Posted in CCIE R&S, CCIE Security, IPS, Security on Sep 2nd, 2009
Beginning in October 2009, students will be required to demonstrate mastery of the Cisco IOS Intrusion Prevention System (IPS) for the CCIE R/S track. This blog post introduces candidates to this relatively new security feature. Note this series of blog posts will focus on Tier 1 knowledge. This information allows mastery for the Core Knowledge section and builds a foundation for later mastery at the Command Line Interface.... [Read the rest of this entry -->]
...
Read Full Post »
Posted in CCIE 2.0, CCIE R&S, Security on Aug 15th, 2009
Female Voice: “Don’t tell me which zone’s for stopping and which zone’s for loading!
Male Voice: “Listen, Betty, don’t start your white zone sh*t again. There is just no stopping in the white zone.” – Airplane 1980... [Read the rest of this entry -->]
...
Read Full Post »
Posted in CCIE R&S, Security, Switching on Aug 10th, 2009
In this blog post, we will obtain some good solid Tier 1 level knowledge regarding VLAN Access Control Lists or VACLs. These are often also referred to as VLAN Access Maps or just VLAN Maps; thanks to the syntax that is used in their creation.... [Read the rest of this entry -->]
...
Read Full Post »
Flexible Packet Matching is a new feature that allows for granular packet inspection in Cisco IOS routers. Using FPM you can match any string, byte or even bit at any position in the IP (or theoretically non-IP) packet. This may greatly aid in identifying and blocking network attacks using static patterns found in the attack traffic. This feature has some limitation though. ... [Read the rest of this entry -->]
...
Read Full Post »
Posted in CCIE R&S, IGP, Security on Feb 11th, 2009
The Security section of Internetwork Expert’s CCIE Routing & Switching Lab Workbook Volume 1 Version 5.0 is completed and available on the members site. As of now the fully completed and posted sections are Bridging & Switching, Frame Relay, IP Routing, RIP, EIGRP, OSPF, QoS, Security, System Management, and IP Services. BGP, Multicast, and IPv6 remain, and will be incrementally posted next.... [Read the rest of this entry -->]
...
Read Full Post »
Hello to all our faithful blog readers, I hope this post find you very well, and enjoying your studies!... [Read the rest of this entry -->]
...
Read Full Post »
What in the world is a bogon? It is a source address that should not appear in an IP packet on an interface that faces the public Internet. A very famous example of a bogon address would be the Private IP address space, as defined in RFC 1918. This address space is as follows:... [Read the rest of this entry -->]
...
Read Full Post »
Posted in CCIE General, CCIE R&S, Security on Nov 5th, 2008
Fragmented IPv4 traffic may cause you a lot of problems in real life. Not only it increases the load on router CPUs, but also impacts applications performance (e.g. TCP needs to re-send the whole packet on a single fragment loss). In addition to that, traffic fragmentation is used in numerous network attacks, allowing an attacker to bypass firewalls or IDSes in some situations. Due to all these reasons, you may want to avoid fragmentation at all and/or ensure your network is insulated from fragmented packets. Unfortunately, there are cases when using IPv4 fragmentation is unavoidable. ... [Read the rest of this entry -->]
...
Read Full Post »
NBAR protocol classification feature has long supported enhanced HTTP URL matching features. However, Cisco documentation site never provided a detailed description of the pattern language used for URL matching; neither has it explained how the engine matches client/server data streams. In this post we will give an overview of how NBAR works with URL filtering.... [Read the rest of this entry -->]
...
Read Full Post »
Posted in CCIE General, CCIE R&S, Security on Nov 3rd, 2008
I know, I know… I promised this a while back, after I did the first part. Sorry ’bout that!... [Read the rest of this entry -->]
...
Read Full Post »
