Windows IIS server hardening checklist

General
Accounts
Files and Directories
Shares
Ports
Registry
Auditing and Logging
Sites and Virtual Directories
Script Mappings
ISAPI Filters
IIS Metabase
Server Certificates
Machine.config



Windows IIS server hardening checklist

General

Do not connect an IIS Server to the Internet until it is fully hardened.

Place the server in a physically secure location.

Do not install the IIS server on a domain controller.

Do not install a printer.

Use two network interfaces in the server -- one for admin and one for the network.

Install service packs, patches and hot fixes.

Run IISLockdown run on the server.

Install and configure URLScan.

Secure remote administration of the server and configure for encryption, low session time-outs and account lockouts.

Disable unnecessary Windows services.

Ensure services are running with least-privileged accounts.

Disable FTP, SMTP and NNTP services if they are not required.

Disable Telnet service.

Disable ASP.NET state service if not used by your applications.

Disable webDAV if not used by the application, or secure it if it is required. (See How To: Create a secure webDAV Publishing Directory at support.microsoft.com.)

Do not install Data Access Components unless specifically needed.

Do not install the HTML version of the Internet Services Manager.

Do not install the MS Index Server unless required.

Do not install the MS FrontPage Server extensions unless required.

Harden TCP/IP stack.

Disable NetBIOS and SMB (closing ports 137, 138, 139 and 445).

Reconfigure Recycle Bin and Page file system data policies.

Secure CMOS settings.

Secure physical media (floppy drive, CD-ROM drive and so on).

Windows IIS server hardening checklist

Accounts

Remove unused accounts from the server.

Disable Windows Guest account.

Rename Administrator account and set a strong password.

Disable IUSR_MACHINE account if it is not used by the application.

Create a custom least-privileged anonymous account if applications require anonymous access.

Do not give the anonymous account write access to Web content directories or allow it to execute command-line tools.

If you host multiple Web applications, configure a separate anonymous user account for each one.

Configure ASP.NET process account for least privilege. (This only applies if you are not using the default ASP.NET account, which is a least-privileged account.)

Enforce strong account and password policies for the server.

Restrict remote logons. (The "Access this computer from the network" user-right is removed from the Everyone group.)

Do not share accounts among administrators.

Disable Null sessions (anonymous logons).

Require approval for account delegation.

Do not allow users and administrators to share accounts.

Do not create more than two accounts in the Administrators group.

Require administrators to log on locally or secure the remote administration solution.


Windows IIS server hardening checklist

Files and Directories

Use multiple disks or partition volumes and do not install the Web server home directory on the same volume as the operating system folders.

Contain files and directories on NTFS volumes.

Put Web site content on a non-system NTFS volume.

Create a new site and disable the default site.

Put log files on a non-system NTFS volume but not on the same volume where the Web site content resides.

Restrict the Everyone group (no access to \WINNT\system32 or Web directories).

Ensure Web site root directory has deny write ACE for anonymous Internet accounts.

Ensure content directories have deny write ACE for anonymous Internet accounts.

Remove remote IIS administration application (\WINNT\System32%#92;Inetsrv\IISAdmin).

Remove resource kit tools, utilities and SDKs.

Remove sample applications (\WINNT\Help\IISHelp, \Inetpub\IISSamples).

Remove IP address in header for Content-Location.






Windows IIS server hardening checklist

Shares

Remove all unnecessary shares (including default administration shares).

Restrict access to required shares (the Everyone group does not have access).

Remove Administrative shares (C$ and Admin$) if they are not required (Microsoft Management Server (SMS) and Microsoft Operations Manager (MOM) require these shares).



Windows IIS server hardening checklist

Ports

Restrict Internet-facing interfaces to port 80 (and 443 if SSL is used).

Run IISLockdown run on the server.



Windows IIS server hardening checklist

Registry

Restrict remote registry access.

Secure SAM (HKLM\System\CurrentControlSet\Control\LSA\NoLMHash). This applies only to standalone servers.




Windows IIS server hardening checklist

Auditing and Logging

Audit failed logon attempts.

Relocate and secure IIS log files.

Configure log files with an appropriate file size depending on the application security requirement.

Regularly archive and analyze log files.

Audit access to the Metabase.bin file.

Configure IIS for W3C Extended log file format auditing.

