Skip to Content

Adam's blog

IE Vulnerability

Microsoft announced they have a zero day vulnerability in versions 6, 7, and 8 of their famed browser. The majority of people use a combination of other browsers, but for everyone out there that prefer IE and throw caution to the wind, here's what you need to know. 

The vulnerability exists because some embedded feature that can be accessed in a certain way allows an attacker to execute arbitrary code (a.k.a. load viruses on your computer) and do their thing. If you are running recent versions of IE, stay away from questionable sites and don't click on spam email until Microsoft releases their patch for it. 

Mobile VPN Magic: Netmotion Mobility XE

If you have ever been in a position of having to support a mobile workforce, you have most likely been in a position of having to troubleshoot VPNs of one form or another.  This could involve tense phone calls with a VP while they are on a business trip and can't connect to get the presentation they need (why they didn't just copy it to the laptop in the first place, don't ask, because they never do). 

Connectivity options run the gamut. IPSEC VPNs were the standard years ago, however SSL moved in and seems to be the most popular of connectivity options that I've seen in recent years. There are also a wide variety of vendors that all offer pretty much the same thing, server software, client software, and then various authentication options. This is pretty much true for most vendors except for one, Netmotion Wireless

Tesla Motors Opens Their First Major Factory

I know this is way off the standard topic list, but I couldn't help myself, I like cool cars. Tesla Motors is a budding car company that aims to manufacture electric vehicles. If you haven't heard about them, check out their website.


Cisco Works Vulnerability

Cisco released a security advisory late last week announcing a vulnerability in their management software, Cisco Works Common Services. Common Services is the core Cisco Works application that takes care of the common database and other data that is shared between all of the Cisco Works applications.  If you are running a relatively recent installation of any Cisco Works installation, including Cisco Security Manager (CSM), Telepresence Manager, or QoS Policy Manager (QPM),  you most likely have a vulnerable version running. 

Here's a synopsis of the vulnerability, take a quick look at your version to see if you are at risk: 

Versions affected: The announcement says Common Services version 3.05 and newer are vulnerable. Earlier releases and the 4.0 release are not vulnerable. 

GLBP Authentication

If you have any type of redundancy protocol running on your network without authentication configured (especially on client subnets), you really should implement some simple security. When GLBP was first implemented in Cisco's routers, if authentication was even available it was in plain text. Since then, the addition of MD5 key-strings and key-chains has enabled engineers to ensure some level of security without simple, plain text passwords. 

How to configure GLBP

So, you might be asking how to configure GLBP. If you already have two routers on the same subnet with GLBP configured, their interface configurations might look something like this:

Defend the city!

The Cisco SLM2008 switch Jeremy talked about is cool and all, but does it help you defend the city?
Introducing the  Cisco SG 300-10 10-Port Gigabit Managed Switch. According to Amazon's description, not only does it aid in defending the city, it also will help you "find and defeat new Doom Syndicate enemies, including Megamind's re-programmed Brainbots!" 

Say Goodbye to CCVP and CCSP

Kiss the CCSP and CCVP titles goodbye. Cisco recently announced that the track specific professional certification exams are going to be changing their names. No more CCSP, it is now the CCNP Security. Same with the CCVP, it's now the CCNP Voice. Throw in the CCNP Service Provider Operations and CCNP Wireless, and you have yourself a plethora of professional tracks. 

The previous exam versions are still available for those of you out there who are halfway through completing the current Security and Voice tracks. Beginning next year, you'll start to see the current voice and security exams be replaced by updated versions. 

Virtual Port Channels

Probably one of the coolest features of Cisco's NX-OS is the ability to create a port channel between 3 different switches. This is called a Virtual Port Channel, or vPC. This completely eliminates spanning-tree from the picture when links fail, because the two switches participating in the vPC simply work it out between themselves when links fail. 

There are several steps that are needed to configure a vPC, such as having the feature enabled in NX-OS and setting up your peer link, but aside from that the port channel configuration looks nearly identical to a typical port channel. To simplify things, we will assume there are two Nexus switches already in place with management interfaces and only the default VDC configured. Each of these Nexus switches have ethernet ports 1 and 2 connected to a single 6509 access switch.

