RE: security portion of the ccie lab

From: Jeffrey Fry (Jeff@FryGuy.Net)
Date: Fri Jan 19 2007 - 20:06:23 ART

• Next message: Faryar Zabihi \(fzabihi\): "RE: IEWB LAB 10 Ver3.0 VOL 1 - TASK 9 (Lock & Key)"
• Previous message: Sean.Zimmerman@clubcorp.com: "Re: IPV6 on 2621XM router"
• Maybe in reply to: Michael Zuo: "security portion of the ccie lab"
• Next in thread: secondie: "Re: security portion of the ccie lab"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

One piece of advice is that the last line in your ACL should be:

Access-list x Deny any any log

The Log command will allow you to see what is hitting the DENY
statement. This way you can make sure that what you want is being
denied, and if something is getting through, you will see it.

Just my .02 cents.

-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
Robert Watson
Sent: Friday, January 19, 2007 4:11 PM
To: 'Michael Zuo'; ccielab@groupstudy.com
Subject: RE: security portion of the ccie lab

Sometimes its not a ripple out effect but a reverse ripple, heh is that
a
new term. Where enabling an acl but forgetting to add in that permit
because of a previous requirement, or enabling aaa but forgetting to add
the
login default or login line portion so that console and telnet access
doesn't change. Or port security but forgetting the hsrp mac address.
Security and qos to me is one of the holistic approach if I configure
this
what happens to all the other requirements.

-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
Michael Zuo
Sent: Friday, January 19, 2007 12:41 PM
To: ccielab@groupstudy.com
Subject: security portion of the ccie lab

Hi Group,

I need some advice on how to approach the security portion of the lab
(tricks, lessons and words of wisdom are also appreciated). I think I
have a fairly good understanding of various security features and how
they work and ACLs are never a problem when I do practice exams from
different vendors. But my exam score is 33% even though I did not
encounter any difficulties in that section (I didn't even have to look
at the Docs). Also, security section of the exam is not like the core
topics where one mistakes can ripple throughout the setup, so my problem
most likely is not something I missed in one section and affected
everything else. I am scratching my head trying to figure out what the
problem could be? Because I know covering the same topics in my studies
will not give me more points if I don't approach it differently.

Any thoughts?

Thanks a lot

• Next message: Faryar Zabihi \(fzabihi\): "RE: IEWB LAB 10 Ver3.0 VOL 1 - TASK 9 (Lock & Key)"
• Previous message: Sean.Zimmerman@clubcorp.com: "Re: IPV6 on 2621XM router"
• Maybe in reply to: Michael Zuo: "security portion of the ccie lab"
• Next in thread: secondie: "Re: security portion of the ccie lab"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Thu Feb 08 2007 - 23:46:57 ART