October 4th, 2008 — cisco, internet, networking
until a few minutes ago, i had a cisco 3620 acting as my internet router. i pulled it out of commission and put a cisco asa 5505 in its place. i decided to run a speed test, and here are the results:
i thought i only had 10 mbps downstream, which is pretty much the limit on the 3620’s nm-1e2w network module i was using to connect to the cable modem. i’m glad i swapped ‘em out!
October 4th, 2008 — cisco, networking, security
new security features are being added to many enterprise switches. the availability of those features varies based on what vendor’s equipment you’re using (as well as the firmware) and each vendor offers similar features but call them by different names.
this table illustrates a few:
| cisco | hp | problem | benefit | watch out for |
|---|---|---|---|---|
| dhcp snooping | dhcp snooping | dhcp, a critical network service, is inherently trusted and easily spoofed. | creates a database of dhcp exchanges, tracking ip, mac, and port information. detects rogue dhcp servers and denies access or sends an alert. | any new dhcp server, including yours, will be identified as a rogue. configure switches to recognize new servers. |
| dynamic arp inspection | dynamic arp protection | arp maps mac address to ip address with no security checks. attackers can easily spoof arp, leading to man-in-the-middle and denial-of-service attacks. | detects spoofed mac addresses and arp flooding attacks. also uses the dhcp database to dynamically identify mac addresses early. | a downstream access switch won’t see dhcp exchanges on upstream switches, so this feature could disrupt communications |
| ip source guard | dynamic ip lockdown | dhcp can be bypassed by statically assigning hosts ip addresses. | creates a database of successful dhcp exchanges, mapping ip leases to mac address, ports, and vlans. | dhcp database isn’t centralized. hosts with statically assigned ip address have to be manually entered. |
| port security | mac lockdown | attackers can disconnect an existing device like a printer and plug in their own computer on the fully configured port. | you can statically define which mac addresses can appear on a port and all others can be denied. | not particularly effective since mac addresses can be learned and spoofed. |
| protected ports | source port filtering | computers on the same switch and vlan can communicate directly, bypassing any network-based security features. | protected ports stop adjacent computers communicating directly with each other, essentially segmenting computers. | stops p2p tasks like file sharing, im, and other host-to-host communications between computers in the same broadcast domain. |
…thanks to informationweek
October 3rd, 2008 — politics, privacy, security, software, stupid
computer world is reporting that:
a laptop containing “strategic information” was stolen from a campaign field office of presidential contender John McCain.
The laptop contained “strategic information for the [Republican party] on how we are going to reach out to people in the Kansas City area.”
i guess they’ve never heard of pgp or whole disk encryption, in general, both of which i use and recommend.
August 12th, 2008 — funny, politics
July 25th, 2008 — internet, networking
who can identify this gear? we’re moving into a new building and all this telecom gear is in there. i’m curious what each and every piece is/what it does.
if you can identify it, please leave a comment below. thanks!
you can view the originals photos (higher resolution) on my flickr photostream.
July 22nd, 2008 — funny, video
July 19th, 2008 — funny, images
i’m guessing that this guy was hurting just a few seconds later.
July 19th, 2008 — cisco, education, networking, software, video
iman jalali, director of sales and support at trainsignal, was nice enough to send me a free copy of their ccnp video course.
the ccnp certification training package, according to the website, contains over 50 hours of training for the bsci, bcmsn, ont, and iscw exams for the ccnp certification.
the videos are led by chris bryant, ccie, who never misses an opportunity to try to get you to visit his own website (link intentionally missing), where he sells his own training products as well. i don’t particular care for him, but i’ll try not to let that bias my opinion of trainsignal’s course as a whole. i hope to “review” it here soon.
July 15th, 2008 — cisco, labs, networking
okay, let’s see if this works like i meant for it to…
here’s the video from youtube’s servers (just to see if it makes a difference):
thoughts?
July 15th, 2008 — cisco, labs, networking
i’m getting ready to do a quick video tutorial/demo using camtasia and so i needed to configure my cisco 2509 terminal server. here’s how i did it, from a completely blank configuration:
Router>en
Router#configure terminal
Router(config)#hostname TERMSERV
TERMSERV(config)#interface loopback 0
TERMSERV(config-if)#ip address 192.168.254.254 255.255.255.255
TERMSERV(config-if)#exit
TERMSERV(config)#line tty 1 8
TERMSERV(config-line)#transport input all
TERMSERV(config-line)exit
TERMSERV(config)#ip host s1 2001 192.168.254.254
TERMSERV(config)#ip host r7 2007 192.168.254.254
TERMSERV(config)#ip host r8 2008 192.168.254.254
TERMSERV(config)#end
TERMSERV#copy running-config startup-config
success!
shared links