May
20
Email and web-based attacks are the most common points of entry for hackers in our current world of Information Security. Understanding the nature of these attacks is critical to existing and aspiring network engineers. Read More
Aug
25
The first portion of INE's new CCIE Security Advanced Technologies Class for the 3.0 blueprint is now available in both streaming and download formats.  Subscribers to the All Access Pass already have access to this new course, and can upgrade to the download version for $159.  Non-subscribers can purchase the standalone download for $299, or subscribe to the AAP for just $159 per month.  Customers who have access to previous versions of the CCIE Security ATC will get access to the new... Read More
Jan
24
Today's challenge is drawn from the exciting area of CCNA Security. Enjoy. As always, you can find the answer in the comments area a day or two after the date of this post. Read More
Dec
01
Catalyst switch port security is so often recommended. This is because of a couple of important points: There are many attacks that are simple to carry out at Layer 2 There tends to be a gross lack of security at Layer 2 Port Security can guard against so many different types of attacks such as MAC flooding, MAC spoofing, and rouge DHCP and APs, just to name a few I find when it comes to port security, however, many students cannot seem to remember two main points: What in the world is Sticky... Read More
Oct
16
In this series of blog posts, we will examine WLAN security mechanisms in an even greater detail than in our popular 5-Day CCNA Wireless course. We will begin with one that is now considered legacy due to major weaknesses that were quickly discovered in its implementation. This security mechanism receives the least coverage in the CCNA Wireless materials and exam, because, as we stated, it is indeed considered legacy. The official title for this technology is Preshared Key Authentication with... Read More
Jun
21
Join us Friday, June 25th at 11AM Pacific / 2PM Eastern for another installment in the Open Lecture Series. Read More
Jun
15
A big shout out to all the students in the Raleigh Security CCIE bootcamp last week.   I had a blast!   Thank you for all your hard work, as well as the after hours discussions about the unknown, and why people feel they know it.  :) I promised a few blog posts related to security over the next few weeks, and this one is regarding Certificate-based ACLs. This blog may also serve as a review on how to configure the CA clients so that their certificates contain various fields and values, such as... Read More
Jun
06
I just returned from an awesome Security bootcamp in Raleigh, and am looking forward to more there in the future. Core knowledge is still alive and well in the Security LAB exam, as well as troubleshooting, which is integrated as part of the configuration section. Read More
May
28
In a recent post here on the INE blog, we received some follow-up questions similar to the following: "Why do IPSec peers end up using tunnel mode, even though we had explicitly configured transport mode in the IPSec transform-set?" It is an excellent question, and here is the answer.   In a site to site IPSec tunnel the "mode transport"  setting is only used when the traffic to be protected (traffic matching the Crypto ACLs) has the same IP addresses as the IPSec peers, and excludes all other... Read More
May
17
The two engineers, as they grabbed a quick lunch, looked over the following diagram. The 13.0.0.0/24 network is GRE.   The routing in place, uses the tunnel interfaces to reach the remote networks of 1.1.1.0 and 3.3.3.0.   The IPSec policy is to encrypt all GRE traffic between R1 and R3.  R1 and R3 are peering with each other using loopback 11 and loopback 33 respectively. The technicians considered the traffic pattern if a host on the 3.3.3.0/24 network sent a packet to a device on the... Read More

Subscribe to INE Blog Updates

New Blog Posts!