Posts Tagged ‘CCIE Security’


Our new CCIE Security Version 4 Technology Labs and Solutions are now available in your members’ site account for customers who owned the previous CCIE Security Volume 1 or 2 workbooks. The labs are in the new HTML format like our Data Center material to ensure you always have the most up to date material along with allowing for advanced features (bookmarking, highlight tasks, etc). The full scale mock labs are in development now and are included with the Security workbook as we are doing away with the volume naming structure (Volume I, II, III, etc) and have gone to a single workbook.

Here is what is available in your members’ site account:

Section 1: System Hardening and Availability

  • Routing Protocol Authentication with RIPv2
  • Routing Protocol Authentication with OSPF
  • Routing Protocol Authentication with EIGRP
  • Routing Protocol Authentication with BGP4
  • Route Filtering with EIGRP
  • Route Filtering with OSPF
  • Route Filtering with RIPv2
  • Control Plane Policing
  • Control Plane Protection
  • Management Plane Protection
  • Disabling Unnecessary Services
  • Controlling Device Access
  • CPU Protection Mechanisms
  • Selective Packet Discard
  • Controlling Device Services
  • Transit Traffic Control with Flexible Packet Matching
  • Congestion Management
  • IOS File System Security
  • Network Telemetry Identification and Classification of Security Events
  • BGP TTL Security Hack
  • IPv6 Selective Packet Discard
  • Continue Reading

    Tags: , ,


    Note that this announcement from Cisco is sort of a “pre-announcement” in that the official CCIE Security 4.0 change hasn’t been announced but will be really soon. This means if you want to take the v3 Security lab you should book your date ASAP.


    The Real Life of an Expert: Introducing the New CCIE Security

    CCIE Security 4.0 is unusual among security certificates for its up-to-date, real-world content. It emphasizes security competency and efficient problem solving in networks that use cloud services, carry voice and multimedia traffic, and are accessed by a variety of wireless devices.

    The content, currently in development, may include real-world applications that involve:

  • Securing both wireless and wired networks, including managing security policy by device and service
  • Extending application awareness to security devices, moving security up to Layer 7 from the stateless packets of Layers 3 and 4, and applying policy on a per-identity basis
  • Applying security policy in a network that has voice and video traffic
  • Securing networks that use managed services, dual ISPs, IPv6, or IP multicast
  • Cisco will soon announce the blueprints for the CCIE Security 4.0 written and lab exams; the first exam will take place approximately six months later.

    Although there are no prerequisites for registration, Cisco offers a preparation path through its CCNA and/or CCNP Security levels, and recommends that candidates have at least three years of hands-on network security experience.

    Also I hope to see a few of you at the CCIE party here in London tonight. I’ll be easy to spot as I’ll probably be one of the only sober CCIE’s there ;-) Lastly if you’re really bored you could follow me on Twitter while I’m here at Cisco Live Europe:

    Tags: , , , ,


    Transcripts, complete with click-to-jump links, are now active for the following All Access Pass* video playlists:

    The way the transcripts work is that there is a separate transcript for each video. So if you want the transcript for the 8th video in a given playlist, then you need to click on video 8, then click the tab for “Transcripts”. Then you can perform a CTRL+F and find whatever keyword you might be looking for, then once found, click on the link for that line and you will jump directly to that spot in the video. Soon we will be implementing a global search tool that will allow you to search through all transcripts in a given playlist.

    I will keep this page up-to-date, and simply re-post the same blog article, each time a new playlist has a clickable transcript become active.

    Continue Reading

    Tags: , , , , ,


    In January of 2009 I passed my Routing and Switching lab exam the
    first time using INE materials – but my journey was not over. Having
    moved into a new role where network security was my primary
    responsibility, I decided to set my sights earning the Security CCIE
    as well.

    Saying I was in over my head when I started that quest would be an
    understatement. I started ordering training material and studying
    hard. Having experienced success with INE previously I ordered the
    written exam prep material and went through it all. Once I was
    confident in my academic knowledge I took the written portion of the
    exam – Success!

    Then came the lab. Having taken it once before I knew that academic
    preparation was not enough for the 8 hour ordeal. I found a terrific
    deal on and signed up for an in-person bootcamp and Workbook
    bundle and started booking rack rental space for the Volume 1
    workbook immediately. After completing the exercises in the Volume 1
    workbook it was off to the bootcamp where Petr Lapukhov was able to
    help me identify and work through my weak spots. My next challenge
    was to work through Volume 2 of the CCIE Security lab workbook, which
    was a lot easier with a full week of classes under my belt.

