Beginning in October 2009, students will be required to demonstrate mastery of the Cisco IOS Intrusion Prevention System (IPS) for the CCIE R/S track. This blog post introduces candidates to this relatively new security feature. Note this series of blog posts will focus on Tier 1 knowledge. This information allows mastery for the Core Knowledge section and builds a foundation for later mastery at the Command Line Interface....

[Read the rest of this entry -->]

Read Full Post »

Female Voice: “Don’t tell me which zone’s for stopping and which zone’s for loading!
Male Voice: “Listen, Betty, don’t start your white zone sh*t again. There is just no stopping in the white zone.” – Airplane 1980...

[Read the rest of this entry -->]

Read Full Post »

In this blog post, we will obtain some good solid Tier 1 level knowledge regarding VLAN Access Control Lists or VACLs. These are often also referred to as VLAN Access Maps or just VLAN Maps; thanks to the syntax that is used in their creation....

[Read the rest of this entry -->]

Read Full Post »

Flexible Packet Matching is a new feature that allows for granular packet inspection in Cisco IOS routers. Using FPM you can match any string, byte or even bit at any position in the IP (or theoretically non-IP) packet. This may greatly aid in identifying and blocking network attacks using static patterns found in the attack traffic. This feature has some limitation though. ...

[Read the rest of this entry -->]

Read Full Post »

The Security section of Internetwork Expert’s CCIE Routing & Switching Lab Workbook Volume 1 Version 5.0 is completed and available on the members site. As of now the fully completed and posted sections are Bridging & Switching, Frame Relay, IP Routing, RIP, EIGRP, OSPF, QoS, Security, System Management, and IP Services. BGP, Multicast, and IPv6 remain, and will be incrementally posted next....

[Read the rest of this entry -->]

Read Full Post »