+ Reply to Thread
Page 2 of 10 First 12 3456 ... Last
Results 26 to 50 of 242
  1. Senior Member YFZblu's Avatar
    Join Date
    Nov 2011
    Posts
    1,423

    Certifications
    A+, N+, S+, CCNA, CCNA:Sec, GSEC, GCIH, GCFE
    #26
    Day 6/7

    Chapter 6: Securing the Management Plane

    This chapter was kind of a beast for a CCNA Sec noob, I ended up taking two days to digest it. I also searched YouTube long enough to find some CCNP Switch Trainsignal videos that were very helpful, in case anyone needs help in this area. This section was all about using AAA to secure the management plane - VTY lines, Console, and Aux. The chapter covered enabling AAA, configuring AAA for the management plane via command line, and securing IOS images in flash to prevent attackers from modifying it remotely - Really good stuff!

    Chapter 7 looks like it has some ACS topics involved (13 pages, I counted!). Unfortunately I won't be able to lab ACS as it requires a commercial relationship with Cisco...Hopefully it won't be too terrible! It's still early in the day and I could move to chapter 7, but I think I'll review my notes from 1-6.
    Last edited by YFZblu; 08-13-2012 at 06:14 PM.
    Reply With Quote Quote  

  2. SS -->
  3. Matrix(Config)# Roguetadhg's Avatar
    Join Date
    Jan 2012
    Location
    SC
    Posts
    2,380

    Certifications
    #Cisco: NA #CompTIA: A.N.S
    #27
    are you saying that Chapter 7 can not be labbed for us non-cisco-aff people?
    Reply With Quote Quote  

  4. Senior Member YFZblu's Avatar
    Join Date
    Nov 2011
    Posts
    1,423

    Certifications
    A+, N+, S+, CCNA, CCNA:Sec, GSEC, GCIH, GCFE
    #28
    Unfortunately you're correct. Not to say that configuring TACACS in the ACS doesn't require preparation via the command line, it does. So there is some labbing you can do on the local router; however it's probably impossible for someone in my position to lab the ACS gui unless I shell out a bunch of money for an in-person bootcamp or something.
    Last edited by YFZblu; 08-13-2012 at 07:21 PM.
    Reply With Quote Quote  

  5. Matrix(Config)# Roguetadhg's Avatar
    Join Date
    Jan 2012
    Location
    SC
    Posts
    2,380

    Certifications
    #Cisco: NA #CompTIA: A.N.S
    #29
    https://learningnetwork.cisco.com/thread/10204
    for the CCNA Security, you need to know what ACS is used for and some basics "howto", it's the SDM(Security Device Manager) that you will need to know inside out.

    So it shouldn't be too much of an issue. Thank you for the heads-up!
    Reply With Quote Quote  

  6. Senior Member YFZblu's Avatar
    Join Date
    Nov 2011
    Posts
    1,423

    Certifications
    A+, N+, S+, CCNA, CCNA:Sec, GSEC, GCIH, GCFE
    #30
    Those posts were made back in January - Are we sure they're referring to the 554 exam, and not 553?
    Reply With Quote Quote  

  7. Senior Member YFZblu's Avatar
    Join Date
    Nov 2011
    Posts
    1,423

    Certifications
    A+, N+, S+, CCNA, CCNA:Sec, GSEC, GCIH, GCFE
    #31
    Follow up: This is from the blueprint: Understanding, implementing, and verifying AAA (authentication, authorization, and accounting), including the details of TACACS + and RADIUS

    I assume we'll have to know a little configuration pertaining to ACS; however probably not much. For example, chapter seven is 30 pages in length, 13 pages of that are dedicated to the ACS gui. Other than that, I didn't really see any other ACS stuff when flipping through the book. So I think we'll be just fine.
    Reply With Quote Quote  