Read How to use SQL Server to analyze Web logs at support.microsoft.com




Windows IIS server hardening checklist

Sites and Virtual Directories

Put Web sites on a non-system partition.

Disable "Parent paths" setting.

Remove potentially dangerous virtual directories including IISSamples, IISAdmin, IISHelp and Scripts.

Remove or secure MSADC virtual directory (RDS).

Do not grant included directories Read Web permission.

Restrict Write and Execute Web permissions for anonymous accounts in virtual directories.

Ensure there is script source access only on folders that support content authoring.

Ensure there is write access only on folders that support content authoring and these folders are configured for authentication (and SSL encryption, if required).

Remove FrontPage Server Extensions (FPSE) if not used. If FPSE are used, update and restrict access to them.

Remove the IIS Internet Printing virtual directory.


Windows IIS server hardening checklist

Script Mappings

Map extensions not used by the application to 404.dll (.idq, .htw, .ida, .shtml, .shtm, .stm, idc, .htr, .printer).

Map unnecessary ASP.NET file type extensions to "HttpForbiddenHandler" in Machine.config.

Windows IIS server hardening checklist

ISAPI Filters

Remove from the server unnecessary or unused ISAPI filters.







Windows IIS server hardening checklist

IIS Metabase

Restrict access to the metabase by using NTFS permissions (%systemroot%\system32\inetsrv\metabase.bin).

Restrict IIS banner information (Disable IP address in content location).




Windows IIS server hardening checklist

Server Certificates

Ensure certificate date ranges are valid.

Only use certificates for their intended purpose (For example, the server certificate is not used for e-mail).

Ensure the certificate's public key is valid, all the way to a trusted root authority.

Confirm that the certificate has not been revoked.


Windows IIS server hardening checklist

Machine.config

Map protected resources to HttpForbiddenHandler.

Remove unused HttpModules.

Disable tracing.

Turn off debug compiles.

The world’s top ten most filling foods

We all know we need to eat less to lose weight but doing so can be much harder ‘said’ than ‘done’ when hunger pangs, food cravings and the irresistible urge to snack takes hold.…
20 Comments
Like that
(13)
Send
Share
Print
Share this page

*
Facebook
*
Bebo
*
Myspace
*
Twitter
*
Delicious

Posted By Rachael Anne Hill, Mon 14 Jun, 2010 10:21AM GMT

We all know we need to eat less to lose weight but doing so can be much harder ‘said’ than ‘done’ when hunger pangs, food cravings and the irresistible urge to snack takes hold. That’s why the ‘Satiety Index’ developed by experts at the University of Sydney really can be a dieters best friend.

What is the ‘Satiety Index’?

At its simplest, the satiety index, is a measure of how long a particular food will stop you from feeling hungry. It was first developed by Dr Susanne Holt back in 1995. Holt and her colleagues fed volunteers 240 calorie portions of a wide variety of different foods in an attempt to discover which would be the most filling. The foods were served from under a hood to minimize the influence of appearance, and, if possible, they were served at the same temperature and in the same size chunks.
After eating, the volunteers told the researchers what their appetite ratings were, but they were not allowed anything else for the next two hours. Then, after two hours, they were allowed to eat from a small buffet where the scientists measured how much they nibbled from a variety of other foods. Their consumption was closely monitored, and every 15 minutes they were questioned about their hunger to see if their subjective impression of satisfaction matched their eating behaviour. Using this information, Holt and her colleagues were able to put together the satiety index . White bread was taken as the baseline of 100 and other foods were scored on their comparative ability to satisfy hunger. Foods scoring higher than 100 were more satisfying than white bread whereas those scoring under 100 were less satisfying.

So, what are the top ten most filling foods?

1. Potatoes (323% more satisfying than white bread)
2. Fish (225%)
3. Porridge/Oats/Oatmeal (209%)
4. Apples (197%) and Oranges (202%)
5. Wholewheat Pasta (188%)
6. Beef (176%)
7. Beans (168%)
8. Grapes (162%)
9. Wholemeal Bread (157%)
10. Popcorn (154%)


What Makes These Foods So Filling?

Protein

Protein has been shown by numerous studies to be one of the most satiating nutrients. Scientists at the National Institute for Medical Research in France have recently discovered that during it’s digestion, glucose is produced in the small intestine. The liver senses this and relays a message to the brain to slow down or stop eating — an effect that lasts well after the food has been swallowed.

