RE: SAFE and the Holy Hand Grenade of Antioch [7:74304]
I agree with you that it is a pretty serious issue if it is not searchable
on Cisco's site, or in their SAFE white papers. However, it IS in every
single }current{ documentation/training materials for their security
certifications. Well, at least for all of their CCSP security
certifications. I have all of the materials for all of the current courses,
and it is in every single one of them.
Fred Reimer - CCNA
Eclipsys Corporation, 200 Ashford Center North, Atlanta, GA 30338
Phone: 404-847-5177 Cell: 770-490-3071 Pager: 888-260-2050
NOTICE; This email contains confidential or proprietary information which
may be legally privileged. It is intended only for the named recipient(s).
If an addressing or transmission error has misdirected the email, please
notify the author by replying to this message. If you are not the named
recipient, you are not authorized to use, disclose, distribute, copy, print
or rely on this email, and should immediately delete it from your computer.
-Original Message-
From: Howard C. Berkowitz [mailto:[EMAIL PROTECTED]
Sent: Monday, August 25, 2003 4:45 PM
To: [EMAIL PROTECTED]
Subject: RE: SAFE and the Holy Hand Grenade of Antioch [7:74304]
At 7:10 PM + 8/25/03, Reimer, Fred wrote:
A structured threat is a threat from someone who has experience and
knowledge as far as breaking into networks. An unstructured threat is a
threat by a script kiddie. I guess they use structured because a
knowledgeable black-hat would have a comprehensive plan on the attack,
whereas an unstructured threat would just be looking for the latest
Microsoft bug ;-)
It still seems a Cisco problem that CCO searches on structured
threat or structured attack return nothing, nor are they in the
SAFE white papers.
Interesting, a Google search on Cisco and structured threat did
bring up a few hits. http://www.coact.com/spock/spmin.oct97.html
reveals a presentation by ISS Corporation on _their_ SAFE
Architecture. The NSA director is quoted as defining structured vs.
unstructured at
http://www.kbeta.com/SecurityTips/Vulnerabilities/SpottingIntruders.htm
To me, this is a significant documentation failure by Cisco. Not all
working professionals are going to take every course Cisco offers.
It's especially important that Cisco be clear about its terminology,
since I have encountered a number of concepts where SAFE or other
documents use terminology differently than one finds in the general
professional literature on security. Quite a number of cryptographic
terms seem to be thrown about without rigorous definitions.
**Please support GroupStudy by purchasing from the GroupStudy Store:
http://shop.groupstudy.com
FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=74373t=74304
--
**Please support GroupStudy by purchasing from the GroupStudy Store:
http://shop.groupstudy.com
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
RE: SAFE and the Holy Hand Grenade of Antioch [7:74304]
This is an excellent example of why I hated taking the SAFE exam. I found myself for several questions thinking... Well, I depends on what you mean by this term. I agree with Fred though. I believe the answers they are looking for are Unstructured, Structured, External and Internal. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=74377t=74304 -- **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
RE: SAFE and the Holy Hand Grenade of Antioch [7:74304]
Indubitably - Checked on www.m-w.com :-) Fred Reimer - CCNA Eclipsys Corporation, 200 Ashford Center North, Atlanta, GA 30338 Phone: 404-847-5177 Cell: 770-490-3071 Pager: 888-260-2050 NOTICE; This email contains confidential or proprietary information which may be legally privileged. It is intended only for the named recipient(s). If an addressing or transmission error has misdirected the email, please notify the author by replying to this message. If you are not the named recipient, you are not authorized to use, disclose, distribute, copy, print or rely on this email, and should immediately delete it from your computer. -Original Message- From: Charlie Wehner [mailto:[EMAIL PROTECTED] Sent: Monday, August 25, 2003 11:04 PM To: [EMAIL PROTECTED] Subject: RE: SAFE and the Holy Hand Grenade of Antioch [7:74304] This is an excellent example of why I hated taking the SAFE exam. I found myself for several questions thinking... Well, I depends on what you mean by this term. I agree with Fred though. I believe the answers they are looking for are Unstructured, Structured, External and Internal. **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=74386t=74304 -- **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
RE: SAFE and the Holy Hand Grenade of Antioch [7:74304]
At 3:03 AM + 8/26/03, Charlie Wehner wrote: This is an excellent example of why I hated taking the SAFE exam. I found myself for several questions thinking... Well, I depends on what you mean by this term. I agree with Fred though. I believe the answers they are looking for are Unstructured, Structured, External and Internal. Annlee Hines is having trouble posting, and asked me to add her view to the thread: At 7:57 AM -0500 8/26/03, Annlee wrote: I can't post to groupstudy, so here's my reply (about the fifth time I've written it up) The four threats are: reconnaissance unauthorized access denial of service data manipulation See mike Wenstrom's MCNS CiscoPress book; a long section begins on p.13. Remember SAFE is last in th CCSP sequence -- it pulls together the ideas from all preceding exams, including MCNS/SECUR, IDS, PIX, and VPN. In addition, the CSI Exam focuses on the SMR SAFE, which IMHO is a blend between Enterprise SAFE, minus e-commerce and HA, and VPN SAFE, to handle the remote-user (R in SMR). Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=74406t=74304 -- **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
