RE: SAFE and the Holy Hand Grenade of Antioch [7:74304]
This is an excellent example of why I hated taking the SAFE exam. I found myself for several questions thinking... "Well, I depends on what you mean by this term." I agree with Fred though. I believe the answers they are looking for are Unstructured, Structured, External and Internal. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=74377&t=74304 -- **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
RE: SAFE and the Holy Hand Grenade of Antioch [7:74304]
Not sure if this what there looking for but in my MCNS book they have the following threat types: Security Threat Types: -Reconnaissance -Unauthorized access -Denial of Service -Data Manipulation The 4 remote users designs are the following: Software accessRemote user with a software VPN client and personal firewall software on the PC Remote-site firewall optionRemote site is protected with a dedicated firewall that provides firewalling and IPSec VPN connectivity to corporate headquarters; WAN connectivity is provided via an ISP-provided broadband access device (i.e. DSL or cable modem). Hardware VPN client optionRemote site using a dedicated hardware VPN client that provides IPSec VPN connectivity to corporate headquarters; WAN connectivity is provided via an ISP-provided broadband access device Remote-site router optionRemote site using a router that provides both firewalling and IPSec VPN connectivity to corporate headquarters. This router can either provide direct broadband access or go through and ISP-provided broadband access device. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=74313&t=74304 -- **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
RE: QoS Exam 642-641 [7:74081]
I used the knowledgenet QoS training course and Boson #1 QoS practice test to study for the test. (I probably could have gotten away with just using the knowledgenet QoS training course though.) Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=74142&t=74081 -- **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
RE: QoS Exam 642-641 [7:74081]
Yea! I passed. It was pretty easy though. (No tricks or hazy questions in this test.) I guess I'm still bitter after having to take the Safe Exam 2x to pass. Now onto the CCNP recert which I hear is quite fun. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=74132&t=74081 -- **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
QoS Exam 642-641 [7:74081]
Taking this bad boy tomorrow... and advice? All of the new exams seem to be quite a bit more painful than the old ones. Or at least more difficult in my opinion... Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=74081&t=74081 -- **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
RE: wireless security and VPN software? [7:73988]
Very true. The clients are the most vulnerable before the VPN session is established. Without PSPF enabled clients can attack other clients on an access point. Even with PSPF enabled an attacker could put up a rogue with the same SSID and WEP key if used and try to attack/trojan the client. It's interesting though, the new IOS firmware has crypto map statements available. I wonder if Cisco will eventually allow VPN sessions to terminate directly on the access points. That would be pretty cool. Much like what Colubris does right now. Reimer, Fred wrote: > > Hmm, PSPF definitely sounds interesting, but I'd recommend > requiring the > integrated Cisco firewall in the VPN client, and not allowing > split > tunneling. > > Also, there is apparently a working group working on VPN > multicast... > > Fred Reimer - CCNA > > > Eclipsys Corporation, 200 Ashford Center North, Atlanta, GA > 30338 > Phone: 404-847-5177 Cell: 770-490-3071 Pager: 888-260-2050 > > > NOTICE; This email contains confidential or proprietary > information which > may be legally privileged. It is intended only for the named > recipient(s). > If an addressing or transmission error has misdirected the > email, please > notify the author by replying to this message. If you are not > the named > recipient, you are not authorized to use, disclose, distribute, > copy, print > or rely on this email, and should immediately delete it from > your computer. > > > -Original Message- > From: Charlie Wehner [mailto:[EMAIL PROTECTED] > Sent: Saturday, August 16, 2003 4:14 PM > To: [EMAIL PROTECTED] > Subject: RE: wireless security and VPN software? [7:73988] > > One more quick note on using VPN solutions. If your using a > VPN solution > with a Cisco AP be sure to enable PSPF. Everyone misses that > setting... > but it's important. :) > **Please support GroupStudy by purchasing from the GroupStudy > Store: > http://shop.groupstudy.com > FAQ, list archives, and subscription info: > http://www.groupstudy.com/list/cisco.html > > Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=74074&t=73988 -- **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
RE: wireless security and VPN software? [7:73988]
One more quick note on using VPN solutions. If your using a VPN solution with a Cisco AP be sure to enable PSPF. Everyone misses that setting... but it's important. :) Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=74049&t=73988 -- **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
RE: wireless security and VPN software? [7:73988]
What type of applications do they need to support? What devices and OS's do they need to support? -Watch out for PDAs. Most PDAs have limited support for VPN clients. What type of users are they? (Techie or basic AOL users?) These are the main questions in my opinion. VPNs aren't so bad. I know quite a few enterprises that are currently using VPN solutions for wireless. I honestly don't think most users notice the performance hit. Also, some VPN clients can be setup very seemlessly so there aren't multiple logins. I would also look into PEAP, EAP-TLS and LEAP. PEAP is pretty secure if setup correctly. The PEAP client is already built into WinXP and PPC 2003. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=73998&t=73988 -- **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Re: Keeping my head up [7:71800]