  8. Matrix(Config)# Roguetadhg's Avatar
    Join Date
    Jan 2012
    Location
    SC
    Posts
    2,380

    Certifications
    #Cisco: NA #CompTIA: A.N.S
    #32
    Good deal!
    Reply With Quote Quote  

  9. Senior Member zrockstar's Avatar
    Join Date
    Jan 2012
    Location
    NC
    Posts
    370

    Certifications
    CCNA, Network+, CSE
    #33
    I just sucks that we can't actually do it. If the ACS demo was more avilable or there was at least a sim for it, that would be sweet. I'm sure it really isn't that big of deal though, it's just when I see new toys I want to play with them
    Reply With Quote Quote  

  10. Senior Member YFZblu's Avatar
    Join Date
    Nov 2011
    Posts
    1,423

    Certifications
    A+, N+, S+, CCNA, CCNA:Sec, GSEC, GCIH, GCFE
    #34
    Day 8

    Chapter 7 - Implementing AAA Using IOS and the ACS Server

    This chapter basically took what we learned in chapter six and applied it to configuration. Topics included:

    -Why use Cisco ACS?
    -Differences between RADIUS and TACACS+
    -Preparing routers to communicate with a AAA server - This can be done via CLI or CCP
    -Details of Cisco ACS - Network device groups, network devices, identity groups, user accounts, and authorization profiles
    -Creation of the above components in Cisco ACS
    -Verification and troubleshooting of the communication between network devices and Cisco ACS

    This chapter had me nervous because of the ACS configuration; however something I noticed in the text is there were no "Key Topic" bubbles near ANY of the ACS configuration. In fact a "Key Topic" bubble didn't appear in ACS until the troubleshooting portion. This is good news because ACS trouble shooting happens at the command line for the most part. So rejoice! ACS isn't bad at all, even for us noobs with no access to it.

    Anyway, I really enjoyed the last two chapters. They have cleared up a ton of questions that the CCNA left me with.
    Reply With Quote Quote  

  11. Senior Member YFZblu's Avatar
    Join Date
    Nov 2011
    Posts
    1,423

    Certifications
    A+, N+, S+, CCNA, CCNA:Sec, GSEC, GCIH, GCFE
    #35
    Day 9:

    Chapter 8 - Securing Layer 2 Technologies

    Considering I just passed the CCNA last week, I took the liberty of skipping the sections that review STP, switch logic, VLANs, and trunking. So there were only a few pages of layer 2 security to get through. This chapter discussed port security, BPDU Guard and Root Guard as well as the configurations that went along with it. This wasn't new material as all of these technologies and their configurations were covered by the CCNA exam.
    Reply With Quote Quote  

  12. Audentis Fortuna Iuvat veritas_libertas's Avatar
    Join Date
    Feb 2009
    Posts
    5,652

    Certifications
    eCPPT, GPEN, GWAPT, GCIH, CISSP, CCNA (expired), MCTS
    #36
    I'm going to enjoy following this. Once I'm finished with the CCNA I intend to start on the CCNA:Security. As I understand it, you need to have an ASA to really be ready for the exam?
    Currently working on: Resting
    Reply With Quote Quote  

  13. Senior Member YFZblu's Avatar
    Join Date
    Nov 2011
    Posts
    1,423

    Certifications
    A+, N+, S+, CCNA, CCNA:Sec, GSEC, GCIH, GCFE
    #37
    ^ Yeah, it looks like Chapter 14 really gets heavy with ASA configuration both in CCP, ASDM, and the ASA device; however it is my understanding that it is possible to lab the ASA device in GNS3.
    Reply With Quote Quote  

  14. Audentis Fortuna Iuvat veritas_libertas's Avatar
    Join Date
    Feb 2009
    Posts
    5,652

    Certifications
    eCPPT, GPEN, GWAPT, GCIH, CISSP, CCNA (expired), MCTS
    #38
    Quote Originally Posted by YFZblu View Post
    ^ Yeah, it looks like Chapter 14 really gets heavy with ASA configuration both in CCP, ASDM, and the ASA device; however it is my understanding that it is possible to lab the ASA device in GNS3.
    I saw that, but it looks a little more complicated than I'm interested in. I'll probably just pick one up myself.
    Currently working on: Resting
    Reply With Quote Quote  

  15. Senior Member BroadcastStorm's Avatar
    Join Date
    Mar 2009
    Posts
    486

    Certifications
    CCNP/CCNA: R&S | MCSE 2003 | MCTS | BSCS
    #39
    I thought you only need a router and switch for CCNA security? a router has two interface get a WIC card with a fastethernet then you have inside/outside/dmz.

