Re: security portion of the ccie lab

From: Sergey Golovanov (sergey.golovanov@iementor.com)
Date: Sat Jan 20 2007 - 04:01:12 ART

• Next message: iyux2000@gmail.com: "how to modify external EIGRP route individually"
• Previous message: secondie: "Re: security portion of the ccie lab"
• Maybe in reply to: Michael Zuo: "security portion of the ccie lab"
• Next in thread: Manjeet Chawla: "Re: security portion of the ccie lab"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

I would disagree with that statement!! I always tell my students, if you configure something extra, and that configuration wasn't explicitely prohibited... then you won't lose any points!!!

Example. You are asked to setup BGP between two peers. You setup BGP peers with MD5 password. They didn't ask you to configure secure BGP sessions. And they didn't tell you not to configure them. You will not lose your points.

As long as you achieve the task "correctly", you are ok.

Anyone else have thoughts on this?

--------------------------------------------------------------------
Sergey Golovanov, CCIEx5 (R&S/Security/Voice/Service Provider/Storage)
"Please, don't ask me for my ccie #, there are reasons why I can't release it"
ieMentor Instructor and Content Developer
sergey.golovanov@iementor.com
http://www.iementor.com

> -------Original Message-------
> From: secondie <secondie@gmail.com>
> Subject: Re: security portion of the ccie lab
> Sent: Jan 19 '07 23:14
>
> Good for trouble shooting but you can loose points if you leave the deny
> there. Unless requirements say log the denied traffic, I would not it.
>
> -Manjeet
>
> Jeffrey Fry wrote:
> > One piece of advice is that the last line in your ACL should be:
> >
> > Access-list x Deny any any log
> >
> > The Log command will allow you to see what is hitting the DENY
> > statement. This way you can make sure that what you want is being
> > denied, and if something is getting through, you will see it.
> >
> > Just my .02 cents.
> >
> > -----Original Message-----
> > From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
> > Robert Watson
> > Sent: Friday, January 19, 2007 4:11 PM
> > To: 'Michael Zuo'; ccielab@groupstudy.com
> > Subject: RE: security portion of the ccie lab
> >
> > Sometimes its not a ripple out effect but a reverse ripple, heh is that
> > a
> > new term. Where enabling an acl but forgetting to add in that permit
> > because of a previous requirement, or enabling aaa but forgetting to add
> > the
> > login default or login line portion so that console and telnet access
> > doesn't change. Or port security but forgetting the hsrp mac address.
> > Security and qos to me is one of the holistic approach if I configure
> > this
> > what happens to all the other requirements.
> >
> >
> >
> > -----Original Message-----
> > From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
> > Michael Zuo
> > Sent: Friday, January 19, 2007 12:41 PM
> > To: ccielab@groupstudy.com
> > Subject: security portion of the ccie lab
> >
> > Hi Group,
> >
> >
> >
> > I need some advice on how to approach the security portion of the lab
> > (tricks, lessons and words of wisdom are also appreciated). I think I
> > have a fairly good understanding of various security features and how
> > they work and ACLs are never a problem when I do practice exams from
> > different vendors. But my exam score is 33% even though I did not
> > encounter any difficulties in that section (I didn't even have to look
> > at the Docs). Also, security section of the exam is not like the core
> > topics where one mistakes can ripple throughout the setup, so my problem
> > most likely is not something I missed in one section and affected
> > everything else. I am scratching my head trying to figure out what the
> > problem could be? Because I know covering the same topics in my studies
> > will not give me more points if I don't approach it differently.
> >
> >
> >
> >
> >
> > Any thoughts?
> >
> >
> >
> > Thanks a lot
> >
> > _______________________________________________________________________
> > Subscription information may be found at:
> > http://www.groupstudy.com/list/CCIELab.html
> >
> > _______________________________________________________________________
> > Subscription information may be found at:
> > http://www.groupstudy.com/list/CCIELab.html
> >
> > _______________________________________________________________________
> > Subscription information may be found at:
> > http://www.groupstudy.com/list/CCIELab.html
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html

• Next message: iyux2000@gmail.com: "how to modify external EIGRP route individually"
• Previous message: secondie: "Re: security portion of the ccie lab"
• Maybe in reply to: Michael Zuo: "security portion of the ccie lab"
• Next in thread: Manjeet Chawla: "Re: security portion of the ccie lab"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Thu Feb 08 2007 - 23:46:57 ART