May 29 2008 7:27PM GMT
Posted by: David Davis
Microsoft Windows,
Windows Server 2008,
CCNA,
Certifications,
Cisco,
Windows Security,
VMware,
Videos
Train Signal makes some excellent video training products (covering Windows 2008, Cisco, and much more) but I want to take a second to talk about their sister site - Train Signal Training.com (called TST).
At Train Signal Training, they have a lot of experts who make daily blog posts covering all sorts of Windows, Microsoft office, and Cisco networking topics. For example, there are tips on how to get a networking job, tips on how to do a address label merge in Word 2007, and many more. What is most impressive is how their writers deliver these real-world and very useful tips.
Please take a second to check out Train Signal Training and sign up for their free newsletter or RSS feed.
May 29 2008 7:20PM GMT
Posted by: David Davis
Windows Server 2008,
CCNA,
CCNP,
Certifications,
Cisco,
Windows Security
Have you used the Petri IT Knowledgebase? This website is an excellent source for all sorts of Windows, Cisco, Virtualization, CompTIA, and Wireless HOW-TO information. On this site, you will find over 1000 articles covering Windows Vista, Server 2008, Server 2003, Cisco networking, VMware Virtualization, and so much more. Additionally, there are forums filled with thousands of messages and many experts are available to answer technical questions. To check it out, use the link above and if you are looking for Cisco-specific articles, checkout the Petri Cisco index.
May 29 2008 7:07PM GMT
Posted by: David Davis
Cisco,
Network Management,
Security,
Password
Why have a separate username/password database on all your routers? What a pain to have to keep seperate accounts to login to all the routers and switches? And what if you want to change the “root” password? Do you have to go to EVERY router and switch to make the change?
Not anymore… Why not use Windows Active Directory (AD) as the username/password database for all your routers & switches? This is very easy to configure. In fact, in my article How to configure the Cisco IOS to use Windows AD Authentication, you will find out how to do it, step by step. Check it out!
May 28 2008 8:39PM GMT
Posted by: David Davis
Cisco,
Security
I know, I know, could it be true? Could Cisco be chosen as the computer security company of the year? Or has the ISSA just been watching too many Cisco commercials?
Well, it is hard to say. Don’t get me wrong, I love Cisco hardware. It is rock solid. However, there are a lot of security companies out there and, comparatively, Cisco’s solutions aren’t the strongest, at least in my opinion.
Never the less, they didn’t ask me, and ISSA has chosen Cisco Systems as the “2007 Security Organization of the year”. For more information, read on…
Continued »
Feb 5 2008 12:02PM GMT
Posted by: David Davis
ASA,
PIX,
Networking,
Cisco
What is the name that everyone thinks of when they think of firewalls? The “PIX” firewall, right?
Sadly, the PIX will be discontinued by Cisco, as of January 27, 2009. This was announced on January 28, 2008 in this Cisco Press Release. If you are a PIX owner, the good news is that Cisco will support it until the year 2013 so, no rush huh?
Of course, we all know that the PIX will be replaced by the ASA 5500 line. When the ASA was announced we all saw this coming, even though Cisco said that they had no plans to discontinue the PIX and that there was a place in the marketplace for both. Still, it just made sense to discontinue the PIX.
So can the ASA become as well known as the PIX? Instead of asking for a firewall will admins just say “we need to install an ASA”? And is it pronounced “A.S.A.” or “Aay-Sah-Uh”? Only time will tell…
But seriously, the ASA is a very strong firewall and it can do a lot of things that the PIX could not do because the ASA is a real “UTM” or “Anti-X Appliance”. That means that, when combined with the CSC-SSM card (the card that really provides the Anti-X / UTM), the ASA is a much more complete firewall. The ASA is what businesses need today because, today, it isn’t enough to just maintain TCP states and drop traffic. You need intrusion prevention. You need filtering of traffic for viruses, worms, and malicious attack signatures in the real time. You want content filtering of web traffic. T
he ASA can do all that and more.
Do you have a Cisco ASA? What do you think of it? I’d like to hear from you!
For more information on the Cisco ASA, checkout the ASA homepage over at Cisco.com
-David
Personal Website: HappyRouter.com
Checkout David’s Video Training:
VMware ESX Server Video Training
Cisco CCNA & CCNP Video Training
Dec 10 2007 3:27PM GMT
Posted by: David Davis
Cisco,
Security
I recently read a NetworkWorld article where learned about a new Cisco security framework called “TrustSec”. TrustSec is a new Cisco Security Framework (I know, you are saying “another one???”). The new TrustSec framework is an add-on to the Cisco Self-defending network.
TrustSec is “intended to determine, through policies, the role of users and devices in the network before granting access to resources.”