    I walked in to the lab exam confidently and can honestly say that the
    INE material left me well prepared. There was nothing in the lab that
    we had not covered in class and in the workbooks.

    Today I am a dual CCIE and I could not have done it without the
    material and instructors at Internetwork Expert.

    Adam Black
    CCIE# 23393

    Our sincere congratulations go out to Adam on his excellent achievement! We will be shipping him a custom CCIE polo shirt today! Why don’t you get started with our CCIE Security products today?

    Tags: ,


    We are happy to congratulate our student, Ahmet Gokhan Yalcin on obtaining his prestigious CCIE Security certification! It is my personal pleasure to congratulate Ahmet, after meeting him in our CCIE Security Bootcamp in Tampa this year. Here is what Ahmet has to say about his road to CCIE:

    Hi all,

    I passed my CCIE Security lab exam on my first attempt on 21 April. It took my 6 months to overcome this exam. I attended to CCIE Security Bootcamp prepared by INE and intsructed by Petr Lapukhov, this was really helpful in understanding the nature of the exam and getting a detailed overview. Other than that I used the practice bundle containing the Volume 2 Workbook and rack rentals, this gave me the feeling of doing an actual lab exam and experiencing the real exam difficulties. I want to thank to INE team who prepare those beneficial documents, and also I want to thank to my family for their great support during my studies.

    Once again, congratulations, Ahmet!

    Tags: , ,


    Tags: , , ,


    In the earlier article titled EEM demystified, we took an introductory look at the basic format for EEM applets, and some basic samples for general operation, including some basic CLI command usage, getting input, and displaying output.

    In this article, we are going to take a look at some of the additional actions available, specifically looking at variables, a few operators, and some general conditional structures.
    Continue Reading

    Tags: , , ,


    A discussion / introduction to EEM, and basic configurations.

    Why EEM?
    Embedded Event Manager (EEM) allows you to have event tracking and management functionality directly on the Cisco IOS device, rather than on an external device. By having the configuration locally, actions can still be taken, even if the connection to an external monitoring station is unavailable. Plus, it is a great topic that can be used to challenge (or torment) CCIE candidates.

    Continue Reading

    Tags: , , , ,


    Some time ago I mentioned that it is possible to configure a functional GET VPN scenario using just two routers. Normally, GET VPN requires a dedicated Key Server, which does not participate is user traffic encryption and only distributes keying information and encryption policies. All other routers – group members – register to the Key Server. A router could not register to itself when configured as a key server and group member simultaneously. However, there is a Key Server redundancy feature known as KOOP Key Servers that allows for two servers to synchronize the keying information and the group member to register to the redundant key servers.

    Relying upon this feature, we may take two routers and configure them both in a KOOP key server pair. At the same time, every router is configured as a Group Member registering to another router. Since the keying information is being kept in sync, both routers will be able to properly exchange encrypted GET VPN traffic. Now, for the practical implementation we chose two directly connected routers: R4 and R5. GET VPN is supposed to encrypt traffic sent off respective VLAN4 and VLAN5 interfaces of these routers destined to the multicast groups in range The IP addresses for VLAN4 and VLAN5 subnets are 173.X.4.0/24 and 173.X.5.0/24. Here is how we configure R4 for Key Server functionality. Notice the redundancy configuration using R5 as the peer.
    Continue Reading

    Tags: , ,


    Here is a quick rundown of our product updates:

    For the CCNP Class-on-Demand new videos were posted last night and the remaining few videos will be posted by Monday.

    For the R&S Volume II workbook labs 7 and 8 were posted last night to everyone’s members site account. We now have 17 of 20 labs posted. The remaining 3 labs will be posted by Nov 10th and we’ll start shipping the printed version the following week.

    A new lab will be posted for the R&S Volume IV this week and bug fixes have been applied to labs 1 and 4. Remember to keep reporting any bugs to Quality Management so we can get them verified and fixed.

    The Security Volume I workbook will be finished next week and we’ll start shipping the printed version the following week. We’re just finishing the updates to the IOS Firewall, Identity Management, IPS, and Advanced Security sections.

    We’ll be announcing new products this month (CCNA, CCNA Voice, CCVP, CCSP, etc) and updates to additional products (CCIE Voice CoD, R&S Vol II Dynamips Edition, etc) so stay tuned.

    Lastly if you have any questions about other products or classes feel free to email me directly at Good luck with your studies!

    Tags: , , , ,


    CCIE Bloggers