    Am I wrong about this? what topic in CCNA security that is needed to use ASA firewall? if you're getting a firewall might as well get something with a Security Plus License otherwise you'll outgrow it.

    Licensed features for this platform:
    Maximum Physical Interfaces : 8 perpetual
    VLANs : 20 DMZ Unrestricted
    Dual ISPs : Enabled perpetual
    VLAN Trunk Ports : 8 perpetual
    Inside Hosts : Unlimited perpetual
    Failover : Active/Standby perpetual
    VPN-DES : Enabled perpetual
    VPN-3DES-AES : Enabled perpetual
    AnyConnect Premium Peers : 2 perpetual
    AnyConnect Essentials : Disabled perpetual
    Other VPN Peers : 25 perpetual
    Total VPN Peers : 25 perpetual
    Shared License : Disabled perpetual
    AnyConnect for Mobile : Disabled perpetual
    AnyConnect for Cisco VPN Phone : Disabled perpetual
    Advanced Endpoint Assessment : Disabled perpetual
    UC Phone Proxy Sessions : 2 perpetual
    Total UC Proxy Sessions : 2 perpetual
    Botnet Traffic Filter : Disabled perpetual
    Intercompany Media Engine : Disabled perpetual
    This platform has an ASA 5505 Security Plus license.
    Reply With Quote Quote  

  16. Senior Member YFZblu's Avatar
    Join Date
    Nov 2011
    Posts
    1,423

    Certifications
    A+, N+, S+, CCNA, CCNA:Sec, GSEC, GCIH, GCFE
    #40
    The new CCNA Sec covers ASA device configuration - Previously only CCNP Sec did.
    Reply With Quote Quote  

  17. Senior Member BroadcastStorm's Avatar
    Join Date
    Mar 2009
    Posts
    486

    Certifications
    CCNP/CCNA: R&S | MCSE 2003 | MCTS | BSCS
    #41
    Cisco just want to make more money from the students so there's more demands for the ASA 5505.
    Reply With Quote Quote  

  18. Senior Member YFZblu's Avatar
    Join Date
    Nov 2011
    Posts
    1,423

    Certifications
    A+, N+, S+, CCNA, CCNA:Sec, GSEC, GCIH, GCFE
    #42
    Day 9

    Chapter 9: Securing the Data Plan in IPv6

    I had a little extra time today, so I decided to hit this chapter as well. The chapter started off with some nice IPv6 review which I decided to read - It just talked about address structure in comparison to v4 mostly, as well as the different types of addresses: Link local, global unicast, anycast, and loopback. The chapter also discussed the multicasting that goes on with IPv6 and the associated addresses. What I especially liked is that this chapter went a little deeper than CCNA R&S did regarding configuration - Or maybe I just wasn't paying attention during CCNA R&S IPv6 configuration

    The chapter closed with the types of threats that occur on both v4 and v6 networks, and only on v6 networks - Issues related to tunneling, link local multicasting, ICMPv6 issues, and just general issues that can arise when implementing a new software package.
    Reply With Quote Quote  

  19. Senior Member YFZblu's Avatar
    Join Date
    Nov 2011
    Posts
    1,423

    Certifications
    A+, N+, S+, CCNA, CCNA:Sec, GSEC, GCIH, GCFE
    #43
    Day 10