Bob Gleichauf, CTO of Cisco’s Security Technology Group, says “We’re getting this threat defense thing down pretty good; now let’s start worrying about where we can go in the network.” And that is exactly what TrustSec does.
So what that means is that, not only are the devices connecting to the network authorized by NAC, that “authorization” stays with them as they conduct their business on the network. Once their “businesss” is done, they must be reauthorized to perform another “transaction” on the network. And, as they use this authorization, every switch and router is aware of who they are and their credentials.
Although I know they aren’t the same, this reminds me of Kerberos security because of the concepts of the “ticket” and the “ticket granting server”, etc.
TrustSec is set to be available for Cisco Catalyst 6500 switches in early 2008 and, over the next 18 months, it is supposed to be available for the entire switch lineup.
What do you think of this concept? Please post your comments here!
-David
Personal Website: HappyRouter.com - home of Cisco how-to articles & videos
David Recommends:
HappyRouter Cisco VMware Workstation & Server Video Training Series
HappyRouter Cisco CCNA & CCNP Video Training Series
Dec 6 2007 5:00AM GMT
Posted by: David Davis
Networking,
Cisco,
Security
As a semi-paranoid admin like me, perhaps you have used (or have wanted to use) applications like Tripwire and Kiwi CatTools to log all Cisco IOS configuration changes.
However, maybe we don’t need external tools. Have you seen the Configuraton Change Notification and Logging features?
It has been available since IOS 12.3(4)T/12.2(25)S (it has really gone mainstream in 12.4).
For each configuration command that is executed, the following information will be logged:
• The command that was executed
• The configuration mode in which the command was executed
• The name of the user that executed the command
• The time at which the command was executed
• A configuration change sequence number
• Parser return codes for the command
Here is a sample of how you configure it:
Router(config)# archive
Router(config-archive)# log config (enters config logging mode)
Router(config-archive-log-config)# logging enable (turns on running config change logging)
Router(config-archive-log-config)# logging size 500 (remembers the last 500 commands entered - 100 are default)
Router(config-archive-log-config)# hidekeys (hides passwords from being shown / logged)
Router(config-archive-log-config)# notify syslog (optional - exports changes to syslog server)
Watch this: this is an example of what the logging looks like in action:
CH_NAME_RTR# show archive log config all
idx sess user@line Logged command
1 1 david@vty0 | logging enable
2 1 david@vty0 | logging size 200
3 2 david@vty0 |hostname CH_NAME_RTR
4 2 david@vty0 |enable secret ***** (this is hidden because of hidekeys command)
5 2 david@vty0 |interface FastEthernet0/0
6 2 david@vty0 | bandwidth 100000
-David
Personal Website: HappyRouter.com - home of Cisco how-to articles & videos
David Recommends:
HappyRouter Cisco VMware Workstation & Server Video Training Series
HappyRouter Cisco CCNA & CCNP Video Training Series
Nov 21 2007 9:37PM GMT
Posted by: David Davis
Cisco,
Security
This week, it was announced that the Monster.com website was attacked by Hackers (for more info see “Hackers jack Monster.com, infect job hunters“).
This, once again, reminds me that everyone one of us who is responsible for a network take some time and review our network security. Hey - why not make it a New Year’s Resolution?
If you aren’t familiar with the Cisco IOS but want to review your security, here are some links to consider (all articles or videos that I have written):
VIDEO: Harden your Cisco Router with IOS ACLs
How to Configure Passwords to Secure your Cisco Router
Configure SSH on your Cisco router
How to be notified when you Cisco router configuration has changed
Cisco - Improving Security on Cisco Routers
And, finally, one more (not by me):
NSA Router Security Configuration Guide
All the Best to You,
David
Nov 9 2007 6:40PM GMT
Posted by: David Davis
Cisco,
Password,
CCNA
Just as with the Windows OS, one of the most frequent questions from new Cisco router or switch users is “how do I reset my lost IOS password”? Perhaps you inherited an old router from another network admin. Perhaps you bought your router on ebay. Or perhaps you just plain forgot what the password was for the router. 
Now, you cannot get into the IOS. What do you do?
This involves changing the configuration register to 0×2142, rebooting, recovering or changing the password, and changing the configuration register back to 0×2102.
Instead of telling you HOW to do it, better yet, I would like to SHOW you how to do it.
I created a 10 minute video on my website where I SHOW you how to reset your lost router or switch password. I have gotten a ton of positive reviews on this video with many people saying it “saved their day”. I hope it helps you out too!
-David
Personal Website: HappyRouter.com - home of Cisco how-to articles & videos
David Recommends:
HappyRouter Cisco VMware Workstation & Server Video Training Series
HappyRouter Cisco CCNA & CCNP Video Training Series