Fibre

Unlike protein, fibre promotes satiety by slowing the rate at which the food is actually digested. It also triggers stretch receptors in the stomach which automatically sends a signal to the brain to stop eating.

Water Content

Foods with a high fluid content such as apples, oranges and grapes also trigger thestretch receptors however, they are mostly made of water and sugars therefore the speed at which they are digested means that, unlike most other high S.I foods initial feelings of fullness can drop of fairly quickly. “This is why” explains Dr Holt “ that when a dieter eats a meal based on several pieces of fruit and some rice cakes (also very quick to digest) they invariably feel ravenous a few hours later. Despite the meal being low in fat and calories it isn’t at all filling. Far better to eat a wholesome salad sandwich on wholegrain bread with some lean protein like tuna or beef and an apple. This kind of meal can keep hunger at bay for a very long time."

Volume

Another thing that increases a food’s S.I rating is it’s bulk. Popcorn for example only contains 55 calories per cup but it takes up a lot of space in the stomach helping to create the feelings of fullness. Fat on the other hand is the exact opposite. At 9 Kcal per gram fat is the most energy dense nutrient we can eat. Just one tablespoon of clotted cream has almost four times more calories than a whole cup of popcorn and yet it takes up far less space in the stomach making it incredibly easy to over consume. Fat greatly enhances the taste of a food too, another reason why we find it so easy to over consume.

Chemical Compounds

The chemical constituents of foods can also make a difference to satiety. Beans and lentils, for example, contain anti-nutrients which delay their absorption. Another reason why they have a tendency to make you feel full for longer.

Chewing

Chewing promotes satiety, partly because it slows down eating but also because it encourages the release of enzymes that register fullness in the brain.

CCIE Routing and Switching Lab Exam Checklist

CCIE Routing and Switching
Expansion of Routing and Switching Lab v4.0 Blueprint
Detailed Checklist of Topics to Be Covered

Please be advised that this topic checklist is not an all-inclusive list of Cisco CCIE Routing and Switching lab exam subjects. Instead, we provide this outline as a supplement to the existing lab blueprint to help candidates prepare for their lab exams. Other relevant or related topics may also appear in the actual lab exam.

We would like to get your feedback please comment and/or rate this document.

Download PDF Now


1.0

Implementing Layer 2 Technologies - Configuring and Troubleshooting Layer 2 Technologies
√
1.01 Frame Relay
1.01.1 Frame Relay Multipoint Links on a Physical Interface Using Inverse ARP
1.01.2 Frame Relay Multipoint Links on a Physical Interface Without Using Inverse ARP
1.01.3. Frame Relay Multipoint Link on a Subinterface Using Inverse ARP
1.01.4. Frame Relay Multipoint Link on a Subinterface Without Using Inverse ARP
1.01.5. Frame Relay Point-to-Point Subinterfaces
1.01.6. PVC with a Multipoint Interface on One Side and a Subinterface on the Other Side
1.01.7. Authentication on a Frame Relay Link Using PPP
1.2 Catalyst Configuration
1.2.01. Trunks Using an Industry-Standard Encapsulation
1.2.02. Trunks Using a Cisco Proprietary Encapsulation
1.2.03. Creating, Deleting, and Editing VLANs
1.2.04. VTP in Client/Server Mode
1.2.05. VTP in Transparent Mode
1.2.06. VTP Authentication
1.2.07. VTP Pruning
1.2.08. Controlling VLANs That Cross a Trunk
1.2.09. Optimizing STP by STP Timers
1.2.10. PortFast
1.2.11. Loop Guard
1.2.12. BPDU Guard
1.2.13. BPDU Filters
1.2.14. UplinkFast
1.2.15. BackboneFast
1.2.16. MSTP
1.2.17. Selecting the Root Bridge for VLANs in a PVST Environment
1.2.18. Selecting the Root Bridge for an MST Instance in an MST Environment
1.2.19. Setting the Port Priority to Designate the Forwarding Ports
1.2.20. EtherChannel Using an Industry-Standard Protocol
1.2.21. EtherChannel Using a Cisco Proprietary Protocol
1.2.22. Disabling Protocols on the EtherChannel
1.2.23. Load-Balancing Type on the EtherChannel
1.2.24. SNMP Management on the Switch
1.2.25. Telnet and SSH Management on the Switch
1.2.26. Controlling Inbound and Outbound Telnet on the Switch
1.2.27. Regular and Smart Macros
1.2.28. Switch Banners
1.2.29. UDLD
1.2.30. Switch Virtual Interfaces (SVIs) for IP Routing
1.2.31. Router on a Stick
1.2.32. SPAN
1.2.33. RSPAN
1.2.34. IP Routing on the Switch Using RIPv2, EIGRP, OSPF, and BGP
1.2.35. IP Phones to Connect to the Catalyst Switch
1.2.36. Dot1q Tunneling
1.3 Other Layer 2 Technologies
1.3.1. HDLC
1.3.2. PPP
1.3.3. PPP over Ethernet
2.0

