IOS IPS: CCIE RS, CCIE SC

IOS IPS is fair game for the CCIE Security and CCIE R/S labs. With IOS IPS now using v5 signatures, (just like the sensor appliance), the ability to setup up IOS is not as simple, but very important. The intention of this post is to provide a streamlined process to use as a jumpstart into IOS IPS. For full details, examples and explanations, please refer to our lab workbooks. Both RS and Security cover the topic.   Lets get started!
First, we need a place for IPS configuration files to call home. IPS wants a folder. Lets make a directory on the router flash. Optionally if there were other IOS file systems present, we could use those writable file systems as well.
R6#mkdir ips
Create directory filename [ips]?
Created dir flash:/ips
R6#
IOS IPS uses a crypto key to verify the digital signature for the master signature file, which is signed using a private key. To verify the signature, we need a corresponding public key. This key is available as a text file on Cisco’s site. The file is called realm-cisco.pub.key.txt. To inject the public key into the router config, we would do the following:
R6(config)#crypto key pubkey-chain rsa
R6(config-pubkey-chain)#named-key realm-cisco.pub signature
Translating "realm-cisco.pub"
R6(config-pubkey-key)#key-string
Enter a public key as a hexidecimal number ....
!  Note:   The $ to the left of the hex characters represent there are more numbers present than would fit on one line.
R6(config-pubkey)#$2A864886 F70D0101 01050003 82010F00 3082010A 02820101
R6(config-pubkey)#$D6CC7A24 5097A975 206BE3A2 06FBA13F 6F12CB5B 4E441F16
R6(config-pubkey)#$912BE27F 37FDD9C8 11FC7AF7 DCDD81D9 43CDABC3 6007D128
R6(config-pubkey)#$085FADC1 359C189E F30AF10A C0EFB624 7E0764BF 3E53053E
R6(config-pubkey)#$0298AF03 DED7A5B8 9479039D 20F30663 9AC64B93 C0112A35
R6(config-pubkey)#$994AE74C FA9E481D F65875D6 85EAF974 6D9CC8E3 F0B08B85
R6(config-pubkey)#$5E4189FF CC189CB9 69C46F9C A84DFBA5 7A0AF99E AD768C36
R6(config-pubkey)#$A3B3FB1F 9FB7B3CB 5539E1D1 9693CCBB 551F78D2 892356AE
R6(config-pubkey)#$80CA4F4D 87BFCA3B BFF668E9 689782A5 CF31CB6E B4B094D3
R6(config-pubkey)#   F3020301 0001
R6(config-pubkey)#  quit
R6(config-pubkey-key)#end
We’ll save the configuration, just to be safe.
R6#wr
Building configuration...
Let’s check the ips folder we created on flash. It should still be empty.
R6#cd ips
R6#dir
Directory of flash:/ips/

No files in directory

255967232 bytes total (187428864 bytes free)
R6#cd ..
Once we complete the IPS configuration, the router can monitor all traffic on the interface and direction we specify. If we want to limit the traffic that goes through the IPS processing, we can use an access-list to filter. Only traffic permitted in the ACL will be subjected to IPS analysis. Let’s create an ACL that matches only on traffic destined to 6.6.6.6, which is the loopback of R6.
R6(config)#access-list 123 permit ip any host 6.6.6.6
Next we will create an IPS rule named “IOS-IPS”, and associate the ACL we just created. In a later step, we will apply IPS rule to an interface.
R6(config)#ip ips name IOS-IPS list 123
IPS needs to know where to keep it’s signature definitions and configurations. It just so happens that we have a folder on flash we created earlier named “ips”. We will use that directory.
R6(config)#ip ips config location flash:/ips
The router can send alerts using Security Device Event Exchange (SDEE) and/or Syslog. We will configure both, and allow up to 2 simultaneous SDEE managers to setup up requests for alerts called subscriptions. To use SDEE, http server must be enabled on the router. Lets take care of these items next.
R6(config)#ip ips notify sdee
R6(config)#ip sdee subscriptions 2
R6(config)#ip ips notify log
R6(config)#ip http server
Before we apply the IPS rule to an interface, we are going to set up some safety. We will retire all the signatures, and then enable just the signatures in the “advanced” default set. If we un-retired the “all” category, it is possible that the router could run out of memory. (Your mileage may vary☺) As we exit out of the configuration, we are prompted to accept the changes.
R6(config)#ip ips signature-category
R6(config-ips-category)#category all
R6(config-ips-category-action)#retired true
R6(config-ips-category-action)#exit
R6(config-ips-category)#
R6(config-ips-category)#category ios_ips advanced
R6(config-ips-category-action)#retired false
R6(config-ips-category-action)#end
Do you want to accept these changes? [confirm]
R6#
Applying Category configuration to signatures ...
R6#
Next we will apply the ips rule we created to an interface. We also enable virtual-reassembly so that IPS can better analyze sessions and attacks that comprise multiple packets.
R6(config)#interface FastEthernet0/0
R6(config-if)#ip ips IOS-IPS in
R6(config-if)#ip virtual-reassembly
Notice that after we apply the IPS rule to an interface, the router begins to compile signatures. This won’t take long at this point, due to the fact that we haven’t given the router a signature package (yet).
R6#
%IPS-6-ENGINE_BUILDS_STARTED:  Jan 14 2010
%IPS-6-ENGINE_BUILDING: atomic-ip - 3 signatures - 1 of 13 engines
%IPS-6-ENGINE_READY: atomic-ip - build time 8 ms - packets for this engine will be scanned
%IPS-6-ALL_ENGINE_BUILDS_COMPLETE: elapsed time 12 ms
Lets take a peek at the ips directory that was empty just few minutes ago.
R6#cd ips
R6#dir
Directory of flash:/ips/

