May
11

Our new CCIE Security Version 4 Technology Labs and Solutions are now available in your members' site account for customers who owned the previous CCIE Security Volume 1 or 2 workbooks. The labs are in the new HTML format like our Data Center material to ensure you always have the most up to date material along with allowing for advanced features (bookmarking, highlight tasks, etc). The full scale mock labs are in development now and are included with the Security workbook as we are doing away with the volume naming structure (Volume I, II, III, etc) and have gone to a single workbook.

Here is what is available in your members' site account:

Section 1: System Hardening and Availability

  • Routing Protocol Authentication with RIPv2
  • Routing Protocol Authentication with OSPF
  • Routing Protocol Authentication with EIGRP
  • Routing Protocol Authentication with BGP4
  • Route Filtering with EIGRP
  • Route Filtering with OSPF
  • Route Filtering with RIPv2
  • Control Plane Policing
  • Control Plane Protection
  • Management Plane Protection
  • Disabling Unnecessary Services
  • Controlling Device Access
  • CPU Protection Mechanisms
  • Selective Packet Discard
  • Controlling Device Services
  • Transit Traffic Control with Flexible Packet Matching
  • Congestion Management
  • IOS File System Security
  • Network Telemetry Identification and Classification of Security Events
  • BGP TTL Security Hack
  • IPv6 Selective Packet Discard

  • Section 2: Threat Identification and Mitigation

  • Disabling DTP on All Non-Trunking Access Ports
  • Port Security on a Switch
  • Storm Control on a Switch
  • Port Blocking on a Switch
  • PVLAN (Private VLAN) on a Switch
  • Private VLAN (PVLAN) Configuration Propagation
  • Port ACL (PACL) on a Switch
  • MAC ACL on a Switch
  • VLAN ACL (VACL) on a Switch
  • Preventing STP Attacks Using BPDU Guard
  • Preventing STP Reconnaissance Attacks Using BPDU Filter
  • Preventing STP Attacks Using Root Guard
  • Preventing STP Loops Using Loop Guard
  • Preventing DHCP Spoofing Attacks Using DHCP Snooping
  • Preventing DHCP Spoofing Attacks Using DHCP Snooping with Port-Security
  • Preventing ARP Spoofing Using DAI (Dynamic ARP Inspection)
  • Configuring IP Source Guard
  • Preventing VLAN Hopping Attacks
  • Implementing RFC 1918 Anti-Spoofing Filtering
  • Implementing RFC 2827 Anti-Spoofing Filtering
  • Implementing RFC 3330 Anti-Spoofing Filtering
  • Enabling TCP Intercept on a Router
  • Enabling TCP Intercept Watch Mode on a Router
  • Enabling TCP Intercept on the Cisco ASA Security Appliance
  • FPM (Flexible Packet Matching) and Configuration of Nested Policy Maps
  • Classification Using NBAR
  • Understanding and Enabling NetFlow on a Router
  • Preventing an ICMP Attack Using ACLs
  • Preventing an ICMP Attack Using NBAR
  • Preventing an ICMP Attack Using Policing
  • Preventing an ICMP Attack Using MPF
  • Preventing a SYN Attack Using ACLs
  • Preventing a SYN Attack Using Policing
  • Preventing a SYN Attack Using CBAC
  • Preventing a SYN Attack Using CAR
  • Preventing Application Protocol–Specific Attacks Using MPF
  • Preventing IP Spoofing Attacks Using uRPF
  • Preventing Fragment Attacks Using ACLs
  • Section 3: Intrusion Prevention and Content Security

  • IPS Initial Setup
  • Configuring an Inline Interface Pair
  • Creating a Custom Signature
  • Event Counting
  • Inline Blocking
  • IPS VLAN Groups and Virtual Sensors
  • Promiscuous Mode
  • IPS Event Summarization
  • IPS Event Processing and Blocking
  • IPS Rate-Limiting
  • IPS Application Inspection and Control
  • IPS META Engine
  • IPS Anomaly Detection
  • IOS IPS
  • Section 4: Identity Management

  • Initializing Cisco Secure ACS
  • Configuring AAA Clients
  • User and Local Identity Stores
  • ACS Active Directory Integration
  • Command Authorization
  • Installing ACS Certificates
  • 802.1x Authentication with Cisco ACS
  • VLAN Control
  • 802.1x VLAN Assignments
  • HTTP Authentication
  • ISE Initial Configuration
  • ISE Certificates and Admin Access
  • AD Integration
  • ISE and MAB
  • 802.1X With ISE and Windows 7
  • Wired Local Web Authentication with ISE
  • Wireless 802.1x with ISE
  • Section 5: Perimeter Security and Services - ASA Firewalls

  • VLANs and IP Addressing
  • RIPv2
  • OSPF
  • EIGRP
  • Advanced Routing
  • IP Access-Lists
  • Object Groups
  • Administrative Access
  • ICMP Traffic
  • URL Filtering
  • Dynamic NAT and PAT
  • Static NAT and PAT
  • Policy NAT and PAT
  • Static Policy NAT and PAT on ASA1
  • Static Identity NAT
  • Outside Dynamic NAT
  • DNS Doctoring Using “Alias”
  • DNS Doctoring Using “Static”
  • Fragmented Traffic
  • IDENT Issues
  • BGP across the Firewall
  • Stub Multicast Routing
  • PIM Multicast Routing
  • Network Time Protocol
  • System Logging
  • Filtering System Logs
  • SNMP Monitoring
  • DHCP Server
  • HTTP Traffic Inspection
  • FTP Traffic Inspection
  • SMTP Traffic Inspection
  • TCP Inspection
  • RADIUS Accounting for GPRS Traffic Inspection
  • ICMP Traffic Inspection
  • Threat Detection
  • Un-Stealthing the Firewall
  • Get Title
  • Low Latency Queuing
  • Traffic Shaping
  • Hierarchical Queuing
  • Transparent Firewall
  • ARP Inspection
  • Ethertype Access-Lists
  • Transparent Firewall NAT
  • Firewall Contexts
  • Firewall Contexts Routing
  • Firewall Contexts Classification
  • Resource Management
  • Active-Standby Failover
  • Active-Active Failover
  • ASA Redundant Interface and Etherchannel
  • ASA Enhanced Object Groups
  • Identity Firewall
  • Section 6: Perimeter Security and Services - IOS Firewalls

  • IOS Access-Lists
  • Dynamic ACLs
  • Reflexive ACLs
  • Context-Based Access Control
  • Port-to-Application Mapping (PAM)
  • IOS Firewall and Stateful Failover
  • IOS Firewall Performance Improvements
  • CBAC Connection Tuning and TCP Intercept
  • uRPF
  • Zone-Based Policy Firewall
  • Zone-Based Firewall HA
  • Simple Cisco IOS NAT
  • Note that additional labs for Section 6 (Perimeter Security and Services - IOS Firewalls) will be available by Tuesday along with Section 7 (Confidentiality and Secure Access).

    Brian Dennis, CCIE #2210
    About Brian Dennis, CCIE #2210

    Subscribe to INE Blog Updates

    New Blog Posts!