I had the same discussion with my child the other day, and I managed to explain about digital off the air and rabbit ear antennas, and the converter; plus since we're still old school, the good old CRT TV.
Now I'm contemplating the absurdity yet logic of a friend's post, "
Friday, February 24, 2012
ICND2 Topic: Access Lists, Standard and Extended
A topic for the practical CCNA Exam, but it is only in the ICND2. This will be discussed in greater detail when the article is more complete. For starters,
Setting up an access list on a brand new Cisco router, here are a few key points to remember:
IMPORTANT: Create the ACL before applying to an interface. An empty ACL applied will permit all traffic.
Access Lists inspect criteria for permit or deny rules based on source address, destination address, protocols, and port numbers. They operate on the principle of inbound rules process packets before routing to outbound.
Special handling required to identify
Checks for the source on entire protocol suite
Standard IP ACL 1 to 99 & 1300 to 1999
Here is an example from Cisco Tests:
access-list 10 deny 172.16.3.10 0.0.0.0
access-list 10 permit any
access-list 10 remark Stop all traffic whose source IP is Bob
Extended Access List
Checks both source and destination address, protocols and port numbers.
Extended IP ACL 100 to 199 & 2000 to 2699
access-list 110 remark Stop Bob to FTP Server and Larry to WWW Server
access-list 110 deny tcp host 172.16.3.10 172.16.1.0 0.0.0.255 eq ftp
access-list 110 deny tcp host 172.16.2.10 host 172.16.1.100 eq www
access-list 110 permit ip any any
Dynamic ACL - telnet
Reflexive ACL - allows outbound, limits inbound. These are defined as a extended by named IP ACL not a numbered one like the standard.
Time based ACL - can be used with standard and extended ACL
usage:
ip access-list standard TROUBLEMAKER
permit ....
deny ....
remark .... a good idea to explain what the rule is for!
HOW TO Apply the IP Access List to an Interface
int eth 0
ip access-group TROUBLEMAKER out
show access-lists
no ip access-list extended
access-list resequence
Removing the Access List
conf t
int eth 0
no ip access-group # in
exit
no access-list #
In a lab setup, you'll have to really trust your neighbors not to lock you out.
Use the host keyword when you are specifying a single machine.
host 172.16.10.2 means the same as 172.16.10.2 0.0.0.0
Use the any keyword to specify 0.0.0.0 255.255.255.255 wild card masking.
Use when you don't care about source or destination addresses because you are filtering on other parameters.
me: access-list 1 permit host 10.10.10.8 (need to permit own wokstartion)
buddy1: access-list 1 permit host 10.0.0.101
buddy2: access-list 1 permit host 10.0.0.106
buddy1: access-list 1 permit 30.3.3.0 0.0.0.255
buddy2: access-list 1 permit host 80.8.8.0 255.255.255.255
How to apply the access-list on a vty interface
usage: access-class 1 in
How to create an IP named standard access-list?
usage: ip access-list standard name
syntax:
access-list [number] [permit or deny] [protocol] [source] [destination] [port]
Setting up an access list on a brand new Cisco router, here are a few key points to remember:
- Implicit deny at the end of access lists; you must permit administrative traffic or you will block yourself out of the router
- Order matters, place the most restrictive rules first, or the more restrictive rules will never get a hit
- Issue one access list per direction or interface
- Standard access lists are placed closest to the destination
- Extended access lists closest to the source, purpose being to eliminate undesirable traffic across network
IMPORTANT: Create the ACL before applying to an interface. An empty ACL applied will permit all traffic.
Access Lists inspect criteria for permit or deny rules based on source address, destination address, protocols, and port numbers. They operate on the principle of inbound rules process packets before routing to outbound.
Special handling required to identify
- type of traffic to be encrypted on VPN
- identify a router
- route filtering, which route to include in updates
- policy based routing
- NAT
Checks for the source on entire protocol suite
Standard IP ACL 1 to 99 & 1300 to 1999
Here is an example from Cisco Tests:
access-list 10 deny 172.16.3.10 0.0.0.0
access-list 10 permit any
access-list 10 remark Stop all traffic whose source IP is Bob
Extended Access List
Checks both source and destination address, protocols and port numbers.
Extended IP ACL 100 to 199 & 2000 to 2699
access-list 110 remark Stop Bob to FTP Server and Larry to WWW Server
access-list 110 deny tcp host 172.16.3.10 172.16.1.0 0.0.0.255 eq ftp
access-list 110 deny tcp host 172.16.2.10 host 172.16.1.100 eq www
access-list 110 permit ip any any
Dynamic ACL - telnet
Reflexive ACL - allows outbound, limits inbound. These are defined as a extended by named IP ACL not a numbered one like the standard.
