Posts tagged: snrs

Preparing for the CCSP Certification

In my previous post I said I will share some info about how I prepared for CCSP, so here it is. First of all, the CCSP certification has CCNA Security as a prerequisite, so you can’t start without that one. Then you need to take 4 more exams, 3 of them are fixed and the last one you can choose out of a list of elective exams.

  1. CCNA Securitypre-requisite; Exam 642-553. This one is the entry-level certificate in the security train and introduces you to basic concepts about firewalls, securing the network, VPNs, ACS, network attacks and so on.

    I used the official certification guide book from Cisco Press. I was already familiar with most of the technologies discussed in the book so this was an easy exam but I would say the book is good and you can use it to pass even if you are new to the security field. You do need to have CCNA passed though.

  2. IPS (Implementing Cisco Intrusion Prevention System) – mandatory; Exam 642-533. For this one you need to be familiar with the IPS sensors.

    I didn’t have access to something like that to practice so I took the official Cisco class for this exam. It was a 5-day class at Experteach and I would say it did a decent job at preparing me for the exam. It was not exactly cheap though (none of the Cisco classes are).

  3. SNRS (Securing Networks with Cisco Routers and Switches) – mandatory; Exam 642-504. This exam builds upon CCNA Security and further introduces you to a bit more advanced concepts like Layer 2 security, network thread mitigation, DMVPN, GETVPN and so on.

    I took the official Cisco class for this one as well but after I finished it, I realized I went there for nothing. Almost everything could’ve been practiced at home in dynamips/gns3. You can easily practice for this one at home based on the exam blueprint.

  4. SNAF (Securing Networks with ASA Fundamentals) – mandatory; Exam 642-524.This exam introduces you to the administration, management and troubleshooting of the ASA security appliance.

    For this exam I decided to prepare myself at home and I rented for a week the CCIE Security rack from InternetworkExpert, a 6-hour slot each day. The rack is meant for CCIE practice but it did have all I needed for my exam (2 ASAs, ACS server, IPS sensors). It was really not expensive at all ($15 per day or so) and you get remote access to the rack equipment.

    Having that, based on the exam blueprint, I designed my own practice scenarios and I just used them to practice the various technologies. It was not that bad, you have complete access to the equipment and you can familiarize with them in peace and configure them the way you want.

  5. SNAA (Securing Networks with ASA Advanced) – elective; Exam 642-515. This exam builds upon SNAF and introduces you to more advanced ASA topics such as dynamic routing, SSL VPNs, AIP and CSC modules and so on.

    I wanted to study at home for this one as well but I looked around for a while and I ended up buying a one-week SNAA remote lab from NIL. The difference this time was that the lab is specifically tailored to the SNAA exam and they also give you a set of scenarios and exercises you can do, which cover the exam blueprint. Another plus is that once you log into the remote lab, all equipment are already pre-configured and you can start immediately to do your exercises, without wasting time to prepare them.

    And I forgot to mention that for both SNAF and SNAA exams I used the Cisco Press book Cisco ASA: All-in-One Firewall, IPS, and VPN Adaptive Security Appliance. Good book.

And that’s pretty much it. What’s next ? CCIP, which is geared towards service providers and it’s much more related to what I do at work these days.


One more down, 3 more to go until CCSP ;-)

Cisco SNRS course

Warning: geeky talk.This is what course “rack” looks like. Each student has his own “pod” (I have no idea why they call it that) which consists of a 2811 router, a 2960 switch and 2 laptops, which simulate a client and a server. The thing is pretty compact as you can see, the trainer only has to plug it into a socket for power then just hand out two network cables to each student.

The course is about securing Cisco devices (routers and switches), VPNs and ACS. I have already worked quite a bit with most of the technologies mentioned in the course so it comes a bit earier for me, I don’t think there will be any problems at the exam. As a “deadline” I have to pass the exam until end of March. I have to pass also the CCNA Security exam until end of March, new prerequisite for the CCSP certification. But I think it’s going to be ok too.

The main reason I came to this course is the lack of books on SNRS. For some weird reason, Cisco hasn’t published any books about the CCSP exams. All you can get is the study guides they hand out in the course, there is not much else. Or at least I could not find anything. If I would’ve found books about this I would’ve stayed home because most of the things in this course can be simulated in GNS3.

Well, back to the class ;-)


First impressions about Utrecht, Netherlands: cold, cloudy, windy, depressing.

Yesterday was my first course day at the Experteach building, about 15 minutes bus ride from my hotel. The trainer is from London, funny guy who seems to know his stuff. We are only three people in this class, it seems this SNRS course is not so popular but I am happy with it so far. At the training location we have free wireless but unfortunately the building’s provider must be blocking VoIP calls. I have tried from my Nokia E51, which has a built-in VoIP client, but it’s not really working. It registers fine with Sipgate, my VoIP provider, I can call but I can’t hear anything and I am not being heard either. I think I have to hack the settings a bit and use a proxy, I will see today.

At least wireless is free there, unlike at the hotel. Here there is only a Swisscom hotspot available and for 7 days you are charged 68 euros. Ridiculous!

As a curiosity, one of the students looks almost exactly like Commander Tucker from “Star Trek: Enterprise“:

It happened to me lots of times before to notice people who look almost identical, as if they were “made” from the same model. Who knows, common genetic material perhaps;-)