Yesterday marked the kickoff of the new CCIE Security v4 Advanced Technologies Class. In our first session we discussed the scope of the new CCIE Security Version 4.0 blueprint, recommended readings (which can be found at the bottom of this post), the new format of class, and technical topics that included stateless traffic filters on IOS with standard ACLs, extended ACLs, time-based ACLs, and dynamic ACLs.

Going forward the SCv4 ATC will be delivered over the next 4 - 6 weeks as shorter, more spread out class days, typically of about 4 hours apiece.  The specific class schedule will be posted here on the blog at least a week in advance so you can plan which sessions you want to attend live.  Anyone with an active All Access Pass subscription or that has previously purchased the download version of the SCv3 ATC can attend the live sessions. The link to join class can be found at the top of the Members Site dashboard, or direct at http://ine.co/scv4.  In the short-term the next upcoming class sessions are as follows:

• 2013-09-26 10:00 PDT (17:00 GMT) - Reflexive ACLs, CBAC, & ZBPF
• 2013-09-30 10:00 PDT (17:00 GMT) - Advanced ZBPF

A longer-term schedule will be posted after the weekend.  In general, the class flow will follow the below outline. If you have specific topics requests for class please feel free to post a comment below and I will take it into account.

• IOS Security
  • Understanding IOS Architecture
  • IOS Access-Lists
  • CBAC
  • ZBPF
  • User Based Firewall
  • Security Group Firewall
  • Transparent vs Routed Firewall
  • IOS NAT
  • IOS PBR

• ASA Security
  • Understanding ASA Architecture
  • ASA Management Plane
  • ASA Control Plane
  • Routed vs Transparent Mode
  • Single vs Multi Context Mode
  • Active/Standby vs Active/Active Failover Mode
  • Routing
  • Access-Lists before and after 8.3
  • NAT before and after 8.3
  • Identity Firewall
  • MPF and Application Inspection
  • URL, Java and ActiveX Filtering

• Virtual Private Networks
  • Understanding IPsec Framework
  • Understanding ISAKMP, IKEv1, IKEv2 and TLS
  • Understanding PKI Infrastructure
  • IKEv1 L2L VPN on IOS and ASA
  • IKEv1 RA VPN on IOS and ASA
  • IKEv1 Easy VPN
  • IKEv1 VRF Aware VPN
  • IKEv1 VTI (SVTI and DVTI)
  • IKEv1 with GRE Tunneling
  • IKEv1 IPsec High Availability
  • GETVPN
  • DMVPN (Phase1, 2, 3)
  • AnyConnect VPN on IOS and ASA
  • Clientless SSL VPN on IOS and ASA
  • IKEv2 on ASA
  • FlexVPN

• Identity Management
  • Understanding AAA Framework
  • Understanding RADIUS, TACACS and LDAP
  • Understanding ACS and ISE Architecture
  • Understanding 802.1x Framework
  • Understanding EAP Methods
  • ACS and ISE Initial Configuration
  • AAA Services for IOS
  • AAA Services for ASA
  • IOS and ASA Cut-Through Proxy
  • ACS and ISE PKI Integration
  • ACS and ISE AD Integration
  • MAB With ACS and ISE
  • PEAP with ACS and ISE
  • EAP-FAST with ACS and ISE
  • ISE Client Provisioning and Posture
  • ISE Profiling
  • Local and Centralized Web Authentication
  • Monitoring and debugging
  • 802.1ae MacSec

• Wireless Security
  • Understanding WLC Architecture
  • Understanding AP Functional Modes
  • WLC and AP Initial Configuration
  • WLC Control-Plane Security
  • WLC Integration with ACS and ISE
  • WLC Local and Centralized Web Authentication
  • WLAN Security
  • wIPS

• Intrusion Prevention Systems:
  • Understanding IPS Architecture
  • IPS Initialization and Management
  • IPS Inline Mode vs Promiscuous Mode
  • IPS Inline VLAN Pair vs Inline Interface Pair
  • Virtual Sensors
  • Configuring Signatures
  • Configuring Event Actions
  • Configuring Event Overrides and Filters
  • Configuring Anomaly Detection
  • Configuring Shunning, Blocking and Rate Limiting
  • SPAN and RSPAN

• Content Security
  • Understanding IronPort WSA Architecture
  • WSA Transparent vs Forwarding Mode
  • WSA Initial Configuration
  • Configuring WCCP
  • Configuring Identities and Access Rules
  • Active Directory Integration
  • Configuring URL Filtering
  • Configuring WBRS
  • Configuring HTTPS Decryption
  • Configuring AVC
  • Monitoring and debugging

• Threat Identification and Mitigation
  • Control-Plane Security
  • RFC 1918,2827,3330 AntiSpoofing
  • FPM, NBAR and Netflow
  • PVLAN
  • Access-Lists (MACL, PACL, VACL, RACL)
  • DHCP Snooping, DAI and IPSG
  • IPv6 FH Security
  • BPDU Guard, BPDU Filter
  • Loop Guard, Root Guard
  • Preventing Network attacks
  • MQC
  • RTBHF
  • MQC Marking and Classification
  • IOS Rate-Limiting, Policing and Shaping

Beyond reading the documentation, we've compiled a list of relevant books on a per-topic domain basis.  Most, if not all, of these titles can be found on Safari Online.

• General Technology
  • Routing TCP/IP Volume 1, 2nd Edition
  • Routing TCP/IP Volume 2
  • Troubleshooting IP Routing Protocols
  • Designing Network Security
  • Network Security Architectures
  • Network Security Technologies and Solutions
  • Penetration Testing and Network Defense
• Firewalls
  • Firewall Fundamentals
  • Implementing Cisco IOS Network Security
  • Cisco Firewalls: Concept, Design and Deployment for Cisco Stateful Firewall Solutions
  • Cisco ASA: All-in-One Firewall, IPS, Anti-X, and VPN Adaptive Security Appliance, 2nd Edition
• VPN
  • IPsec VPN Design
  • PKI Uncovered
  • IPsec Virtual Private Network Fundamentals
  • Troubleshooting Virtual Private Networks
  • SSL Remote Access VPNs
• AAA
  • AAA Identity Management Security
  • Cisco ISE for BYOD and Secure Unified Access
• WiFi
  • Controller-Based Wireless LAN Fundamentals
  • Cisco Wireless LAN Security
• IPS
  • Intrusion Prevention Fundamentals
• IPv6
  • IPv6 Fundamentals: A straightforward Approach to Understanding  IPv6
  • IPv6 Security
• CCIE Specific
  • CCIE Security Exam Certification Guide, 2nd Edition
  • CCIE Security v3.0 Configuration Practice Labs