopping
attacksMitigate or prevent various common Layer2 and Layer3 attacksUsing NBAR
to mitigate network attacks on IOSNetFlow as attack mitigation tool on IOS and
ASA
Best Wishes.
C SAMARTH
CCIE #18535 (R&S , Security)
> From: markom_at_ipexpert.com
> Date: Sun, 25 Nov 2012 13:30:49 -0800
> Subject: Re: 10 days CCIE Sec v4 Adv tech bootcamp
> To: samarth_04_at_hotmail.com
> CC: ccielab_at_groupstudy.com
>
> And how about a little bit less SPAM, a little more technical content
> here on the list? :-)
>
> --
> Marko Milivojevic - CCIE #18427 (SP R&S)
> Senior CCIE Instructor - IPexpert
>
> On Sun, Nov 25, 2012 at 12:42 AM, Samarth Chidanand
> <samarth_04_at_hotmail.com> wrote:
> > Content Link ->
http://netmetric-solutions.com/about_us/ccie_security.htmlWork
> > book ready and the contents are the same.December class sold out. Jan
2013
> > class is open for registration
> > SuperLab/Mock Lab workbook and bootcamp in progress - Approx in Feb/March
> >
> >
> >
> > Best Wishes.
> > C SAMARTH
> > CCIE #18535 (R&S , Security)
> >
> >
> > Blogs and organic groups at http://www.ccie.net
> >
> > _______________________________________________________________________
> > Subscription information may be found at:
> > http://www.groupstudy.com/list/CCIELab.html
Blogs and organic groups at http://www.ccie.net
Received on Mon Nov 26 2012 - 03:12:29 ART