Because I am so passionate about security and I have been reading security related articles and tutorials since I was 17, this exam was really easy for me. Difficulty level I would say 6/10.

Most important thing(s) I have learn from this course

Layers of security – you will have good understanding of levels of security in Information Security. If you dont understand this then you wont go any where with security.

Good introduction to Cryptography, Encryption, VPN technologies, ACLs – I would highly recommend this course marital for listed areas.

Study Materials I used

CCNA Security Official Book – I personally purchased this book for AUD $54, you can download this for free from the web – [My rating 8/10]

CBT Nuggets Series for CCNA Sec by Jeremy Cioara – You can purchase this online from CBT nuggets – [My rating 10/10]

Pass4sure Questions for CCNA sec -Look  some questions are really stupid. Some of them doesnt even give any real life exp at all. But hey you need to pass the exam some how. Just go through those 138 odd questions from Pass4Sure few times before you go to the exam – [My rating 9/10]

Whats next for me – Hmmm few modules of CCSP, CCNP Routing Module, CCNA Voice and Certified Ethical Hacker course.

#show terminal — will show you the settings of the terminal.

#terminal length 0 — will take out the lengthing

#terminal default length — will make it back to default

#no pager — sometimes you have to use this command to do the same thing. Depending on the devices. For example, Cisco PIX is using “no pager” command instead.

hope this helps!

Rav

Normal case in command prompt you could stop this by doing CTRL+C or CTRL+break.

But in Cisco Devices you can only stop this by doing CTRL+SHIFT+6 which is one of the break sequence on Cisco devices.

Small things helps when you are frustrated!

Ravindu Denawaka

I am not a Juniper specialist, I am a Cisco freak! Too bad Juniper is taking a big sector in the IT industry. So I think you need to know both in near future. I am replacing one of the internal Juniper Netscreen firwals in my company. Here is the easiest and fastest solution that I came up with. 

Login to current Netscreen WebUI.
Click on config file. 
Click on save config file. (Just save it in to your desktop) 
Console in to the 2nd Netscreen where you need to copy the config. In my case there was an existing config in the 2nd Juniper. So I simply erase that off.

Commands used.
#unset all
#reset

Firewall will reboot and now you need to use the default Netscreen root user name password (netscreen/netscreen).

Now you need to enable the WebUI on the Netscreen. It’s because now its back to factory default settings. 
# set interface eth1 ip manageable
# set admin manager-ip 192.168.1.1 255.255.255

Plug your Ethernet cable in to eth1 port of the firewall and configure your network settings to. 
IP Address: 192.168.1.2
Default Gateway: 192.168.1.1
Network Mask: 255.255.255.0
By default the Netscreen Eth1 is configured with 192.168.1.1 IP address.

Open your browser and type 192.168.1.1
Login as root again. So username :netscreen and password: netscreen. 
Go to the same section as above image. (Configuration>update>config file)
Now you have the option to replace the current config. (2nd option)
Browse in to the config file you saved before and click on apply/upload.

That’s it will reboot by it self once it’s uploaded the new config.

Hope this helps someone…

Ravindu Denawaka

Solution:

Tools>Internet Options>Advanced> Under “Security” > Un tick TLS.

I had two options, either provide IP phones power by an adapter or shutdown the power of few other switch ports which they don’t use the power feature.

How to disable power on a switch port?

Step 1
configure terminal – Enter global configuration mode.

Step 2
interface interface-id – Enter interface configuration mode for the physical interface to be configured.
eg: interface fa 0/1

Step 3
power inline {auto | never} -Configure PoE on the interface:
eg: power inline never

Step 4
end – Return to privileged EXEC mode.

Step 5
show power inline [interface-id | module switch-number] – Display PoE status for a switch or switch stack, for the specified interface, or for a specified stack member.

Step 6
write memory- Save your entries in the configuration file. Else when the switch restarts all the changes will be lost.

http://www-tss.cisco.com/eservice/compass/common/activities/password_cat_2950.htm

Awesome tutorial !

Scenario: my manager asked me to create a read only user in 90 networking devices (Routers, Switches, Load balancers, Firewalls) for transitioning company. We have two environments and those two environments are configured differently. Again for security reasons I can not tell you more details.

Initial Planning: First thing came to my mind is KiwiCat Tools and run a batch update for all the devices. Before actually building the implementation I thought just try the commands in a DR switch. After spending few hours on the commands I figured out there no way to create a read only user.

By default, there are three command levels on the router:

• privilege level 0 — Includes the disable, enable, exit, help, and logout commands.

• privilege level 1 — Normal level on Telnet; includes all user-level commands at the router> prompt.

• privilege level 15 — Includes all enable-level commands at the router# prompt.

If I use privilege level 0 or 1 it will not allow to do any show commands such as #show run or #show config. And if I use privilege level 15 it’s going to be power user. So my research continues… Link below helped me a lot and saved my research time. Also official CCNA Security book, page 123, AAA configuration helped me to understand how this run levels and AAA works in Cisco devices.

http://www.cisco.com/en/US/tech/tk59/technologies_tech_note09186a00800949d5.shtml

My solution: There are two things you can do to out come this problem.

a) Create a new user add a custom run level and specify each exec command this user can run [This is not really what I was looking for]. In this way when the user do a show run it will show only the items/sections that he can modify in exec level.

username john privilege 9 password cisco privilege configure level 8 configure terminal privilege configure level 8 interface

login as the user created in my case its “John” and do a show run.

b) Create a new user and a custom run level and allow Show Configuration command for this user. In this way the user can run show configuration command which is very similar to Show Running-Configuration

username john privilege 9 password cisco privilege exec level 7 show config

login as the user created in my case its “John” and do a show config.

For both methods you need to enable AAA on each device. If you dont understand AAA model please read them at Cisco knowledge base.

aaa new-model aaa authentication login default local aaa authorization exec default local

Note: You can not add Show Running-Configuration in this manner. [Don't ask my why]

Note: If you have specify any privilege levels in line vty’s it will overwrite what ever the values you specified in user level. 

Additional Note: in order to prompt for a user name in all Cisco devices you need to specify it. You could do that by either saying login local or creating an authentication string

Ravindu Denawaka [Bachelor of Network Computing, CCNA, MCSE]

by Gordon Fyodor Lyon (Author)

The book that we all being waiting for. It seems like it has included all the techniques in port scanning and enumeration. You can buy this in Amazon;

http://www.amazon.com/gp/offer-listing/0979958717/ref=dp_olp_new?ie=UTF8&condition=new