52  -rw-         719  Jan 14 2010 20:00:26 +00:00  R6-sigdef-default.xml
9  -rw-         271  Jan 14 2010 20:00:26 +00:00  R6-sigdef-delta.xml
59  -rw-        4365  Jan 14 2010 20:00:28 +00:00  R6-sigdef-typedef.xml
4  -rw-        1469  Jan 14 2010 20:00:28 +00:00  R6-sigdef-category.xml
7  -rw-         257  Jan 14 2010 20:00:28 +00:00  R6-seap-delta.xml
16  -rw-         491  Jan 14 2010 20:00:28 +00:00  R6-seap-typedef.xml

255967232 bytes total (187400192 bytes free)
R6#cd ..
Cool beans! Here is what those files contain:
R6-sigdef-default.xml: factory default signature definitions
R6-sigdef-delta.xml: signature definitions which were changed from the default
R6-sigdef-typedef.xml: signature parameter definitions
R6-sigdef-category.xml: signature category information, such as category ios_ips basic and advanced
R6-seap-delta.xml: has changes made to the default SEAP parameters
R6-seap-typedef.xml: has the default SEAP parameter definitions
SEAP = Signature Event Action Processor. Event Overrides/Filters, etc
Now lets give the router some signature information to crunch. We can download the latest signature packages from cisco.com, and put them on a local server. Here, R6 is copying the .pkg file from a local tftp server.
R6#copy tftp://40.0.0.101/IOS-S456-CLI.pkg idconf
Loading IOS-S456-CLI.pkg from 40.0.0.101 (via FastEthernet0/0): !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
[OK - 11085111 bytes]
Now check out the console, while the router digests the file, and compiles all the signatures from the “advanced” set. This will take a while, and if on a production router, could case a DoS. CPU skyrockets, and it takes about 1 – 5 minutes to complete.
R6#
%IPS-6-ENGINE_BUILDS_STARTED:  20:03:39 UTC Jan 14 2010
%IPS-6-ENGINE_BUILDING: multi-string - 40 signatures - 1 of 13 engines
%IPS-6-ENGINE_READY: multi-string - build time 164 ms - packets for this engine will be scanned
%IPS-6-ENGINE_BUILDING: service-http - 801 signatures - 2 of 13 engines
%IPS-6-ENGINE_READY: service-http - build time 17456 ms - packets for this engine will be scanned
%IPS-6-ENGINE_BUILDING: string-tcp - 2058 signatures - 3 of 13 engines
%IPS-6-ENGINE_READY: string-tcp - build time 59236 ms - packets for this engine will be scanned
%IPS-6-ENGINE_BUILDING: string-udp - 79 signatures - 4 of 13 engines
%IPS-6-ENGINE_READY: string-udp - build time 52 ms - packets for this engine will be scanned
%IPS-6-ENGINE_BUILDING: state - 37 signatures - 5 of 13 engines
%IPS-6-ENGINE_READY: state - build time 648 ms - packets for this engine will be scanned
%IPS-6-ENGINE_BUILDING: atomic-ip - 373 signatures - 6 of 13 engines
%IPS-6-ENGINE_READY: atomic-ip - build time 5548 ms - packets for this engine will be scanned
%IPS-6-ENGINE_BUILDING: string-icmp - 3 signatures - 7 of 13 engines
%IPS-6-ENGINE_READY: string-icmp - build time 0 ms - packets for this engine will be scanned
%IPS-6-ENGINE_BUILDING: service-ftp - 3 signatures - 8 of 13 engines
%IPS-6-ENGINE_READY: service-ftp - build time 20 ms - packets for this engine will be scanned
%IPS-6-ENGINE_BUILDING: service-rpc - 76 signatures - 9 of 13 engines
%IPS-6-ENGINE_READY: service-rpc - build time 204 ms - packets for this engine will be scanned
%IPS-6-ENGINE_BUILDING: service-dns - 39 signatures - 10 of 13 engines
%IPS-6-ENGINE_READY: service-dns - build time 60 ms - packets for this engine will be scanned
%IPS-6-ENGINE_BUILDING: normalizer - 9 signatures - 11 of 13 engines
%IPS-6-ENGINE_READY: normalizer - build time 4 ms - packets for this engine will be scanned
%IPS-6-ENGINE_READY: service-smb-advanced - build time 3024 ms - packets for this engine will be scanned
%IPS-6-ENGINE_BUILDING: service-msrpc - 35 signatures - 13 of 13 engines
%IPS-6-ENGINE_READY: service-msrpc - build time 2208 ms - packets for this engine will be scanned
%IPS-6-ALL_ENGINE_BUILDS_COMPLETE: elapsed time 88876 ms
R6#
Wow, only 88,876 ms to complete. About 1.5 minutes. Lets do some show commands to verify our install.
R6#show ip ips signature count 