Implementing IPv4 - Configuring and Troubleshooting IPv4

2.1. IPv4 Addressing
2.1.1. IPv4 Addressing
2.1.2. IPv4 Subnetting
2.1.3. IPv4 VLSM
2.2. OSPFv2
2.2.01. OSPF on a Broadcast Multicast Access Network (Ethernet)
2.2.02. OSPF over a Frame Relay Multipoint Network by Changing Network Types
2.2.03. OSPF over a Frame Relay Multipoint Network by Using the neighbor Command
2.2.04. OSPF over a Frame Relay Point-to-Point Network
2.2.05. Virtual Links
2.2.06. Stub Areas
2.2.07. Totally Stubby Areas
2.2.08. NSSA Areas
2.2.09. NSSA and Stub Areas
2.2.10. NSSA and Totally Stubby Areas
2.3. EIGRP
2.3.1. Basic EIGRP
2.3.2. Passive Interfaces
2.3.3. EIGRP Stub on Routers and Switches
2.3.4. EIGRP Update—Bandwidth Control
2.3.5. Changing the Administrative Distance of EIGRP
2.3.6. Unequal-Cost Load Balancing for EIGRP
2.4. Filtering, Redistribution, and Summarization
2.4.01. Route Filtering for OSPF Within the Area Using a Distribute List with an ACL and Prefix Lists
2.4.02. Route Filtering for OSPF Between Areas
2.4.03. Summarization of OSPF Routes Between Areas
2.4.04. Summarization of External Routers Within OSPF
2.4.05. Filtering with a Distribute List Using an ACL and Prefix Lists
2.4.06. Using Advanced ACLs and a Prefix List for Filtering Routes
2.4.07. Summarizing Routes with EIGRP
2.4.08. Route Summarization for RIP
2.4.09. Redistribution Between OSPF and EIGRP
2.4.10. Redistribution Between RIP and EIGRP
2.4.11. Redistribution Between RIP and OSPF
2.4.12. Redistribution of Directly Connected Routes
2.4.13. Redistribution of Static Routes
2.4.14. Redistribution with Filtering Using ACLs and Prefix Lists
2.4.15 Redistribution with Filtering Using Route Tagging
2.5. IBGP
2.5.1. IBGP Peering
2.5.2. Advertising Routes in BGP
2.5.3. Next-Hop Attribute
2.5.4. Route Reflectors
2.5.5. Redundancy by Neighbor Relationships Based on Loopbacks
2.6. EBGP
2.6.1. EBGP Peering
2.6.2. EBGP Peering Based on Loopbacks
2.7. BGP Advanced Features
2.7.01. Filtering Using ACLs
2.7.02. Filtering Using Prefix Lists
2.7.03. Filtering Using AS Path Filters
2.7.04. Redistributing Connected Routes into BGP
2.7.05. Redistributing Dynamic Routing Protocols into BGP
2.7.06. BGP Aggregation
2.7.07. BGP Aggregation with the Summary Only Parameter
2.7.08. BGP Aggregation with Suppress Maps
2.7.09. BGP Aggregation with Unsuppress Maps
2.7.10. BGP Best-Path Selection – Weight
2.7.11. BGP Best-Path Selection – Local Preference
2.7.12. BGP Best-Path Selection – MED
2.7.13. BGP Communities – No-Export
2.7.14. BGP Communities – No-Advertise
2.7.15. BGP Confederation
2.7.16. BGP Local AS
2.7.17. Working with Private AS Numbers
2.7.18. Route Dampening
2.7.19. Conditional Advertising
2.7.20. Peer Groups
2.8 Performance Routing (PfR) and Cisco Optimized Edge Routing (OER)
3.0