RE: SAFE and the Holy Hand Grenade of Antioch [7:74304]
Please pass this on to Annlee. I've already sent another message with an excerpt (fair use!) from the new Cisco training materials that refutes this. The threats are: Structured Unstructured Internal External The attacks are: Reconnaissance Access Denial of Service I don't know what data manipulation is. I think that would fall under access attacks. There is no dispute with the new Cisco material. With all due respect, quoting old MCNS material is misleading, as the new exams are based on the new material. I don't know about the rest of the book, but I'd seriously consider chucking that one, or recycle it if you are environmentally minded. And I don't believe it would be breaking the confidentiality agreement with Cisco to say that it would be very reasonable to expect the threat and attack questions on any of the security exams, with the new right answers. Or, to quote Parkhurst during the CCIE Power Session I wouldn't rule that out. And SAFE, or more accurately Cisco SAFE Implementation, may be the last recommended exam in the CCSP series, but all of the course material for all five of the exams go over this material, and it is possible that it shows up on every one of your five exams if you take them all. I don't know if it is, and frankly don't even remember if it was on the two I've taken so far, but I wouldn't rule it out. As a side note, what's up with the list? The message with the excerpt I sent Monday at 10:09AM (forget whether it was before or after I changed my timezone from EDT to MST). I still have not received it. Is this list so large, and I'm so late in subscribing, that it takes days to send out all the posts? Believe me, I'm grateful of the list and am not complaining, but I sometimes find myself responding to responses to my posts that I have not received yet! Just wondering if it is something I'm doing wrong ;-) Sorry if that sounded too harsh. I didn't mean it to. Fred Reimer - CCNA Eclipsys Corporation, 200 Ashford Center North, Atlanta, GA 30338 Phone: 404-847-5177 Cell: 770-490-3071 Pager: 888-260-2050 NOTICE; This email contains confidential or proprietary information which may be legally privileged. It is intended only for the named recipient(s). If an addressing or transmission error has misdirected the email, please notify the author by replying to this message. If you are not the named recipient, you are not authorized to use, disclose, distribute, copy, print or rely on this email, and should immediately delete it from your computer. -Original Message- From: Howard C. Berkowitz [mailto:[EMAIL PROTECTED] Sent: Tuesday, August 26, 2003 9:55 AM To: [EMAIL PROTECTED] Subject: RE: SAFE and the Holy Hand Grenade of Antioch [7:74304] At 3:03 AM + 8/26/03, Charlie Wehner wrote: This is an excellent example of why I hated taking the SAFE exam. I found myself for several questions thinking... Well, I depends on what you mean by this term. I agree with Fred though. I believe the answers they are looking for are Unstructured, Structured, External and Internal. Annlee Hines is having trouble posting, and asked me to add her view to the thread: At 7:57 AM -0500 8/26/03, Annlee wrote: I can't post to groupstudy, so here's my reply (about the fifth time I've written it up) The four threats are: reconnaissance unauthorized access denial of service data manipulation See mike Wenstrom's MCNS CiscoPress book; a long section begins on p.13. Remember SAFE is last in th CCSP sequence -- it pulls together the ideas from all preceding exams, including MCNS/SECUR, IDS, PIX, and VPN. In addition, the CSI Exam focuses on the SMR SAFE, which IMHO is a blend between Enterprise SAFE, minus e-commerce and HA, and VPN SAFE, to handle the remote-user (R in SMR). **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=74411t=74304 -- **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Re: SAFE and the Holy Hand Grenade of Antioch [7:74304]
I can read the list (when things show up; I've noticed the same delay -- I suspect it has to do with the email hammering from the so very big virus). The MCNS and SECUR materials, I didn't think, were too badly apart. The MCNS exam I took in late May looked a lot like the MCNS book without the PIX material. The exam topics list for SECUR on CCO is more like a rearranged MCNS than it has different content. As for the SAFE exam, I absolutely would not rule out such a question--and based on what I saw in the exam, I stand by the list I offered. Data manipulation includes IP spoofing, session replay and hijacking, rerouting, and repudiation. We can argue whether those are threats to happen or attacks that may happen. The Network Attack Taxonomy I see in the SAFE SMR Blueprint App B (p 64) includes packet sniffing, unauthorized access, DoS, IP spoofing, etc.. But there is no list of threats. At the same time, the body of the SAFE Blueprin always discusses Threats Mitigated and lists these very items. Clearly, there is a disconnect in Cisco's evolution of exams. We'll see if this makes it to the list -- I've rebuilt the