How to attack a Full CCIE Security Lab with solutions
Jun 20th, 2008 by andy
Hi everybody,
I finally had the time to finish a 8 hours CCIE Security Lab and then I went through all the lab explaning how I’d do that, I was using only emulated routers, ips, pix (using udp tunnel mode) this seems to be the more stable version so far available and the only product I could not emulate so I own one is the VPN Concentrator 3005.
Well the videos will be available here for download for free (they are huge in size so please be patience when downloading, I’m also giving the Lab with Initial Configs, so if anyone wants to do that using real equipments or machine just change a little bit the initial config and Good Luck !!!!
I hope you all like the lab and for those who wants to lab it up, ENJOY IT !!!
To download the lab click here:
Here you can find the INITIAL Configs
The Videos are available by Sections: (to save them click on “Save Target as”)
Section 1: Firewall - Part I download , Part II download , Part III download
Section 2: IPS - Part I download , Part II download
Section 3: VPN - (Part 1) Part I - download , Part II download
VPN - (Part 2) Part I - download , Part II download , Part III download and Part IV download
Section 4: Identity Management - Part I download , Part II download
Section 5: Advanced Security - Part I download
Section 6: Network Attacks - Part I download
To see the videos I recommend using Camtasia Player, this will increase the quality of the video dramatically
Here is the link to download it:
Really interesting to find a professional work like this with this amazing details.
Thank you for giving me this opportunity to have a guide for my preparation toward the CCIE Security.
Regards,
Fadi
well done….
Thanx
Great tutorials!
Thanks a lot!
Just a suggestion: *.avi files are too big. Would you rar or zip those *.avi file in order to reduce the size and to easily download them.
Thanks Jairo, sure I will do that to see if it will help in any good in reducing the size of the files.
Hey Andy. Great stuff here. On Task 6.4 it seems to me that you would have to reverse the ace for UDP echo and also add icmp echo reply for the input rate-limit entry. The ACL you used in the video would not match inbound fraggle or smurf traffic. Do I see this right?
Hi Joe,
Question says that R1 has been used as reflector in a Smurf and Fraggle attack so the Reflector means echo for ICMP (Smurf) and UDP (Fraggle).
If R1 was also a Victim in the Smurf attack then echo-reply for ICMP would be needed.
If the question did not specify anything about reflector or victim then filter both echo and echo-reply.
But am I right in saying that using a input entry with the ACL you used would accomplish nothing because of the format? I understand it would work for the output.
For example you did:
access-list 156 permit icmp any 158.1.6.255 0.0.0.0 echo
and applied it to the input and output of the same interface. This would not match for both directions in the case of a reflector because traffic coming from 158.1.6.x would be echo replies right?
Yes, you are right question was clear that this was supposed to be applied on interfaces Eth0/0.10 and Eth0/0.20 so applying the same ACL on both direction would not accomplish anything.
Because you being a reflector means that you send a lot of ICMP echo and UDP echo for fraggle so for the ACL it should be an output entry for echo only applied on both interfaces, since the Victims would reply with ICMP echo-replies as you said. Good point I was finishing this lab at 4 o’clock I think in the morning and couldn’t think straight at that time.. Cheers
When you are the reflector I believe you are sending large mounts of echo replies and the victim is the forged address the attached used to generate the echo but none the less thank you for confirming my questions. Very good work here. Thanks
Hi Joe,
Just recheck that and here is a Cisco link where it says that they consider this attack with two options: “Ultimate Target” and “Reflector” and the reflector being the Victim of the attack, which it’s true Reflector will receive a bunch of echo-replies, because the attacker will be sending icmp echo sourcing with the ip address of the Reflector machine, so reflector will receive a bunch of echo replies.
http://www.cisco.com/en/US/tech/tk59/technologies_tech_note09186a0080149ad6.shtml
Thanks
Andy,
The way I read it is the “target” is the victim. The target would be the spoofed address. The reflector network is used to generate several icmp requests back towards the target. The reflector is not really the victim although it will be generating more traffic than it received. The overall point of the attack is to use several reflectors to attack one target.
I’ve just been through your website, good work right now I’m in the process of changing the aspects of this blog plus changing the theme and include some reading aspects rather than just videos but since my knownledge in PHP is almost null so I’m kind of studying how to do it the way I want to…
Nice work there with security I really liked it.
Good style. Added message about you on my site
Andy
Thanks for put such nice website and I am keep coming back to check new learning stuff.
On the other hand, I am having difficulty to download CCIE Security lab video becuase your server terminates connection after 30 to 35 mb download. Please check it. Or can you have mirror site to host those video??
Kind regards
Riz
Hi,
I’ve already sent an email to my webhost about the problem which video in specific are you having problem with when downloading?
Cheers,
Andy
Hi Andy
I have problem with all of them. I have tried many times and gave up downloading them. They almost finish at 35mb or 40mb or even less then that. If you want you can post them to other sites, if you are still experience issues with your ISP.
Oh! Do you have any resouces for new ASA Firewall Specialist exams?
Cheers
Riz
P.S: I will try it again after two-three days.