Time based ACL - can be used with standard and extended ACL
usage:
ip access-list standard TROUBLEMAKER
permit ....
deny ....
remark .... a good idea to explain what the rule is for!
HOW TO Apply the IP Access List to an Interface
int eth 0
ip access-group TROUBLEMAKER out
show access-lists
no ip access-list extended
access-list resequence
Removing the Access List
conf t
int eth 0
no ip access-group # in
exit
no access-list #
In a lab setup, you'll have to really trust your neighbors not to lock you out.
Use the host keyword when you are specifying a single machine.
host 172.16.10.2 means the same as 172.16.10.2 0.0.0.0
Use the any keyword to specify 0.0.0.0 255.255.255.255 wild card masking.
Use when you don't care about source or destination addresses because you are filtering on other parameters.
me: access-list 1 permit host 10.10.10.8 (need to permit own wokstartion)
buddy1: access-list 1 permit host 10.0.0.101
buddy2: access-list 1 permit host 10.0.0.106
buddy1: access-list 1 permit 30.3.3.0 0.0.0.255
buddy2: access-list 1 permit host 80.8.8.0 255.255.255.255
How to apply the access-list on a vty interface
usage: access-class 1 in
How to create an IP named standard access-list?
usage: ip access-list standard name
syntax:
access-list [number] [permit or deny] [protocol] [source] [destination] [port]
Cyber Defense Engineering Rant
I read up on some recent SANS White papers and a topic caught my eye, toting the weakness of Defense in Depth Alright, I'm taking notes. Companies spend millions of dollars on ITS and they are still getting hacked, well the ones worth hacking into anyway. Sony PS3 customer credit card data, Citibank, US military drones, like really run targets! So what are some alternatives, what are the weaknesses and strengths of technologies today?
The author seems to promote the fact that Defense in Depth is not employed properly by governments and IT departments doing IT Security and Cyber Defence. The Layered defense approach works for the physical and kinetic world (as they call earth). Even an armed intruder cannot walk through walls of fire (clever). However all kinds of cyber threats can be "encapsulated" and shift silently through one layer to the next, both OSI Layer and Layers of Security I presume. Frequency of attack is increasing, and skill level required for success attack is decreasing. IT departments have limited people, process and technology. Hackers can launch attacks as effectively and quickly overseas as next door with limitless power, process and technology. Actions cross international boundaries and legal jurisdictions.
Analogies of common approaches
1) Fire prevention - more like the use of a fire extinguisher or incident handling when an intrusion occurs
2) Nuclear Energy - the core is highly reactive. Clarification please?
3) Engineering - many redundancies built in, failover and contingency plans
4) Online gaming - chance encounters, attack by attrition, using up resources until they're gone
Defense in Breadth was a complementary initiative, involving multiple vendors not competing but rather collaborating. Perhaps something as simple as preventing the attackers from getting back out the internet with the stolen sensitive electronic information. Threat detection, intrusion detection, network baseline monitoring, anomalous behaviour tracking.
Cyber Siege Defense sounds cool but I couldn't quite capture it in notes. Rather I got out of it one really good idea about Managing the Attacker with strategies like
1) Understand the mindset and motivation
2) Feed false information by setting up honeypots or false data
3) Increase the attackers level of effort
4) Drive up their costs, combine defensive technologies to increase complexity
5) Deprive the profits they seek
6) Damage their reputation
What does this all mean? The whole point I got out of it was rather dismal, the hackers know everything that is commercially available and it's weaknesses. Some professionals have to take the SANS course to even learn what the weaknesses are. How do you know that hackers aren't on the same course and laughing at everyone in the back of the room?
Now it's too late, you're already under attack. I found some notebook ideas here useful for incident handling on Windows anyway. Here's a link to a CIRT Whitepaper. Well that is SAN safe link, but how do you know it's really safe, and it's not downloading malicious code? That's what I mean that the weakest security is the OSI Layer 8, the Between Chair and Monitor Error, desktop USER.
More fuel to the fire that IT Security is defenceless... even CEO's agree.
The author seems to promote the fact that Defense in Depth is not employed properly by governments and IT departments doing IT Security and Cyber Defence. The Layered defense approach works for the physical and kinetic world (as they call earth). Even an armed intruder cannot walk through walls of fire (clever). However all kinds of cyber threats can be "encapsulated" and shift silently through one layer to the next, both OSI Layer and Layers of Security I presume. Frequency of attack is increasing, and skill level required for success attack is decreasing. IT departments have limited people, process and technology. Hackers can launch attacks as effectively and quickly overseas as next door with limitless power, process and technology. Actions cross international boundaries and legal jurisdictions.