connection profile. Reimer, Fred wrote: Please pass this on to Annlee. I've already sent another message with an excerpt (fair use!) from the new Cisco training materials that refutes this. The threats are: Structured Unstructured Internal External The attacks are: Reconnaissance Access Denial of Service I don't know what data manipulation is. I think that would fall under access attacks. There is no dispute with the new Cisco material. With all due respect, quoting old MCNS material is misleading, as the new exams are based on the new material. I don't know about the rest of the book, but I'd seriously consider chucking that one, or recycle it if you are environmentally minded. And I don't believe it would be breaking the confidentiality agreement with Cisco to say that it would be very reasonable to expect the threat and attack questions on any of the security exams, with the new right answers. Or, to quote Parkhurst during the CCIE Power Session I wouldn't rule that out. And SAFE, or more accurately Cisco SAFE Implementation, may be the last recommended exam in the CCSP series, but all of the course material for all five of the exams go over this material, and it is possible that it shows up on every one of your five exams if you take them all. I don't know if it is, and frankly don't even remember if it was on the two I've taken so far, but I wouldn't rule it out. As a side note, what's up with the list? The message with the excerpt I sent Monday at 10:09AM (forget whether it was before or after I changed my timezone from EDT to MST). I still have not received it. Is this list so large, and I'm so late in subscribing, that it takes days to send out all the posts? Believe me, I'm grateful of the list and am not complaining, but I sometimes find myself responding to responses to my posts that I have not received yet! Just wondering if it is something I'm doing wrong ;-) Sorry if that sounded too harsh. I didn't mean it to. Fred Reimer - CCNA Eclipsys Corporation, 200 Ashford Center North, Atlanta, GA 30338 Phone: 404-847-5177 Cell: 770-490-3071 Pager: 888-260-2050 NOTICE; This email contains confidential or proprietary information which may be legally privileged. It is intended only for the named recipient(s). If an addressing or transmission error has misdirected the email, please notify the author by replying to this message. If you are not the named recipient, you are not authorized to use, disclose, distribute, copy, print or rely on this email, and should immediately delete it from your computer. -Original Message- From: Howard C. Berkowitz [mailto:[EMAIL PROTECTED] Sent: Tuesday, August 26, 2003 9:55 AM To: [EMAIL PROTECTED] Subject: RE: SAFE and the Holy Hand Grenade of Antioch [7:74304] At 3:03 AM + 8/26/03, Charlie Wehner wrote: This is an excellent example of why I hated taking the SAFE exam. I found myself for several questions thinking... Well, I depends on what you mean by this term. I agree with Fred though. I believe the answers they are looking for are Unstructured, Structured, External and Internal. Annlee Hines is having trouble posting, and asked me to add her view to the thread: At 7:57 AM -0500 8/26/03, Annlee wrote: I can't post to groupstudy, so here's my reply (about the fifth time I've written it up) The four threats are: reconnaissance unauthorized access denial of service data manipulation See mike Wenstrom's MCNS CiscoPress book; a long section begins on p.13. Remember SAFE is last in th CCSP sequence -- it pulls together the ideas from all preceding exams, including MCNS/SECUR, IDS, PIX, and VPN. In addition, the CSI Exam focuses on the SMR SAFE, which IMHO is a blend between Enterprise SAFE, minus e
RE: SAFE and the Holy Hand Grenade of Antioch [7:74304]
At 12:04 PM -0400 8/26/03, Reimer, Fred wrote: Please pass this on to Annlee. She can read, but is having trouble posting. I've already sent another message with an excerpt (fair use!) from the new Cisco training materials that refutes this. The threats are: Structured Unstructured Internal External I would observe that these are more characteristic of the maker of the threat than of the threat itself. The attacks are: Reconnaissance Access Denial of Service I don't know what data manipulation is. I think that would fall under access attacks. In the discussion below, I would consider data manipulation to be an attack on integrity. Reconnaissance is not necessarily an attack on the user communications, but it may be preparation for an attack by probing the infrastructure. I suppose attacks on confidentiality could be stretched to be reconnaissance, but I hesitate to put cryptanalysis under reconnaissance. I tend to approach characterizing security and threats by the attributes (some optional) of a secure communication. These are quite well established in the formal literature -- and I'm not speaking of going to the level of the Bell-LaPadula Theorem or the *-property. Also not getting into multilevel security or exotica like covert channels, compromising emanations, etc. A communication must be authentic and auditable. There must be user authentication There may be server (protected object) authentication A communication must have data integrity at the atomic (single message) level It may have sequential integrity (message stream) level, preventing replay, deletion, etc. A communication may have content confidentiality (sometimes called privacy) The existence of the communication may be hidden, or the source