Cisco SDF release version S456.0
Trend SDF release version V0.0

Signature Micro-Engine: multi-string: Total Signatures 40
      multi-string enabled signatures: 34
      multi-string retired signatures: 34
      multi-string compiled signatures: 6

Signature Micro-Engine: service-http: Total Signatures 801
      service-http enabled signatures: 133
      service-http retired signatures: 667
      service-http compiled signatures: 134
      service-http obsoleted signatures: 3

Signature Micro-Engine: string-tcp: Total Signatures 2058
      string-tcp enabled signatures: 675
      string-tcp retired signatures: 1810
      string-tcp compiled signatures: 248
      string-tcp obsoleted signatures: 22

Signature Micro-Engine: string-udp: Total Signatures 79
      string-udp enabled signatures: 0
      string-udp retired signatures: 78
      string-udp compiled signatures: 1
      string-udp obsoleted signatures: 2

Signature Micro-Engine: state: Total Signatures 37
      state enabled signatures: 16
      state retired signatures: 24
      state compiled signatures: 13

Signature Micro-Engine: atomic-ip: Total Signatures 373
      atomic-ip enabled signatures: 90
      atomic-ip retired signatures: 307
      atomic-ip compiled signatures: 66

Signature Micro-Engine: string-icmp: Total Signatures 3
      string-icmp enabled signatures: 0
      string-icmp retired signatures: 3

Signature Micro-Engine: service-ftp: Total Signatures 3
      service-ftp enabled signatures: 1
      service-ftp retired signatures: 2
      service-ftp compiled signatures: 1

Signature Micro-Engine: service-rpc: Total Signatures 76
      service-rpc enabled signatures: 44
      service-rpc retired signatures: 50
      service-rpc compiled signatures: 26

Signature Micro-Engine: service-dns: Total Signatures 39
      service-dns enabled signatures: 27
      service-dns retired signatures: 10
      service-dns compiled signatures: 29
      service-dns obsoleted signatures: 1

Signature Micro-Engine: normalizer: Total Signatures 9
      normalizer enabled signatures: 8
      normalizer retired signatures: 1
      normalizer compiled signatures: 8

Signature Micro-Engine: service-smb-advanced: Total Signatures 49
      service-smb-advanced enabled signatures: 40
      service-smb-advanced retired signatures: 30
      service-smb-advanced compiled signatures: 19

