CCIE Security Exam Certification Guide (CCIE Self-Study)
by Berislav Kucan - Wednesday, 21 May 2003.
Author: Henry Benjamin
Pages: 648
Publisher: Cisco Press
ISBN: 1587200651


While browsing the on-line classifieds and searching for Information Security job positions, you find a number of different job opportunities containing some kind of a certificate as a prerequisite. When trying to find a position in the networking field, one of the common certificates you will come across is CCIE - Cisco Certified Internet Expert. The book I'm taking a closer look today, is designed to prepare you for the CCIE Security written exam.

About the author

Henry Benjamin is a triple-certified CCIE, having certified in Routing and Switching, ISP Dial, and Communications and Services. Henry has more than 10 years of experience with Cisco networks, including the planning, design, and implementation of large IP networks running IGRP, EIGRP, BGP, and OSPF. Since 2000, Henry has been a key member of the CCIE global team based in Sydney, Australia. As a senior and core member of the team, his tasks include writing new laboratory examinations and questions for the CCIE Routing and Switching track, CCIE Security, CCIE Communications and Services, and the CCIE written recertification examinations.

Inside the book

Security is one of the fastest growing areas of the Information Technology industry, so there is a constant need for qualified trained network security personnel. Cisco Systems, one of the biggest IT companies, designed the CCIE program to help the interested parties succeed in magnifying their networking knowledge. One of the specific sections of this program is surely the CCIE Security Certification, designed to identify top security experts from the Cisco's point of view.

I presume that the most of you reading this review, are either preparing for this certification or are familiar with it, so I'll just note a brief introduction for the readers that are still new to this topic. Cisco Certified Internet Expert Security Certification is a quite popular security and internetworking related certification. To achieve CCIE Security certification, you must successfully pass the written exam, which gives you the possibility to take a part in the CCIE Security lab examination. After the accomplishment of these two tasks, the certification will be granted. This book is designed to prepare you for the written part of the CCIE Security exam.

Every chapter of this book holds facts on one of the objectives from the written exam. To make the things easier for the readers with limited study time, beginning of each chapter hosts a set of questions that will assess the reader's knowledge on the current thematical chapter. Each of the chapters is categorized with the same template in mind - it starts with the mentioned "Do I know this already" quiz, then it holds the information on the chapter's topic, presents a set of Q & A questions testing the reader's understanding of the topic and finishes with a sample scenario providing a practical point of view on the read material.

The author starts this certification guide with a chapter on general networking topics. The concepts covered within this section are listed in the CCIE Security blueprint for the written exam, which is presented in the opening chapter that describes the usage of this book for the exam preparation. Understanding of the networking concepts is important for most of the technical job positions, so networking topics hold more then a notable part of the CCIE Security written exam. It is a good thing that the book doesn't blindly follow the mentioned blueprint, as the written exam can contain questions taken from the CCIE Routing and Switching written exam blueprint. Some of the topics discussed in this chapter include basics and common examples of the OSI model, introduction on switching and bridging methods and an overview of various protocols. The coverage of the protocols carries on throughout the third chapter, which is mainly focused on application protocols.

Cisco IOS is the "mission objective" of the fourth chapter, which mainly covers the technical specifics surrounding Cisco IOS routers. Over about 40 pages, the reader is introduced with the possible topics that could be covered within the written exam. The themes include passwords recovery steps and Cisco device commands and operations, as well as debugging Cisco routers. After the Cisco IOS specifics, author guides us through yet another protocol specific chapter, but this time dealing with security explicit protocols. The protocols covered through this chapter are the ones either developed or supported by Cisco Systems and are shown with sample configuration. The chapter closes with information on data encryption and Cisco-defined Certificate Enrollment Protocol.

After a decent part of the book comprised networking topics, chapter six deals with operating systems and Cisco's security applications. The operating systems taken into consideration are Microsoft Windows and UNIX, and the applications include Cisco Secure Scanner, Cisco Secure Intrusion Detection System and Cisco Secure Policy Manager. All of these applications are briefly talked about, as the CCIE Security exam participants don't have to know all the details surrounding this products. We reviewed a number of Cisco security related books, so if you are interested in these products, feel free to browse our reviews section. After mentioning the differences in the two most common operating systems, the author covers some of the most popular technologies that are being used for security purposes. These security methods include demilitarized zones, packet filtering, public key infrastructure and virtual private networks. Over the next fifteen pages, Mr. Benjamin briefly discusses the common Internet threats, importance of security policies and sample ways of attack prevention and detection.

As the best possible ending for this book, the author assists the readers in the final steps for getting the CCIE Security certification. He sets up a fictional five router network with a Cisco PIX Firewall providing a connection to the Internet. There are two different goals for this self study lab: ensuring a working IP network solution in no longer than 4 hours and setting up security features on the top of the newly built network. All the examples and guidelines are provided throughout the chapter, so the only thing you need is to brainstorm your way through the lab.

Final thoughts

As Cisco Systems intentionally made achieving CCIE Security certification a tough job, Cisco Press made a good choice by releasing this publication. The information compressed throughout the book surely isn't enough to pass the test without any problems, but it provides a notable quantity of knowledge, which will come quite useful during this two-hour written exam.


Using Hollywood to improve your security program

Posted on 29 July 2014.  |  Tripwire CTO Dwayne Melancon spends a lot of time on airplanes, and ends up watching a lot of movies. Some of his favorite movies are adventures, spy stuff, and cunning heist movies. A lot of these movies provide great lessons that we can apply to information security.

Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.

Daily digest

Receive a daily digest of the latest security news.


Wed, Jul 30th