There is no shame in failing a Cisco written test these days (not that there ever was). I passed the CCIE Lab on the second attempt and a few months later failed the Cisco Pix Firewall Exam again and again (after having always passed Cisco written tests on the first try.) The Cisco written tests these days are tough, tough, tough. ***I will agree. All of the certification exams are much more difficult than before... and now that the dot.com bubble is over a lot less people are taking them now. (In my first attempt at the CCIE lab in May there were only 3 people there.) In my opinion, the number CCNPs, CCDPs etc. will go down significantly in the next few years. It seems like we are slowly getting back to having people in the field who actually 'like' solving these types of problems. Salaries have gone down... and with that many people have decided it's not worth the effort... while others still stay because they actually like the challenge.Thomas Larus wrote: Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=72441&t=71800 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: CCNP Re-certification [7:69556]
I've noticed that the simulation questions perform terrible and sometimes lock up when run on low-end computers. They need to raise the minimum PC requirements for Prometric test centers in my opinion. Don't be afraid to email Cisco about any problems with the exam. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=69619&t=69556 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Anyone written CSI 9E0-131 Cisco Safe? [7:69520]
It's kind of a pain. I just passed it. Read the Safe whitepaper very carefully. Pay attention to the way it's worded... The exam is very picky with some questions and a bit vague on others. The 2 Boson practice tests help out a lot. I would highly recommend using them to study with. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=69585&t=69520 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: access-list logging rate-limited [7:66520]
I found the answer to question 2: "It's not usually a good idea to configure logging for access list entries that will match very large numbers of packets. Doing so will cause log files to grow excessively large, and may cut into system performance. However, access list log messages are rate-limited, so the impact is not catastrophic. Access list logging can also be used to characterize traffic associated with network attacks, by logging the suspect traffic." http://www.cisco.com/en/US/tech/tk648/tk362/technologies_tech_note09186a0080120f48.shtml#rec_acc Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=66529&t=66520 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
access-list logging rate-limited [7:66520]
Two quick questions: I've configured an access-list to only permit certain tcp and udp ports above 1024. At the end of the access-list I have the following commands: access-list 101 deny tcp any any log access-list 101 deny udp any any log access-list 101 deny ip any any log Question 1: Do I even need the "deny tcp" and "deny udp" statements since I also have a deny ip statement? Question 2: When I perform a port scan through the router it logs some of the events but it seems to miss the majority of them giving me the following error message: "%SEC-6-IPACCESSLOGRL. access-list logging rate-limited or missed 142 packets" Is access-list logging rate-limited by default? Is there anyway for me to ensure everything gets logged? I'm not sure if I understand? Thanks, Charlie Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=66520&t=66520 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: UDLD Questions [7:66461]
Very good explanation Priscilla. Thanks! Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=66466&t=66461 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
UDLD Questions [7:66461]
Will UDLD prevent duplex mismatches from occurring on end user devices? (Disabling a ports that are detected to be mismatched) Or does UDLD only work between switches? Thanks in Advance Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=66461&t=66461 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: CCIE Vs. BS or MS dergree [7:59481]
What's more difficult? a) Memorizing configuration scenerios and commands on a Cisco router b) Understanding Calculus, Differential Equations, Numerical Analysis, Chemistry, Physics and Electrical Engineering well enough to create a "meaningful" experiment. One of my friends is working on his masters in Physics right now. What he's working on makes the CCIE look like a walk through the park. Seriously, what if the recommended reading list for the CCIE exam looked like this: Physics I and II Calculus I,II,III Differential Equations Mechanics Circuit Analysis I and II Linear Systems Thermodynamics Quantum Mechanics Optics Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=59579&t=59481 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: WLANFE [7:59278]
When was the WLANFE 9E0-581 exam first available? Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=59337&t=59278 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Question for designers (WLAN) [7:59216]
Forgot to ask... what country are you from? I know some countries put restrictions on the power and antennas that are available. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=59336&t=59216 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Question for designers (WLAN) [7:59216]
If your not going to run 802.11a then there might not be a significant advantage to going with the 1200 series AP. However, hospitals normally have a lot of long hallways that are perfect for using a patch antenna. (A lot of times you can cover an area with one diversity 6.5dBi patch that might take 2 1100 series APs to cover otherwise.) The external antennas would probably be the biggest advantage of going with the 1200 series vs a 1100 series for you. Other than that... there aren't very many differences. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=59335&t=59216 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Aironet 1200 [7:59310]
What type of throughput does the remote office need? With two 1200 series access points you can: a) Run one AP as Root and the other in Repeater mode. b) Blast the signal across the street with just one AP I don't think you can bridge with 1200s series APs. You might be better off buying 350 bridges instead depending on your environment. You could also buy a WGB to connect to one of the APs. That's another option. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=59334&t=59310 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Off Topic - Quietest Cisco Switch [7:53800]
