Preparing for CCNA Security

Now that I’ve got some rest after the CCNP TSHOOT and got my CCNP Certification, I’m preparing to the CCNA Security exam.

My learning resourced are/or will be:

  • Cisco Press – CCNA Security 640-554 Official Cert Guide
  • CBT Nuggets – Cisco CCNA Security IINS 640-553 by Jeremy Cioara [link]
  • CBT Nuggets – Cisco CCNA Security 640-554 by Keith Barker
  • My Cisco c851 Router (for practicing the Cisco Configuration Professional)

iPhone 4 Wallpapers

My iPhone 4 just turned 3 years old, and it’s still working fine. The battery still can hold for a week, with normal usage. The only problem is the new iOS7, it’s nice and everything, but a little bit slow, and you cant downgrade it anymore…

Anyways, here are some wallpapers for iPhone 4, 4S (640×960) what I’ve collected in the years. Enjoy


(more…)

CCNP ROUTE Passed

Finaly, after 4 months of learning and practicing, I’ve did it, I’ve passed the CCNP ROUTE exam with 1000/906 points.
My learning materials can be found here.

Now, I’m starting to prepare to the last exam, to CCNP TSHOOT.

My resources:

  • CiscoPress CCNP TSHOOT 642-832 Offical Certification Guide Book
  • INE.com – 642-832 TSHOOT Outline
  • CBTNuggets – Cisco CCNP TSHOOT 642-832

OpenWRT on a TP-Link TL-WR842ND

I have bought a TP-LINK WR842ND a couple of months ago.

842

TP-LINK TL WR842ND

First I was happy with its performance, and it had some nice features. The wireless range and throughput  was also okay. For a half a year I used it without any problems.

But when I updated the firmware to the newest because of security reasons, it started to become unstable, and really slow. Sometimes you wasn’t able to reach the web interface, only if you restart it. A lot of times there was this random traffic drops, when everything died, and a couple of seconds later it worked again.

First I’ve tried to implement my c851 Project.

IP-Address table and DHCP settings

IP-Address table and DHCP settings

Network plan

Network plan

I’ve managed to set it up successfully, everything was working fine (DHCP, NAT, CBAC, NTP, PPPoE etc.)

The internet access was working, I’ve connected my PC, and I’ve got IP via DHCP, it was running perfectly. But when I checked the speed test I got disappointed… I couldn’t get more than 10Mb/s even if I turned off the CBAC.

After some searching, I’ve soon found out, that the ASIC of this Cisco 851 Router was only able to handle around 10Mb/s of traffic. It was a shame, because I have a 60Mb/s connection…

I went back to the TL842ND and decided to change the factory firmware to an open source. I chose OpenWRT by vargalex.

I’m using it for 10 days now, and I’m very pleased with it. It’s stable, far more tunable and you get a lot more information about whats going on.

The factory TP-LINK web interface was just disgusting, bugged a lot of times and it doesn’t used the true potential of the router.

Here are some example shoot about the difference between the factory and the OpenWRT’s LUCI web interface. (The TP-LINK shoots are from a TL WR1043ND, it basically the same)

Start screen

Start screen

WiFi settings

WiFi settings

WiFi Statistics

WiFi Statistics

This is just lame, if you ask me…

Now, lets see the OpenWRT

Start screen

Start screen

Processes

Processes

Realtime Graphs

Realtime Graphs

With OpenWRT you have a lot more options to do whatever you want and with the packet system you can tune the sh*t out of your router. You can have Bittorrent, WebServer, Print server, FileServer, FTP Server, Media Server, WebCamera Server, basically anything. You get a bash prompt, which you can access from the Internet. You get a lot more statistics, Realtime counters, graphs, logs.

Realtime Traffic

Realtime Traffic

The only caveat I could find is the user management. You have only one user, the root and you are using this account even if you have SSH or Web access enabled via the Internet. This is a huge security risk, with brute force or with Dictionary attack is easily crackable even if you have a secure password. By default there is no fail login attempt blocker, so they can try as many as they want.

Interfaces

Interfaces

To avoid being hacked you can block the incoming SSH and Web access, and allow only yourself, but for that you need to know the source IP (which must be static) in order to write the policy correctly. There is a pretty good Firewall Traffic Rule system, so I’ve add entries to deny SSH and Web traffic from the WAN interface.

If you want a tunable, stable firmware on your router, well, you can start from here. Enjoy :)