RE: CCIE Sec v4

http://www.netmetric-solutions.com/about_us/ccie_security.html

Best Wishes.
C SAMARTH
CCIE #18535 (R&S , Security)

Date: Mon, 26 Nov 2012 15:56:53 -0600
Subject: Re: CCIE Sec v4
From: tenge911_at_gmail.com
To: samarth_04_at_hotmail.com
CC: ccielab_at_groupstudy.com

Hi there, this looks great. Can you please send me the link again, in all of
this email MADNESS about what you are allowed and not allowed to do, I have
lost the actul link. Please share the link for this new security course as
none of the other vendors have anything yet.
 I for one, appreciate you small plug. Its easy to ignore one email, much
harder to ignore 50. Christian

On Sun, Nov 25, 2012 at 3:32 AM, Samarth Chidanand <samarth_04_at_hotmail.com>
wrote:

10 Day Advance Technology Bootcamp for CCIEv4 - Bootcamp contents and Vol 1

workbooknetmetric-solutions.com

Module 1: ASA FirewallASA Initialization (Include redundant interface & ether

channeling)Static and Default Routing With Route TrackingRouting on ASA

(Unicast & Multicast)Management Access & Setup (SSH, Telnet, ASDM)DHCP

Configuration & Relay ConfigurationTraffic Filtering on ASANetwork Address

Translation (8.2)Network Address Translation (8.4/8.6)Single-Mode Transparent

FirewallAdvance Features in Transparent FirewallNAT in Transparent

FirewallApplication Inspection using MPFTCP Normalization using MPFContent

FilteringHigh Availability b Active/Standby (Routed & Transparent

Mode)Multi-Context Routed ModeMulti-Context Transparent ModeHigh Availability

b Active/Active (Routed Mode)High Availability b Active/Active

(Transparent Mode)Resource Allocation for ContextsThreat DetectionQoS on

ASAIdentity Based FirewallContext Aware FirewallSystem Management (e.g., SNMP

v3, Logging)Module 2: IOS FirewallBasic ZBF ConfigurationAdvance ZBF

Configuration (Connection Limits)ZBF Application InspectionZBF Rate

LimitingZBF (Transparent Mode)Basic CBACAdvance CBACIOS Content

FilteringPAMAccess Control ListsFlexible Packet MatchingIOS Transparent

Firewall (Basic & Advanced)Module 3: Intrusion Prevention System (IPS)IPS

basic InitializationSwitch Settings for SPAN, RSPAN, TrunkPromiscuous Mode

Settings (Basic & Advance)Inline Mode Settings (Basic & Advance)Configuring

Multiple Virtual SensorsTraffic Analysis Settings for different IPS

ModesTweaking IPS Signatures & ResponsesCreating Custom SignaturesConfiguring

Advance Signature ActionsThreat & Risk ManagementConfiguring Event Action

OverridesGlobal correlation and reputation based filteringAnomaly Based

DetectionIPS System ManagementBasic IPS features on ASAEnabling IPS software

module ASA 5515-xIOS IPSModule 4: Identity Services Engine (ISE)ISE

InitializationCertificate ManagementActive Directory IntegrationCreating NDGs

& Configuring AAA Clients (WLC & Switches)Creating User Identity Groups &

Local Network Access UsersCreating Identity Store SequenceConfiguring the

Switch for 802.1xConfiguring WLC for 802.1xConfiguring Authentication
Policies

for 802.1xConfiguring Authorization Policies for 802.1x b BasicConfiguring

Authorization Policies for 802.1x b Advanced (With Machine authentication

and Machine Access Restrictions)Configuring switch for 802.1x - Flex Auth

(Order & Priority) + (Different host modes)Configuring & understanding 802.1x

Open mode, Low Impact Mode and High Secure modeConfiguring end point identity

groups and adding hostsConfiguring authentication & authorization policies
for

MAB on ISEConfiguring profiler services on ISEConfiguring probes on

NADsConfiguring profiler policies and appropriate authentication &

authorization policiesUnderstanding and configuring Central Web

AuthenticationConfiguring MAB fallback authentication & authorization
policies

for CWA on ISEConfiguring Guest Services for external guest users on

ISEConfiguring and Tweaking Sponsor & Guess PortalConfiguring ISE for Client

Provisioning Services & PoliciesConfiguring ISE for Posture Services &

Policies using NAC and Web Agents.Configuring Switch and ISE with MAC SEC

option for 802.1xUnderstanding and Configuring ISE for Security Group Tags -

SGT (Config Only)Configuring inline ISE for VPN Services (iPEP /

iPEN)Configuring ISE for Distributed ArchitectureCut-Through Proxy /

Authentication Proxy using ISE as AAA ServerSystem Management / Monitoring
and

TroubleshootingModule 5: Access Control Server (ACS)ACS