Implementing IPv6 - Configuring and Troubleshooting IPv6

3.1. IPv6
3.1.1. IPv6 Addresses
3.1.2 RIPng
3.1.2. OSPFv3
3.1.3. EIGRPv6
3.1.4. IPv6 Tunneling
3.1.5. IPv6 on a Frame Relay Network – Multipoint
3.1.6. IPv6 on a Frame Relay Network – Point-to-Point
3.1.7. Route Filtering with a Distribute List Using an ACL and Prefix Lists
3.1.8. Route Redistribution Between OSPFv3 and EIGRPv6
4.0

Implementing MPLS - Configuring and Troubleshooting MPLS

4.1. MPLS Unicast Routing
4.1.1. MPLS Unicast Routing Using LDP
4.1.2. Controlling Label Distribution
4.2. MPLS VPN
4.2.1. MPLS VPN Using Static Routing Between PE-CE
4.2.2. MPLS VPN Using EIGRP as the PE-CE Routing Protocol
4.2.3. MPLS VPN Using OSPF as the PE-CE Routing Protocol
4.2.4. MPLS VPN Using EBGP as the PE-CE Routing Protocol
4.2.5. Controlling Route Propagation Using the Route Target with Import and Export Maps
4.3. VRF-Lite
4.3.1. VRFs at the Customer Sites Using VRF-Lite
5.0

Implementing IP Multicast - Configuring and Troubleshooting IP Multicast

5.1. PIM and Bidirectional PIM
5.1.1. PIM Dense Mode
5.1.2. PIM on an NMBA Network
5.1.3. PIM Sparse Mode – Static Rendezvous Point
5.1.4. PIM Sparse Mode – Multiple Static Rendezvous Points
5.1.5. PIM Sparse Mode – Auto Rendezvous Point
5.1.6. PIM Sparse Mode with Multiple Rendezvous Points Using the Auto Rendezvous Point
5.1.7. Bidirectional PIM
5.2. MSDP
5.2.1. MSDP
5.2.2. MSDP to an Anycast Rendezvous Point
5.3. Multicast Tools
5.3.1. Multicast Rate Limiting
5.3.2. IGMP Filtering on the Switch
5.3.3. Use of the Switch to Block Multicast Traffic
5.3.4. Multicasting Through a GRE Tunnel
5.3.5. Multicast Helper Address
5.4. IPv6 Multicast
5.4.1. IPv6 Multicast Routing Using PIM
5.4.2. IPv6 Multicast Listener Discovery (MLD) Protocol
6.0

Implementing Network Security - Configuring and Troubleshooting Network Security

6.1. AAA and Security Server Protocols
6.1.1. Use of a Router to Authenticate Against a AAA Server Using TACACS+
6.1.2. Use of a Router to Authenticate Against a AAA Server Using RADIUS
6.1.3. Local Privilege Authorization
6.1.4. Accounting to a AAA Server Using TACACS+
6.1.5. Accounting to a AAA Server Using RADIUS
6.2. Access Lists
6.2.1. Standard Access Lists
6.2.2. Extended Access Lists
6.2.3. Time-Based Access Lists
6.2.4. Reflexive Access Lists
6.3. Routing Protocol Security
6.3.1. Routing Protocol Authentication for EIGRP
6.3.2. Routing Protocol Authentication for OSPF – Area-Wide
6.3.3. Routing Protocol Authentication for OSPF – Interface-Specific
6.3.4. Routing Protocol Authentication for OSPF Virtual Links
6.3.5. Routing Protocol Authentication for BGP
6.4. Catalyst Security
6.4.1. Storm Control
6.4.2. Switch Port Security
6.4.3. Dot1x Authentication
6.4.4. Dot1x Authentication for VLAN Assignment
6.4.5. VLAN Access Maps
6.4.6. DHCP Snooping
6.4.7. DAI
6.4.8. IP Source Guard
6.4.9. Private VLANs
6.5. Cisco IOS and Zone-Based Firewalls
6.5.1. Basic Cisco IOS Firewall
6.5.2. DoS Protection on a Cisco IOS Firewall
6.5.3. Basic Zone-Based Firewall
6.5.4. Zone-Based Firewall with Deep Packet Inspection
6.6. NAT
6.6.1. Dynamic NAT
6.6.2. PAT
6.6.3. Static NAT
6.6.4. Static PAT
6.6.5. Policy-Based NAT
6.7. Other Security Features
6.7.1. Configuring the TCP Intercept Feature
6.7.2. Configuring Blocking of Fragment Attacks
6.7.3. Configuring Switch Security Features
6.7.4. Configuring Antispoofing Using an ACL
6.7.5. Configuring Antispoofing Using uRPF
6.7.6. SSH on Routers and Switches
6.7.7. Cisco IOS IPS
6.7.8. Controlling Telnet and SSH Access to the Router and Switch
7.0

