CCNP Security Page added

I created a new static page on my site to help myself remembering things for my CCNP Security track. I do share those information with you by providing links and short explanations. The page gets extended during my courses at Fast Lane and after digging deeper into the world of Security with Cisco solutions.

A never ending story – I would say!

CCNP Security @ feutl.com

Configuring NTP for Cisco CallManager 4.x

Configuring Ciscos CallManager 4.0 and above to use NTP is not as simple as it should be. First at all, CCM 4.0 is using Windows 2000 as a base system and NTP nor SNTP is enabled there per default. Especially Win2000 is using SNTP, therefore CCM 4.0 is installing a separate NTP service which has to be configured separately.

The NTP configuration file can be found under C:\WINNT\system32\drivers\etc\ntp.conf choose your favourite text editor and add your NTP server.

Minutes later our phones and CCM machine should have a synced time and date.

How To Configure Time Synchronization for Cisco CallManager and Cisco Unity

What the BEEP do we know!?

Cisco Systems

Unfortunately, most application protocol design has not enjoyed as excellent a history as TCP. Engineers design protocols the way monkeys try to get to the moon—that is, by climbing a tree, looking around, and finding another tree to climb. Perhaps this is because there are more distractions at the application layer. For example, as far as TCP is concerned, its sole reason for being is to provide a full-duplex octet-aligned pipe in a robust and network-friendly fashion. The natural result is that while TCP’s philosophy is built around “reliability through retransmission,” there isn’t a common mantra at the application layer.a

The Blocks Extensible Exchange Protocol (BEEP) is something like “the missing link between the application layer and the Transmission Control Protocol (TCP).”

Compared to SPDY – Google addresses the question like:

Q: What about BEEP?
A: While BEEP is an interesting protocol which offers a similar grab-bag of features, it doesn’t focus on reducing the page load time. It is missing a few features that make this possible. Additionally, it uses text-based framing for parts of the protocol instead of binary framing. This is wonderful for a protocol which strives to be as extensible as possible, but offers some interesting security problems as it is more difficult to parse correctly.

Good or Bad – I actually do not care – important for me would be to fix the Session Layer and Application Layer in combination with the way the world wide web is working – so get the work done and update the applications using those protocols.

SPDY: An experimental protocol for a faster web

SPDY Whitepaper Executive Summary

As part of the “Let’s make the web faster” initiative, we are experimenting with alternative protocols to help reduce the latency of web pages. One of these experiments is SPDY (pronounced “SPeeDY”), an application-layer protocol for transporting content over the web, designed specifically for minimal latency.  In addition to a specification of the protocol, we have developed a SPDY-enabled Google Chrome browser and open-source web server. In lab tests, we have compared the performance of these applications over HTTP and SPDY, and have observed up to 64% reductions in page load times in SPDY. We hope to engage the open source community to contribute ideas, feedback, code, and test results, to make SPDY the next-generation application protocol for a faster web.

Few months ago I stumbled over SPDY and was wondering if the known proxy implementations will ever be able to handle this protocol. Now, it is getting more and more interesting for products like Ironport’s Web Proxy to handle SPDY (somehow). Google is going to switch theire protocol handling for Google Apps in combination with Google Chrome to the faster and more secure SPDY protocol in the near future.

At Let’s make the web faster you can find lots of articles and user discussions about several things Google uses to fix the slow HTTP handling. From my point of view – it is necessary to exchange the HTTP(s) paradigm with a better one, which fits the needs of the internet we know!

And you would be surprised how easy it is to extend your WebApp to support SPDY besides the traditional HTTP(s) handling.

Cisco Configuration Manager and UC520

After downloading the newest version of Ciscos Configuration Manager and all the updated packages for the UC520 I started the upgrade process for the Unified Communications 520 for Small Business. I wasn’t surprised when the first error messages came up, because those things never work that smoothly.

Nevertheless, the thing that pissed me off were the actual error messages which did not tell me anything, after 2 days and about 5 retries to upgrade the machine I digged around and found a how-to for a manual update process – my last resort!

After leaning back in my chair I tried something different and that worked out smoothly. The unclear error messages I got were all based on one fact – there was to less space on my flash card (why did nobody tell me that).

So there are 2 ways to upgrade your UC520 withouth problems

  1. format/erase your 128 MB flash card located in your UC (or take a new one) using the CCA and after that, start the upgrade process and it will work – smoothly as expected
  2. Follow the forum thread for a manual upgrade without using CCA (which can also be used on operating systems not have the possibility to run CCA) – UC upgrade manually without CCA

DynDNS Problem with DD-WRT

Since a few weeks my DD-WRT router running on V24-SP2 is coming up with an annoying log message concerning the DynDNS Service I am using

DYNDNS: Error ‘RC_IP_RECV_ERROR’ (0x15) when talking to IP server

After digging around in the DD-WRT Forum I found some interesting threads trying to figure out where the problem is located

After a lot of good ideas and helpful comments I took the quick route (noted by a forum member) and fixed the problem for me by setting up DynDNS manually:

  1. Go to Setup / DDNS of your DD-WRT router
  2. DDNS Service: Custom
  3. DYNDNS Server: members.dyndns.org
  4. User Name: #yourusername#
  5. Password: #yourpassword#
  6. Host Name: #yourdyndnshostname#
  7. URL: /nic/update?
  8. Additional DDNS Options: –dyndns_system dyndns@dyndns.org –ip_server_name 91.198.22.70:8245 /

The rest stays with the default settings – thats it afters Apply Settings the error should be gone 🙂