Skip to Content

November 2010

Cisco Works Vulnerability

Cisco released a security advisory late last week announcing a vulnerability in their management software, Cisco Works Common Services. Common Services is the core Cisco Works application that takes care of the common database and other data that is shared between all of the Cisco Works applications.  If you are running a relatively recent installation of any Cisco Works installation, including Cisco Security Manager (CSM), Telepresence Manager, or QoS Policy Manager (QPM),  you most likely have a vulnerable version running. 

Here's a synopsis of the vulnerability, take a quick look at your version to see if you are at risk: 

Versions affected: The announcement says Common Services version 3.05 and newer are vulnerable. Earlier releases and the 4.0 release are not vulnerable. 

Tesla Motors Opens Their First Major Factory

I know this is way off the standard topic list, but I couldn't help myself, I like cool cars. Tesla Motors is a budding car company that aims to manufacture electric vehicles. If you haven't heard about them, check out their website.


Mobile VPN Magic: Netmotion Mobility XE

If you have ever been in a position of having to support a mobile workforce, you have most likely been in a position of having to troubleshoot VPNs of one form or another.  This could involve tense phone calls with a VP while they are on a business trip and can't connect to get the presentation they need (why they didn't just copy it to the laptop in the first place, don't ask, because they never do). 

Connectivity options run the gamut. IPSEC VPNs were the standard years ago, however SSL moved in and seems to be the most popular of connectivity options that I've seen in recent years. There are also a wide variety of vendors that all offer pretty much the same thing, server software, client software, and then various authentication options. This is pretty much true for most vendors except for one, Netmotion Wireless

CCIE Voice Superstar

Mark Holloway, a friend of mine that I met at the Phoenix Cisco User Group (when it was alive), has just obtained his CCIE Voice!Amazing accomplishment.

He has a fantastic blog for anything related to VoIP/Cisco Voice - you might add this to your favorites list:

http://www.markholloway.com/blog/

IE Vulnerability

Microsoft announced they have a zero day vulnerability in versions 6, 7, and 8 of their famed browser. The majority of people use a combination of other browsers, but for everyone out there that prefer IE and throw caution to the wind, here's what you need to know. 

The vulnerability exists because some embedded feature that can be accessed in a certain way allows an attacker to execute arbitrary code (a.k.a. load viruses on your computer) and do their thing. If you are running recent versions of IE, stay away from questionable sites and don't click on spam email until Microsoft releases their patch for it. 

Clean up those firewall cobwebs

Stumbled upon an interesting article over on Tufin's blog that talks about cleaning up old firewall rulebases. If you manage a firewall for a larger organization, you are most likely accustomed to receiving frequent requests to modify it. In very large organizations, this typically involves an approval process, which might help keep approved requests in line with corporate policy, but doesn't mean the actual implementation of the rules are clean and not duplicated. 

PRTGping.png

PRTGping.png

Using PRTG with GNS3


PRTGping
So, I came across a blog entry at GNS3.net called Using MRTG with GNS3. This got me thinking, "if MRTG works with GNS3, then PRTG should as well." Really, any tool that you can run on your network should be able to access your virtual network. So, I ventured forth to test out my hypothesis and here are the results.

Install GNS3

The first step is to have a working version of GNS3. I would recommend if you are going to try this, get the latest version as there are a ton of features and enhancements that weren't there a year ago. 

Input Director

If you have multiple computers that have their own monitors, are on the same network and you want to control them all from one keyboard and mouse - you have got to check out Input Director.

The setup process for this application is really simple. You install it on the main computer and set it up as the "master" computer. Then you install it on other computers you want to control (preferably they are right next to each other), and you configure those systems as "slave" computers. There are a lot of settings and options you can change, but basically when you slide the mouse cursor to the edge of one computer's screen, it shows up on the next computer's screen with a little water splash animation. You can fully control the remote (slave) computer with the main (master) computer's keyboard and mouse, and it's fast. I haven't noticed any degraded performance as a result of using this tool on my systems.

Earnings Reports and Pepto

Whenever I think of the stock market, I picture of a bunch of rich old men in a suits standing around arguing about how much more money one has than the other and gambling on senseless things. Ever see that movie Rat Race?

Yesterday, Cisco's stock (CSCO) took a dive after a weak forecast during their earnings report. What does that mean? To me, it means share holders are upset because they were expecting to be more rich than they will be, so they retaliated by taking their ball and going home. Nothing new there.

