CCIE Blog

I hope everyone had a good holiday season.  I actually was able to enjoy a little bit myself surprisingly.  But now it is time to get back to work… right :)

So the Security version 3.0 announcement has been out now for about 2 and a half months now.  This change can become a big stumbling block for many that are stuck in the middle of whether they are going to make it for the old version or the new 3.0 version of the test.  If you don’t feel that you will make it for the old version of the test… do you wait around for our new material to be released or continue to study?  Well, I think there is a clear direction that should be followed and I want to outline some of my recommendations to you below so you don’t get caught in the doldrums of preparation time.

In a perfect world we would be able to offer you the complete 6th edition of our CCIE-Security study material, The Blended Learning Solution (BLS) version 3.0. It would be a clean and simple solution that would suit everyone. However I believe the current workbook and proctor guide can continue to provide you, as a student, the necessary tools to prepare for the newer version of the test and will provide you a building block to the new material as we release it.

So what do I mean by this?  Well, let’s go over what was on the test previously that will no longer be on the new version and briefly what is going to be introduced on the newer version of the test that was not previously there.

So first, what has been removed is pretty simple; the VPN concentrator and PIX are no longer on the hardware list.  So any material we have in relation to this hardware is no longer relevant.  (Although most of the functionality configured on a PIX is the same on the ASA). So if a lab in the workbook has material in relation to this hardware does it make the lab irrelevant?  Definitely not… It means that possibly 20% of the lab may be irrelevant for the hardware.  But the functionality that is asked in the questions can be either skipped or you can even take it a step further and implement the technologies on another device.  For example, if the lab has you configure PIX as a transparent firewall.  You may not be tested on the PIX but the transparent firewall feature is still very clearly on the new blueprint under both the ASA and IOS sections.  So it is a great opportunity to learn how to do a transparent firewall on a router or an ASA.

The IPS has changed from a 4215 to a 4240.  But the topics covered under the IPS section have not changed.  The material we have written for the IDS appliance is still very relevant to the IPS.  It is now implemented with a different interface.  And the great thing IPexpert has worked to do with ProctorLabs is to get the new hardware added to the racks while still leaving the older appliance available to clients continuing to study for the version 2.0 blueprint.

So we have provided you with the option to use the new appliance with older material as your guide until our new material is released.  If you have used the older appliance it is an easy transition to the new interface.  Once you get the knack of working with it.  I would explain it as going from Windows 2000 to Windows 2008.  The old features are still present and relevant.  It looks a little different with more of a logical separation of configuration functionality.  As well, it has been given upgraded functionality that was not previously available.

There will be additional material introduced in the new version of the workbook for the IPS, but the old material will still be covered with the solution guide re-written to show the newer interface.

Now new topics I will only briefly mention;

IOS Firewalls: Zone based firewall.

Cisco VPN Solutions: GET VPN, and Clientless WebVPN are introduced.

Identity Management: LDAP authentication and Certificate Based Authentication

Control and Management Plane Security: Implementing routing plane security features, Configuring Control Plane Policing, Configure CP protection (Management is already tested there will be additional material), Service Authentication

Advanced Security: RFC 3330 and 3704 is added; RFC 2401 is removed

Mitigate Network Attacks: Malicious IP Option usage

That is it.  The blueprint looks a lot different if you are not comparing them side by side.  But if you do, you will find the new blueprint is a lot more words saying the same things for the most part.

Now in pointing this out, there is definitely additional material that needs to be covered with our new material we are working to release.  I believe that you will be greatly benefited by the material we release.  Does this mean that you should stop studying and wait for this material?  Definitely not… there is very little material that is covered in the previously work book that is no longer relevant (As I have outlined above).

It is also important to understand how Cisco introduces the new versions of the test.  When they implement the new hardware, it has always occurred in the past that they don’t suddenly start implementing all the new features they have mentioned in the blueprint.  Nor all the new features available in the new versions of code (12.2T versus 12.4T).  In the past they have typically slowly transitioned to the newer features over a short period of time, about 1 to 3 months.  They don’t implement the new hardware and suddenly start introducing all the new features the first day after cut over.

I believe they have always provided this transition to allow both training companies and students to ramp up to the new material.  Contrary to popular belief, Cisco has a vested interest in your success.  They want people to continue to pass the test that are qualified to do so.  It is important to them to have people in the industry that are classified as “Experts” to sell their technologies to the market.  So keep in mind they are interested in your success.

Some candidates might choose to wait for spring ‘09 before commencing their studies.  If that is your strategy, well I am not one to say that it is not OK. My only advice to you is that as the time passes with the new blueprint, more material will continue to be introduced and it will only become more unlike the 2.0 blueprint as time goes on.  This means that there will be a greater breadth of features on the test.  So don’t wait for new material to begin/continue your preparation.  Especially if in fact you have the opportunity to start now with the majority of the current topics and build from there.

Now neither IPexpert nor any of the companies who operate in the same space have any practice labs for the new blueprint ready today. Again that will be changing very soon, however it is going to take time before anybody can come out and offer an updated solution for you to use.  I do want to let you know a little about our strategy as we move forward.  We have decided to release material as it becomes available.  This means that as we finish one or more labs that are ready for release we will make them available to you as a student (bear in mind as labs are released one-by-one, you get to start on the new BP topics no sooner than you have finished the base theory).  And by March ‘09 Bootcamps will have been updated and various blogs, mailing lists, and forums will have begin buzzing with new content.

Don’t sit around while the economy melts around us. You need to get your skills upgraded, and you need to be prepared to take the new exam when it debuts in April, not 6 months from April when you have had enough time to practice in your home lab. You need the certification as soon as possible to much better hedge your bets against a falling job market.

So it boils down to this: We will have labs covering the newer theories, complete with newer screenshots soon.  But do you start/continue your studying now or wait for that material.  I think the answer to that is clearly now.  Move forward with the current material or buy the current Security Box Set, study, and get ready for the more advanced material to come your way!

So what are you waiting for?!?!? Get the Security Box Set today, start studying now, and get the updated material JIT for a huge upgrade cost of $000.00!!