Implementing Network Services - Configuring and Troubleshooting Network Services

7.1. DHCP
7.1.1. Configuring DHCP on a Cisco IOS Router
7.1.2. Configuring DHCP on a Switch
7.1.3. Using a Router and a Switch to Act as a DHCP Relay Agent (Helper Address)
7.2. HSRP
7.2.1. HSRP Between Two Routers
7.2.2. Pre-empt for HSRP
7.2.3. Authentication for HSRP
7.2.4. VRRP
7.2.5. GLBP
7.3. IP Services
7.3.1. Use of the Router for WCCP
7.3.2. Use of the Router to Generate an Exception Dump Using TFTP
7.3.3. Use of the Router to Generate an Exception Dump Using FTP
7.3.4. Use of the Router to Generate an Exception Dump Using RCP
7.3.5. Broadcast Forwarding for Protocols
7.4. System Management
7.4.1. Telnet Management on the Router and Switch
7.4.2. SSH Management on the Router and Switch
7.4.3. Disabling Telnet and the SSH Client on the Switch
7.4.4. HTTP Management on the Router and Switch
7.4.5. Controlling HTTP Management on the Router and Switch
7.5. NTP
7.5.1. NTP Using the NTP Master and NTP Server Commands
7.5.2. NTP Without Using the NTP Server
7.5.3. NTP Using NTP Broadcast Commands
8.0

Implementing QoS - Configuring and Troubleshooting QoS

8.1. Classification
8.1.1. Marking Using DSCP
8.1.2. Marking Using IP Precedence
8.1.3. Marking Using CoS
8.2. Congestion Management and Congestion Avoidance
8.2.1. Priority Queuing
8.2.2. Custom Queuing
8.2.3. Weighted Fair Queuing
8.2.4. WRED
8.2.5. RSVP
8.3. Policing and Shaping
8.3.1. CAR Using Rate Limiting Under the Interface
8.3.2. Frame Relay Traffic Shaping Using Map Classes
8.3.3. Discard Eligible List
8.4. Link Efficiency Mechanisms
8.4.1. Compression
8.4.2. Link Fragmentation and Interleaving (LFI) for Frame Relay
8.5. Modular QoS CLI
8.5.1. Policing
8.5.2. Class-Based Weighted Fair Queuing (CB-WFQ)
8.5.3. Low Latency Queuing (LLQ)
8.5.4. Shaping Using MQC
8.5.5. Random Early Detection Using MQC
8.5.6. WRED Using MQC
8.5.7. Using NBAR for QoS
8.5.8. Discard Eligible Marking Using MQC
8.6. Catalyst QoS
8.6.1. SRR on the Catalyst Switch
9.0

Troubleshooting a Network - Troubleshooting Network-Wide Connectivity Issues

9.1. Troubleshooting Layer 2 Problems
9.1.1. Troubleshooting Catalyst Switch Network Issues
9.1.2. Troubleshooting Frame Relay Network Issues
9.2. Troubleshooting Layer 3 Problems
9.2.1. Troubleshooting IP Addressing Network Issues
9.2.2. Troubleshooting Routing Protocol Network Issues
9.2.3. Troubleshooting Routing Protocol Loop Issues
9.3. Troubleshooting Application Problems
9.3.1. Determining Which Aspects of the Network to Troubleshoot to Determine Network Functionality (Given a Set of Symptoms)
9.4. Troubleshooting Network Services
9.4.1. Troubleshooting Misconfigured NTP Setup
9.4.2. Troubleshooting Misconfigured DHCP Setup
9.4.3. Troubleshooting Misconfigured Telnet and SSH Setup
9.4.4. Troubleshooting Misconfigured SNMP Setup
9.5. Troubleshooting Security Services
9.5.1. Troubleshooting Misconfigured ACLs
9.5.2. Troubleshooting Misconfigured NAT
9.5.3. Troubleshooting Misconfigured AAA Services
10.0