Signature Micro-Engine: service-msrpc: Total Signatures 35
      service-msrpc enabled signatures: 17
      service-msrpc retired signatures: 28
      service-msrpc compiled signatures: 7
      service-msrpc obsoleted signatures: 1

Total Signatures: 3602
   Total Enabled Signatures: 1085
   Total Retired Signatures: 3044
   Total Compiled Signatures: 558
   Total Obsoleted Signatures: 29

R6#show ip ips configuration  

IPS Signature File Configuration Status
    Configured Config Locations: flash:/ips/
    Last signature default load time: Jan 14 2010
    Last signature delta load time: Jan 14 2010
    Last event action (SEAP) load time: -none-

    General SEAP Config:
    Global Deny Timeout: 3600 seconds
    Global Overrides Status: Enabled
    Global Filters Status: Enabled

IPS Auto Update is not currently configured

IPS Syslog and SDEE Notification Status
    Event notification through syslog is enabled
    Event notification through SDEE is enabled

IPS Signature Status
    Total Active Signatures: 558
    Total Inactive Signatures: 3044

IPS Packet Scanning and Interface Status
    IPS Rule Configuration
      IPS name IOS-IPS
    acl list 123
    IPS fail closed is disabled
    IPS deny-action ips-interface is false
    Interface Configuration
      Interface FastEthernet0/0
        Inbound IPS rule is IOS-IPS
    acl list 123
        Outgoing IPS rule is not set

IPS Category CLI Configuration:
    Category all:
        Retire: True
    Category ios_ips advanced:
        Retire: False

R6#
Ok, how do we modify signatures? Simple, use Security Device Manager, the GUI. Unfortunately in the lab, that option is not available, so lets take a look at how to do it from CLI. We’ll modify the signature for ICMP echo request. If you are in a security lab, the IPS Sensor GUI (IDM) could be used on an appliance to discover which signature number is ICMP echo. In the R/S lab, online doc or the signature number in a task would be helpful. Signature 2004, sub-signature 0 is the signature for ICMP echo.
Lets look at the default for this signature first:
R6#show ip ips signature sigid 2004 subid 0

En  - possible values are Y, Y*, N, or N*
      Y:  signature is enabled
      N:  enabled=false in the signature definition file
      *:  retired=true in the signature definition file
Cmp - possible values are Y, Ni, Nr, Nf, or No
      Y:  signature is compiled
      Ni: signature not compiled due to invalid or missing parameters
      Nr: signature not compiled because it is retired
      Nf: signature compile failed
      No: signature is obsoleted
Action=(A)lert, (D)eny, (R)eset, Deny-(H)ost, Deny-(F)low
Trait=alert-traits             EC=event-count          AI=alert-interval
GST=global-summary-threshold   SI=summary-interval     SM=summary-mode
SW=swap-attacker-victim        SFR=sig-fidelity-rating Rel=release

 SigID:SubID En  Cmp   Action Sev   Trait   EC   AI   GST   SI  SM SW SFR Rel
 ----------- --  ----  ------ ---   -----  ---- ---- -----  --- -- -- --- ---
  2004:0     N*  Nr    A     INFO     0     1    0    200   30  FA  N 100 S1
      sig-name: ICMP Echo Request
      sig-string-info: My Sig Info
      sig-comment: Sig Comment
      Engine atomic-ip params:
           fragment-status :
           icmp-type : 8
           l4-protocol : icmp
R6#
Now we will tweak this signature. Take a look at the config, and it is apparent what we are configuring: true. (you may get the joke, after looking at the config: true, or not:  false :)
R6(config)#ip ips signature-definition
R6(config-sigdef)#signature 2004 0
R6(config-sigdef-sig)#engine
R6(config-sigdef-sig-engine)#event-action produce-alert
R6(config-sigdef-sig-engine)#exit
R6(config-sigdef-sig)#alert-severity high
R6(config-sigdef-sig)#status
R6(config-sigdef-sig-status)#enabled true
R6(config-sigdef-sig-status)#retired false
R6(config-sigdef-sig-status)#exit
R6(config-sigdef-sig)#exit
R6(config-sigdef)#exit
Do you want to accept these changes? [confirm]
R6(config)#
%IPS-6-ENGINE_BUILDS_STARTED: Jan 14 2010
%IPS-6-ENGINE_BUILDING: atomic-ip - 373 signatures - 1 of 13 engines
%IPS-6-ENGINE_READY: atomic-ip - build time 4764 ms - packets for this engine will be scanned
%IPS-6-ALL_ENGINE_BUILDS_COMPLETE: elapsed time 5596 ms
R6(config)#exit
Now lets look at the results of the changes.
R6#show ip ips signature sigid 2004 subid 0