    Chapter 10: Planning a Threat Control Strategy

    This chapter kicked off part III of the book and was mostly dedicated to discussing the process of mitigating and reacting to threats on the network, and the policies in place. The chapter reviewed a few tools available at layers two (port security, dynamic ARP inspection, BPDU Guard, Root Guard) and layer three (ACL's, VPN, IPS, AAA, etc). No config in this chapter as most of these features have their own dedication sections throughout the book.
    Reply With Quote Quote  

  20. Senior Member Mike-Mike's Avatar
    Join Date
    Aug 2010
    Location
    Louisville, KY
    Posts
    1,848

    Certifications
    CISSP, HDI-SCA, ITIL V3 Foundations, A+, Network+, Security+, MCP, MCDST, CCENT, CCNA, Project+, CCNA Security, MCTS: Windows 7 Config, CEH, CHFI
    #44
    good thread, I'm going for the CCNA Security too, but I need to review my CCNA stuff first
    Reply With Quote Quote  

  21. Senior Member sthompson86's Avatar
    Join Date
    Apr 2010
    Location
    Pearl, Ms
    Posts
    370

    Certifications
    A.A.S Computer Technology, CCNA, CCENT, A+, Network+, Security+
    #45
    I got started this week - Finishing up with chapter 1 and supplementing CBT videos. I am going slower through the material, and taking lots of notes as I go. No rush here.
    Reply With Quote Quote  

  22. Senior Member YFZblu's Avatar
    Join Date
    Nov 2011
    Posts
    1,423

    Certifications
    A+, N+, S+, CCNA, CCNA:Sec, GSEC, GCIH, GCFE
    #46
    Nice!! Do we have any word on when CBTnuggets or Trainsignal will release 554 content?
    Reply With Quote Quote  

  23. Senior Member YFZblu's Avatar
    Join Date
    Nov 2011
    Posts
    1,423

    Certifications
    A+, N+, S+, CCNA, CCNA:Sec, GSEC, GCIH, GCFE
    #47
    Day 11

    Chapter 11: Using Access Control Lists for threat mitigation

    This chapter was mostly R&S review as well, but the mindset of the chapter was to think about ACL's for more than packet filtering just to keep UserA from reaching HostB - It explained that ACLs can be used to prevent IP address spoofing which isn't something I had considered before. This chapter also introduced the concept of the Object Group which seems like a great tool for making things easier on the ACL administrator. The chapter closed with IPv6 packet filtering with ACL's, which is different than v4 ACLs.

    A little bit of new material, I'm looking forward to labbing this later - Especially the Object Groups and IPv6 filtering.
    Reply With Quote Quote  

  24. Senior Member sthompson86's Avatar
    Join Date
    Apr 2010
    Location
    Pearl, Ms
    Posts
    370

    Certifications
    A.A.S Computer Technology, CCNA, CCENT, A+, Network+, Security+
    #48
    @YFZblu - Can you say whether or not the CCNA Sec 554 requires one to own an ASA for labs? I have done some reading, but really have not found a diffident black or white answer.

    Thanks in adv.
    Reply With Quote Quote  

  25. Senior Member YFZblu's Avatar
    Join Date
    Nov 2011
    Posts
    1,423

    Certifications
    A+, N+, S+, CCNA, CCNA:Sec, GSEC, GCIH, GCFE
    #49
    Day 12 - No progress made
    Reply With Quote Quote  

  26. Senior Member YFZblu's Avatar
    Join Date
    Nov 2011
    Posts
    1,423

    Certifications
    A+, N+, S+, CCNA, CCNA:Sec, GSEC, GCIH, GCFE
    #50
    Day 13

    Chapter 12: Understanding Firewall Fundamentals

    Another very interesting chapter that covers the basics of firewalls; types, functionality, implementation, and policy. This chapter also covered NAT terminology and deployment.
    Reply With Quote Quote  

+ Reply to Thread
Page 2 of 10 First 12 3456 ... Last

Social Networking & Bookmarks