Optimizing a Network - Configuring and Troubleshooting Optimization of a Network

10.1. Logging In
10.1.1. Logging into a Remote Syslog Server
10.1.2. Logging into the Internal Buffer
10.2. SNMP
10.2.1. Use of a Router to Communicate to an SNMP Management Station
10.2.2. Use of a Router to Generate SNMP Traps
10.3. RMON
10.3.1. Use of a Router to Generate SNMP Traps Using RMON
10.4. Accounting
10.4.1. IP Accounting
10.5. SLA
10.5.1. IP SLA
10.6. Implementing Network Services on the Routers
10.6.1. Use of a Router as an FTP Server
10.6.2. Use of a Router as a TFTP Server
10.6.3. Cisco IOS Embedded Event Manager
10.6.4. NetFlow
10.6.5. HTTP and HTTPS on a Router
10.6.6. Telnet on a Router
10.6.7. Implementing Secure Copy Protocol (SCP) on a Router

Cisco Revising CCIE R&S Certification - Announcement and FAQ

Cisco Revising CCIE R&S Certification


UPDATE: CCIE R&S v4.0 Exams Released

Effective October 19, 2009 Cisco CCIE® Routing and Switching v4.0 certification exams are available in all testing locations worldwide. The competencies required for CCIE R&S v4.0 certification can be found by reviewing the CCIE R&S v4.0 written exam topics and CCIE R&S v4.0 lab exam topics.



Both the written and lab exams have been refreshed with new questions covering MPLS and VPN networking. The written exam includes new scenario-based questions. The lab exam now requires hands-on troubleshooting of preconfigured networks, in addition to configuration.

Read the Blog on this topic: Thoughts on New CCIE R&S v4.0 Certification



The announcement below was made on May 5, 2009.



To reflect the growth of the network as a service platform, Cisco is revising the certification requirements for CCIE Routing & Switching (CCIE R&S)–the expert level certification for network engineers. The new requirements were developed with assistance from Cisco enterprise customers and reflect the expectations of employers across industries.



The competencies required for CCIE R&S v4.0 certification were released on May 5, 2009, and are available on the Cisco Learning Network under the CCIE R&S v4.0 Written Exam topics and CCIE R&S v4.0 Lab Exam topics. Exams based on the new requirements are scheduled for release on October 18, 2009, and will immediately replace the currently available v3.0 exams. Candidates who plan to take their exams on October 18, 2009, or later should prepare using the new v4.0 exam topics.



Both the written and lab exams will be refreshed with new questions and will cover MPLS and VPN networking. The written exam will add scenario-based questions to the multiple choice questions, and the lab will now require hands-on troubleshooting of preconfigured networks, in addition to configuration. Exam duration and pricing will remain the same, with the two-hour written exam at USD$350 and the eight-hour lab at USD$1400.



A beta version of the new CCIE R&S v4.0 written exam (351-001) will be available to all customers in the July–August 2009 timeframe at a discounted price of USD$50. An announcement will be made when scheduling begins.


Cisco 360 Learning Program Updates Available

Cisco 360 Learning Program components aligned to the new CCIE R&S certification standards will be available on May 11, 2009. All current students will have access to the new materials throughout their subscription period. New materials include additional lessons on MPLS and troubleshooting, enhanced coverage of these topics in the instructor-led workshops, an updated Practice Lab Workbook for self-paced practice, and new Performance Assessments that gauge skill level and offer mentoring feedback.



CCIE Assessor, the first CCIE R&S practice lab, will be retired on June 5, 2009, and will be replaced by the 10 eight-hour assessment labs available through the Cisco 360 Learning Program. Find out more


Frequently Asked Questions

1 - Q: What exactly is being changed on the CCIE R&S written exam?



A: The CCIE R&S v4.0 written exam will be refreshed with new questions to reflect the current job role expectations of employers. Scenario-based questions will be added to the multiple choice questions. New topics include the skills associated with planning and evaluating network changes, implementing MPLS, Layer 3 VPN, IPv6, EIGRP and multicast; and configuring performance-based routing. More information is available on the CCIE Written Exam Overview page.





2 - Q: What exactly is being changed on the CCIE R&S lab exam?

