CCNA Security: Make It Yours and Jump Into the Next Frontier of IT Networking
Have you heard of the "Internet of Things" (IoT) concept? It was first mentioned in 1999 and has gained popularity during the last decade. The IoT idea is to connect all kinds of devices to the internet — from smart-phones to refrigerators, and everything in between.
Well, today's interpretation of the same concept is called "Internet of Everything" (IoE), and it sounds just as cool, and is becoming more of a reality every day. The amount of devices connected to other devices is growing exponentially, and along with that growth a need arises — the need to develop better security measures and continually improve them. No individual wants a neighbor to monitor their wireless data, or steal their banking information, or even just mess with the temperature of their refrigerator.
Although the field of networking is now getting closer to becoming almost fully virtualized, each new step raises a new security consideration, meaning that the need for IT security will never go out of fashion.
One of the most popular security certifications is the Cisco Certified Network Associate Security (CCNA Security) credential. This certification covers the basics of IT security, helping you identify the types of threats that any computer user may end up facing: network attacks (DDoS, DHCP starvation), malicious code, Trojans, viruses and more. It also covers the ways you can secure a network's infrastructure, protecting routers and switches from common types of attacks, understanding IDS/IPS (intrusion detection/prevention systems) functionality, and understanding the basic configuration of the Cisco Firewall product: ASA (Adaptive Security Appliance).
Before considering CCNA Security as a certification goal, be aware that you can't obtain the actual certificate without first obtaining one of two prerequisite certs, either the Cisco Certified Entry Networking Technician (CCENT), or CCNA Routing and Switching (still commonly called just CCNA). The CCNA Security exam can be taken anytime, but you will not receive the certification until you have completed one of those two prerequisite certifications. The official prerequisites the CCNA Security exam can be found here.
Earning this certification will require you to pass the 640-554 IINS exam. As per the official information, the exam consists of 55 to 65 questions (90 minutes) — expect lots of single and multiple-choice questions, some drag-n-drops and a few simulations.
Although the passing score is not publically announced by Cisco, be prepared to score at least 85 percent or better. The CCNA Security certification covers a wide spectrum of security subareas, but it also has a solid networking base. My tips for preparing for the exam include the following:
Be Network-Friendly
Before starting with the CCNA Security, you have to be knowledgeable about networking at least on level of CCENT (or CompTIA's Network+), and be familiar with the Cisco IOS. A big part of the curriculum actually deals with securing routers and switches — from basic authentication and authorization methods, to securing the spanning-tree (BPDU guard, Root guard), configuring IOS firewall and access-lists, and configuring basic IPS functionality on IOS.
To understand the attacks and the security features described in the CCNA Security curriculum, you should be well versed with the OSI model and the most popular protocols underlying it (TCP, UDP, IP, DHCP, HTTP, HTTPs, and DNS). Know their basic functionality and on which layers they operate.
Track Your Progress and Don't Underestimate Topics
A great feature of Cisco certifications is that you not only know the exam topics, you also know the percentage of exam questions that will be related to a given topic. Check it out here.
With the CCNA Security exam, every topic is equally important, even if syslog, NTP and vlans don't seem at first glance to be directly connected to the security area. Keep in mind that the pass score is very high. Don't risk being surprised, it's better to be prepared for anything and everything.
Lab Everything
No matter how many times you passed through the certification guide or the video lessons, the best teacher is experience. Practice everything from Cisco IOS to CCP (Cisco Configuration Professional) and Cisco ASA. Get really familiar with all three of them. Packet tracer and GNS3 are great tools for this, as they support almost everything you will encounter in the curriculum.
The great thing about GNS3 is that if you want to simulate a network attack, sourced from a virtual machine, or even from your own machine, then you can use GNS3 to import all your PC NICs — physical, wired and wireless, and virtual — loopbacks, and VMware/VirtualBox virtual interfaces. In this way, you can establish communication between a host device and the network devices.
BackTrack and Kali Linux offer a wide range of penetration testing tools for simulating security threats to your lab. You can also buy real equipment, though that's a costly solution. Another option is to rent a rack.
Check Out Blogs or Create Your Own
It's popular for IT professionals to create blogs to help prepare for exams. It helps both them and the people who check out the blogs. If you've ever tried to write on a technical topic, or prepare it for presentation in front of people, then you know that you first have to get very deep into it. The same applies with posting on a blog.
If you are a passionate follower of the tip to "Lab Everything" you will quickly discover that sometimes you need the help of external sources on the internet. Also, in order to track your knowledge and easily review it, you need to do notes — a blog can help you accomplish all of these! Another plus is that if you're looking for a job, the technical blog can be a great addition to your CV.
As a last tip, enjoy your certification journey. In fact, enjoy each step of the process that leads you to gaining knowledge and progressing in the area of your passion!