and destination may be hidden. The communication may be subject to source or recipient non-repudiation, or both The communication is protected from denial of service, which may be caused by attacks, errors, or disasters There is no dispute with the new Cisco material. With all due respect, quoting old MCNS material is misleading, as the new exams are based on the new material. I don't know about the rest of the book, but I'd seriously consider chucking that one, or recycle it if you are environmentally minded. And I don't believe it would be breaking the confidentiality agreement with Cisco to say that it would be very reasonable to expect the threat and attack questions on any of the security exams, with the new right answers. Or, to quote Parkhurst during the CCIE Power Session I wouldn't rule that out. And SAFE, or more accurately Cisco SAFE Implementation, may be the last recommended exam in the CCSP series, but all of the course material for all five of the exams go over this material, and it is possible that it shows up on every one of your five exams if you take them all. I don't know if it is, and frankly don't even remember if it was on the two I've taken so far, but I wouldn't rule it out. As a side note, what's up with the list? The message with the excerpt I sent Monday at 10:09AM (forget whether it was before or after I changed my timezone from EDT to MST). I still have not received it. Is this list so large, and I'm so late in subscribing, that it takes days to send out all the posts? Believe me, I'm grateful of the list and am not complaining, but I sometimes find myself responding to responses to my posts that I have not received yet! Just wondering if it is something I'm doing wrong ;-) Sorry if that sounded too harsh. I didn't mean it to. As a moderator, but not actually running the server, there are circuit breakers that stop forwarding if there are more posts than seems sane -- and these have been getting tripped by malware bounces. The spool also fills up at times. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=74419t=74304 -- **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
RE: SAFE and the Holy Hand Grenade of Antioch [7:74304]
At 12:25 AM +0100 8/25/03, Dom wrote: Is SAFE the Sparrow Area Fast Ethernet we have heard so much about? Ah. But is it RFC 1149 compliant? FIRST SOLDIER Oh yes! An African swallow maybe ... but not a European swallow. that's my point. SECOND SOLDIER Oh yes, I agree there ... ARTHUR (losing patience) Will you ask your master if he wants to join the Knights of Camelot?! FIRST SOLDIER But then of course African swallows are non-migratory. Best regards, Dom Stocqueler SysDom Technologies Visit our website - www.sysdom.org P.S. Howard, I thought you were doing Homeland Security, not taking class A's! Oh, there's always room for expansion--doing clinical things, but also exploring whether the Ministry of Silly Walks runs EIGRP. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Howard C. Berkowitz Sent: 24 August 2003 22:45 To: [EMAIL PROTECTED] Subject: SAFE and the Holy Hand Grenade of Antioch [7:74304] Monty Python is always my inspiration in understanding network architecture. The number for the Holy Hand Grenade of Antioch is not two and not four, but three. And so the SAFE Test Blueprint asks you to: Identify four kinds of types of security threats Discuss in detail the four different options for providing secure remote user connectivity. Yet when I go through the SAFE documentation, I find: 7 Axioms of types of targets (p. 5 of PDF) 3 Types of Expected Threats (p. 10) 3 separate validation services for remote user access (p. 30) 12 elements of the taxonomy of network attacks (p. 56), some of which are actually host attacks. No number that is four. What is wrong with this picture? Am I perhaps reading the African rather the European SAFE model? Did some threat sink because it was NOT a witch? Am I on the wrong quest, or using Brave Sir Robin as my guide? Is the SAFE model pining for the fjords? Has it joined the choir eternal of ex-models? **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=74308t=74304 -- **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
RE: SAFE and the Holy Hand Grenade of Antioch [7:74304]
Refer to the SMR SAFE whitepaper: SAFE: Extending the Security Blueprint to Small, Midsize, and Remote-User Networks Page 25: Remote-User Design Software Access Remote-site firewall option Hardware VPN client option Remote-site router option I can't find the four type of security threats either. The SMR paper only lists 2, instead of the 3 that the Enterprise paper lists. Josh -Original Message- From: Howard C. Berkowitz [mailto:[EMAIL PROTECTED] Sent: Sunday, August 24, 2003 5:45 PM To: [EMAIL PROTECTED] Subject: SAFE and the Holy Hand Grenade of Antioch [7:74304] Monty Python is always my inspiration in understanding network architecture. The number for the Holy Hand Grenade of Antioch is not two and not four, but three. And so the SAFE Test Blueprint asks you to: Identify four kinds of types of security threats Discuss in detail the four different options for providing secure remote user connectivity. Yet when I go through the SAFE documentation, I find: 7 Axioms of types of targets (p. 5 of PDF) 3 Types of Expected Threats (p. 10) 3 separate validation services for remote user access (p. 30) 12 elements of the taxonomy of network attacks (p. 56), some of which are actually host attacks. No number that is four. What is wrong with this picture? Am I perhaps reading the African rather the European SAFE model? Did some threat sink because it was NOT a witch? Am I on the wrong quest, or using Brave Sir Robin as my guide? Is the SAFE model pining for the fjords? Has it joined the choir eternal of ex-models? **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=74307t=74304 -- **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
