Hi gang. If you are a “tweener” like me as you are looking at this lab track, I thought you might like a list of the topics in the new blueprint that do not exist in the old. Also, notice that many topics that exist in both are being implemented on different equipment. For example, in the old you might do an SSL VPN on the concentrator, but now you would be limited to IOS or ASA.

Section II Cisco IOS Firewalls

B. Zone-Based Firewalls

Section III VPN

D. Group Encrypted Transport (GET) VPN
J. AnyConnect VPN

Section IV IPS

D. Virtual Sensors
E. Security Policies

Section V Identity Management


Section VI Control Plane/Management Plan Security

A. Implement routing plane security features (protocol authentication, route filtering)
B. Configure Control Plane Policing
C. Configure CP protection and management protection
D. Configure broadcast control and switchport security
E. Configure additional CPU protection mechanisms (options drop, logging interval)
F. Disable unnecessary services
G. Control device access (Telnet, HTTP, SSH, Privilege levels)
H. Configure SNMP, Syslog, AAA, NTP
I. Configure service authentication (FTP, Telnet, HTTP, other)
J. Configure RADIUS and TACACS+ security protocols
K. Configure device management and security

Section VIII Network Attacks

B. Malicious IP Option Usage

You can leave a response, or trackback from your own site.

4 Responses to “What’s So New About the CCIE Security 3.0 Blueprint?”

  1. Jun Prieto says:

    great. i have to keep myself from looking at other stuffs until i pin my R&S. too many distractions. lol

    planning on getting Security next?

  2. Hi Jun!

    The last thing I want to be is a distraction! So Sorry!

    Yeah, I am really enjoying my study of security. I attended Brian M’s 5-Day CCIE Security Bootcamp in Chicago recently and it really jump-started me.

    I will be ready to pass it around 2011. ;-)

  3. Ahriakin says:

    Thanks for the heads up.


  4. Carlos says:


    When IE is planning to put the new gear for rack rental?


Leave a Reply


CCIE Bloggers