I’m studying the possibility to change to another ISP the problem is that I’ve paid 2 years in advance and they won’t refund me any of the money paid.
An iterim solution would be to put them in rapidshare using my account but this would impose to split the files into 100 megas each.
Do you know any webpage I could upload a 200 or 300 megas without splititng it into 100 megas each?
Cheers,
About the new ASA Firewall Specialist exam I don’t have any resources on it, sorry.
Hi Andy
There is no harm to split those video through WinRar. I think you better move those videos to rapid share or megaupload.com. Megaupload gives 500Mb upload file size to free members. So you shouldn’t have problem to move those files. I would recommend you to use Winrar with repaire option.
I can’t wait to see your videos.
Oh! I can’t find much of training resouces for Cisco ASA and no labs too.
Thanks
Riz
Hi Andy,
Thanks a lot for your labs and vidoes.
I’ve a question concerning the Task 6.2 (about configure a RPF check).
Unfortunately I can not understand the task.
Would you so kind to say the same but in other words?
Regards
Hi Andy,
As a triple CCIE, what is the correct way to start preparing to ccie security lab exam? is it required to buy any workbook? I’ve the opportunity to build lab environment at my work. I know about firewall, ACS, general security and attack concept.
Regards.
Hi Taha,
For CCIE security I’ve used the workbook from Netmetric Solutions at that time to learn all the tasks needed for the lab. If you already have general security concept it won’t take that long for you to clear the lab.
If you need to learn some emulation tips check this blog, I’m about to release new stuff about security as soon as I get some spare time from my CCIE voice studies.
Cheers
hi,
any chance you can upload the lab answers in pdf or txt ?
thanks a lot
Hi all,
is there any book that you know to study ccie security lab and written exam?
best regards.
taha
Andy,
You are the greatest. I have been encouraged by your good work to launch my career in network security. I do not have the right words to describe the impact your work has on me and my friends here, except to say, THANK YOU SO MUCH!!!!
May you be blessed always.
Diko
You’re welcome Diko as so everybody else in this webpage, it’s good to know that some spare time of my work have helped a lot of people, unfortunately I am kind of busy nowadays so its being impossible to release more videos with new emulations such as Callmanager and more on Dynamips.
But I am sure that next year I will continue with lots of improvements on this blog.
Cheers
hello
do you hear any sound when playing the video ? tried with camtasia, VLC, WMP, nothing … Is it normal ?
regards
Andy,
Thank you for all your great tutorials!!
They have really helpt me working with Dynamips.
Hi Xavier,
The only video that has sound on it it’s the Mock Lab Video part 1, all the other ones does not have sound on it so it’s normal that you are not hearing any sound at all.
Hi Andy
Thank you so much for helping me and others with our studies. You mentioned in a previous post that you have the following hardware specifications
1x Core 2 Quad Q6600 (4x 2400 MHz)
1x Quad kit DIMM 8 GB DDR2-800 (8192 MB)
When running the full CCIE Security lab on dynagen, dynamips, and PEMU with all the routing protocols and VPNs, do you remember what was the cpu utilization ?
Also, when you are starting the lab, do you start all the routers at the same time or one by one?
Hi,
With everything up for Sec I used to get a 80 to 85% CPU, but the trick here is to set one instance of Dynamips to use 4 CPUs, and the other instance to use the other 4 CPUs and play with these for PIX UDP emulations.
And about the routers you need to start one by one otherwise you might get the 100% CPU easily.
Hi Andy,
Thanks for your reply but I don’t know how to set one instance of dynamips to use the 4 CPUs and the other instcances to use the other 4 CPUs, Could you please explain?
Thank you Andy; I’ve found your website to be most useful.
I can imagine the time, effort, and costs associated with maintaining it. God bless you.
Hi mgazzaz,
You need to go to Task Manager in Windows and then to Processes, Right click on one of the processes of Dynamips and choose Set Affinity and there you can Tune the CPU utilization of each Dynamips instance.
Hi Andy,
Thanks for great stuff here.With respect to recent changes in Security, there are many new features to be added in.Can you blog on tackling the latest version ? Will Virtual lab be enough for new blueprint too OR will we need to buy new stuff.Since VPN concentrator is out,ASA is in , things don’t seem that bad.Do let us know about your thoughts on this.
Also,when are you attempting CCIE voice lab and are you going for v2 or v3 blueprint in Voice ?
Thanks
Thanks a lot! for the Videos
excellent share - thanks a million.
Thanks!!!
[...] http://www.andersonalves.net/2008/06/20/how-to-attack-a-full-ccie-security-lab-with-solutions/ [...]
keep getting crc error on file when extracting.
hi i m fresher and i m in final year electronics and communication
may u guide me the best institute for ccie security
hi
I have problem with download Mock_Lab1_VPN_Part1.part1 and Mock_Lab1_VPN_Part2.part12 .
please help me
thanks.
Hi Anderson
I have downloaded these Cisco Lab but when I try and run them they are asking for a disk to be inserted. Please comfrim if they are issues with me running these Labs. Only the IPS Lab runs well.
keep getting crc error on file when extracting.