RE: SAFE and the Holy Hand Grenade of Antioch [7:74304]
Is SAFE the Sparrow Area Fast Ethernet we have heard so much about? FIRST SOLDIER Oh yes! An African swallow maybe ... but not a European swallow. that's my point. SECOND SOLDIER Oh yes, I agree there ... ARTHUR (losing patience) Will you ask your master if he wants to join the Knights of Camelot?! FIRST SOLDIER But then of course African swallows are non-migratory. Best regards, Dom Stocqueler SysDom Technologies Visit our website - www.sysdom.org P.S. Howard, I thought you were doing Homeland Security, not taking class A's! -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Howard C. Berkowitz Sent: 24 August 2003 22:45 To: [EMAIL PROTECTED] Subject: SAFE and the Holy Hand Grenade of Antioch [7:74304] Monty Python is always my inspiration in understanding network architecture. The number for the Holy Hand Grenade of Antioch is not two and not four, but three. And so the SAFE Test Blueprint asks you to: Identify four kinds of types of security threats Discuss in detail the four different options for providing secure remote user connectivity. Yet when I go through the SAFE documentation, I find: 7 Axioms of types of targets (p. 5 of PDF) 3 Types of Expected Threats (p. 10) 3 separate validation services for remote user access (p. 30) 12 elements of the taxonomy of network attacks (p. 56), some of which are actually host attacks. No number that is four. What is wrong with this picture? Am I perhaps reading the African rather the European SAFE model? Did some threat sink because it was NOT a witch? Am I on the wrong quest, or using Brave Sir Robin as my guide? Is the SAFE model pining for the fjords? Has it joined the choir eternal of ex-models? **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=74306t=74304 -- **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Re: SAFE and the Holy Hand Grenade of Antioch [7:74304]
Yet when I go through the SAFE documentation, I find: 7 Axioms of types of targets (p. 5 of PDF) 3 Types of Expected Threats (p. 10) 3 separate validation services for remote user access (p. 30) 12 elements of the taxonomy of network attacks (p. 56), some of which are actually host attacks. No number that is four. Uhm, this is 4-items list... ;-) Marko. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=74310t=74304 -- **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
RE: SAFE and the Holy Hand Grenade of Antioch [7:74304]
Not sure if this what there looking for but in my MCNS book they have the following threat types: Security Threat Types: -Reconnaissance -Unauthorized access -Denial of Service -Data Manipulation The 4 remote users designs are the following: Software accessRemote user with a software VPN client and personal firewall software on the PC Remote-site firewall optionRemote site is protected with a dedicated firewall that provides firewalling and IPSec VPN connectivity to corporate headquarters; WAN connectivity is provided via an ISP-provided broadband access device (i.e. DSL or cable modem). Hardware VPN client optionRemote site using a dedicated hardware VPN client that provides IPSec VPN connectivity to corporate headquarters; WAN connectivity is provided via an ISP-provided broadband access device Remote-site router optionRemote site using a router that provides both firewalling and IPSec VPN connectivity to corporate headquarters. This router can either provide direct broadband access or go through and ISP-provided broadband access device. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=74313t=74304 -- **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
RE: SAFE and the Holy Hand Grenade of Antioch [7:74304]
At 1:45 AM + 8/25/03, Charlie Wehner wrote: Not sure if this what there looking for but in my MCNS book they have the following threat types: Security Threat Types: -Reconnaissance -Unauthorized access -Denial of Service -Data Manipulation I suspect that's the list -- that the people that wrote the test blueprint worked from the MCNS material rather than the SAFE White Paper. With the exception of data manipulation, these fall generally under the list of 12 threats in Appendix B. I wonder if there's a clue here -- that people studying for the SAFE test should prefer MCNS over the White Paper. Personally, I wish the people working on this had done a more traditional approach from the security literature, approaching it from the positive characteristics of a secure communications: Authentic User Server/object Appropriate user privileges Integrity Atomic (single record) Sequential (record stream - protection against replay, deletion, etc.) Confidentiality Content confidentiality (also called privacy) Confidentiality of the existence of the communication (e.g., masking0 Nonrepudiation Source Recipient Protected against denial of service Auditable The 4 remote users designs are the following: o Software accesssRemote user with a software VPN client and personal firewall software on the PC o Remote-site firewall optionsRemote site is protected with a dedicated firewall that provides firewalling and IPSec VPN connectivity to corporate headquarters; WAN connectivity is provided via an ISP-provided broadband access device (i.e. DSL or cable modem). o Hardware VPN client optionsRemote site using a dedicated hardware VPN client that provides IPSec VPN connectivity to corporate headquarters; WAN connectivity is provided via an ISP-provided broadband access device o Remote-site router optionsRemote site using a router that provides both firewalling and IPSec VPN connectivity to corporate headquarters. This router can either provide direct broadband access or go through and ISP-provided broadband access device. Thanks again. These were the four we used to use in CID, but I certainly don't see them in the page 30 guidelines. