After searching for resources for the CCIE security exam, I found this book (CCIE Practical Studies: Security, ISBN: 1-58705-110-9) from Cisco Press website. Even though the title is ¡§Practical Studies: Security¡¨, it should contain more practical studies on security part of the lab exam. ¡§CCIE Practical Studies: Security¡¨ is useful for experienced Networkers to practice the security lab exams by deploying case studies and sample labs before the exam.
An advance feature of this book is it provides a lot of case scenarios. Throughout the book, readers can learn Cisco¡¦s security implementations by step-by-step configurations. Other useful features also include: Review questions and FQAs at the end of all chapters (except Chapter 26: Sample Lab Scenarios) which help readers to get solid idea of security principles and impermanent. The solutions of the 8 complete lab scenarios from the companion CD-ROM also illustrate the complexity of the CCIE Security lab exam.
However, I only give this book four out of five stars since some of the topics listed on the CCIE security written exam blueprint are missing from the book. Two of them are Cisco Secure Policy Manager and Cisco Secure Scanner. CCIE Candidates might not need to configure those Cisco Applications during the lab exam, however, every CCIE should know how to run those applications and how they work. I would love to see those topics will be covered in the next edition of this book. And, If you want to know the principal of Committed Access Rate (CAR), details on Intrusion Detection and specification on Security in General, you should read ¡§CCIE Professional Development Network Security Principle and Practices¡¨ by Saadat Malik (ISBN 1-58705-025-0) first.
Another problem of the book is it uses 42% of its 1000 pages on Routing and Switching, those chapters should be leaved to other books suggested by Cisco Systems (Routing TCP/IP by Doyle and Cisco LAN Switching by Clark and Hamilton). This is book should focus on security part of the exam only. It should mention more on Intrusion detection and Network-Based Application Recognition (NBAR). In my opinion, the first three chapters should also be summarized into a small chapter. CCIE candidate should know how to ¡§formulate a study plan¡¨ or ¡§take regular breaks while studying¡¨. People who don¡¦t know those ¡§study habits¡¨ should take a learning assistance class in a junior college. CCIE exam is one of the toughest professional exams for network administrator and network security engineer. So, if you don¡¦t know how to deal with problems, such as ¡§There¡¦s too much to remember¡¨, don¡¦t take the exam.
Poor Cisco IOS commands organization is also a reason that this book has only four stars. For example in Chapter 17: IP services (page 558), under section ¡§Monitor the MNLB Forwarding Agent¡¨
The book said
¡§To display the status of affinities, or connection information, use the following command:
R2#show ip casa affinities
To display the operational status of the Forwarding Agent, use the following command:
R2#show ip case oper
To display ¡K.¡¨
The section can be rewrote like this
¡§To monitor the status of the MNLB Forwarding Agent.
R2#show ip casa [options]
Options
affinities the status of affinities, or connection information
oper the operational status
stats the statistical information
wildcard information about wildcard blocks¡¨

This is much clear, easy to read and save time if you need to look up the command real quick. Other Cisco press books used the similar format, but I don¡¦t know why this book didn¡¦t follow it.
As the writer wrote in the book ¡§No single source ¡V including this book ¡V can or should claim to be a one-stop solution for the CCIE lab preparation.¡¨ (page 901), readers who are preparing for the exam should also consider buying other books from Cisco Press or searching more information on Cisco Security Applications from Cisco Connection Online. I would recommend this book to CCIE Security candidates who need lab practices and configuration examples. Although you can find plenty of examples from Cisco.com, the book is worth to buy for lab practices before the Armageddon.

After searching for resources for the CCIE security exam, I found this book (CCIE Practical Studies: Security, ISBN: 1-58705-110-9) from Cisco Press website. Even though the title is ¡§Practical Studies: Security¡¨, it should contain more practical studies on security part of the lab exam. ¡§CCIE Practical Studies: Security¡¨ is useful for experienced Networkers to practice the security lab exams by deploying case studies and sample labs before the exam.
An advance feature of this book is it provides a lot of case scenarios. Throughout the book, readers can learn Cisco¡¦s security implementations by step-by-step configurations. Other useful features also include: Review questions and FQAs at the end of all chapters (except Chapter 26: Sample Lab Scenarios) which help readers to get solid idea of security principles and impermanent. The solutions of the 8 complete lab scenarios from the companion CD-ROM also illustrate the complexity of the CCIE Security lab exam.
However, I only give this book four out of five stars since some of the topics listed on the CCIE security written exam blueprint are missing from the book. Two of them are Cisco Secure Policy Manager and Cisco Secure Scanner. CCIE Candidates might not need to configure those Cisco Applications during the lab exam, however, every CCIE should know how to run those applications and how they work. I would love to see those topics will be covered in the next edition of this book. And, If you want to know the principal of Committed Access Rate (CAR), details on Intrusion Detection and specification on Security in General, you should read ¡§CCIE Professional Development Network Security Principle and Practices¡¨ by Saadat Malik (ISBN 1-58705-025-0) first.
Another problem of the book is it uses 42% of its 1000 pages on Routing and Switching, those chapters should be leaved to other books suggested by Cisco Systems (Routing TCP/IP by Doyle and Cisco LAN Switching by Clark and Hamilton). This is book should focus on security part of the exam only. It should mention more on Intrusion detection and Network-Based Application Recognition (NBAR). In my opinion, the first three chapters should also be summarized into a small chapter. CCIE candidate should know how to ¡§formulate a study plan¡¨ or ¡§take regular breaks while studying¡¨. People who don¡¦t know those ¡§study habits¡¨ should take a learning assistance class in a junior college. CCIE exam is one of the toughest professional exams for network administrator and network security engineer. So, if you don¡¦t know how to deal with problems, such as ¡§There¡¦s too much to remember¡¨, don¡¦t take the exam.
Poor Cisco IOS commands organization is also a reason that this book has only four stars. For example in Chapter 17: IP services (page 558), under section ¡§Monitor the MNLB Forwarding Agent¡¨
The book said
¡§To display the status of affinities, or connection information, use the following command:
R2#show ip casa affinities
To display the operational status of the Forwarding Agent, use the following command:
R2#show ip case oper
To display ¡K.¡¨
The section can be rewrote like this
¡§To monitor the status of the MNLB Forwarding Agent.
R2#show ip casa [options]
Options
affinities the status of affinities, or connection information
oper the operational status
stats the statistical information
wildcard information about wildcard blocks¡¨

