I have recently had the chance to read the new Cisco Press book PKI Uncovered: Certificate-Based Security Solutions for Next-Generation Networks by Andrew Karamanian, Srinivas Tenneti, and Francois Dessart. I will admit that Public Key Infrastructure (PKI) has been something of a double sided sword for me for some time. I know that PKI is important for securing network resources, but I have also had the belief that certificate based security was a royal pain to implement.
This book took me through the basics of PKI in a manner that made a lot of concepts seem less complicated than I had made them out to be. The step by step explanations of setting up PKI in a Cisco IOS world were well designed and presented. Later on in the book the authors proceeded into more complex real world examples of VPNs and 802.1x scenarios based on the building blocks from the beginning of the book. I am definitely going to keep this book on my quick reference shelf as I move forward with 802.1x and WPA2-Enterprise in my network.
Subscribe To
Posts
All Comments
Thursday, March 17, 2011
Friday, February 25, 2011
Microsoft Clustering and Ping
We often take the venerable ping utility for granted. Simply tell it what to ping and it does it. When you're in a Microsoft cluster environment though you might not get what you really wanted.
Let's say that you're testing a firewall rule for a particular cluster IP address. If you start to ping from any of the cluster nodes, you will actually ping from that node's IP address. This obviously won't test the firewall rule correctly. Instead you want to ping from the cluster's IP address. To do this you just need to look at the command line options for ping.
So from looking over this list it looks like -S will save the day which it will. By using ping -S <sourceIP> <dstIP> you can ping any host from the cluster's virtual IP.
Let's say that you're testing a firewall rule for a particular cluster IP address. If you start to ping from any of the cluster nodes, you will actually ping from that node's IP address. This obviously won't test the firewall rule correctly. Instead you want to ping from the cluster's IP address. To do this you just need to look at the command line options for ping.
C:\Users\storyb.000>ping -? Usage: ping [-t] [-a] [-n count] [-l size] [-f] [-i TTL] [-v TOS] [-r count] [-s count] [[-j host-list] | [-k host-list]] [-w timeout] [-R] [-S srcaddr] [-4] [-6] target_name Options: -t Ping the specified host until stopped. To see statistics and continue - type Control-Break; To stop - type Control-C. -a Resolve addresses to hostnames. -n count Number of echo requests to send. -l size Send buffer size. -f Set Don't Fragment flag in packet (IPv4-only). -i TTL Time To Live. -v TOS Type Of Service (IPv4-only. This setting has been deprecated and has no effect on the type of service field in the IP Head er). -r count Record route for count hops (IPv4-only). -s count Timestamp for count hops (IPv4-only). -j host-list Loose source route along host-list (IPv4-only). -k host-list Strict source route along host-list (IPv4-only). -w timeout Timeout in milliseconds to wait for each reply. -R Use routing header to test reverse route also (IPv6-only). -S srcaddr Source address to use. -4 Force using IPv4. -6 Force using IPv6.
So from looking over this list it looks like -S will save the day which it will. By using ping -S <sourceIP> <dstIP> you can ping any host from the cluster's virtual IP.
Friday, February 11, 2011
Petition Cisco for Educational IOS
Greg over at Ethereal Mind has reposted his petition to Cisco to have them add educational versions of IOS. The idea is to have something that is full featured, but performance crippled so that people can learn IOS without a large outlay in cash or having to use less than legal means to acquire IOS images. Please take a look and sign the petition.
Subscribe to:
Comments (Atom)