showcryptohttp://www.showcrypto.com/showcrypto/en-US2010-03-10T10:17:08ZSquarespace Site Server v5.9.2 (http://www.squarespace.com/)INE SECURITY WORKBOOK - 1.6 IP Access-Listshttp://www.showcrypto.com/showcrypto/2010/2/19/ine-security-workbook-16-ip-access-lists.htmlAdmin2010-02-19T20:18:09ZINE LAB WORKBOOKThis section was pretty straight forward. Everything worked as advertised. I did make an initial mistake in my ACL for allowing NTP traffic. I made the mistake and setup the ACL using TCP instead of UDP, which confused me when it would not accept "eq ntp" on the end. This was easily corrected.

]]>INE SECURITY WORKBOOK - 1.5 Advanced Routinghttp://www.showcrypto.com/showcrypto/2010/2/15/ine-security-workbook-15-advanced-routing.htmlAdmin2010-02-15T21:29:52ZINE LAB WORKBOOKThis section introduced a command I have never used, "track". It is basically a way to setup a "smart" static route. This is a very handy command.

"a static route tracking feature is used to track the availability of a static route and, if that route fails, remove it from the routing table and replace it with a backup route."

ASA/PIX 7.x: Redundant or Backup ISP Links Configuration Example

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a00806e880b.shtml

]]>Quoted in February 2010 issue of Information Security Magazinehttp://www.showcrypto.com/showcrypto/2010/2/15/quoted-in-february-2010-issue-of-information-security-magazi.htmlAdmin2010-02-15T20:52:18ZDisaster recovery plans and DLP solutions top 2010 priorities

http://searchsecurity.techtarget.com/magazineFeature/0,296894,sid14_gci1380343_mem1,00.html

]]>Published Article on SearchSecurity.comhttp://www.showcrypto.com/showcrypto/2010/2/15/published-article-on-searchsecuritycom.htmlAdmin2010-02-15T20:38:02ZHere is a link to an article I wrote on implementing firewall egress filtering for SearchSecurity.com

NETWORK SECURITY TACTICS

How to properly implement firewall egress filtering

Deploying egress firewall traffic filtering is sometimes easier said than done. Deployment may seem simple: Implement an access control list (ACL) on a firewall to block all outbound traffic, then only allow traffic that is approved by the company's security policy.

http://searchsecurity.techtarget.com/tip/0,289483,sid14_gci1378492,00.html

]]>INE SECURITY WORKBOOK - 1.4 EIGRPhttp://www.showcrypto.com/showcrypto/2010/2/15/ine-security-workbook-14-eigrp.htmlAdmin2010-02-15T20:13:44ZINE LAB WORKBOOKThe only question I had regarding this lab was disabling OSPF on the connection to R4. The command in the solution guide appears to be incomplete. This may be due to my lab running PIX instead of ASA. To disable OSPF on my PIX the command is:

Rack1ASA1(config)#router osfp 1

Rack1ASA1(config-router)# no network 136.1.124.0 255.255.255.0 area 1

The solution guide does not include the "area 1". I will test this on an ASA to see if it behaves the same.

****Update 02.19.2010****

The "area 1" is also required on the ASA

]]>INE SECURITY WORKBOOK - 1.2 RIP v2, 1.3 OSPFhttp://www.showcrypto.com/showcrypto/2010/2/15/ine-security-workbook-12-rip-v2-13-ospf.htmlAdmin2010-02-15T20:11:29ZINE LAB WORKBOOKNothing to report here. These labs went as expected.

]]>INE Security Workbook - 1.1 VLANS and IP addressinghttp://www.showcrypto.com/showcrypto/2010/1/13/ine-security-workbook-11-vlans-and-ip-addressing.htmlAdmin2010-01-13T22:20:54ZINE LAB WORKBOOKComments and observations from CCIE Security Lab Workbook Volume I Version 5.0

ASA Firewall 1.1 VLANS and IP addressing

This section was pretty straight forward; however I did get some inconsistencies from my lab equipment compared to the solution guide. These verification inconsistencies did not take away from the overall objectives of this section.

My verification result (from Switch1):

Rack1SW1#show interface trunk

Port Vlans in spanning tree forwarding state and not pruned

Fa0/21 1,100,120-121,124

Fa0/22 none

Fa0/23 none

****The solution guide says ports Fa0/22 - 23 should display the same results as Fa0/21. Why would Fa0/22 and Fa0/23 show "none"? I haven't figured this out.

My verification result (from Switch2):

Rack1SW2#show interfaces trunk

Port Mode Encapsulation Status Native vlan

Fa0/13 on 802.1q trunking 1

Fa0/21 on 802.1q trunking 1

Fa0/22 on 802.1q trunking 1

Fa0/23 on 802.1q trunking 1

***The solution guide says ports Fa0/21 - 23 should be "auto". I can make my results look like the solution guide by changing the provided intial config for SW2 ports Fa0/21, Fa0/22, Fa0/23

from: switchport mode trunk

to: switchport mode dynamic auto

]]>Squarespace iPhone Apphttp://www.showcrypto.com/showcrypto/2009/12/3/squarespace-iphone-app.htmlAdmin2009-12-03T03:53:17ZThis is my first post using the Squarespace iPhone app.

]]>Cisco Terminal Serverhttp://www.showcrypto.com/showcrypto/2009/11/23/cisco-terminal-server.htmlAdmin2009-11-23T18:53:39ZLABI needed a very inexpensive terminal server to provide console access to my security lab. I purchased an 8 Port USB To RS232 Adapter from StarTech.

http://www.startech.com/item/ICUSB2328-8-Port-USB-To-RS232-Adapter.aspx

I found this on Amazon for $144. I attached this to the Dell Latitude D600, which is running XP. This solution works great. I RDP into the laptop and have CON access to 8 devices.

]]>Building A Security Lab - Part 2http://www.showcrypto.com/showcrypto/2009/11/23/building-a-security-lab-part-2.htmlAdmin2009-11-23T17:19:30ZINE LABI have scrapped the previous security lab I was working on. I have been able to acquire the following physical equipment:

2 - 3550-24 12.2 IP Services

4 - 2610XM 12.4(15)T11 ADV. Security

2 - PIX 525 8.0(4)

1 - Dell 1750 Running Windows 2003 with VMware Server

1 - Dell Latitude D600

All of this equipment is cabled according to the INE Lab Physical Interface Connections document.

This should get me through the majority of the VOL1 Workbook. I thought I had access to an ASA 5510, but I will have to get by using a 5505 for ASA only features.

]]>