En  - possible values are Y, Y*, N, or N*
      Y:  signature is enabled
      N:  enabled=false in the signature definition file
      *:  retired=true in the signature definition file
Cmp - possible values are Y, Ni, Nr, Nf, or No
      Y:  signature is compiled
      Ni: signature not compiled due to invalid or missing parameters
      Nr: signature not compiled because it is retired
      Nf: signature compile failed
      No: signature is obsoleted
Action=(A)lert, (D)eny, (R)eset, Deny-(H)ost, Deny-(F)low
Trait=alert-traits             EC=event-count          AI=alert-interval
GST=global-summary-threshold   SI=summary-interval     SM=summary-mode
SW=swap-attacker-victim        SFR=sig-fidelity-rating Rel=release

 SigID:SubID En  Cmp   Action Sev   Trait   EC   AI   GST   SI  SM SW SFR Rel
 ----------- --  ----  ------ ---   -----  ---- ---- -----  --- -- -- --- ---
  2004:0     Y   Y     A     HIGH     0     1    0    200   30  FA  N 100 S1
      sig-name: ICMP Echo Request
      sig-string-info: My Sig Info
      sig-comment: Sig Comment
      Engine atomic-ip params:
           fragment-status :
           icmp-type : 8
           l4-protocol : icmp
R6#
We can do a simple test by issuing a ping to 6.6.6.6 from a neighbor, R4.
Neighbor-R4#ping 6.6.6.6

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 6.6.6.6, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/3/4 ms
R4#
Now lets take a look at the console on R6. We did set the IPS to send syslog messages for alerts.
R6#
%IPS-4-SIGNATURE: Sig:2004 Subsig:0 Sev:100 ICMP Echo Request [40.0.0.4:8 -> 6.6.6.6:0] VRF:NONE RiskRating:100
%IPS-4-SIGNATURE: Sig:2004 Subsig:0 Sev:100 ICMP Echo Request [40.0.0.4:8 -> 6.6.6.6:0] VRF:NONE RiskRating:100
%IPS-4-SIGNATURE: Sig:2004 Subsig:0 Sev:100 ICMP Echo Request [40.0.0.4:8 -> 6.6.6.6:0] VRF:NONE RiskRating:100
%IPS-4-SIGNATURE: Sig:2004 Subsig:0 Sev:100 ICMP Echo Request [40.0.0.4:8 -> 6.6.6.6:0] VRF:NONE RiskRating:100
%IPS-4-SIGNATURE: Sig:2004 Subsig:0 Sev:100 ICMP Echo Request [40.0.0.4:8 -> 6.6.6.6:0] VRF:NONE RiskRating:100
R6#

0 comments:

About US

Network Bulls is Best Institute for Cisco CCNA, CCNA Security, CCNA Voice, CCNP, CCNP Security, CCNP Voice, CCIP, CCIE RS, CCIE Security Version 4 and CCIE Voice Certification courses in India. Network Bulls is a complete Cisco Certification Training and Course Coaching Institute in Gurgaon/Delhi NCR region in India. Network Bulls has Biggest Cisco Training labs in India. Network Bulls offers all Cisco courses on Real Cisco Devices. Network Bulls has Biggest Team of CCIE Trainers in North India, with more than 90% of passing rate in First Attempt for CCIE Security Version 4 candidates.
  • Biggest Cisco Training Labs in India
  • More than 90% Passing Rate in First Attempt
  • CCIE Certified Trainers for All courses
  • 24x7 Lab Facility
  • 100% Job Guaranteed Courses
  • Awarded as Best Network Security Institute in 2011 by Times
  • Only Institute in India, to provide CCIE Security Version 4.0 Training
  • CCIE Security Version 4 Training available
  • Latest equipments available for CCIE Security Version 4

