Cisco takes steps to combat cheating

•August 2, 2008 • Leave a Comment

In a recent eight month test period Cisco has discovered that 1 in every 200 exams monitored was taken by a proxy, and not the actual enrollee…

Yesterday Cisco officially launched a number of new security enhancements to its exams, including:

  • Photo on Score Report and Web – On completion of a certification exam at the test center, candidates will receive preliminary score reports imprinted with their photos and unique authentication codes. The authentication code can be used to access a candidate’s official score online at Pearson VUE’s website usually within 72 hours of the examination. The online score report will also display the candidate’s photo. Candidates may share access to their online records with employers or other third parties.
  • Forensic Analysis – Exam results and other testing data will be continuously analyzed by forensic software to detect aberrant testing behavior and to flag suspect exams for further investigation. When problems are identified with the validity of a test result, the candidate’s score will be invalidated. Depending on the exact issue with the flagged exam, further consequences may range from having to retake the exam to the imposition of a one-year or lifetime testing ban.
  • Forensic Analysis – Exam results and other testing data will be continuously analyzed by forensic software to detect aberrant testing behavior and to flag suspect exams for further investigation. When problems are identified with the validity of a test result, the candidate’s score will be invalidated. Depending on the exact issue with the flagged exam, further consequences may range from having to retake the exam to the imposition of a one-year or lifetime testing ban.

I must say that Im really excited about all of these new enhancements, for a long time now I’ve felt that my certifications were being devalued by the many braindumpers out there. Finally it appears that things are changing and that hard work, experience and integrity will matter again. Personally there are two more enhancement I would like to see though, and that relates to exam content and the style of questioning. I believe that the best way to combat braindumpers, in addition to the new enhancements would be to make the following changes to the current exams:

  • Large Pool of questions – Have a pool of several hundred questions, they dont all have to be totally different, but some of the variables need to be changed. (Eg: What would ‘ip access-group FILTER-FTP in’ accomplish in a given scenario, and What would ACL ‘ip access-group FILTER-FTP out’ accomplish, are two very different questions and would help prevent individuals from just memorizing questions and answers.
  • More Simulations, testing a candidates knowledge of the related theory is definitely important, but more scenario based questioning (essentially applied theory questions) might prove a better way of testing a candidates knowledge. (Eg: ‘In the above scenario Switch-A has been selected the Root Bridge, even though Switch-B has a lower MAC Address. How did the network engineer accomplish this?’)

If you would like to read more about these new enhancements and the results of Cisco’s recent trials, take a look at this great article from the Boston Globe


Is your RAM chained to your servers?

•August 1, 2008 • Leave a Comment

Today I came across a rather interesting post regarding plain text passwords and their presence in Linux memory…

Sherri Davidoff over at speaks of how she was able to recover various passwords from Linux memory, these passwords included the Linux root password, email, IM, SSH and Truecrypt passwords. After reading this I decided to see if I could achieve similar results. Using nothing but pcat (Part Of The Coroners Toolkit), dd and ghex, I was able to recover various passwords including, root, SSH, email, and MSN (using the pidgin MSN client) passwords.

To recover an SSH password, I used the following test procedure…

1) Boot Linux Fedora 9 system

2) SSH into remote system

3) Execute the dd command to dump memory to a file:

[root@plutolin bin]# dd if=/dev/mem of=/home/user1/Desktop/tct/tct-1.18/bin/mem.bin bs=1024

I found that using the exact same technique I was able to recover root passwords that had recently been entered after using the su command. Below is a screenshot of  a recovered root password ‘rootpass’.

What makes this alarming is some research that has recently come out of Princeton’s Center for Information Technology Policy, in which it was discovered that data stored on DRAM could actually be accessed after a system has been powered down and the DRAM removed from the motherboard. This research shows that “data in DRAM actually fades out gradually over a period of seconds to minutes, enabling an attacker to read the full contents of memory by cutting power and then rebooting into a malicious operating system”.

In fact, if DRAM chips are cooled to -50°C data can be retained on the chips for tens of minutes if not more. When cooled down to -196°C it was observed that chips retained data for hours, without any appreciable data loss.

To read Sherri’s post please visit

For more Information on ‘Cold Boot Attacks’ and how data can be recovered from DRAM after power has been removed visit

Recognizing a Counterfeit Cisco or fake Cisco WIC-1DSU-T1

•July 29, 2008 • Leave a Comment

Counterfeit / Fake Cisco WIC-1DSU-T1: Photograph Comparison Guide or the “Andover Test”

Counterfeit Cisco or Fake Cisco WIC-1DSU-T1: Seeing is believing

Recognizing a Counterfeit Cisco or fake Cisco WIC-1DSU-T1’s is easy once you realize its not a matter of powering it on, but a matter of seeing the differences.