Windows 7 on your iPhone, part 2

parallels_ss1.jpg

About a week ago I mentioned the new version of Parallels was out and I had finally upgraded. The key feature that caught my eye was that you can access Windows 7 apps on your iPhone. So, here's a quick status update...

Parallels 6 for Mac

I can easily say that the upgrade was worth while. The speed increase in Windows 7 is phenomenal. In fact, I can launch firefox in my VM and firefox in my native Mac OS X, and it's a pretty close tie. It's still not as good as running 7 on a dedicated system, but for a Core 2 Duo laptop with 4Gb RAM, it's pretty sweet!

New HP Certification Tracks

certification

HP has launched a new certification program that focuses on converged infrastructure called ExpertONE. HP is stating in their press release that, "HP ExpertONE is the first program that trains professionals in the design, deployment and operation of open, standards-based networks and Converged Infrastructure." I'm assuming they mean this is HP's first program when they say the first program that trains networks and CI. I'm pretty sure other certification programs have been talking about convergence for years.

Cisco RELOAD IN Command

command_line_crypto.jpg

I'm sure many of you out there have used this command, but for anyone who hasn't, this can save you some drive time. If you are performing work on a Cisco device that is remote and there is a risk that the changes you make may cause the device or your connection to the device to fail, there is a command you can issue before making your changes that can save you.

Reload in <time>

This command effectively issues the reload command after whatever duration of time you specify. For example, if you are performing work on a remote site router that could take the WAN interface down, issue “reload in 20” to reload the router in twenty minutes. The amount of time you use is completely up to you. If you have your change scripted out and it will take 20 seconds to paste it in, you might want to type reload in 5 to give yourself a five minutes to complete the change. 

Cisco ACE Checkpoint Command

Typically with Cisco platforms, if you make a change that doesn’t work the way you intended, you may have to reboot the device you changed to properly restore the configuration to a working state. This is not the case with Cisco ACE modules. Prior to making a change, create a configuration checkpoint using the following command: 

# Checkpoint create <name>


To verify that the checkpoint is saved, issue the following command to see a list of the checkpoints on the context: 

# Show checkpoint all 

If you run into a problem after making some changes, you can rollback to a previous, known-good state: 

Online Investors Beware

cash_pile.JPG

I'm currently running a full system scan with my various anti-bad-stuff scanners to make sure my computers haven't been turned into mindless botnet zombies after reading Computerworld's most recent report. The word is that botnet gangs have turned their greedy gaze toward online investment accounts to help them fund their efforts. If you want some suggestions on how to defend yourself, read on.

How does this work?

Posing as LinkedIn emails, unsuspecting users who click on the links are sent to malicious sites that pose as the real sites. While viewing the bogus site, unpatched Windows machines can be pwnd. It sounds like a stretch, but there really are people that click on those links who have not run windows update in a while and also don't have any antivirus applications installed. 

How to Build an Empire

Ever wonder how Cisco recommends you build an enterprise network? If you've studied for nearly any of their exams over the past few years, you've likely read about SONA, IIN, and the Enterprise Composite Network Model. All good things, but you might still be asking how do you actually build that stuff?

Well, someone at Cisco can read your thoughts and decided to give you a crash course on building an enterprise network in the form of the Small Enterprise Design Profile Reference Guide (a mouth full). This reference guide, available in a 20Mb PDF, has diagrams, pictures, configuration script examples, nearly everything except for the equipment and power cables to get a network built. 

50TB of SSD yields 4X performance boost

A report over at Computerworld tells of AOL's recent million dollar installation of a 50TB SAN made up of Solid State Disks (SSD). AOL made this investment because they found their backend fibre channel solution wasn't keeping up with the demand of their front end systems, which was causing them to miss their internal SLAs. The system can get about 250,000 IOPS, or I/Os Per Second, which is a lot faster in comparison to a standard desktop hard disk which may get a few hundred.

Syndicate content


Dr. Radut