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=74323t=74304 -- **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
RE: SAFE and the Holy Hand Grenade of Antioch [7:74304]
Structured Unstructured Internal External It's covered in every training course I've taken so far on my way to CCSP. CSVPN covers it, SECUR covers it, CSI covers it, I believe CSPFA covers it, and CSIDS probably covers it. Joshua covered the four remote-access types nicely... Fred Reimer - CCNA Eclipsys Corporation, 200 Ashford Center North, Atlanta, GA 30338 Phone: 404-847-5177 Cell: 770-490-3071 Pager: 888-260-2050 NOTICE; This email contains confidential or proprietary information which may be legally privileged. It is intended only for the named recipient(s). If an addressing or transmission error has misdirected the email, please notify the author by replying to this message. If you are not the named recipient, you are not authorized to use, disclose, distribute, copy, print or rely on this email, and should immediately delete it from your computer. -Original Message- From: Marko Milivojevic [mailto:[EMAIL PROTECTED] Sent: Sunday, August 24, 2003 8:29 PM To: [EMAIL PROTECTED] Subject: Re: SAFE and the Holy Hand Grenade of Antioch [7:74304] Yet when I go through the SAFE documentation, I find: 7 Axioms of types of targets (p. 5 of PDF) 3 Types of Expected Threats (p. 10) 3 separate validation services for remote user access (p. 30) 12 elements of the taxonomy of network attacks (p. 56), some of which are actually host attacks. No number that is four. Uhm, this is 4-items list... ;-) Marko. **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=74322t=74304 -- **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Re: SAFE and the Holy Hand Grenade of Antioch [7:74304]
At 12:28 AM + 8/25/03, Marko Milivojevic wrote: Yet when I go through the SAFE documentation, I find: 7 Axioms of types of targets (p. 5 of PDF) 3 Types of Expected Threats (p. 10) 3 separate validation services for remote user access (p. 30) 12 elements of the taxonomy of network attacks (p. 56), some of which are actually host attacks. No number that is four. Uhm, this is 4-items list... ;-) Marko. /Indiana Jones voice Recursion. Why does it always have to be recursion? /*Indiana Jones voice Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=74321t=74304 -- **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
RE: SAFE and the Holy Hand Grenade of Antioch [7:74304]
Reimer, Fred wrote: Structured Unstructured Internal External What is a structured versus unstrucuted security threat? There sure are a lot of unstructured ones going on right now. Anyone else seeing a huge increase in pings? I guess it's the welchia virus. It's getting ugly. And the amount of spam from sobig is really astounding. Perhaps we need a more structured way of allowing clueless users to get on the Internet. Maybe ISPs that don't provide personal firewalls and anti-virus software for their end users should be disallowed somehow. (I'm thinking that most of the problems are coming from clueless home and small business users, not enterprise networks, where things are more structured, hopefully.) Priscilla It's covered in every training course I've taken so far on my way to CCSP. CSVPN covers it, SECUR covers it, CSI covers it, I believe CSPFA covers it, and CSIDS probably covers it. Joshua covered the four remote-access types nicely... Fred Reimer - CCNA Eclipsys Corporation, 200 Ashford Center North, Atlanta, GA 30338 Phone: 404-847-5177 Cell: 770-490-3071 Pager: 888-260-2050 NOTICE; This email contains confidential or proprietary information which may be legally privileged. It is intended only for the named recipient(s). If an addressing or transmission error has misdirected the email, please notify the author by replying to this message. If you are not the named recipient, you are not authorized to use, disclose, distribute, copy, print or rely on this email, and should immediately delete it from your computer. -Original Message- From: Marko Milivojevic [mailto:[EMAIL PROTECTED] Sent: Sunday, August 24, 2003 8:29 PM To: [EMAIL PROTECTED] Subject: Re: SAFE and the Holy Hand Grenade of Antioch [7:74304] Yet when I go through the SAFE documentation, I find: 7 Axioms of types of targets (p. 5 of PDF) 3 Types of Expected Threats (p. 10) 3 separate validation services for remote user access (p. 30) 12 elements of the taxonomy of network attacks (p. 56), some of which are actually host attacks. No number that is four. Uhm, this is 4-items list... ;-) Marko. **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=74342t=74304 -- **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Re: SAFE and the Holy Hand Grenade of Antioch [7:74304]