A: The CCIE R&S v4.0 lab exam will be refreshed with new questions to reflect the current job role expectations of employers. The equipment in the testing lab will be updated with Cisco 1800 and 3800 Series Integrated Services Routers running Cisco IOS® Software Version 12.4(T) and Cisco Catalyst® 3560 Series Switches running Cisco IOS Version 12.2 Advanced IP Services. The biggest change will be the testing of hands-on troubleshooting for the first two hours of the eight-hour exam. Candidates will be presented with a series of trouble tickets for preconfigured networks, and they will need to diagnose and resolve the network fault or faults—a realistic and challenging job task. Candidates who finish the troubleshooting section early can move on to the configuration section, but they will not be allowed to go back to the troubleshooting section, since their equipment will need to be reinitialized for the configuration portion of the exam.

To make time for new material, CCIE R&S v4.0 exams will put less emphasis on equipment operation and concepts generally understood at the professional level. These skills are still assumed, but will not be the sole objective of CCIE test questions. Go to the Lab Exam Study/Learn section for more information.





3 - Q: Now that the CCIE R&S v4.0 has been announced, can I still take the CCIE R&S v3.0 exam? How long will it be valid?



A: The CCIE R&S v3.0 written exam will be available through October 17, 2009, at all Pearson VUE testing centers. Passing the v3.0 written exam qualifies a candidate to take any available version of the CCIE R&S lab exam. As with all CCIE written exams, a passing score on v3.0 written exam will remain valid for three years, as long as the candidate attempts the lab exam once within the first 18 months. If the lab is not attempted, the written exam becomes invalid and the candidate will have to retest using whatever written exam is available at that time.





4 - Q: If I take the CCIE R&S written beta test in July or August 2009, will I still be able to schedule the CCIE R&S v3.0 lab exam?



A: Scores on CCIE written beta tests are not available until 4 to 6 weeks after the close of the beta period. At this time, there is no guarantee the CCIE R&S v3.0 lab exam will still be available when a beta test candidate receives his or her score. Beta testers should plan on taking the CCIE R&S v4.0 lab test to achieve certification.





5 - Q: If I don’t pass the CCIE R&S v4.0 written beta exam, can I take it again in five days?



A: No, a candidate can only take a CCIE written beta test once during the beta testing period.





6 - Q: Will there be any changes to the recently-added Core Knowledge portion of the exam, the part with the short-answer questions?



A: The questions in the Core Knowledge section of the lab exam may cover any area on the CCIE R&S v4.0 Lab Exam topics.





7 - Q: What can a candidate expect in the troubleshooting portion of the lab exam?



A: Troubleshooting is allotted two of the eight hours required for the CCIE lab exam. Candidates will be presented with a series of trouble tickets for preconfigured networks and will need to diagnose and resolve the fault or faults. As with previous CCIE labs, the network will need to be up and running for the candidate to receive credit. Candidates who finish the troubleshooting section early can move on to the configuration section, but they will not be allowed to go back to the troubleshooting section.





8 - Q: Does a candidate have to pass both the troubleshooting and configuration sections in order to pass the entire CCIE R&S v4.0 lab exam and earn a CCIE?



A: Candidates will receive a single pass/fail grade on the entire exam, including both configuration and troubleshooting. Failing score reports will give an indication of where the candidate scored lower, to help the candidate prepare for another attempt.





9 - Q: Will the CCIE R&S mobile lab exam also be updated?



A: Yes, CCIE R&S mobile labs use the same lab version as Cisco office locations, and they will switch to the v4.0 lab exam on October 18, 2009 as well.





10 - Q: Which exam will be used for recertification?



A: As of October 18, 2009, CCIEs who take the CCIE R&S written exam for recertification will be given the v4.0 exam and should prepare using the exam topics found on the Cisco Learning Network.





11 - Q: Are the previous Cisco 360 components applicable to the CCIE R&S v4.0 exams? Should candidates studying for CCIE R&S v4.0 exams wait for the new Cisco 360 materials to begin work?



A: The learning components available at first launch of Cisco 360 are still relevant to candidates studying for the CCIE R&S v4.0 certification exams. No Cisco 360 Learning Program components are being retired. There is no need for candidates to wait for revised Cisco 360 material to begin their study and practice. The subscription model ensures that Cisco 360 customers can take advantage of all new content as it is released and do not need to wait.
Tags: ccie_routing_and_switching, ccie_r&s, new_ccie, cciers, ccie_rs, new_version