In my previous post I said I will share some info about how I prepared for CCSP, so here it is. First of all, the CCSP certification has CCNA Security as a prerequisite, so you can’t start without that one. Then you need to take 4 more exams, 3 of them are fixed and the last one you can choose out of a list of elective exams.
- CCNA Security – pre-requisite; Exam 642-553. This one is the entry-level certificate in the security train and introduces you to basic concepts about firewalls, securing the network, VPNs, ACS, network attacks and so on.
I used the official certification guide book from Cisco Press. I was already familiar with most of the technologies discussed in the book so this was an easy exam but I would say the book is good and you can use it to pass even if you are new to the security field. You do need to have CCNA passed though.
- IPS (Implementing Cisco Intrusion Prevention System) – mandatory; Exam 642-533. For this one you need to be familiar with the IPS sensors.
I didn’t have access to something like that to practice so I took the official Cisco class for this exam. It was a 5-day class at Experteach and I would say it did a decent job at preparing me for the exam. It was not exactly cheap though (none of the Cisco classes are).
- SNRS (Securing Networks with Cisco Routers and Switches) – mandatory; Exam 642-504. This exam builds upon CCNA Security and further introduces you to a bit more advanced concepts like Layer 2 security, network thread mitigation, DMVPN, GETVPN and so on.
I took the official Cisco class for this one as well but after I finished it, I realized I went there for nothing. Almost everything could’ve been practiced at home in dynamips/gns3. You can easily practice for this one at home based on the exam blueprint.
- SNAF (Securing Networks with ASA Fundamentals) – mandatory; Exam 642-524.This exam introduces you to the administration, management and troubleshooting of the ASA security appliance.
For this exam I decided to prepare myself at home and I rented for a week the CCIE Security rack from InternetworkExpert, a 6-hour slot each day. The rack is meant for CCIE practice but it did have all I needed for my exam (2 ASAs, ACS server, IPS sensors). It was really not expensive at all ($15 per day or so) and you get remote access to the rack equipment.
Having that, based on the exam blueprint, I designed my own practice scenarios and I just used them to practice the various technologies. It was not that bad, you have complete access to the equipment and you can familiarize with them in peace and configure them the way you want.
- SNAA (Securing Networks with ASA Advanced) – elective; Exam 642-515. This exam builds upon SNAF and introduces you to more advanced ASA topics such as dynamic routing, SSL VPNs, AIP and CSC modules and so on.
I wanted to study at home for this one as well but I looked around for a while and I ended up buying a one-week SNAA remote lab from NIL. The difference this time was that the lab is specifically tailored to the SNAA exam and they also give you a set of scenarios and exercises you can do, which cover the exam blueprint. Another plus is that once you log into the remote lab, all equipment are already pre-configured and you can start immediately to do your exercises, without wasting time to prepare them.
And I forgot to mention that for both SNAF and SNAA exams I used the Cisco Press book Cisco ASA: All-in-One Firewall, IPS, and VPN Adaptive Security Appliance. Good book.
And that’s pretty much it. What’s next ? CCIP, which is geared towards service providers and it’s much more related to what I do at work these days.
One more down, 3 more to go until CCSP ;-)
Warning: geeky talk.This is what course “rack” looks like. Each student has his own “pod” (I have no idea why they call it that) which consists of a 2811 router, a 2960 switch and 2 laptops, which simulate a client and a server. The thing is pretty compact as you can see, the trainer only has to plug it into a socket for power then just hand out two network cables to each student.
The course is about securing Cisco devices (routers and switches), VPNs and ACS. I have already worked quite a bit with most of the technologies mentioned in the course so it comes a bit earier for me, I don’t think there will be any problems at the exam. As a “deadline” I have to pass the exam until end of March. I have to pass also the CCNA Security exam until end of March, new prerequisite for the CCSP certification. But I think it’s going to be ok too.
The main reason I came to this course is the lack of books on SNRS. For some weird reason, Cisco hasn’t published any books about the CCSP exams. All you can get is the study guides they hand out in the course, there is not much else. Or at least I could not find anything. If I would’ve found books about this I would’ve stayed home because most of the things in this course can be simulated in GNS3.
