back to overview
Interesting links | 2008-10-12
- Greg Ferro published some great thoughts on certifications versus experience. While a lot of people tend to disagree with him (at least a bit ... myself included), he has some very good points.
- Joe Harris posted the "IOS order of operation" list. Unfortunately it looks incorrect; I'm positive that in some cases NAT looks at the packet (and creates the translation) even if the inbound ACL drops it.
- Anyone who has ever been involved in security must read Security Maxims from Roger Johnston (hat tip to Bruce Schneier).
- I got promoted to holy cows. At least I have good company. BTW, if you're concerned about the security of your switch configuration, check what NSA has to say about it.
- Thinking problem management has a great post explaining why you need service documentation.
- Ethan Banks is back and writes about RGEs (Resume Generating Events).
- Anthony Sequeira writes about transparent firewall on ASA/PIX.
Please read our Blog Commenting Policy before writing a comment.
4 comments:
Ivan, thanks for the links!!!
ReplyDeleteI thought of creating a Pineapple Certified Religious Bovine Professional certification. What do you think? You can have PCRBP #00001.
To be more democratic about it, I have created polls around these myths, based on the Mythbuster's methodology. They are called Redibusters:
http://thinkingproblemmanagement.blogspot.com/search/label/Redibusters
NAT looks at the packet (and creates the translation) even if the inbound ACL drops it.
ReplyDeleteI have seen this behaviour as well.
I only caught it because I was testing something so I had ACL's going in both directions on interior & exterior interfaces.
My internal conversation went something along the lines of, "WTF, I'm blocking that, it shouldn't even be traversing across the router"
Sometimes I wonder
I used to think that certifications were a useful indicator of knowledge or at least initiative, but I'm changing my mind. I interviewed a guy last week who had a whole pile of Cisco certifications (CCNP, CCSP, CCVP, CCDP, at least). I asked him some elementary questions about how packets flow across a network. He couldn't describe ARP. He had trouble with the difference between static and connected routes. He couldn't describe how a TCP handshake works at all. He couldn't accurately describe the the difference between a physical interface being up and a line protocol being up.
ReplyDeleteHe then claimed to be much better at Cisco voice. So I asked him some basic CallManager and IOS voice gateway questions, and he completely flunked those. He was "absolutely, 100% certain" that MGCP controls phones, not gateways.
This was the most egregious example I've seen, but not the only one.
I feel like I've gotten a lot out of studying for certifications, especially CCIE, but I'm starting to wonder if that's the exception.
I am honestly confused i was thinking getting certified was something like gaining all knowledge in that domain also i think we learn from experencie only O:-) O:-) O:-) O:-)
ReplyDelete