Fast Lane UK Blog

Lulzsec has now disbanded

Grant.Wilson — Mon, 01 Aug 2011 08:38:17 +0000

Hello Everybody,

..It looks like Lulzsec in under control.

“ British police have arrested a teenager suspected to be a part of online hacker group Anonymous.

The Scotland Yard said that 18-year-old Jake Davis has been charged with a series of cyber crimes including hack attack on the website of the Serious Organised Crime Agency (Soca) that took place a month ago.

Davis is also believed to be the spokesman for the hacker groups Lulz Security (Lulzsec) and Anonymous said police.

The arrest took place in a “pre-planned intelligence-led operation” on the Shetland Islands on Wednesday.

At present, Davis is with the cybercrime unit in London for questioning. He is the third Briton to have been arrested as part of the recent crackdown on online hacker groups in the US and Europe.

Last month, police had arrested another teenager Ryan Cleary in Essex. And last week, a 16-year-old boy was arrested from south London. So far, there have been at least sixteen arrests in the US and four in the Netherlands in a coordinated action against online hacker groups.

Meanwhile, reports say that Anonymous has targeted the network of US government contractor Mantech International Corp. The hacker group also posted some NATO-related correspondence online, according to Reuters.

Mantech has not commented on the matter so far.

LulzSec — infamous for its attacks on sonypictures.com, Nintendo and FBI associate websites — had recently claimed that it would be disbanding to avoid a crackdown on members and heightened scrutiny by authorities”

http://lulzsecurity.com/ ….. not available any more.

The parting shot:

http://pastebin.com/1znEGmHa

…. a good time to invest in security training

Grant

Core Knowledge Questions Removed for CCIE Security and CCIE Storage Networking Lab Exams

Grant.Wilson — Thu, 14 Jul 2011 09:25:46 +0000

Core Knowledge Questions Removed for CCIE Security and CCIE Storage Networking Lab Exams

Effective August 15, 2011, CCIE Security Lab Exam and CCIE Storage Networking Lab Exam, in all global locations, will no longer include the four open-ended Core Knowledge questions.

The content of the lab exams remain based on the current CCIE Security Lab Exam Topics and CCIE Storage Networking Lab Exam Topics. The removal of Core Knowledge questions allow candidates to utilize the total lab time for configuration and troubleshooting.

The total lab time will remain eight hours.

New Ethernet Standard

Rob Varley — Wed, 22 Jun 2011 14:34:59 +0000

A new Ethernet standard – 802.3ab has been ratified by the IEEE. It details a migration from a speed of 40Gbits/sec all the way up to a very impressive 100Gbits/sec. It is intended as a response to the growing demands on bandwidth resulting from ever more popular technology adoptions such as IP Convergence, social networking, video services and integrated applications. All of which require higher data through put speeds. This new standard will enable manufactures to produce higher performing networking equipment.

Preparing for Cisco Exams

Rob Varley — Tue, 21 Jun 2011 13:43:03 +0000

Let’s address the first issue first, do you intend to sit the relevant exam after completing your Cisco course? Why wouldn’t you? You have given up your time to attend a course, your company has paid for it, and you have been paid wages while on it. I always find it a little disheartening when delegates tell me they have no intention of taking the exam. In today’s economic climate and all the uncertainty that goes with it, your CV is more important than it has ever been. The world has changed. You will not get a job based on experience alone. If you don’t have the qualifications on your CV, you will not even get the interview, sad, but true.

So, are Cisco certification exams difficult? Yes they are. But that’s a good thing; otherwise they wouldn’t be worth having. I always say, ‘how well you do in an exam is largely just a reflection of how much preparation you have put in’. If you prepare and know your stuff, then an exam can almost be described as a pleasurable experience. It’s only a bad experience when you have inadequately prepared.