Priscilla Oppenheimer wrote: Reimer, Fred wrote: Structured Unstructured Internal External What is a structured versus unstrucuted security threat? There sure are a lot of unstructured ones going on right now. Anyone else seeing a huge increase in pings? I guess it's the welchia virus. It's getting ugly. And the amount of spam from sobig is really astounding. Perhaps we need a more structured way of allowing clueless users to get on the Internet. Maybe ISPs that don't provide personal firewalls and anti-virus software for their end users should be disallowed somehow. (I'm thinking that most of the problems are coming from clueless home and small business users, not enterprise networks, where things are more structured, hopefully.) Ha, you be thinking incorrectly! Big doesn't equal smart. Also users bring their laptop outside a secure network, get the disease and spread it around the secure network. Job security no;) Dave Priscilla It's covered in every training course I've taken so far on my way to CCSP. CSVPN covers it, SECUR covers it, CSI covers it, I believe CSPFA covers it, and CSIDS probably covers it. Joshua covered the four remote-access types nicely... Fred Reimer - CCNA Eclipsys Corporation, 200 Ashford Center North, Atlanta, GA 30338 Phone: 404-847-5177 Cell: 770-490-3071 Pager: 888-260-2050 NOTICE; This email contains confidential or proprietary information which may be legally privileged. It is intended only for the named recipient(s). If an addressing or transmission error has misdirected the email, please notify the author by replying to this message. If you are not the named recipient, you are not authorized to use, disclose, distribute, copy, print or rely on this email, and should immediately delete it from your computer. -Original Message- From: Marko Milivojevic [mailto:[EMAIL PROTECTED] Sent: Sunday, August 24, 2003 8:29 PM To: [EMAIL PROTECTED] Subject: Re: SAFE and the Holy Hand Grenade of Antioch [7:74304] Yet when I go through the SAFE documentation, I find: 7 Axioms of types of targets (p. 5 of PDF) 3 Types of Expected Threats (p. 10) 3 separate validation services for remote user access (p. 30) 12 elements of the taxonomy of network attacks (p. 56), some of which are actually host attacks. No number that is four. Uhm, this is 4-items list... ;-) Marko. **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html -- David Madland CCIE# 2016 Sr. Network Engineer Qwest Communications 612-664-3367 Government can do something for the people only in proportion as it can do something to the people. -- Thomas Jefferson Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=74349t=74304 -- **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
RE: SAFE and the Holy Hand Grenade of Antioch [7:74304]
MCNS is old material. The new material is SECUR. The new material, all five courses, say it's unstructured, structured, internal, and external... Fred Reimer - CCNA Eclipsys Corporation, 200 Ashford Center North, Atlanta, GA 30338 Phone: 404-847-5177 Cell: 770-490-3071 Pager: 888-260-2050 NOTICE; This email contains confidential or proprietary information which may be legally privileged. It is intended only for the named recipient(s). If an addressing or transmission error has misdirected the email, please notify the author by replying to this message. If you are not the named recipient, you are not authorized to use, disclose, distribute, copy, print or rely on this email, and should immediately delete it from your computer. -Original Message- From: Howard C. Berkowitz [mailto:[EMAIL PROTECTED] Sent: Monday, August 25, 2003 1:09 AM To: [EMAIL PROTECTED] Subject: RE: SAFE and the Holy Hand Grenade of Antioch [7:74304] At 1:45 AM + 8/25/03, Charlie Wehner wrote: Not sure if this what there looking for but in my MCNS book they have the following threat types: Security Threat Types: -Reconnaissance -Unauthorized access -Denial of Service -Data Manipulation I suspect that's the list -- that the people that wrote the test blueprint worked from the MCNS material rather than the SAFE White Paper. With the exception of data manipulation, these fall generally under the list of 12 threats in Appendix B. I wonder if there's a clue here -- that people studying for the SAFE test should prefer MCNS over the White Paper. Personally, I wish the people working on this had done a more traditional approach from the security literature, approaching it from the positive characteristics of a secure communications: Authentic User Server/object Appropriate user privileges Integrity Atomic (single record) Sequential (record stream - protection against replay, deletion, etc.) Confidentiality Content confidentiality (also called privacy) Confidentiality of the existence of the communication (e.g., masking0 Nonrepudiation Source Recipient Protected against denial of service Auditable The 4 remote users designs are the following: o Software accesssRemote user with a software VPN client and personal firewall software on the PC o Remote-site firewall optionsRemote site is protected with a dedicated firewall that provides firewalling and IPSec VPN connectivity to corporate headquarters; WAN connectivity is provided via an ISP-provided broadband access device (i.e. DSL or cable modem). o Hardware VPN client optionsRemote site using a dedicated hardware VPN client that provides IPSec VPN connectivity to corporate headquarters; WAN connectivity is provided via an ISP-provided broadband access device o Remote-site router optionsRemote site using a router that provides both firewalling and IPSec VPN connectivity to corporate headquarters. This router can either provide direct broadband access or go through and ISP-provided broadband access device. Thanks again. These were the four we used to use in CID, but I certainly don't see them in the page 30 guidelines. **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=74352t=74304 -- **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
