Defending against lameness since 2008

So, I am being sidetracked to take the CISSP. I have already taken the much easier Security+ exam so I have at least studied some of the courseware in the past. I am hoping to schedule this thing in June because this is the earliest I can find the exam in my driving radius. So instead of posting CCIE Security related material I will focus the next few months on generic security related items and CISSP specific stuff. Hopefully I can be successful in this endeavor because I sure remember my last Scantron based tests didn’t turn out so well.

Related Blogs

• Related Blogs on CISSP
• Is the CISSP certification still relevant? « Securitas Operandi™
• The CISSP Certification Experience: My Study Plan « TechExams.net …
• The CISSP Certification Experience « TechExams.net Blogs
• Review of PrepLogic’s CISSP Certification Practice Exams …
• Network Security » Legislation Would Limit DHS’s Right to Seize …

So after quite a long break from this blog and CCIE studying in general I will be returning to my studies and this blog. I will be using the IPExpert  stuff to restart my studying.

I just finished the IPExpert audio and video on demand lessons related to ACLs. They provide some good insight into the usage of these access-lists and their place in the CCIE Security lab. In my attempt to improve this blog I have tried my first video recording. It is just a quick look at implementing a time based ACL from the inside network to an outside network during weekly business hours (M-F 8AM to 5PM). Hopefully as I progress down this path I can make more worthwhile videos but hey, we all have to start somewhere.

Related Blogs

• Related Blogs on access control lists

• Introduction to access-lists part 1

As some of you might have noticed a few of my posts have mentioned a new website I have been working on in lieu of my CCIE Security studying. That website is my attempt at starting and information technology advertising network, basically the buying and selling of links and banners.  I will be contacting advertisers and negotiating prices for CPM (Cost per thousand impressions) and CPC (Cost Per Click) and then bringing those deals to technology websites and blogs looking to make some additional revenue. I am currently in a beta phase doing some testing with the banner delivery tracking and payout tracking. I will also be adding a referral program so if a website or blog owner clicks on a banner of mine like the one you see at the bottom of this post and signs up, you will receive a 5%-10% commission of their revenue. The 5%-10% depends on how many people you have referred, this is still being finalized.

So if you are reading this and have a technology related website or blog, check out Cert Media and sign-up as a publisher to serve more than just Adsense ads.

The IT Ad Network

So, my project website is basically complete and I have decided to focus on the CCIE Security exam again. I am gonig to try and schedule it for sometime around mid-September. Since I purchased the IPExpert Blended Learning Solution I am going to start preparing for the first lab which is ACLs and IP filtering.  I am going to spend a few days studying online and some books I have scattered around my office focusing only on access control lists, CBAC and IP Spoofing filtering.  It looks like this lab doesn’t have any firewalls so I will only be practicing on routers. Also, since moving my exam date guarantees I will be taking the new version of the lab I will only study on those appropriate IOS versions. Hopefully I can dedicate at least two hours a day for studying.

Off I go.

Related Blogs

• Related Blogs on access control lists
• IPv4 and IPv6 Access Control Lists In Cisco IOS

Since I have been focusing most of my time the last few weeks on launching my new website I haven’t been able to get any studying accomplished. I’m going ot use this as an excuse to push my lab date back a few months from April to September. This will also give me time to adjust my methods to the new lab blueprint.

Related Blogs

• Related Blogs on CCIE Security
• CCIE Security 2.X Verification Commands “Cheat Sheet”

Lately I have been working on another website that has required all of my spare time. I haven’t been doing an lab work but I have still been reading, watching the BLS VODs and listening to the BLS audio. I hope to be finished with this other website soon so I can really focus on my studies. Since this new project relates to the CCIE study progress and I believe people running websites dedicated to their studies will be interested in it I will announce its release and explain a little about it when it’s time.

Today is the official start date of my CCIE Security studies. I have taken the last few weeks since my BCSI failure to work on some other projects non-CCIE related. Even though these are not fully completed I feel that 6 months might not be enough time even with a full-time study attitude but I cannot let another day pass without studying. My goal is at least 2 hours a day during the work week and 8 hours a day on the weekends. Obviously due to circumstances related to other business interests this is a lofty goal and I will be struggling to keep my schedule.
Tonight I will start on the Volume I workbook from IPExpert’s Blended Learning Solution and hopefully tomorrow I will be filling you in on my first impression.

Bryan

EDIT: Or so I thought it would begin. I ran into some snags getting the first section working in GNS3. Since I am not so familiar with GNS3 I decided to watch a few of the videos that came with the hard drive. I will have to look at getting some rack time so I dont have to mess with GNS3.

So after struggling with the routing on this particular problem I decided to ask someone for help, that person was Josh over at Blindhog. He worked on it for about 10 minutes and was able to determine what I was doing wrong. So below is the relevant information from the final configuration of the Easy VPN client (1811).

crypto ipsec client ezvpn ASA
connect auto
group ezvpntunnel key cisco
mode network-extension
peer 64.22.228.130
username cisco password cisco
xauth userid mode local

interface Loopback0
ip address 10.2.2.100 255.255.255.0
ip nat outside
ip virtual-reassembly
ip policy route-map EzVPN-Routing
crypto ipsec client ezvpn ASA inside

ip route 0.0.0.0 0.0.0.0 10.1.1.1
ip route 172.17.0.0 255.255.255.0 Loopback0

ip access-list extended EzVPN-Routing
permit ip any 172.17.0.0 0.0.0.255

route-map EzVPN-Routing permit 10
match ip address EzVPN-Routing
set ip next-hop 10.1.1.1

The things that changed from the initial configuration I had are as follows.

• Took off the access-lists on the Loopback0 and FastEthernet0 interfaces
• Added ip nat inside and ip nat outside to their respective interfaces
• Added a route for the remote networking pointing towards the ‘outside’ interface (Loopback0)
• Changed the route-map access-list to allow anything to the remote network
• Set the set ip next-hop 10.1.1.1 (DMZ of the Pix) in the route-map
• Also, on the ASA we had to add a nonat statement for the Loopback0 interface

Again, I would like to thank Josh for his help. Without his assistance I would still be twiddling my thumbs on this one.

Related Blogs

• Related Blogs on Easy VPN
• Easy VPN Combined with VRF Lite
• Cisco - PIX 506E - 3DES/AES Firewall

So I ran through a few of the training videos this weekend and must say I really enjoyed them. Following along was easy the presenter did a good job of keeping the video flowing. I was working on some other projects so I wasn’t using them to study but I did want to run through a few of them to see what I would be dealing with for the next few months. I believe my printed workbooks should arrive tomorrow so I really look forwarded to begin working through some of them this week. As always I will try and keep this blog updated frequently as I move through the workbook and the audio/video provided.  I finished setting up my GNS3 machine and hope to finish my work lab tomorrow.

Related Blogs

• Related Blogs on GNS3
• GNS3:How to Setup CME SIP trunk to VOIP SIP Service Provider - Part 1
• Using GNS3 to Help Master the PIX/ASA – Basic Setup and the First …
• GNS3 - Switching lab part 2 (router on a stick)
• GNS3 : How to lockdown Cisco Router’s Configuration Access