My experiences in the wonderful world of Information Security.
I decided to go ahead and book my lab for April 15, 2009 in San Jose. I figured doing the lab a few days before my birthday would either make it the best or worst birthday I have ever had. I also booked my BSCI exam for September 19th. I plan on starting day 1 of the lab study on the following day of the BSCI exam. I hope to do a better job of tracking my studying subjects and time throughout the lab preparation.
OSPF (Open Shortest Path First) is an open standard link-state routing protocol that runs the Dijkstra Shortest Path First algorithm. A lot of technical information related to OSPF can be found in RFC 2328. When an OSPF link goes up or down a link-state advertisement (LSA) is generated. LSAs are shared with neighbors and put into the link-state database (LDSB) or topology table. OSPF also uses the neighbor, topology and routing tables just like EIGRP. However, unlike EIGRP every time there is a network change the entire routing table is propagated. An OSPF area is used to logically seperate the routers into more manageable groupings. They are also used to lower the amount of resources on each segment router. The backbone or transit area (Area 0) is always the central area and all other areas must attach to the backbone area. The routers that connect an area and the backbone area is known as an Area Border Router (ABR) and a router that connects to other routing domains, usually the internet, are known as an Autonomous System Boundary Router (ASBR).
The following list is all the possible states of a neighbor relationship:
The Designated Router maintains adjacencies with all segment routers and the Backup Designated Router is used for redundancy. OSPF has five packet types:
There are four different types of OSPF network types:
OSPF supports four different types of areas:
The following table describes the different types of LSA packets:
| LSA TYPE | ROUTING TABLE ENTRY | DESCRIPTION |
|---|---|---|
| 1 - Router Link | O | lists neighbors and their cost |
| 2 - Network Link | O | DR lists adjacent routers |
| 3 - Network Summary | OIA | summary between ABRs |
| 4 - Summary Link | OIA | ASBR advertises itself |
| 5 - External Link | OE1 or OE2 | default route out of the AS |
| 7 - NSSA External | OE1 or OE2 | Type 5 LSA in a NSSA |
Here is some hopefully relevant information about EIGRP that you might expect to see on the exam. EIGRP uses IP protocol 88 and sorts the best and backup routes with the Diffusing Update Algorithm (DUAL). It uses the following five types of packets to communicate.
The hello packet uses the multicast address of 224.0.0.10 to communicate with its neighbors. EIGRP supports unequal-cost load sharing. This is done by taking the feasible distance and multiplying it by the variance.
EIGRP maintains three tables.
You can configure stub routers in EIGRP. Stub routers are most commonly used in hub-and-spoke networks and use less resources on the spoke routers. Limited EIGRP information is sent between the stub and core router since it has only one neighbor.
The real metric can be calculated by using the formula 256*(bandwidth + delay)
Since I have decided to finish the BSCI exam before starting on my lab studies I will be posting some updates on this exam as well. I just got through reading the Introduction chapter of the Cisco Press Official Exam Certification Guide. Below are a few things that will most likely be referenced on the test, in my opinion of course.
| Routing Protocol | Distance Vector/Link State | Classless | IGP/EGP | Covergence Speed | Cisco Proprietary |
|---|---|---|---|---|---|
| RIP | DV | NO | IGP | Slow | NO |
| RIPv2 | DV | YES | IGP | Slow | NO |
| EIGRP | DV | YES | IGP | Fast | YES |
| OSPF | LS | YES | IGP | Fast | NO |
| BGP | Path Vector | YES | EGP | Slow | NO |
Well after about 90 minutes I was able to finish the exam and review it completely. I’m glad I decided to review it because I caught a few answers that were wrong the first time around. I also noticed that if you decide to do a full review and not mark any questions for review while going through the test it will reset the drag and drop questions. All-in-all I thought the exam was easier than I expected it to be, especially it only requiring a 57 to pass. I was lucky enough to surpass this mark and can now move on to studying for the lab. Before I mark off 100% of my study time for the lab I have decided to take the BSCI exam to better understand the routing protocols as I have realized I am a little weak in this department. I figured I might as well take the exam if I am going to learn the materials.
Well, I have studied and read all I could and hopefully it will be enough. Leaving in around 20 minutes for my exam.
TKIP (Temporal Key Integrity Protocol) is an 802.11i standard that enhances WEP by providing key mixing, anti-replay and message integrity.
EAP (Extensible Authentication Protocol - RFC 3748) - is a universal authentication framework that provides increased functionality and communication for an authentication mechanism. It is available for both wired and wireless LANs and the WLAN piece is defined in RFC 4017.
There are multiple EAP methods used in access control solutions and a few are listed below:
EAP-MD5 is one of the more common EAP methods due to its ease of deployment. However, it is also one of the least secure EAP methods because of the recent vulnerabilities to the MD5 hash.
EAP-TLS (RFC 2716) was developed by Microsoft as an extension to PPP to provide authentication within PPP with TLS (Transport Layer Security) providing integrity for the key exchange. TLS is the successor to SSL. EAP-TLS provides confidentiality and integrity on a per-packet basis and can also provide port-based certificate access control by using the X.509 PKI infrastructure. The deployment of EAP-TLS can become increasingly complex due to the mutual authentication and negotiation requirements
PEAP (Protected Extensible Authentication Protocol) was developed by Cisco, Microsoft and RSA. It is the preferred method for wireless authentication methods due to the increased functionality and security it provides. It uses a TLS tunnel that requires server-side certificates only and allows any EAP method type to be encapsulated inside its TLS tunnel.
RADIUS is a client/server protocol used to provide interoperability between different vendors to achieve secure networks through AAA (authentication, authorization and accounting). RFC 2865 describes the authentication piece of RADIUS and the accounting part of RADIUS is explained in RFC 2866. RADIUS Authentication and Authorization use UDP port 1812 and RADIUS Accounting uses UDP port 1813. In older deployments of RADIUS UDP ports 1645 and 1646 were used but were in conflict with another service called ‘diametrics’. RADIUS uses attributes to define parameters for the session which are usually called A-V pairs. Attribute 26 is a vendor-specific attribute which allows each vendor to support their own parameters. RADIUS combines the authentication and authorization and only encrypts the password so it is less secure overall than TACACS+.
The following are common RADIUS responses:
TACACS+ is a Cisco proprietary security protocol that can be used to provide authentication of users. TACACS+ is a very modular approach to AAA as it can use ACLs to on a per-user basis and also separates out each service (authentication, authorization and accounting). It uses TCP port 49 for reliable transport and the previous TACACS protocol is documented in RFC 1492. Unlike RADIUS all data between the client and server is encrypted creating a much more secure protocol.
Below are some responses received from the TACACS+ server:
ESP (RFC 4303) - Encapsulating Security Payload is an IP protocol that is used to protect the CIA (Confidentiality, Integrity and Authenticity) of data and can also prevent IP replay attacks. In transport mode ESP does not encrypt the original IP header only the data payload whereas in tunnel mode the entire packet is encrypted.
AH (RFC 4302) - Authentication Header is used to guarantee connectionless integrity of the packets and it can also protect against IP replay attacks (Integrity, Authentication and Non-Repudiation).
I went ahead and scheduled my written exam for August 1st. I am about 90% ready so far even though my posts don’t show it. I have almost finished the latest book by Yusuf Bhaiji titled Network Security Technologies and Solutions. I am also going through the CCIE Security Exam Quick Reference Sheets. I hope to finish the book by Yusuf this week and spend the rest of my time just reviewing some things I am less learned in. I also hope to catch my posts back up to what I have read by the time I take the test.