open remote desktop "mstsc.exe", select options, select options, go to "local resources" select "more", check drives. When you connect they'll show up in explorer, sheesh, what's wrong with that?
1) you're a home user
2) you don't have to worry about layer 2 considerations other than gigabit or FE(wireless has other considerations, read a book).
3) If you can measure the 1-2MS(IF ANY) delay by having a large 2 topology, then you're a better man than me and waaaaaaaaay more...
http://www.ipdeny.com/ipblocks/
...so, no, no state by state deny. IPv6 will change everything, I believe we'll rely heavily, or completely, on DNS. So that is another vote for, maybe.
I read the N+ book , didn't take the test, it seemed pretty stupid. Then I took a CCNA bootcamp, passed the CCNA and have been moving on from there. I have Bluecoat, Linux and most of the CCSP finished.
Don't waste your time on taking the N+, it's a good simple book that get's you into it...
if by cheesy you mean SOHO/remote spoke/small business, then sure.
You can terminate a VPN tunnel on a lot of devices (plent of them are free) OTP(one time pass) tokens are the hangup, as previously mentioned. No way arund that other than taking a step down. I suggest disabling aggressive...
in PIX/ASA 7+ you can get the pre shared secrets rather simply, and without tftp. "more system:running-config". That's copy/pastable into a new box, just make sure when you copy/paste configs that the new box has no configuration on it, "write erase" then "reload" to make sure.
I couldn't find a specific length in the RFC, but considering that GET requests sent to (explicit)proxies contain URL's and URL's can be 255 bytes or longer, then no, 32 bytes for a GET request can't be right. Hope that helps... :)
Don't be so quick, guys...There are published exploits for guests that affect the host computer. That means that something that happens on the VM machine can affect the host machine, VMware is not a security measure, it's a tool.
The NSA approved (voted) on the algorithm, I'm sure there is some mathmatical weakness. Not enough to put it at our level of brute force cracking, but I'm sure there is a hardware based cracker (custom silicon) or a supercomputer. OS profiling can cut the number of possible "random" keys down...
to go anywhere, anywhere at all, in the networking world requires you to subnet in your head on the fly. Don't do boolean algebra with bits, just use the magic number and you'll figure it all out. If you don't understand subnetting, you won't get far at all.
My only real problem with AES is that it was approved by the NSA, which has a history of creating backdoors. I'm not saying there is a backdoor, that'd be too obvious. I'm just saying that the NSA employs the most amount of mathematicians of any organization. If there is a weekness that can...
read up on AES. It's susceptible to timing and side channel attacks, reducing effective bit strength to something we can still manage with supercomputers, and who knows how long that type of power will be out of reach of the average interested party. I see encryption like this, how long will...
password recovery: http://www.cisco.com/warp/public/110/34.shtml
if you don't need to do a recovery, the just change the password like the guy said above me.
truecrypt gives full drive encryption, I know because I use it. With a decent cpu (mine is T9500) and using serpent for encryption I get only a bit of slowdown. I'd recommend that.
the routes are injected by the split tunnel access-list. without specifics we can't help you. Specifics like vpn configuration, or just connecting to the vpn and checking your routing table, the acl on the outside, like startrek4u mentioned. There are quite a few different ways of doing...
what type of tunnel is it, client or L2L? If it's a client tunnel, and you're running windows, go to the command prompt and type "route print" and see if the boxes you're trying to connect to are contained in the networks that are routing to your virtual VPN interface. You can't ask general...
yes, you will. do a "route print" at the cmd and check out the routes, those were injected by the vpnclient and define "interesting traffic" thats routed to your vpn adapter ip (virtual) and then put into the tunnel (with UDP headers slapped around the ESP packet, usually). If they have the...
100 Mb ethernet = 8MB/s throughput (actual)
1000 Mb ethernet = 80MB/s throughput (actual)
that's with tcp/ip overhead
harddrives get 40-100+ MB/s
a decent hard drive will saturate a 100Mb FA link easily.
depending on the hardware version, PIX can run ver. 7+, which means it works just like an ASA, except without the AIP-SSM. Look at the PIX wiki to see which versions support which, you want a PIX that can support 7+ and have an unrestricted license
Hire a consultant.
or
Create a hub and spoke with the HQ (hopefully cisco) terminating all the L2L tunnel's. At the sites that don't have cisco routers to terminate the vpn tunnels, just use a linux box with openswan, it's pretty easy. Draw it out, lab it up and do it.
http://www.cisco.com/univercd/home/home.htm
select security. Read up on the ASA (adaptive security algorithm), PIX/ASA is far from you average IOS device. You need to know how it processes traffic to configure it. The Modular Policy Framework is really what makes it shine, have fun!
oh, woops, I didn't realize that the server inside was listening on https. Other than that, I don't know, I bet the server isn't allowing connections from outside IP's. do a "show access-list outside-to-inside" to see if you can increment hits. All you need is a static and an ACL and the pix...
no static (inside,outside) tcp interface https 192.168.1.152 https netmask 255.255.255.255 0 0
static (inside,outside) tcp interface https 192.168.1.152 ssh netmask 255.255.255.255 0 0
you original acl was correct, the one right above my post is wrong. You want to allow https from any to...
They're asking for either penetration testing or results from a vulnerbaility scanner, it seems. Since you don't have a vulnerability scanner and have never done a penn test, then the answer would be "No". Now it seems that you're going to host this somewhere other than your own network, I'd...
http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a008067e9f9.shtml#maintask2
it's at the bottom, if it's 7.x to 7.x you should just specify which image to boot and then write memory and reload. If it's 6.x to 7.x, it has to redo the entire flashfs, so just wr...
ok, so it looks like VTI's must be associated with VRF's, that's pretty interesting, earlier IOS' wouldn't associate tunnel interfaces with VRF instances. So, I'd create a vrf instance, set the routes and NAT's if you need them and build the tunnel(s). debug isakmp, ipsec and icmp for testing...
Does the pix have a real IP? If so, just make a static NAT for TCP 3389 for the outside interface and have it point at the IP address on the inside, the address the ACL applied to your outside interface.
ok, Tunnel interfaces will still spit out GRE packets, you control traffic going into them with ip route statements. Route traffic into the tunnel interface, and GRE packets will come out and follow the route to the other endpoint. This looks like GRE over IPSEC with traffic shaping, very...
oh, and one more thing, the "tunnel interface" doesn't exist for VPN connections, tunnel interfaces are for GRE. To make sure a VPN is up issue a: sh crypto isakmp sa command and look for QM_IDLE, then issue sh crypto ipsec sa and look for packet encaps and decaps. Oh, and make sure you have...
#1 you don't have the crypto map applied to an interface. **oh snap, i didn't see it, my bad**
#2 your isakmp key is wrong, you need the other termination point IP address
#3 (this wont' stop your tunnels, but it's irritating...) your phase 2 acl's overlap, ICMP is part of IP, take the ICMP...