This is much clear, easy to read and save time if you need to look up the command real quick. Other Cisco press books used the similar format, but I don¡¦t know why this book didn¡¦t follow it.
As the writer wrote in the book ¡§No single source ¡V including this book ¡V can or should claim to be a one-stop solution for the CCIE lab preparation.¡¨ (page 901), readers who are preparing for the exam should also consider buying other books from Cisco Press or searching more information on Cisco Security Applications from Cisco Connection Online. I would recommend this book to CCIE Security candidates who need lab practices and configuration examples. Although you can find plenty of examples from Cisco.com, the book is worth to buy for lab practices before the Armageddon.

I would like to congratulate Dmitry and his team and cisco press for putting together this title. This book covers all the topics in good details with examples. It covers 12.2(15)T IOS features which are not easily found elsewhere. Amount of information and labs contained in this book will take anyone hundreds of hours to go through these labs and will certainly prepare them for THE CCIE lab. I am sure Concentrator and IDS chapters will be added in due time.

Full scale labs are very well laid out. If you are prepping for this test, you must go through these labs couple of times.

Great job Dmitry and crew! way to go!

-Keyur Shah-
QUAD CCIE# 4799 (Voice;Service Provider;Security;R/S)
Hello Computers
http://www.hellocomputers.com

Incredible work by the authors. I like the way this book is laid out. The neat thing about it is the way it combines material which could be split into several books. My own CCIE study was not funded by an employer. I had to pay my own way (like most people), so having been able to save money on courses and books was a great benefit to me. The CCIE Security lab requires having a strong background in routing and switching and this book is a great bundle of information that reduces your search and study to the areas on which you are most likely to be tested. I don't have R&S CCIE, so seeing real examples of how routing & switching provides basis for security helped me pass the lab. I failed my first attempt because in my studies I assumed that it was going to be only security based, not realizing that I would be tested on the R&S background as well. I bought this book after I failed, and after completing all the practice labs in the book, I was able to get my CCIE after the second attempt. This book does not go into detail on IDS and VPN Concentrator, but I didn't have them on my test (maybe it was added afterwards).

I disagree with previous reviewer's comments. It seems like the author recommends taking 2 classes worth about $3200 each and buying several books which do not provide applicable lab scenarios instead of a $70-some investment into this book. Whatever topics are not listed in this book (and they can't, otherwise the book would need a forklift to pick it up) can be easily found on CCO for free. It's funny that the reviewer is admitting that somebody with a different background from theirs would give it 5 stars. Well, it seems that my background is different and I do give it 5 stars.

I ordered this book in the hope that it would help me study for the CCIE Security Lab exam. I already have Soli's Practical Studies (both volumes). The beginning chapters in the book are related to Ethernet, ISDN, Routing Protocols etc. Don't expect the same level of detail for these topics here that you would find in Soli's book or in Jeff Doyle's book. Use those books to cover these topics. The security Practices (Part IV) of the book is why you bought this book.
Being an instructor for almost all cisco security courses, I was disappointed by the level of detail in Chapters 14 through 17. But then, the book might be covering just what you need for your exam. In my opinion, you need Saadat Malik's book Network Security Principles and Practices. I would give that book 5 stars!.
For me, the only chapters worth anything were Advanced VPNs (Chapter 20) and Chapter 26 (Sample Lab Scenarios -- which has eight scenarios).
The VPN Concentrator, which now appears on the lab is nowhere to be seen in this book. This is a big MINUS for this book.
Depending on your background with network security, you might want to give a better rating to this book as to the depth of the material covered. If you already have Doyle + Soli's books, get Sadat Malik's book + IOS Network Security documentation and attend the CSVPN course and CSIDS courses (if you can). This book does not cover the IDS Sensor at all. It only covers the limited IDS of the PIX and routers.
I would have liked it better if the routing/switching topics would have been left off totally from this book and the focus would have been entirely on the Security stuff (read VPN Concentrator and the IDS Sensor etc). People would tell you that you can get them off the Documentation CD. Well, if so, the stuff that the book has is also on the doc. cd :-)