RE: SAFE and the Holy Hand Grenade of Antioch [7:74304]
A structured threat is a threat from someone who has experience and knowledge as far as breaking into networks. An unstructured threat is a threat by a script kiddie. I guess they use structured because a knowledgeable black-hat would have a comprehensive plan on the attack, whereas an unstructured threat would just be looking for the latest Microsoft bug ;-) Fred Reimer - CCNA Eclipsys Corporation, 200 Ashford Center North, Atlanta, GA 30338 Phone: 404-847-5177 Cell: 770-490-3071 Pager: 888-260-2050 NOTICE; This email contains confidential or proprietary information which may be legally privileged. It is intended only for the named recipient(s). If an addressing or transmission error has misdirected the email, please notify the author by replying to this message. If you are not the named recipient, you are not authorized to use, disclose, distribute, copy, print or rely on this email, and should immediately delete it from your computer. -Original Message- From: Priscilla Oppenheimer [mailto:[EMAIL PROTECTED] Sent: Monday, August 25, 2003 1:46 PM To: [EMAIL PROTECTED] Subject: RE: SAFE and the Holy Hand Grenade of Antioch [7:74304] Reimer, Fred wrote: Structured Unstructured Internal External What is a structured versus unstrucuted security threat? There sure are a lot of unstructured ones going on right now. Anyone else seeing a huge increase in pings? I guess it's the welchia virus. It's getting ugly. And the amount of spam from sobig is really astounding. Perhaps we need a more structured way of allowing clueless users to get on the Internet. Maybe ISPs that don't provide personal firewalls and anti-virus software for their end users should be disallowed somehow. (I'm thinking that most of the problems are coming from clueless home and small business users, not enterprise networks, where things are more structured, hopefully.) Priscilla It's covered in every training course I've taken so far on my way to CCSP. CSVPN covers it, SECUR covers it, CSI covers it, I believe CSPFA covers it, and CSIDS probably covers it. Joshua covered the four remote-access types nicely... Fred Reimer - CCNA Eclipsys Corporation, 200 Ashford Center North, Atlanta, GA 30338 Phone: 404-847-5177 Cell: 770-490-3071 Pager: 888-260-2050 NOTICE; This email contains confidential or proprietary information which may be legally privileged. It is intended only for the named recipient(s). If an addressing or transmission error has misdirected the email, please notify the author by replying to this message. If you are not the named recipient, you are not authorized to use, disclose, distribute, copy, print or rely on this email, and should immediately delete it from your computer. -Original Message- From: Marko Milivojevic [mailto:[EMAIL PROTECTED] Sent: Sunday, August 24, 2003 8:29 PM To: [EMAIL PROTECTED] Subject: Re: SAFE and the Holy Hand Grenade of Antioch [7:74304] Yet when I go through the SAFE documentation, I find: 7 Axioms of types of targets (p. 5 of PDF) 3 Types of Expected Threats (p. 10) 3 separate validation services for remote user access (p. 30) 12 elements of the taxonomy of network attacks (p. 56), some of which are actually host attacks. No number that is four. Uhm, this is 4-items list... ;-) Marko. **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=74351t=74304 -- **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
RE: SAFE and the Holy Hand Grenade of Antioch [7:74304]
At 7:10 PM + 8/25/03, Reimer, Fred wrote: A structured threat is a threat from someone who has experience and knowledge as far as breaking into networks. An unstructured threat is a threat by a script kiddie. I guess they use structured because a knowledgeable black-hat would have a comprehensive plan on the attack, whereas an unstructured threat would just be looking for the latest Microsoft bug ;-) It still seems a Cisco problem that CCO searches on structured threat or structured attack return nothing, nor are they in the SAFE white papers. Interesting, a Google search on Cisco and structured threat did bring up a few hits. http://www.coact.com/spock/spmin.oct97.html reveals a presentation by ISS Corporation on _their_ SAFE Architecture. The NSA director is quoted as defining structured vs. unstructured at http://www.kbeta.com/SecurityTips/Vulnerabilities/SpottingIntruders.htm To me, this is a significant documentation failure by Cisco. Not all working professionals are going to take every course Cisco offers. It's especially important that Cisco be clear about its terminology, since I have encountered a number of concepts where SAFE or other documents use terminology differently than one finds in the general professional literature on security. Quite a number of cryptographic terms seem to be thrown about without rigorous definitions. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=74360t=74304 -- **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