Network Bulls Institute Gurgaon

Network Bulls Institute in Gurgaon is one of the best Cisco Certifications Training Centers in India. Network Bulls has Biggest Networking Training and Networking courses labs in North India. Network Bulls is offering Cisco Training courses on real Cisco Routers and Switches. Labs of Network Bulls Institute are 24x7 Available. There are many coaching Centers in Delhi, Gurgaon, Chandigarh, Jaipur, Surat, Mumbai, Bangalore, Hyderabad and Chennai, who are offering Cisco courses, but very few institutes out of that big list are offering Cisco Networking Training on real Cisco devices, with Live Projects. Network Bulls is not just an institute. Network Bulls is a Networking and Network Security Training and consultancy company, which is offering Cisco certifications Training as well support too. NB is awarded in January 2012, by Times, as Best Network Security and Cisco Training Institute for the year 2011. Network Bulls is also offering Summer Training in Gurgaon and Delhi. Network Bulls has collaboration with IT companies, from which Network Bulls is offering Networking courses in Summer Training and Industrial Training of Btech BE BCA MCA students on real Live projects. Job Oriented Training and Industrial Training on Live projects is also offered by network bulls in Gurgaon and Delhi NCR region. Network Bulls is also providing Cisco Networking Trainings to Corporates of Delhi, Gurgaon, bangalore, Jaipur, Nigeria, Chandigarh, Mohali, Haryana, Punjab, Bhiwani, Ambala, Chennai, Hyderabad.
Cisco Certification Exams are also conducted by Network Bulls in its Gurgaon Branch.
Network Bulls don't provide any Cisco CCNA, CCNP simulations for practice. They Provide High End Trainings on Real topologies for high tech troubleshooting on real Networks. There is a list of Top and best Training Institutes in India, which are providing CCNA and CCNP courses, but NB has a different image from market. Many students has given me their feedbacks and reviews about Network bulls Institute, but there were no complaints about any fraud from this institute. Network Bulls is such a wonderful place to get trained from Industry expert Trainers, under guidance of CCIE Certified Engineers.

About Blog

This Blog Contains Links shared by sites: Cisco Guides, Dumps collection, Exam collection, Career Cert, Ketam Mehta, GodsComp.co.cc.

NB

NB
Cisco Networking Certifications Training

Cisco Training in Delhi

ccna training in gurgaon. ccnp course institute in gurgaon, ccie coaching and bootcamp training near gurgaon and delhi. best institute of ccna course in delhi gurgaon india. network bulls provides ccna,ccnp,ccsp,ccie course training in gurgaon, new delhi and india. ccsp training new delhi, ccie security bootcamp in delhi.

Testimonials : Network Bulls

My Name is Rohit Sharma and i Have done CCNA and CCNP Training in Gurgaon Center of Network Bulls and it was a great experience for me to study in Network Bulls.

Cisco Networking Certifications

Myself Komal Verma and i took CCSP Training from Network Bulls in Gurgaon. The day i joined Network Bulls, the day i get addicted with Networking Technologies and I thank Mr. Vikas Sheokand for this wonderful session of Networking. :)
I must say that Network Bulls is Best Institute of CCNA CCNP CCSP CCIE Course Training in Gurgaon, New Delhi and in India too.
Komal Verma

About a wonderfull CCIE Training Institute in Gurgaon

I am Kiran shah from New Delhi. I have recently completed my CCNA CCNP & CCIE Training in Gurgaon from Network Bulls and i recommend Network Bulls for Cisco Training in India.

Kiran Shah

Cisco Coaching and Learning Center

Disclaimer: This site does not store any files on its server. I only index and link to content provided by other sites. If you see any file on server that is against copy right you can inform me at (sidd12341 [at] gmail.com). I will delete that materials within two days. This Website is not official Website of any Institute like INE, Network Bulls, IP Expert. Thanks

CCIE Security Version 4

Cisco Finally updated CCIE Security Lab exam blueprint. WSA Ironport and ISE devices are added in CCIE Security Version 4 Lab Exam Syllabus Blueprint. In Updated CCIE Security Version 4 Syllabus blueprint, new technologies like Mobile Security, VoIP Security and IPV6 Security along with Network Security, are added. As in CCIE Security Version 3 blueprint, Cisco had focused on Network Security only, but now as per market demand, Cisco is looking forward to produce Internet gear Security Engineer, not only Network Security engineers.
In CCIE Security Version 4 Bluerpint, Lab Exam is going to be more interested than before. What is Difference in CCIE Security Version 3 and Version 4? Just go through the CCIE Security Version 4 Lab Equipment and Lab Exam Syllabus Blueprints and find out!