Re: [nycnetworkers] CCNA Security labs

From: mayowa ogunbayo
Sent on: Wednesday, April 9, 2014 6:05 PM
Impossible!!! I actually left out my second love openssl in the list.

I am sorry openssl, emm ... we love you .. at least the upgraded 
resolved "heartbleed  memory risk" you. 






On Wed, Apr 9, 2014 at 5:27 PM, mayowa ogunbayo <[address removed]> wrote:
Hi Joaquim, 

Nice work with the advice on Keygens and stuff. Believe me they do not mess about 
with intellectual property, it is unethical and harmful as they usually come with rootkit vulnerabilities.
 
In addition blatant abuse is like painting yourself red and standing in front of a bull who just ate hot 
jalapenos. 

You are all it sees and it has no good intentions for you.

I would like to ask a question though. Does freeware stuff like OPENVPN, SSLDUMP,  SNORT, 
IPTABLES, and BACKTRACK  give you a good insight in regards the inner workings of security 
implementations like Cisco's firewall and IDS products?

Now it not going to be the same GUI or commands which is a given. However, would it be a good way 
(with the aid of books of course) to get familiar with security concepts like secure network access, 
firewall rules, fingerprinting, remediation and heuristics searches that are implemented in cisco portfolio?

Would anyone recommend them or any other? I for one fell in love with SSLDUMP ages ....no ...eon's
ago.


Mayowa Ogunbayo   



On Wed, Apr 9, 2014 at 9:08 AM, Joaquim Nogueira <[address removed]> wrote:

All:


I apologize for yesterdays comment regarding the keygen. I posted it STRICTLY for educational purposes esp. in GNS3. 

That said, again i apologize for any issues that came up because of it.



On another note, William and I spoke last night regarding setting up a lab for the CCNA and CCNP security route and the question of whether to use physical or virtual hardware came up. Hopefully the below can put you at ease and assist with your decision. 


SECURE Exam

-95% router based and can be done in GNS3 with no issues

-5% on switches dealing with PVLANS, minor port-security and 802.1x (can't be done in GNS3) My advice, learn the concepts and memorize the commands

-The SIM on this exam is implementing zones on a router which can be done in GNS3


FIREWALL EXAM

-Know all the firewall models

-Know the difference between version 8.2 and below and 8.3 and above (only ver 8.3+ can be done in GNS3)

-Know the asdm (unfortunately) this can be done in GNS3

-Access-lists, NATs, objects, object-groups, redundant interfaces and etc can be done in GNS3 but only using the new version. (I only got one question regarding the only version)

-The SIM ( I don't remember off the top of my head)



VPN EXAM

-Heavily based on Anyconnect and clientless VPN

-By default the ASA comes with 2 anyconnect essential licenses 

-Anyconnect premium license is required for the Clientless VPN

-if we can upload the anyconnect image this should be doable in GNS3

-I will find out and report back

-The SIM (I don't remember off the top of my head)



IPS EXAM

-Know the difference models and concepts of how each of them work

-launch the GUI in GNS3 and mess around with the virtual interfaces and the policies that go with it

-This can

-The SIM is creating virtual interface, creating custom policy and applying it


So overall this exam is doable in GNS3, but be mindful that in GNS3 the firewall can be buggy and will lock up on you from time to time. So save your configs to text files frequently. 


if others have more information please feel free to add it, the more information the better.


Furthermore, for those starting in security, i recommend reading and taking the Comptia security+ and Comptia Linux+ books.


Joaquim Nogueira

From: [address removed] <[address removed]> on behalf of mayowa ogunbayo <[address removed]>
Sent: Tuesday, April 8, 2014 5:55 PM
To: [address removed]
Subject: Re: [nycnetworkers] CCNA Security labs
 
Hi All, 

I am with you on that Aristide, I will really appreciate someone hosting a CCNA security meetup too.

Mayowa  


On Tue, Apr 8, 2014 at 5:46 PM, Aristide Fredricks <[address removed]> wrote:
I am down for it all when my time permits. Trying the soak it all in. Thanks.

Aristide


On Tue, Apr 8, 2014 at 3:22 PM, William Zambrano <[address removed]> wrote:

Networkers,
I've added on the nycnetworkers.com page a CCNA Security lab with one full blown lab you can try for people who had a CCNA Security or studying for it. I took a look at the calendar for the next month and May and its really packed between other meetups and Cisco Live.

I've noticed alot of people joining the group is asking for either for Security or Datacenter, not R&S. Seeing the demand I'll try to put together more SEC/DC meetups and labs.

I'll post up a "solution" video sometime later, but give it a try and let me know your thoughts on it!

Thanks
WZ
[masked]





--
Please Note: If you hit "REPLY", your message will be sent to everyone on this mailing list ([address removed])
This message was sent by William Zambrano ([address removed]) from NYC/Cisco Networkers.
To learn more about William Zambrano, visit his/her member profile
To report this message or block the sender, please click here
To unsubscribe from special announcements from your Organizer(s), click here

Meetup, POB 4668 #37895 NY NY USA 10163 | [address removed]





--
Please Note: If you hit "REPLY", your message will be sent to everyone on this mailing list ([address removed])
This message was sent by Aristide Fredricks ([address removed]) from NYC/Cisco Networkers.
To learn more about Aristide Fredricks, visit his/her member profile
To report this message or block the sender, please click here
Set my mailing list to email me As they are sent | In one daily email | Don't send me mailing list messages

Meetup, POB 4668 #37895 NY NY USA 10163 | [address removed]



--
Mayowa Ogunbayo
[masked]






--
Please Note: If you hit "REPLY", your message will be sent to everyone on this mailing list ([address removed])
This message was sent by mayowa ogunbayo ([address removed]) from NYC/Cisco Networkers.
To learn more about mayowa ogunbayo, visit his/her member profile
To report this message or block the sender, please click here
Set my mailing list to email me As they are sent | In one daily email | Don't send me mailing list messages

Meetup, POB 4668 #37895 NY NY USA 10163 | [address removed]




--
Please Note: If you hit "REPLY", your message will be sent to everyone on this mailing list ([address removed])
This message was sent by Joaquim Nogueira ([address removed]) from NYC/Cisco Networkers.
To learn more about Joaquim Nogueira, visit his/her member profile
To report this message or block the sender, please click here
Set my mailing list to email me As they are sent | In one daily email | Don't send me mailing list messages

Meetup, POB 4668 #37895 NY NY USA 10163 | [address removed]



--
Mayowa Ogunbayo
[masked]






--
Please Note: If you hit "REPLY", your message will be sent to everyone on this mailing list ([address removed])
This message was sent by mayowa ogunbayo ([address removed]) from NYC/Cisco Networkers.
To learn more about mayowa ogunbayo, visit his/her member profile
To report this message or block the sender, please click here
Set my mailing list to email me As they are sent | In one daily email | Don't send me mailing list messages

Meetup, POB 4668 #37895 NY NY USA 10163 | [address removed]



--
Mayowa Ogunbayo
[masked]


People in this
Meetup are also in:

Log in

Not registered with us yet?

Sign up

Meetup members, Log in

By clicking "Sign up" or "Sign up using Facebook", you confirm that you accept our Terms of Service & Privacy Policy