Who is selling the counterfeit or fake Cisco WICs?

Any seller who is unaware about how to tell the differences is likely selling counterfeit Cisco. Cisco Counterfeit WIC-1DSU-T1 cards seem to be coming from every direction. eBay is loaded with sellers having virtually no feedback offering NEW in box Cisco WIC-1DSU-T1 cards for scraps of money or sellers with 20,000+ plus feedback who have no idea of the differences between GENUINE and COUNTERFEIT / FAKE. We are not fingering only uninformed or corrupt eBay sellers. Many Cisco resellers are also part of the problem.

How do you avoid buying a counterfeit or fake card?

Send them a link to this test and ask them to run the Andover Photo test! Since this test focuses on general attributes, many of these points are common to all Cisco product. While we wrote this test for the WIC-1DSU-T1, the points below describe common characteristics of other WIC cards commonly counterfeited such as the WIC-1ENET or WIC-1T.

Read more at…

Progress Update – 29 July

•July 29, 2008 • Leave a Comment

I’ve completed Chapters 1 (Ethernet Basics) and 2 (Virtual LANs and VLAN trunking) of the OECG, tonight I’ll start Chapter 3 (Spanning-tree). Im pleased with my progress and once I am done with Chapter 3, I’ll be taking some time to further research topics, and configuring each technology until I fully understand it. Essentially I want to make sure that I have Ethernet and Switching topics down before I move on.

I’ve found the OECG to lack the level of detail I require for my CCIE studies, so currently I work through the book, and then research each topic that comes up in as much detail as possible. For that I am using the BCMSN cisco course ware, the BCMSN OECG, various CCIE blogs, Wikipedia and Cisco’s website.

Came Across a really nice post regarding Private VLANs (PVLAN) today, if you’re interested take a look at Understanding Private VLANs

While searching for more information on 802.1Q-in-Q Tunnelling I came across two great sources, the first being a cisco configuration guide that you can find here . The second source was a post by a fellow CCIE blogger, Irwan Piesessa, you can find his post on Q-in-Q tunnelling here .

Finally I found “Ethernet: The Definitive Guide” by Charles Spurgeon (Author) to be a great reference source on the topic of Ethernet in general.

One last remidner to myself… Something that I will be trying to do from now on is use google less and the Cisco DocCD alot more. Navigating the DocCD can be a little tricky if you haven’t used it before, but its something that I must get used to and be able to navigate quickly if I want to pass my lab exam. Not only do I want to be able to navigate the DocCD quickly, but I would like to get as familiar with the documents, so that when I run into trouble in the lab, I would have atleast seen some of the documents before.

The Start Of A Journey

•July 25, 2008 • 1 Comment

“To get through the hardest journey we need take only one step at a time, but we must keep on stepping” ~ An old Chinese Proverb.

Im finally here. For years now I have dreamt of becoming a CCIE and tomorrow I start my CCIE R&S preparation. Feels like I’ve been studying for ages just to get my mid-level Cisco certs, so Im really pleased that my hard work and dedication has paid off. Its been quite a ride, I’ve learnt alot and I can really see how it has helped me become better at my chosen profession.

I’ve set aside this weekend to plan my CCIE study schedule, gather study resources and review a little of the first chapters of the CCIE Official Exam Certification Guide, 3rd Edition (OECG). Below is a brief TODO list for this weekend…

  • Develop blog
  • Update Schedule and Publish it on blog
  • Review CCIE Book list, Order any additional Books I may need
  • Gather CBT’s, Books and other study Material that I already have
  • Ensure Lab equipment is running correct IOS, as per the Equipment list on Cisco’s site
  • Define format for Summary Guide

I plan to compile a Summary Guide as I study for the CCIE written and Lab exams. Basically it will include key facts and sample configurations of technologies that I have reviewed. My goal is research the nuances of each technologies behavior until there are no questions left. Only once I truly understand a technology/protocol will I move on, and the notes in my Summary Guide need to cover the caveats and how technologies interact with one another in as much detail as possible to truly reflect these nuances. I will also be incorporating Cisco configuration guides, Cisco design guides, posts from other blogs, howto’s, tutorials, etc.

Once this weekends TODO list has been completed I will start seriously working through the OECG in a bid to accomplish the following goals…

  • Work through the OECG and take notes which will be added to the Summary Guide
  • Watch CBT Nuggets CCIE R&S Theory CBT, take notes and add to Summary Guide
  • Research each technology so that there are no questions left
  • Practice, Practice, Practice – Lab Time to truly understand the technologies
  • Post Weekly Progress Updates on blog

Today my CCIE journey begins…


    •July 25, 2008 • 2 Comments

    This morning I passed my Cisco MPLS (642-611) exam and with that achieved my CCIP certification. Its been a long road taking me over 5 months (currently working part time, so I’ve been studying alot) to complete my CCIP certification. I must say that I have really enjoyed working towards this certification, I’ve learnt skills that are truly indispensable, that will not only help me in my work, but will surely help me in my CCIE pursuit as well.