For the rest of us though, there will still be networks to design, routers to configure, and problems to troubleshoot. Leave the jacuzzi filled with pepto for the weird ones.

Certification Vouchers

dollar_sign

What's that you say? You pay full price when you take a certification exam? Oh, no no no, this just wont do. If you are planning on taking taking a certification exam and you are used to paying full price, let me introduce you to the voucher.

Since most IT certification exams (i.e. Cisco, Microsoft, CompTIA) are taken from third party test centers, such as Pearson Vue and Prometric, there are opportunities to pay for exams ahead of time using a voucher system. The voucher is simply a string of text you copy from an email and paste into the purchase form which will either remove some of the price or completely pay for the exam. This is similar to coupon codes for online stores, except you pay for the voucher and then that covers some or all of the cost of the exam.

Juniper is Jumping in to the mix

Juniper announced yesterday that they will be closing the deal with Belden to acquire Trapeze Networks, a Belden brand of wireless products. This fills a gaping hole in Juniper's product offering since they have just about everything else to offer in the enterprise space. With the acquisition Juniper will have a ton of patents on wireless technologies and a decent offering of WLAN controllers, Access Points, and Wireless management systems. 

Cisco 3750 switches get some needed attention

If you have ever setup a stack of Cisco 3750 switches and thought the StackWise feature could use some improvement, well Cisco read your mind. At least that is what I thought when I first laid eyes on the 3750-X switches. Finally, dual power supplies that are hot swappable and a cool feature called StackPower that saves the day when both power supplies fail!

For those of you who haven't heard of StackWise, it is basically a feature that Cisco has offered with some of their access-layer ethernet switches and blade server switches which allows several switches connected together with special cables to be managed as if they are a single switch. This means a server connected to a port on switch 1 can talk to a server on switch 2 without ever leaving the switch stack. Plus there is an added bonus of one IP address and system to manage instead of however many switches are in your stack.

Tekcert on Facebook

Tekcert.com has a Facebook page! For all of you out there that wanted to post a comment that was about the site or directed to Jeremy about how awesome his CBT Nuggets are, you now have a place to drop us a line. The wall is open to everyone, so have at it!

Also, if you didn't see the icon on the bottom of the page, Tekcert is on Twitter too! There's usually a tweet every time a blog post is made and when other updates to the site are made. 


Follow tekcert on Twitter

Feel free to pick your favorite social media avenue to tell us about your latest certification, give us a heads up about something on the site, or simply say hello. And definitely keep the comments coming on the site, they're great!

Nexus 7K Training

For those of you lucky enough to have one of these sweet boxes, you'll quickly find things are not quite the same as the good ol' IOS. Someone emailed me a fantastic link where you'll find some quick, to the point training/documentation on the new Nexus platform.

Gentle Reminders: Why I Love Working in Cisco

CPIX001# sh ver

Cisco PIX Security Appliance Software Version 7.1(2)
Device Manager Version 5.1(2)

Compiled on Tue 14-Mar-06 17:00 by dalecki
System image file is "flash:/pix712.bin"
Config file at boot was "startup-config"

CPIX001 up 2 years 171 days

Hardware:   PIX-515E, 64 MB RAM, CPU Pentium II 433 MHz

...hang on, I have to go reboot my Windows server again...

Free CCIE Training Videos

The team over at Internetwork Experts (INE) has assembled a great set of free training videos that cover a wide range of topics, available via this link:

http://www.ine.com/free-ccie-vseminar.htm

Their latest and greatest will cover LDAP Synchronization and Authentication in Unified Communications and will be broadcast on Dec 14. Sign up if you want to watch it when it's first broadcast, or if you wait, it will probably be posted on that page like the others.

Also, if you haven't given it a try yet, check out the free 60 minute login over at CBT Nuggets:

https://secure.cbtnuggets.com/trial

Tip of the Day: SHOW PROCESS CPU

The show process cpu command can be really useful if you know what to look for. First and foremost, you've got to create the following alias to help filter the output:

Router(config)#alias exec proc show proc cpu | ex 0.00%__0.00%__0.00%

(that would be two underscores between the 0.00%). This allows you type "proc" and eliminate all of the idle processes. So, here's a sample output from a live router:



by Dr. Radut