Re: security portion of the ccie lab

From: secondie (secondie@gmail.com)
Date: Sat Jan 20 2007 - 01:14:18 ART

• Next message: Sergey Golovanov: "Re: security portion of the ccie lab"
• Previous message: Scott Thornton: "Re: IOS Command"
• Maybe in reply to: Michael Zuo: "security portion of the ccie lab"
• Next in thread: Sergey Golovanov: "Re: security portion of the ccie lab"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Good for trouble shooting but you can loose points if you leave the deny
there. Unless requirements say log the denied traffic, I would not it.

-Manjeet

Jeffrey Fry wrote:
> One piece of advice is that the last line in your ACL should be:
>
> Access-list x Deny any any log
>
> The Log command will allow you to see what is hitting the DENY
> statement. This way you can make sure that what you want is being
> denied, and if something is getting through, you will see it.
>
> Just my .02 cents.
>
> -----Original Message-----
> From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
> Robert Watson
> Sent: Friday, January 19, 2007 4:11 PM
> To: 'Michael Zuo'; ccielab@groupstudy.com
> Subject: RE: security portion of the ccie lab
>
> Sometimes its not a ripple out effect but a reverse ripple, heh is that
> a
> new term. Where enabling an acl but forgetting to add in that permit
> because of a previous requirement, or enabling aaa but forgetting to add
> the
> login default or login line portion so that console and telnet access
> doesn't change. Or port security but forgetting the hsrp mac address.
> Security and qos to me is one of the holistic approach if I configure
> this
> what happens to all the other requirements.
>
>
>
> -----Original Message-----
> From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
> Michael Zuo
> Sent: Friday, January 19, 2007 12:41 PM
> To: ccielab@groupstudy.com
> Subject: security portion of the ccie lab
>
> Hi Group,
>
>
>
> I need some advice on how to approach the security portion of the lab
> (tricks, lessons and words of wisdom are also appreciated). I think I
> have a fairly good understanding of various security features and how
> they work and ACLs are never a problem when I do practice exams from
> different vendors. But my exam score is 33% even though I did not
> encounter any difficulties in that section (I didn't even have to look
> at the Docs). Also, security section of the exam is not like the core
> topics where one mistakes can ripple throughout the setup, so my problem
> most likely is not something I missed in one section and affected
> everything else. I am scratching my head trying to figure out what the
> problem could be? Because I know covering the same topics in my studies
> will not give me more points if I don't approach it differently.
>
>
>
>
>
> Any thoughts?
>
>
>
> Thanks a lot
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html

• Next message: Sergey Golovanov: "Re: security portion of the ccie lab"
• Previous message: Scott Thornton: "Re: IOS Command"
• Maybe in reply to: Michael Zuo: "security portion of the ccie lab"
• Next in thread: Sergey Golovanov: "Re: security portion of the ccie lab"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Thu Feb 08 2007 - 23:46:57 ART