Our new CCIE Security Version 4 Technology Labs and Solutions are now available in your members' site account for customers who owned the previous CCIE Security Volume 1 or 2 workbooks. The labs are in the new HTML format like our Data Center material to ensure you always have the most up to date material along with allowing for advanced features (bookmarking, highlight tasks, etc). The full scale mock labs are in development now and are included with the Security workbook as we are doing away with the volume naming structure (Volume I, II, III, etc) and have gone to a single workbook.

Here is what is available in your members' site account:

Section 1: System Hardening and Availability

Routing Protocol Authentication with RIPv2

Routing Protocol Authentication with OSPF

Routing Protocol Authentication with EIGRP

Routing Protocol Authentication with BGP4

Route Filtering with EIGRP

Route Filtering with OSPF

Route Filtering with RIPv2

Control Plane Policing

Control Plane Protection

Management Plane Protection

Disabling Unnecessary Services

Controlling Device Access

CPU Protection Mechanisms

Selective Packet Discard

Controlling Device Services

Transit Traffic Control with Flexible Packet Matching

Congestion Management

IOS File System Security

Network Telemetry Identification and Classification of Security Events

BGP TTL Security Hack

IPv6 Selective Packet Discard

Section 2: Threat Identification and Mitigation

Disabling DTP on All Non-Trunking Access Ports

Port Security on a Switch

Storm Control on a Switch

Port Blocking on a Switch

PVLAN (Private VLAN) on a Switch

Private VLAN (PVLAN) Configuration Propagation

Port ACL (PACL) on a Switch

MAC ACL on a Switch

VLAN ACL (VACL) on a Switch

Preventing STP Attacks Using BPDU Guard

Preventing STP Reconnaissance Attacks Using BPDU Filter

Preventing STP Attacks Using Root Guard

Preventing STP Loops Using Loop Guard

Preventing DHCP Spoofing Attacks Using DHCP Snooping

Preventing DHCP Spoofing Attacks Using DHCP Snooping with Port-Security

Preventing ARP Spoofing Using DAI (Dynamic ARP Inspection)

Configuring IP Source Guard

Preventing VLAN Hopping Attacks

Implementing RFC 1918 Anti-Spoofing Filtering

Implementing RFC 2827 Anti-Spoofing Filtering

Implementing RFC 3330 Anti-Spoofing Filtering

Enabling TCP Intercept on a Router

Enabling TCP Intercept Watch Mode on a Router

Enabling TCP Intercept on the Cisco ASA Security Appliance

FPM (Flexible Packet Matching) and Configuration of Nested Policy Maps

Classification Using NBAR

Understanding and Enabling NetFlow on a Router

Preventing an ICMP Attack Using ACLs

Preventing an ICMP Attack Using NBAR

Preventing an ICMP Attack Using Policing

Preventing an ICMP Attack Using MPF

Preventing a SYN Attack Using ACLs

Preventing a SYN Attack Using Policing

Preventing a SYN Attack Using CBAC

Preventing a SYN Attack Using CAR

Preventing Application Protocol–Specific Attacks Using MPF

Preventing IP Spoofing Attacks Using uRPF

Preventing Fragment Attacks Using ACLs

Section 3: Intrusion Prevention and Content Security

IPS Initial Setup

Configuring an Inline Interface Pair

Creating a Custom Signature

Event Counting

Inline Blocking

IPS VLAN Groups and Virtual Sensors

Promiscuous Mode

IPS Event Summarization

IPS Event Processing and Blocking

IPS Rate-Limiting

IPS Application Inspection and Control

IPS META Engine

IPS Anomaly Detection

IOS IPS

Section 4: Identity Management

Initializing Cisco Secure ACS

Configuring AAA Clients

User and Local Identity Stores

ACS Active Directory Integration

Command Authorization

Installing ACS Certificates

802.1x Authentication with Cisco ACS

VLAN Control

802.1x VLAN Assignments

HTTP Authentication

ISE Initial Configuration

ISE Certificates and Admin Access

AD Integration

ISE and MAB

802.1X With ISE and Windows 7

Wired Local Web Authentication with ISE

Wireless 802.1x with ISE

Section 5: Perimeter Security and Services - ASA Firewalls

VLANs and IP Addressing

RIPv2

OSPF

EIGRP

Advanced Routing

IP Access-Lists

Object Groups

Administrative Access

ICMP Traffic

URL Filtering

Dynamic NAT and PAT

Static NAT and PAT

Policy NAT and PAT

Static Policy NAT and PAT on ASA1

Static Identity NAT

Outside Dynamic NAT

DNS Doctoring Using “Alias”

DNS Doctoring Using “Static”

Fragmented Traffic

IDENT Issues

BGP across the Firewall

Stub Multicast Routing

PIM Multicast Routing

Network Time Protocol

System Logging

Filtering System Logs

SNMP Monitoring

DHCP Server

HTTP Traffic Inspection

FTP Traffic Inspection

SMTP Traffic Inspection

TCP Inspection

RADIUS Accounting for GPRS Traffic Inspection

ICMP Traffic Inspection

Threat Detection

Un-Stealthing the Firewall

Get Title

Low Latency Queuing

Traffic Shaping

Hierarchical Queuing

Transparent Firewall

ARP Inspection

Ethertype Access-Lists

Transparent Firewall NAT

Firewall Contexts

Firewall Contexts Routing

Firewall Contexts Classification

Resource Management

Active-Standby Failover

Active-Active Failover

ASA Redundant Interface and Etherchannel

ASA Enhanced Object Groups

Identity Firewall

Section 6: Perimeter Security and Services - IOS Firewalls

IOS Access-Lists

Dynamic ACLs

Reflexive ACLs

Context-Based Access Control

Port-to-Application Mapping (PAM)

IOS Firewall and Stateful Failover

IOS Firewall Performance Improvements

CBAC Connection Tuning and TCP Intercept

uRPF

Zone-Based Policy Firewall

Zone-Based Firewall HA

Simple Cisco IOS NAT

Note that additional labs for Section 6 (Perimeter Security and Services - IOS Firewalls) will be available by Tuesday along with Section 7 (Confidentiality and Secure Access).