Shaun Hummel asked:


Firewalls

Enterprise companies today employ firewalls that do stateful inspection of sessions between external and internal hosts and devices. Cisco employs a patented ASA algorithm that utilizes source IP address, destination IP address, TCP sequence numbers, port numbers and TCP flags to examine and prevent unauthorized sessions. The firewall is configured with conduit statements to filter traffic by examining source/destination IP addresses, application port and protocol port before making a decision whether to permit or deny a session or specific traffic.

Firewalls are implemented at the company demilitarized zone (DMZ) which is located between the external network and the company internal network. Static routing is typically configured at the DMZ between firewalls and internal/external routers for improved security. This is to have greater control over route propagation than would be available with dynamic routing protocols such as RIP and EIGRP. Internal and DMZ (Public) servers would be configured to use the firewall as their default route to forward Internet traffic. If an internal router were available, servers would use that as their default gateway to forward Internet traffic.

The external router broadcasts a default route to the firewall that is used to forward traffic destined for the Internet. A conduit must be configured at the firewall for each protocol type that should be allowed through your firewall. For instance, if your company manages routers and servers across a firewall, you must configure a conduit for SNMP traffic to allow traps through the firewall. The conduit would specify the source address of the router which is sending SNMP traps, the destination address of the network management station that is receiving SNMP traps, and UDP 161 which is the UDP port number for sending SNMP traffic from managed devices to a network management station.

The firewall examines the end to end session connection and does a lookup of its conduit table to determine if a particular source address, destination address, protocol port or application port is allowed through. The packet is discarded or allowed through on to the company network (inside) or Internet depending upon the conduit statements configured.

TACACS Server

This is a TCP service running on a designated Unix server that authenticates employees attempting to access a router. The routers must be configured to send a request to the TACACS server when someone attempts to logon to a router. The router prompts the user for a username/password pair and sends that to the TACACS server for authentication. TACACS servers are implemented with VPN services as well to authenticate remote users before allowing that session to continue with network authentication to Windows Server, Unix or Mainframe authentication and authorization.

RADIUS Server

This is a UDP service running on a designated network server that authenticates employees attempting to access a router. The routers must be configured to send a request to the RADIUS server when someone attempts to logon to a router. The router prompts the user for a username/password pair and sends that to the RADIUS server for authentication. RADIUS servers are implemented with VPN services as well to authenticate remote users before allowing that session to continue with network authentication to Windows Server, Unix or Mainframe authentication and authorization.

Network Planning and Design Guide is available at amazon.com and eBookmall.com

Shaun Hummel is an author of various technical books and has a web site focused on information technology job search solutions and certifications.

http://www.networkjobsolutions.com



Content by CCNA4U http://www.ccna4u.org Email: quocvuong.it@gmail.com

GlobalKnowledgeInc asked:

attacks and maintain network compliance. Jim explains how we’ve enhanced our labs beyond what you’ll find in the standard Cisco MARS training course by incorporating more real-world labs, network devices, and software applications. The standard Cisco MARS course uses preconfigured virtual devices where we use real equipment to prepare you for real-world scenarios. … Cisco training mars CCNA CCIE CCSP Security VPN IPS Monitoring Analysis and Response System networking lab topology global …

Content by CCNA4U http://www.ccna4u.org Email: quocvuong.it@gmail.com

ali asked:


i want to get ccna certification so how can i prepared …..exm point of view and i also done ccna coaching classes from cisco network academy

Content by CCNA4U http://www.ccna4u.org Email: quocvuong.it@gmail.com

Brian Dennis asked:


1. The first step in this structured approach is to understand what the technology or feature does and why it was implemented. This step should be done from a vendor neutral point of view by purchasing the various lab workbooks available or by just using the freely available white papers, RFC, etc available on the Internet.

2. The second step is to learn how Cisco has implemented the particular technology or feature. You can do this by using the numerous configuration examples, tech tips, and documentation available on the Internet and Cisco’s website along with the Cisco Press books. Don’t underestimate the wealth of information available on http://www.cisco.com/web/learning/le3/ccie/

3. Now that you have an understanding of the why and the how, it’s time to take the third step by gaining experience with the technology or feature through hands on practice. Although anything is pretty much theoretically possible, you cannot expect to pass the CCIE lab exam without hundreds of hours of hands-on practice and/or real world experience on the routers and switches. In the CCIE lab exam candidates’ experience will be tested by assessing the fluency with the technologies and topics. Generally speaking someone who is more familiar will also be faster. By faster I don’t mean that they can type faster but by faster I mean that they can do a task faster than someone without the equivalent experience. So don’t worry about your keyboard typing speed if it’s not the fastest.

Summarizing, if we break these three steps down into time frames the first step would consume about 15%, the second step about 20%, and the last step about 65%. This means that a reasonable strategy to prepare for the CCIE lab exam is for every one hour of reading about a technology or topic a candidate should spend two hours doing hands-on practice.



Content by CCNA4U http://www.ccna4u.org Email: quocvuong.it@gmail.com

securicorp asked:

How to connect to the BiKal Candy Bar Cam IP camera, the worlds first Plug n Play IP camera that needs no router configuration.

Content by CCNA4U http://www.ccna4u.org Email: quocvuong.it@gmail.com

TheLandline asked:

With $1000 to spend, homeless Frank finds his perfect laptop. Featuring Jim Santangeli. Written by the Landline. Filmed at Mike’s Tech Shop (www.mikestechshop.com).

Content by CCNA4U http://www.ccna4u.org Email: quocvuong.it@gmail.com

TigerDirectBlog asked:

When it comes to your mobile lifestyle, its all about mixing business with pleasure. Meet your PC. The Samsung X460-44P Laptop Computer was crafted with industry-leading features to make you more productive. Weighing in at 4 pounds, you can take it anywhere. You can hit the ground running because there are no compromises on performance. The Samsung X460-44P Laptop Computer offers everything you want from a notebook—fast Intel® Centrino® 2 processor technology to handle todays most demanding …

Content by CCNA4U http://www.ccna4u.org Email: quocvuong.it@gmail.com