Here are some useful pointers on how to go about preparing for you exam:

1. Leave a gap between finishing the course and sitting the exam. I usually find 2 weeks is about right. The Cisco courses are intense and we cover a lot of material. You need time to go over your notes, revisit the topics and practice your lab exercises.
2. Book your exam date. Get a date in the diary, this gives you a deadline to work towards. Why not book your exam before you finish the course? You need to go to www.pearsonvue.com
3. Visit Cisco website: www.cisco.com/go/certifcation where you will find a detailed breakdown of all the subject areas in your exam. You can then study these topics and tick them off as you go.
4. We recommend you consider using the resources at www.boson.com. This is a Cisco sponsored site where you can purchase practise questions. Practise questions are an essential part of your preparation. With Boson, you can run it in learning mode which gives you a detailed explanation of the answers given. You can also purchase simulations for lab practise. Beware of sites that offer actual exam questions, this material is illegal and Cisco regularly change the exam questions which can leave you badly prepared. Also, passing your exam by cheating will not help you on the first day of your new job.
5. Stick to the course ware for revision. If it is not mentioned in those books it will not be in the exam. Don’t waste time revising related material that’s not going to be in the exam.
6. Don’t skip any topics thinking they are unlikely to be covered in the exam. If it was covered on the course, it can be in the exam.
7. If there are any topics you really don’t understand, discuss these with other people, colleagues that can help. Use the internet, there are plenty of chat forums where you can post questions.

Last thing, they take your photo before the exam and then print it out on your certificate. So, make an effort with your appearance. You will then be able to put your certificate on the wall and show it to your friends and family when they visit. How cool?

Why training is more important than it has ever been.

Rob Varley — Thu, 26 May 2011 15:24:49 +0000

What has networking in common with fashion? Answer, it moves in cycles. One year flares are in and you are looking good, and the next you find yourself behind the trend and struggling to keep up. In the early 80’s, the approach to networking solutions was based around a ‘centralised’ model. Remember IBM green machines: dumb terminals, 64k floppy disc drives? The ‘intelligence’ and ‘data resources’ of the network were mainframe centric, a centralised deployment. Since then we have been on a long and inexorable journey towards a ‘de-centralised’ model. Where intelligence, functionality and data resources have been increasingly pushed to the edge of the network and peripheral devices: high powered laptops, notebooks, PDAs, mobile phones etc. So what? I hear you say. Well there is a new word in town and it will have major implications, if not already. Move over ‘convergence’ and make way for ‘consolidation’. Due to advancements in data centre technology and increasing government legislation requiring companies to manage and secure all data for periods up to 5 years, consolidation of data resources in a central secure environment will be an ever increasing priority for most companies. What’s the point? Point is, as we consolidate data, what becomes more important? The NETWORK. The network is the enabler. Data centre and networking technologies are becoming interdependent. This is reflected in the fact that we see a lot of people attending Cisco courses who are primarily from a desktop background!! One last thought, Google are launching their own Notebook. It has no hardrives, no application support. It is just a browser that allows you to access applications and data that you have handed over to the Google cloud. Is this the return of the dumb terminal? Are we coming full cycle? Are flares back in fashion?

Try a free router!

Grant.Wilson — Tue, 24 May 2011 16:36:16 +0000

… Well not quite.

Although there are lots of route servers that you can play on for FREE. These routers are live and working and used to check for issues related to your IP address space. To try one then just telnet to router1.ccie-security.com and login using rviews as the username.

Try these commands for fun:

show ip route
sh version

Enjoy!

Grant Wilson

IPv6 Testing Day: June 8, 2011!!

Grant.Wilson — Wed, 23 Mar 2011 12:32:01 +0000

The internet will soon be running out of IP addresses, which means that we inevitably will have to move to IPv6 addresses very soon. There are supposedly 91 million addresses remaining, which might seem like a lot, but considering the number of devices coming online each day, these addresses will only suffice for around a month or two. After that, no new devices will be able to connect to the internet.
IPv6 “should” take over sometime in 2011.
A few popular services namely Google, Facebook, Yahoo! and Akami have decided to test out IPv6 on the 8th of June this year along with the Internet Society, an organization which handles internet standards. The exercise is being done to eliminate any issues that might crop up during the worldwide transition to IPv6. IPv6 currently has provision for about four billion IPs. Moving to IPv6 will allow four billion times that number. Google has already been running an IPv6 server (http://ipv6.google.com) since 2008. During the test, sites such as Google and Youtube.com will run on a separate IPv6 server.
If you want to see if your device or system is IPv6 ready, visit http://www.test-ipv6.com

ASA 8.4 – With IKE v2 and Etherchannel!

