النتائج 1 إلى 9 من 9

الموضوع: CCIE SECURITY LAB انشاء الله

  1. #1
    عضو
    تاريخ التسجيل
    Nov 2007
    المشاركات
    55
    الدولة: Malaysia
    معدل تقييم المستوى
    0

    CCIE SECURITY LAB انشاء الله

    السلام عليكم
    الصراحة انا مشترك منذو فترة في هذا الصرح العلمي الرائع. ولكني قليل المشاركات . ولكن والله عندما تصفحة المنتدي صرحة ادمنة علية . وخاصة عندما استمعت الى محاظرات الاخ الخطير لومارك ( وفقة الله في اختبارة 19/6/2008 ). صراحة عندما سمعت محاظراتة فرحة جدا جدا . وقلت بارك الله فيك اخ لومارك . وفي نفس الوقت خجلت جدا جدا لاني لم اقدم شي لهذا المنتدى الرائع على كل حال انشاء الله اقدم ولو شي بسيط لهذا المنتدي الذي اذهلني خلال خمسة ايام فقط ؟

    فكرتي يا شباب اني عايز اكون ورشة عمل او مستودع للمعلومات التي تخص ال CCIE SECURITY
    او بشكل عام كل مواضيع السيكيورتي الخاص بي شركة سيسكو مثل CCSP
    SNPA / CSVPN / IPS / SND /SNRS
    هذا واني اعرف جيدا ان هذا الموضوع ( السيكيوريتي ) لن يروق لل استاذ مارك Wink:ولكن صدقني ان الروت والسوجينك لا يكتمل الا بوجود السيكيوريتي ؟؟؟ يعني انشاء الله واحد بيكمل الاخر ؟

    انشاء الله الفكرة واضحة . وتمنياتي الحارة للاخ لومارك الخطير ان ينجح في الاختبار انشاء الله :up: . وتمنياتي ل هذا المنتدى التقدم والازدهار .

  2. #2
    مشرفة سابقة
    تاريخ التسجيل
    Nov 2006
    المشاركات
    1,273
    معدل تقييم المستوى
    19

    رد: CCIE SECURITY LAB انشاء الله

    انا معاك في هذه الفكرة

    لكن ما هي خطتك هل تريد جمع المواد التعليمية لشهادة CCSP او الكتب المختصة بالسكيورتي بصورة عامة ام قصدك طرح مواضيع يكون مختص بالسكيورتي للنقاش

    اما لومارك فخلاص ال VoIP زغللت عيونه :eek::eek::eek: و حتبقى مراته الجديدة قريبا ان شاء الله يعني السكيورتي و لا في سابع احلامه
    [SIZE="2"][COLOR="Teal"] [CENTER]
    اللَّهُمَّ اجعل حبك أحب الأشياء إليّ
    و اجعل خشيتك أخوف الأشياء عندي
    و اقطع عني حاجات الدنيا بالشوق إلى لقائك
    و إذا أقررت أعين أهل الدنيا من دنياهم ، فأقرر عيني من عبادتك
    [/CENTER]
    [/COLOR][/SIZE]

  3. #3
    عضو برونزي
    تاريخ التسجيل
    May 2007
    المشاركات
    1,475
    معدل تقييم المستوى
    18

    رد: CCIE SECURITY LAB انشاء الله

    وانا معكمممممممممممممممممممممممممممممممممم
    ان الشبكه القويه يلزمها سيكورتي هيا نتعلم هيا نجمع معلومات
    -------------------------------------------
    [B][SIZE=4]فين الاسئله يا شباب في اقسام Cisco
    عاوزين اسئله في الVoice و الData
    عاوزين نقدر نفدكم [/SIZE][/B]

  4. #4
    عضو الصورة الرمزية BMAS
    تاريخ التسجيل
    Nov 2007
    المشاركات
    40
    معدل تقييم المستوى
    0

    Cool رد: CCIE SECURITY LAB انشاء الله



    بالتوفيق للجميع
    من وجد الله فماذا فقد ومن فقد الله فماذا وجد
    استغفر الله واتوب اليه

  5. #5
    عضو
    تاريخ التسجيل
    Nov 2007
    المشاركات
    55
    الدولة: Malaysia
    معدل تقييم المستوى
    0

    رد: CCIE SECURITY LAB انشاء الله

    السلام عليكم
    في الدية في رايي هو ماهي شهادة ال CCSP ,وماهي اجزائها ؟؟؟؟؟؟؟؟؟؟؟؟
    بعد ما ننتهي من ال CCNA تاتي باقي الشهادات الاحترافية والسيكيوريتي من ضمنها وهي مقسمة بل التسلسل كالتالي :
    SND Security Network Devies هذا هو الامتحان الاول وهو يخص السيكيوريتي بشكل عام .
    SNRS Security Network Router & Switch وهذا الامتحان هو لسيكيوريتي الروتر والسويج
    SNPA Security Network with PIX & ASA وهذا هو العمود الفقري للسيكيوريتي في رايي مهم جدا .
    CSVPN Cisco Secure Virtual Private Networks وهذا الامتحان خاص بي ال في بي ان .
    IPS Implementing Cisco Intrusion Prevention System وهذا الامتحان يتكلم عن جهاز للمراقبة الشبكات
    HIPS وهو اختياري بينة وبين ال CSVPN .

    هذا الكلام معاد ومتكرر ( انا عارف ) بس انا موضوعي اليوم عن الشهادات .
    عارف لمة بتكمل كل ال CCSP سوف تحصل على 8 شهادات 6 من سيسكو و 2 من NSA NETWORK SECURITY AGENT ودية منظمة كبيرة مختصة بل السيكيوريتي واحد زبئنها ال CIA .