InitializationConfiguring NAD s for AAA Device Access Administration

(Routers/Switches/ASA) (Telnet, HTTP, SSH, Privilege levels etc.)Configuring

NDG and Adding AAA Clients on ACSConfiguring Internal Identity Groups & Local

Users, HostsIntegrating with Active DirectoryCertificate Management &

Certificate Authentication Profiles with attribute retrievalCreating Identity

Store SequenceConfiguring Policy Elements Parameters for AAA Device

Administration (Shell Profile, Command Authorization Sets, Date and Time,

DACL, Radius Attributes)Configuring Service Selection Policy (SSP) & Access

ServicesConfiguring identity and authorization policies for AAA device

administration (Authentication, Exec and Command authorization)Configuring

policy elements parameters for Network Access AAA (cut-through proxy,

authentication proxy and 802.1x)Configuring identity and authorization

policies for cut through proxyConfiguring identity and authorization policies

for 802.1x & MABIOS role based CLI using Local Database and ACSMonitoring,

Reports and System AdministrationModule 6: Web Security Appliance

(WSA)Configure WCCP (Needed for transparent mode of WSA)WSA Initialization

using setup wizardUnderstanding explicit proxy deployment and transparent

proxy deploymentEnable proxy services with basic URL filteringConfiguring

proxy server information in web browsersConfigure acknowledgment and custom

end-user notificationsConfiguring native FTP proxyConfiguring NTLM and LDAP

based authenticationConfiguring authentication based access

policiesConfiguring access policiesConfiguring identitiesConfiguring

authentication exemptionsConfiguring acceptable use policiesConfiguring URL

filtersConfiguring custom URL categoriesConfiguring media bandwidth

limitsConfiguring application visibility and controlConfiguring proxy bypass

list for WSA in transparent deploymentEnabling Web Reputation Scores

(WBRS)Configuring anti-malware scanning (DVS, Access Policies, Outbound

Malware Scanning)Configuring HTTPS proxy, HTTP decryption policies and

inspectionConfiguring Iron Port data securityConfiguring Data Loss Prevention

(DLP)Understanding and interpreting ACL tags/logsSystem

ManagementUnderstanding L4TM (Brief)Module 7: Virtual Private Network

(VPN)IPSec LAN-to-LAN Tunnel on IOS (Classical & VTI method)IPSec LAN-to-LAN

Tunnel between IOS and ASA (WithB and Without NAT-T)IPSec hub and spoke on

ASAIPSec redundancy features (link failure, node failure and SSO)Remote
access

IPSec VPN on IOS (Classical and DVTI)Remote access IPSec VPN on ASAIPSec

Tunnels using ISAKMP profilesGRE over IPSec using ISAKMP profilesVRF Aware

IPSec (LAN-LAN + Remote Access)CA Certificate Authority and IOS Sub CA

ServerIOS certificate map & IOS DN based crypto mapsTunnel group mapping on

ASAIPSec VPN Tunnels using IOS CADMVPN Phase-2 & Phase-3VRF Aware DMVPNDMVPN

Phase-3 with hierarchical hubsGET VPN & Advance GET VPNFlexVPN (IKE v2)Misc

IPSec Features and Options on IOS and ASAClientless SSL VPN on IOS and

ASAAnyConnect BasicAnyConnect AdvancedRemote Access VPN authentication using

AAA serverModule 8: System Hardening and AvailabilityRouting protocol
security

featuresControl Plane Protection and Management Plane ProtectionBroadcast

control and switchport securityAdditional CPU protection mechanisms (options

drop, logging interval)Disable unnecessary servicesDevice system services

(SNMP, Syslog, NTP)Transit Traffic Control and Congestion ManagementModule 9:

Threat Identification and MitigationMitigate or prevent fragmentation

attacksMitigate or prevent against malicious IP option usageMitigate or

prevent network reconnaissance attacksMitigate or prevent IP spoofing

attacksMitigate or prevent MAC spoofing attacksMitigate or prevent ARP

spoofing attacksMitigate or prevent DoS and DDoS attacksMitigate or prevent

Man-in-the-Middle (MiM) attacksIdentify and protect port redirection

attacksMitigate or prevent DHCP attacksMitigate or prevent DNS
attacksMitigate

or prevent MAC Flooding attacksMitigate or prevent VLAN hopping

attacksMitigate or prevent various common Layer2 and Layer3 attacksUsing NBAR

to mitigate network attacks on IOSNetFlow as attack mitigation tool on IOS
and

ASA

Best Wishes.

C SAMARTH

CCIE #18535 (R&S , Security)

Blogs and organic groups at http://www.ccie.net
Received on Tue Nov 27 2012 - 02:18:33 ART