mreynolds5000 asked:

For an univeristy project, I was required to make a video commercial so I made an informative commercial concerning the basic Cisco networking course that I teach at my school, the American College of Sofia.

Content by CCNA4U http://www.ccna4u.org Email: quocvuong.it@gmail.com

john asked:


Can you use the windows scientific calculator or any calculator for the Cisco CCNA exam for binary, decimal and hexadecimal conversions.

Content by CCNA4U http://www.ccna4u.org Email: quocvuong.it@gmail.com

Nicholas Evra asked:


CBAC Overview

The Cisco IOS Firewall Feature Set is a module that can be added to the existing IOS to provide firewall functionality without the need for hardware upgrades. There are two components to the Cisco IOS Firewall Feature Set in Intrusion Detection (which is an optional bolt-on) and Context-Based Access Control (CBAC). CBAC maintains a state table for all of the outbound connections on a Cisco router by inspecting tcp and udp connections at layer seven of the OSI model and populating the table accordingly. When return traffic is received on the external interface it is compared against the state table to see if the connection was originally established from within the internal network, and then either permitted or denied. Although basic this is a very effective mechanism to prevent unauthorized access to the internal network from external sources such as the internet.

CBAC Application-specific support

Cisco have also built in some additional functionality into CBAC in terms of application-specific inspection that enables the router to recognize and identify application specific data flows such as HTTP, SMTP, TFTP, and FTP. Understanding these applications and their data flows empowers the router to identify malformed packets or suspect application data flows and permit or deny accordingly. CBAC also provides the flexibility of downloading Java code from trusted sites, but it denying untrusted sites.

CBAC and Denial of Service (DOS) Attacks

Denial-Of-Service (DOS) attack protection is also in-built with real-time logging of alerts as well as pro-active responses to mitigate the threat. To do this CBAC can be configured to manage half-open TCP connections which are used in TCP SYN flood attacks to overload a targets resources resulting in a denial of service to legitimate users. To do this CBAC uses timeouts and thresholds, which are configurable, to determine how long state information for each connection should be kept for sessions and when to drop them. Note that UDP and ICMP require that an idle-timer limit is used to determine when a connection should be terminated. A very useful command to identify a DOS attack is ‘ip inspect audit-trail’ which logs all DOS connections including source and destination IP address and TCP or UDP ports allowing you to pin-point the exact source and destination of the attack.

Configuring CBAC

There are five steps to configuring CBAC on a Cisco router in order for it to function correctly. These are as follows:

1. Choose an interface to which inspection will be applied. This can be an internal or external interface as CBAC is only concerned with the direction of the first packet initiating the connection which is identified when applying CBAC to an interface.

2. Configure an IP access list in the correct direction on the selected interface to allow traffic through for CBAC to inspect.

3. Configure global timeouts and thresholds for established connections or sessions.

4. Define an inspection rule specifying exactly which protocols will be inspected by CBAC.

5. Apply the inspection rule to the interface in the correct direction.



Content by CCNA4U http://www.ccna4u.org Email: quocvuong.it@gmail.com

Shaun Hummel asked:


Overview

All design changes you make to your network must be tested with a proof of concept plan. It is important to test the current design, configuration and IOS versions in a non-production environment or on the production network with limited disruption. Implementation of newer network modules at a router, for instance, could require that you change the current IOS version that is implemented. Making those changes could affect WAN or campus modules already installed at production routers. That is the real value of doing a proof of concept and certifying that the new equipment and IOS versions integrate with each device as well as the network.

Advantages

The following list describes the advantages of doing a proof of concept with your network design.  The proof of concept test results should be examined and used to modify current infrastructure, security and management specifications before generating a design proposal. The proof of concept model suggested here involves prototype design, equipment provisioning, defining tests, building equipment scripts and examining test results.  

The following list describes specific advantages associated with proof of concept testing

•  Address any design concerns without affecting your production network

•  Build and test configuration scripts before implementation

•  Test new IOS, Cat OS and WAN OS versions and firmware

•  Sell design feasibility to the client

Proof of Concept Model

The following numbered list describes all proof of concept components and specific sequence.

1. Prototype Design

2. Provision Equipment

3. Define Tests

4. Build Equipment Scripts

5. Review Test Results

Prototype Design

The prototype is a model for testing design and configuration features in a non-production setting such as a lab. You concern could be with specific protocols or IOS services and how they work with current protocols and IOS services running on your production network. The design should specify topology, equipment, addressing and software versions.

Provision Equipment

Obtain the circuits, cables, devices and servers required for testing. The equipment and software should be identical to the proposed design for specific testing and verification. Connect the equipment as specified with the prototype and make note of specific software versions and firmware being tested.

Define Tests

The tests should be designed to verify the design works as described at all Layers of the OSI model. That would focus on physical, network and application connectivity. The following is a suggested list that should be modified for your particular concerns. Depending on the current network and your tests, it could be an option to implement testing at some access offices with minimal impact on the production network.

The following is a list of typical tests that should be conducted

•  Ping Equipment and Servers

•  Routing and Switching

•  Security Testing

•  Availability Testing

•  Application Load Testing

Build Equipment Scripts

Work with vendors to build the correct scripts for each device. This is particularly relevant if the design will utilize newer equipment and protocols that have yet to be standardized with the industry. Discuss any problems or concerns the vendor has with your current design and, if necessary, modify scripts and design specifics   Review Test Results

The proof of concept test results should discuss specific issues with all defined tests. Note what problems were resolved and those that were referred to a vendor. The test results should be utilized to make changes to the current infrastructure, security and management specifications developed so far before moving on to the design proposal.

Network Planning and Design Guide is available at amazon.com and eBookmall.com

Shaun Hummel is an author of various technical books and has a web site focused on information technology job search solutions and certifications.

http://www.networkjobsolutions.com



Content by CCNA4U http://www.ccna4u.org Email: quocvuong.it@gmail.com