Analogies of common approaches
1) Fire prevention - more like the use of a fire extinguisher or incident handling when an intrusion occurs
2) Nuclear Energy - the core is highly reactive. Clarification please?
3) Engineering - many redundancies built in, failover and contingency plans
4) Online gaming - chance encounters, attack by attrition, using up resources until they're gone
Defense in Breadth was a complementary initiative, involving multiple vendors not competing but rather collaborating. Perhaps something as simple as preventing the attackers from getting back out the internet with the stolen sensitive electronic information. Threat detection, intrusion detection, network baseline monitoring, anomalous behaviour tracking.
Cyber Siege Defense sounds cool but I couldn't quite capture it in notes. Rather I got out of it one really good idea about Managing the Attacker with strategies like
1) Understand the mindset and motivation
2) Feed false information by setting up honeypots or false data
3) Increase the attackers level of effort
4) Drive up their costs, combine defensive technologies to increase complexity
5) Deprive the profits they seek
6) Damage their reputation
What does this all mean? The whole point I got out of it was rather dismal, the hackers know everything that is commercially available and it's weaknesses. Some professionals have to take the SANS course to even learn what the weaknesses are. How do you know that hackers aren't on the same course and laughing at everyone in the back of the room?
Now it's too late, you're already under attack. I found some notebook ideas here useful for incident handling on Windows anyway. Here's a link to a CIRT Whitepaper. Well that is SAN safe link, but how do you know it's really safe, and it's not downloading malicious code? That's what I mean that the weakest security is the OSI Layer 8, the Between Chair and Monitor Error, desktop USER.
More fuel to the fire that IT Security is defenceless... even CEO's agree.
Thursday, February 23, 2012
Career Choices 101
Reitman's a women's clothing line for everyday wear has a catchy advertising tagline, "You have a job evaluation everyday" and there's a poster size image of a woman dressed in a business suit looking ready for a job interview. Well obviously you have to be qualified for the job, well in some jobs looks are part of the qualifications!
 |
| Boothbabe |
Wikipedia has an interesting article on "promotional models". The caption for this photo indicates that the woman is a "booth babe" at a defense industry trade show. (Not the fat dude in combats) Well maybe but what if she was an HR Rep for the company, or even an Engineering Manager. I've never heard of that word before but then again, how many defense industry trade shows have I been too.
For some jobs, good looks are implied - Flight Attendant, Supermodel, etc. Looked at recent job postings where they specifically noted looks as a requirement. A Swedish hospital posted a hiring ad looking for Hot Looking Nurses, a hiring campaign that was well received. You still had to have a nursing degree and job related qualifications to apply.
There are alot of google search results for Import Car Model or how to become an import car model. The general opinion was that most import car models were asian, and I didn't realize that because I thought a requirement was actually being naturally blonde and tall. Turns out I'm wrong, the hottest import car model in Canada is Steph Ly, I was suprised to learn is the sister of a childhood friend who studied accounting and moved on to life in/on fast cars. It was tough to find a webpage that was not blocked by the firewall at work. Another popular asian model is Min Hee Hwang from South Korea. They call her the race queen so I thought she was a race car driver like Danica Patrick.. but drivers are usually in the drivers seat right? There aren't nearly as many photos or web posts dedicated to her (in English). I would categorize her look as classic authentic beauty, stoic, with Japanime-qualities, but not like Kat von D hot. But what do I know. I like looking at the cars in TunerZine.com; I learned alot about my new car featured this month actually, newer Toyota Prius, and the Engineering features behind that. I finally clicked Model because I was looking for a new car. Well anyway they weren't talking about a model number for a car... so that's how this whole article got started.
Whatever career you choose though, make sure it is something you are passionate about. Engineering is a broad field that starts out with Electrical, Mechanical, Chemical, Civil and then they start branching off into various specialties like Aerospace, Environmental, Bio Medical, Bio Mechanical, Process, Manufacturing, Geomatics, Computer and so on. Automobile Engineer, design the fastest and sexiest car on the planet! Personally I wish I had chosen Mining Engineering instead, to look for all those sparkly diamonds!
So are there good looking girls and boys in Engineering? Yah a few for sure. I read a cartoon before that touched on this issue. There's a girl sitting at a desk between two guys. The guy on the left leans over and says "Being a girl in engineering, your odds are good." She looks over at the guy on the right and says "The odds are good, but the goods are odd." I did a google search on "engineers good looking" and it's funny there are not too many photos of people but just machines. Now that's funny.
 |
| Big Bang Theory - Howard Walowitz the Engineer. |
Subscribe to:
Posts (Atom)