Sep
25

Yesterday marked the kickoff of the new CCIE Security v4 Advanced Technologies Class. In our first session we discussed the scope of the new CCIE Security Version 4.0 blueprint, recommended readings (which can be found at the bottom of this post), the new format of class, and technical topics that included stateless traffic filters on IOS with standard ACLs, extended ACLs, time-based ACLs, and dynamic ACLs.

Going forward the SCv4 ATC will be delivered over the next 4 - 6 weeks as shorter, more spread out class days, typically of about 4 hours apiece.  The specific class schedule will be posted here on the blog at least a week in advance so you can plan which sessions you want to attend live.  Anyone with an active All Access Pass subscription or that has previously purchased the download version of the SCv3 ATC can attend the live sessions. The link to join class can be found at the top of the Members Site dashboard, or direct at http://ine.co/scv4.  In the short-term the next upcoming class sessions are as follows:

  • 2013-09-26 10:00 PDT (17:00 GMT) - Reflexive ACLs, CBAC, & ZBPF
  • 2013-09-30 10:00 PDT (17:00 GMT) - Advanced ZBPF

A longer-term schedule will be posted after the weekend.  In general, the class flow will follow the below outline. If you have specific topics requests for class please feel free to post a comment below and I will take it into account.

  • IOS Security
    • Understanding IOS Architecture
    • IOS Access-Lists
    • CBAC
    • ZBPF
    • User Based Firewall
    • Security Group Firewall
    • Transparent vs Routed Firewall
    • IOS NAT
    • IOS PBR
  • ASA Security
    • Understanding ASA Architecture
    • ASA Management Plane
    • ASA Control Plane
    • Routed vs Transparent Mode
    • Single vs Multi Context Mode
    • Active/Standby vs Active/Active Failover Mode
    • Routing
    • Access-Lists before and after 8.3
    • NAT before and after 8.3
    • Identity Firewall
    • MPF and Application Inspection
    • URL, Java and ActiveX Filtering
  • Virtual Private Networks
    • Understanding IPsec Framework
    • Understanding ISAKMP, IKEv1, IKEv2 and TLS
    • Understanding PKI Infrastructure
    • IKEv1 L2L VPN on IOS and ASA
    • IKEv1 RA VPN on IOS and ASA
    • IKEv1 Easy VPN
    • IKEv1 VRF Aware VPN
    • IKEv1 VTI (SVTI and DVTI)
    • IKEv1 with GRE Tunneling
    • IKEv1 IPsec High Availability
    • GETVPN
    • DMVPN (Phase1, 2, 3)
    • AnyConnect VPN on IOS and ASA
    • Clientless SSL VPN on IOS and ASA
    • IKEv2 on ASA
    • FlexVPN
  • Identity Management
    • Understanding AAA Framework
    • Understanding RADIUS, TACACS and LDAP
    • Understanding ACS and ISE Architecture
    • Understanding 802.1x Framework
    • Understanding EAP Methods
    • ACS and ISE Initial Configuration
    • AAA Services for IOS
    • AAA Services for ASA
    • IOS and ASA Cut-Through Proxy
    • ACS and ISE PKI Integration
    • ACS and ISE AD Integration
    • MAB With ACS and ISE
    • PEAP with ACS and ISE
    • EAP-FAST with ACS and ISE
    • ISE Client Provisioning and Posture
    • ISE Profiling
    • Local and Centralized Web Authentication
    • Monitoring and debugging
    • 802.1ae MacSec
  • Wireless Security
    • Understanding WLC Architecture
    • Understanding AP Functional Modes
    • WLC and AP Initial Configuration
    • WLC Control-Plane Security
    • WLC Integration with ACS and ISE
    • WLC Local and Centralized Web Authentication
    • WLAN Security
    • wIPS
  • Intrusion Prevention Systems:
    • Understanding IPS Architecture
    • IPS Initialization and Management
    • IPS Inline Mode vs Promiscuous Mode
    • IPS Inline VLAN Pair vs Inline Interface Pair
    • Virtual Sensors
    • Configuring Signatures
    • Configuring Event Actions
    • Configuring Event Overrides and Filters
    • Configuring Anomaly Detection
    • Configuring Shunning, Blocking and Rate Limiting
    • SPAN and RSPAN
  • Content Security
    • Understanding IronPort WSA Architecture
    • WSA Transparent vs Forwarding Mode
    • WSA Initial Configuration
    • Configuring WCCP
    • Configuring Identities and Access Rules
    • Active Directory Integration
    • Configuring URL Filtering
    • Configuring WBRS
    • Configuring HTTPS Decryption
    • Configuring AVC
    • Monitoring and debugging
  • Threat Identification and Mitigation
    • Control-Plane Security
    • RFC 1918,2827,3330 AntiSpoofing
    • FPM, NBAR and Netflow
    • PVLAN
    • Access-Lists (MACL, PACL, VACL, RACL)
    • DHCP Snooping, DAI and IPSG
    • IPv6 FH Security
    • BPDU Guard, BPDU Filter
    • Loop Guard, Root Guard
    • Preventing Network attacks
    • MQC
    • RTBHF
    • MQC Marking and Classification
    • IOS Rate-Limiting, Policing and Shaping

Beyond reading the documentation, we've compiled a list of relevant books on a per-topic domain basis.  Most, if not all, of these titles can be found on Safari Online.

Brian McGahan, CCIE #8593, CCDE #2013::13
About Brian McGahan, CCIE #8593, CCDE #2013::13

Subscribe to INE Blog Updates

New Blog Posts!