Grant.Wilson — Wed, 23 Mar 2011 11:04:13 +0000

IKE v2.

Internet Key Exchange version 2 (IKEv2) is the latest key exchange protocol used to establish and control Internet Protocol Security (IPsec) tunnels. The ASA now supports IPsec with IKEv2 for the AnyConnect Secure Mobility Client, Version 3.0(1), for all client operating systems.

On the ASA, you enable IPsec connections for users in the group policy. For the AnyConnect client, you specify the primary protocol (IPsec or SSL) for each ASA in the server list of the client profile. IPsec remote access VPN using IKEv2 was added to the AnyConnect Essentials and AnyConnect Premium licenses.

Site-to-site sessions were added to the Other VPN license (formerly IPsec VPN). The Other VPN license is included in the Base license.

The following commands have been modified: vpn-tunnel-protocol, crypto ikev2 policy, crypto ikev2 enable, crypto ipsec ikev2, crypto dynamic-map, crypto map.

Etherchannel.

You can configure up to 48 802.3ad EtherChannels of eight active interfaces each. Note You cannot use interfaces on the 4GE SSM, including the integrated 4GE SSM in slot 1 on the ASA 5550, as part of an EtherChannel.

The following commands have been modified: channel-group, lacp port-priority, interface port-channel, lacp max-bundle, port-channel min-bundle, port-channel load-balance, lacp system-priority, clear lacp counters, show lacp, show port-channel.

New Forum on Secure Borderless Networks

Thu, 20 Jan 2011 19:46:29 +0000

I and some colleagues are starting a web forum on “Secure Borderless Networks” via LinkedIn.com Groups. If you have an interest in how to tame the Borderless Frontier, log in to Linkedin.com and search the groups for “Secure Borderless Networks” or just click here: http://www.linkedin.com/e/6neuiq-gj5xaum1-2z/vgh/3754005/. The purpose of this group is to provide a forum for discussing Cisco Technologies and architectures supporting Secure Borderless Networks. This includes ACS, NAC, TrustSec and other emerging technologies.

The Cisco “Borderless Networks” vision is both awesome and scary: facilitating “access to anything on the network from anywhere” means enabling rapid business transactions and innovation,but it also now expands the “threat surface” of the corporate network dramatically. Without a robust discussion about these challenges and potential solutions, the borderless frontier starts to look like the wild west, an inviting place for criminal hacker activity. The goal of this group is to encourage broad discussion of the potential threats and solutions, down to the features and lackings.

Fast Lane Instructor to speak at NetApp Insight Conference

Fri, 29 Oct 2010 14:12:33 +0000

The NetApp Insight conference will be held next week in Las Vegas. The conference is dedicated to NetApp employees and partners and features over 100 breakout training sessions focusing on NetApp storage and related technologies. I am honored to be a guest speaker at Insight and will be leading a discussion on Secure Multi-Tenancy (SMT). Cisco, NetApp and VMware have partnered to create a Multi-Tenant solution that has been validated as secure.

Secure Multi-Tenancy is the enablement of a shared infrastructure including storage, network and compute resources using outlined implementation standards. These standards include maintaining secure separation and high availability of tenant assigned resources while maintaining service level agreements. Another key component of Secure Multi-Tenancy is the simplification of administration which allows for rapid provisioning of resources and greater control of those resources for the tenant administrator.

If you are interested in Secure Multi-Tenancy, Fast Lane has developed the first multi-vendor SMT course based on the Cisco Validated Design document. The course features Cisco UCS, NetApp MultiStore and VMware ESX. You can learn more about the Implementing Secure Multi-Tenancy course by visiting this link: http://www.fastlaneus.com/course/fl-ismt?hl=smt.