Well, back to the class ;-)
First impressions about Utrecht, Netherlands: cold, cloudy, windy, depressing.
Yesterday was my first course day at the Experteach building, about 15 minutes bus ride from my hotel. The trainer is from London, funny guy who seems to know his stuff. We are only three people in this class, it seems this SNRS course is not so popular but I am happy with it so far. At the training location we have free wireless but unfortunately the building’s provider must be blocking VoIP calls. I have tried from my Nokia E51, which has a built-in VoIP client, but it’s not really working. It registers fine with Sipgate, my VoIP provider, I can call but I can’t hear anything and I am not being heard either. I think I have to hack the settings a bit and use a proxy, I will see today.
At least wireless is free there, unlike at the hotel. Here there is only a Swisscom hotspot available and for 7 days you are charged 68 euros. Ridiculous!
As a curiosity, one of the students looks almost exactly like Commander Tucker from “Star Trek: Enterprise“:
It happened to me lots of times before to notice people who look almost identical, as if they were “made” from the same model. Who knows, common genetic material perhaps;-)
This week things were very busy at work, there are all kind of problems in the current GETVPN deployment. But I can’t complain, to be honest. I like this better than looking out of the window without anything to do. Besides, I think this is the best way to learn. I am directly involved in the implementation, testing and troubleshooting which mean I got deep into all kind of concepts which I would not have touched otherwise. That will do me good since GETVPN is part of the study material for my SNRS exam, which I have to pass before end of March.
It’s interesting to see how such a huge project takes place when you are on both sides of the fence, Cisco and the customer. We are working as Cisco engineers on customer’s premises so we have an unique view of the whole project (the technical part anyway). On the other side, I can’t help noticing major differences in the way an american corporation (Cisco) and a german one (the customer) work internally. At Cisco, working remotely (via VPN) is a non-issue. Each laptop has the VPN client installed by default. There is a big part of the employees who are mobile workers so remote access into the Cisco network is perfectly natural. That’s a big difference compared to the customer (and many other german companies) where it’s incredibly hard to get permission for something like this. I have never seen more paranoic people than the germans when it comes to security. But anyway, we do what we can.
In other news, it seems the car will be ready around thursday next week, at least that’s what the guy at the VW dealership told me this morning. I planned initially to drive to Utrecht for my training but in the end I decided to go by train. The time is the same or even less if I think I could get into some big traffic jams on the autobahn. And I will have time to read something, watch a movie, etc. I think last time I was in an ICE train was many years ago, it should be interesting.
Enough for now, it’s late so I guess I just go to bed.
Last week was extremely cold, with highs during the day of -3C or -4C. I am not even talking about nights, it went down as low as -14C. Last week I also started work after my nice “vacation”, which was not really that much fun. At least for me; it started with a dead power supply of a Cisco 7609 (followed shortly by a disaster in the replacement procedures) and with all kind of problems and bugs in the GetVPN implementation which currently takes place. I have no reason to believe the next week will be any different.
Otherwise things are kinda hectic. The renovation goes well but it’s still a lot to be done. Meanwhile the apartment on the first floor is starting to look better. Next week we will start working on the second floor apartment, where there is a little bit less work so it’s possible that we finish before the end of the month. I took the last week of January off and I already rented a van for the moving, an 3.5t Iveco Daily. It’s going to be extremely fun.
And because I was dumb and didn’t realize at the time, in the first week of February (immediately after I moved) I will have my SNRS class. If I would’ve thought for a bit I should not have agreed with this so soon. And on top of it, it takes place all the way in Utrecht, Netherlands. Well, nothing I can do about that now.
In other news, “Stargate Atlantis” is over, I watched yesterday the last episode :-( I’ve seen pretty much everything from the Stargate series: SG1, Atlantis as well as all the Stargate movies released so far. The next franchise will be “Stargate Universe” but that’s scheduled for release only in August 2009 so I still have to wait some more. That sucks ;-)
Daily stuff | Stefan | 
September 30, 2009 9:09 pm | 
Comments (3) 