    Of the CCIP topics, I must say that I enjoyed the BGP and MPLS course content the most, I love the way MPLS VPN’s leverage so many different protocols and technologies; A CE-PE Routing Protocol, an IGP within the P network, MP-BGP, MPLS, LDP/TDP, VRF’s, etc.

    It appears that many people out there are a little confused as to what resources they should use when studying for the CCIP exam, below is a list of books and CBT’s that I used, its by no means a definitive list, but it worked for me. Of all the exams I found MPLS the hardest exam in terms of finding decent resources to study from, at the end of the day I believe reading the below mentioned books, coupled with lots and lots of hours practicing this in the lab, is what allowed me to pass. I created a 16 router MPLS lab, where I could practice everything from basic MPLS configuration to MPLS VPN’s, Overlapping and Complex VPN’s, Central Services VPN’s and Providing Internet Access to MPLS VPN Clients.

    BSCI – CCNP BSCI Official Exam Certification Guide (4th Edition) (Exam Certification Guide) (Hardcover)
    by Brent Stewart (Author) and CBT Nuggets BSCI CBT.

    QoS – Cisco QOS Exam Certification Guide (IP Telephony Self-Study) (2nd Edition) (Exam Certification Guide) by Wendell Odom (Author), Michael Cavanaugh (Author), CBT Nuggets ONT CBT and CBT Nuggets QoS CBT.

    BGP – CBT Nuggets CCIE Theory CBT, Official Cisco Courseware and BGP related Configuration Guides on

    MPLS – MPLS Configuration on Cisco IOS Software (Networking Technology) (Hardcover) by Umesh Lakshman (Author), Lancy Lobo (Author), MPLS Fundamentals (Paperback) by Luc De Ghein (Author), MPLS and VPN Architectures, Volume II (Networking Technology) (Hardcover) by Ivan Pepelnjak (Author), Jim Guichard (Author), Jeff Apcar (Author), Cisco MPLS 2.2 Courseware, MPLS related Configuration Guides on

    Finally two tips for those of you that would like to pursue the CCIP certification…

    1) If you are currently working towards your CCNP, do the QoS after your ONT exam, as the QoS topics mentioned as part of the ONT exam will still be fresh in your mind, it will make the QoS exam alot easier to prepare for.

    2) Practice, Practice, Practice, you will not grasp concepts and you will not pass these exams, unless you put in many many hours of lab time. The only way to become comfortable with a technology such as BGP is to configure it in a lab, tweaking route attributes and configuring as many crazy scenarios as possible.

    QoS Book Review

    •May 11, 2008 • Leave a Comment

    Title: Cisco QOS Exam Certification Guide (IP Telephony Self-Study) (2nd Edition) (Exam Certification Guide) by Wendell Odom (Author), Michael Cavanaugh (Author)

    ISBN-10: 1587201240

    Chapter 1 – QoS Overview
    Chapter 2 – Qos Tools and Architectures
    Chapter 3 – MQC, QPM and AutoQoS
    Chapter 4 – Classification and Marking
    Chapter 5 – Congestion Management
    Chapter 6 – Traffic Policing and Shaping
    Chapter 7 – Congestion Avoidance Through Drop Policies
    Chapter 8 – Link Efficiency Tools
    Chapter 9 – LAN QoS
    Chapter 10 – Cisco QoS Best Practices

    After reading CCNP ONT Official Exam Certification Guide by Amir Ranjbar as part of my CCNP studies, I was interested to see what exactly this book would cover. Starting off with an overview of QoS, this book guides the reader through the basic fundamentals of what QoS is and why it is required. It then gradually builds upon these fundamentals, with a healthy balance of scenarios and configuration along the way.

    Converged networks are becoming increasingly common, with video, VOIP, and critical data all flowing over our networks. This book addresses not only QoS on WAN’s but also the very important aspect of QoS on our local area networks (LAN). It covers issues related to video, voice and data, as well as including a great chapter at the end of the book related to Cisco QoS Best Practices.

    I particularly enjoyed how much of this book is related to the theory involved behind different queuing algorithms, traffic policing and shaping, congestion avoidance technologies and more. While many readers might regard extensive discussion related to the theory behind these tools rather “dry”… I do believe that both engineers working with QoS on a daily basis and those studying for the Cisco 642-642 exam will benefit from a thorough understanding of the logic behind these tools.

    All round I found this to be an excellent book for CCVP, CCNP and CCIE candidates, along with anyone else who is planning on deploying QoS in their network.