The CCIE security is based totally around Cisco Products, and as far as I remember Cisco isn't a software company (sure the company was based off stolen software but that is beside the point). Is that why their Cisco Secure IDS is trash and can't go beyond 100Mbps and that you have to use the Blade for the Cat 6K if you want anything over 100Mbps and you've got to stack them in that $$expensive$$ 6K to get anything near gigE.
Oh wait but then don't you then need to spend some Big $$$ to get some type of data correlation mechanism for Cisco Secure IDS because it can't do logging to a sql database by itself. Oh and then its not configurable to work with any device that could be used with Expect you can only work with Cisco routing devices.
You're TFTP server is secured properly and you allow write access to that directory too :) Oh so that means that I can go about downloading and cracking your routing and switching gear not to mention posting rooted .bin files. Wait, you're using Cisco Log server for NT and if it runs out of disk space your PIX stops working right how nice :)
Oh and those little 35 series switches that don't support SSH. Secure VLAN all the way right? Yeah Right!

Secure Policy Design in CCIE security non-existent, Host based security (sorry that is one of our partners jobs), Incident Response hmmm no, most CCIEs that I know can hardly spell UNIX let alone build a secure Sun box unless you count the CSIDS boxes as Suns (NOT). IDS Signature Development (lets leave that to CCO, they know best anyway)
I didn't know that there was an experience requirement for the CCIE security.

The CISSP represents that you've been in the business for at least 3 years and the CCIE security doesn't say that you've ever touched any of the equipment except in the lab.

My Network is built on SAFE. I'd like for you to meet our newest recruit the "SAFE CRACKER"


[ reply ]

Link to this comment: http://www.securityfocus.com/comments/columns/67/11497#11497