***they're all VERY quiet when you unplug 'em! :-> -->Very very true, but what's the fun of having a killer home network unless you put it to good use. For example, right now, I'm hosting 2 websites and let my friends VPN-in and download/upload interesting freeware applications. :)(Stuff like SuperScan and Netstumbler... or whatever is interesting at the time.) -->I also have distributed.net running on all my home machines. I guess I could set them up to periodically update? -->My current Linksys switch is pretty quiet. I guess I do have a couple of options, none of which are ideal for me... but I'll figure something out. Thanks for input everyone. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=53809&t=53800 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Off Topic - Quietest Cisco Switch [7:53800]
I'm looking to buy a switch for my apartment. (Right now, the 2950T 24port 10/100/1000Base-T looks promising.) However, the amount of noise this thing produces is a concern. I want to put it in my living room (Actually, it's the only room... I live in a studio.) so I can't have this thing cranking away while I'm trying to watch a movie, have a date over (Ya, it does happen sometimes... it's a miracle.) or when I'm trying to go to sleep. Does anyone know which switches are the quietest? I would like it to support the enhanced image. Anyone else run into this problem? Thanks, Charlie Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=53800&t=53800 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: ADSL routers [7:51250]
the 827 can do many things, including 3DES and firewall feature set, but supports only RIP and EIGRP -->No fair, mine doesn't support EIGRP. Only RIP. The 827 looks like it supports all of the routing protocols but when you enter them it always reads "unknown routing protocol". (Except for RIP.) Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=51489&t=51250 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
LEAP/ACS configuration [027] Session-Timeout [7:48301]
PROBLEM/QUESTION Users are currently authenticated by an ACS server when remotely accessing the network through a VPN. So their user accounts have been created and there is currently no value for [027]Session-Timeout RADIUS attribute. What will happen if I modify the [027]Session-Timeout RADIUS attribute for LEAP? Will the user's VPN sessions timeout? Basically, I want the same user to be able to be authenticated when remotely accessing the network (without their session timing out) and use LEAP for wireless authentication. Is there a way to do this? How is this normally setup? Thanks, Charlie Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=48301&t=48301 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Securing a Aironet 350 [7:44152]
What is the best way to secure a Aironet 350 from hackers? ***Keep it unplugged. ***Seriously though, LEAP is a good option if you want ease of use and pretty good security. It can be brute-forced if there isn't a user lock-out policy though. (You also need a Cisco ACS server or LEAP-compatible RADIUS server available.) The Cisco safe whitepaper mentioned earlier is an excellent reference. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=44295&t=44152 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Can anyone break this Cisco 4912G password? [7:40505]
I just ran both of the hashes against a 20Mb wordlist using John the Ripper with no luck. (Looks like you might have to perform some password recovery.) Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=40753&t=40505 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Aironet 350 Wireless Security Question [7:38051]
I think I just answered my own question. Just found an excellent link... Here it is if anyone is curious: http://www.cisco.com/warp/public/cc/so/cuso/epso/sqfr/safwl_wp.htm Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=38060&t=38051 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Aironet 350 Wireless Security Question [7:38051]
How safe am I if I'm using the aironet 350 Series access points running the following: -version 11.10T -EAP authentication with a Radius server -MIC enabled -Broadcast Key Rotation -WEP with key hashing Does anyone know any good links that give a 'very' detailed explanation of how the 'WEP key hashing' works? Also, does Cisco have any VPN-based or one-time password wireless solutions available? I mean, it seems like everyday... I get a different answer as to which wireless security models are secure and which aren't. Thanks, Charlie Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=38051&t=38051 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Aironet 350 APs and Security Concerns [7:35686]
Thanks Tom, So all versions before 11.10T don't use "hashing" in addition to the RC4 algorithm? (11.08T1, 11.07a, 11.06.a, 11.05a etc...) Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=35699&t=35686 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Aironet 350 APs and Security Concerns [7:35686]
Does anyone know which software versions of the Aironet 350 APs use added "Hashing" to help resolve the weaknesses discovered in the RC4 algorithm? Is version 11.07 safe from the Berkley and Fuhrer attacks? Thanks, Charlie Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=35686&t=35686 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
MD5 encrypting vty passords [7:33533]
Is there any way to MD5 encrypt vty passords? If so, how? If not, why not? Thanks, Charlie Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=33533&t=33533 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: ISDN dialer watch VS floating static routes [7:31609]
Thanks for the advice Benjamin and Jenny. It sounds like you have to be careful when implementing dialer watch. (Especially, if you only want to bring up the link for 'interesting traffic'. I guess since 'dialer watch' is fairly new most people have 'floating static routes' in place. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=31813&t=31609 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
ISDN dialer watch VS floating static routes [7:31609]
When configuring an ISDN backup for a frame relay circuit do most people typically use "dialer watch" or "floating static routes". In my scenerio, it's for an eigrp network and a single router. I've seen the following article on Cisco's website: http://www.cisco.com/warp/public/123/backup-main.html However, all things being equal, which one would you use? Thanks in advance, Charlie Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=31609&t=31609 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]