    كذالك من اهم الميزات الموجودة في شهادات ال CCSP هي بتعطيك Specialist اخصائي
    فحتكون انشاء الله اخصائي بل التالي :

    Cisco Firewall Specialist
    Cisco Information Security Specialist
    Cisco IPS Specialist
    Cisco IOS Specialist
    Cisco VPN Specialist
    4011 Recognition هذا هو اعتراف اولي من ال NSA
    4013 Recognition وهذا الاعتراف الثاني وهو ياتي بعد ان تكمل كل ال CCSP

    هذه هي خاصية شهادات ال CCSP حيث انا تحتوي على 8 شهادات او جداريات بينما ال CCNP تحتوي على شهادة واحدة وتحصل عليها عندما تكل ال 4 امتحانات كلها . على العموم ليش العبرة في كثرة الاوراق والشهادات ولكن العبرة في المعرفة والخبرة العملية طبعا .
    هة مقدمة لمعرفة الشهادات في هذا الاختصاص واعتقد اني مروج جيد لشهادات السيكيوريتي هههههههه .



  6. #6
    عضو
    تاريخ التسجيل
    Nov 2007
    المشاركات
    55
    الدولة: Malaysia
    معدل تقييم المستوى
    0

    رد: CCIE SECURITY LAB انشاء الله

    السلام عليكم

    هذا هو ال workbook الخاص بي ال CCIE SECURITY LAB

    https://mihd.net/dl

  7. #7
    عضو
    تاريخ التسجيل
    Nov 2007
    المشاركات
    55
    الدولة: Malaysia
    معدل تقييم المستوى
    0

    رد: CCIE SECURITY LAB انشاء الله

    السلام عليكم

    هذه الخطوات التي تطبقها لتشغيل ال IPS / IDS
    على ال VMWARE

    1 - هذا هو الينك الخاص بي ال IPS.ISO وهي مهمة ونادرة .
    https://rapidshare.com/files/4434579...image.rar.html

    2 - هذه نسخة حاظرة وجاهزة فقط تحملها على ال في ام وير وطبق الخطوات التالية ؟

    https://www.netemu.cn/bbs/thread-3109-1-1.html


    نتوكل على الله ونبدء بل الخطوات :

    Running Cisco IDS/IPS v5 Software in VMWare
    ===========================================

    This Howto describes how to get the Cisco IDS/IPS Software Release 5 running
    inside VMWare. After successful installtion, the VM will emulate a IDS-4215
    platform with 3 GigabitEthernet interfaces Wink

    I developed this Howto by using VMWare Workstation for Linux, I didnt tested
    this with any VMWare version for Windows.

    REQUIREMENTS
    ============
    - VMWare Workstation, I use version 5.5, running on a debian etch host system
    I never tested with a Windows host system

    - Cisco IPS recovery CD image, I used IPS-K9-cd-1.1-a-5.1-4.iso
    This file can be downloaded from CCO.
    CCO download access requires a valid support contract.

    - modified VMWare BIOS (CISCO_IDS4215_440.BIOS.ROM)
    This file should be in the archive from where you extracted this Howto

    - some basic UNIX skills for working with a shell and using vi

    - knowledge of the english keyboard layout Wink

    TECHNICAL DESCRIPTION
    =====================

    It seems that with IDS/IPS software release 5, Cisco implemented a more strict
    hardware identification checks, making it impossible to load the code on 4.x
    custom-build systems or in VMWare.

    I'm not skilled enough to produce anything useful with the BIOS that can be
    downloaded from CCO Wink, so I investigated in how to get VMWare to provide
    anything the IPS software wants to hear. I still would prefer to have the native
    BIOS running, but this is a start for all the desperate souls that need a
    working IPS for study/LAB preparation.

    I concentrated myself on the 4215 platform, because it seems that it does not
    have any special ROM/PROM chips built in.

    Basically, IPSv5 is based on Redhat Linux, so it is able to run inside VMWare.
    The recovery CD boots and reimages fine, as long as the virtual harddisks are
    large enough (256M for hda, 4GB for hdb).

    hda is the flash in the appliance and holds the complete OS and the
    configuration. hdb is a real harddisk and is for "var" storage (event store
    etc.). The reimage fails when you have disks that are too small (fdisk will
    complain about wrong boundaries/size).

    With a fresh system, you can boot into runlevel 1, mount the remaining
    filesystems and inspect what the system will do at regular startups.

    The procedure collection file /etc/init.d/ids_functions will determine the
    platform type during bootup. Because the 4215 doesnt have a special chip, the
    routine makes selections based on the CPU speed and processor count. You can
    trick the routine by entering the CPU speed reported by linux.

    But this is not enough. At some point, a program called smbios_bios_info is
    called, reading information from the BIOS. Also, the binary mainApp will do this
    again later, so we have to find a way how to tell the systems what it wants to
    hear. Luckily, on the 4215 only DMI strings are checked.

    VMWare allows to extract the required portion of the BIOS, and with a resource
    editor you can modify the DMI strings to match the values the software checks.
    By telling VMWare to load this modified BIOS, the IPS software is satisfied and
    identifies the VM as a 4215 sensor.

    I basically changed all the DMI strings to read as Vendor "Cisco Systems",
    Platform "IDS-4215", Chassis/Asset Tag "12345678901".

    Now that the sensor boots and the CLI is useable, network connectivity must
    work. VMWare and the IPS linux both support Intel e1000 cards, so this looks
    promising

    The physical interface configuration layout of all the appliances are defined in
    /usr/cids/idsRoot/etc/interface.conf. By replacing the pci device-id values with
    the one provided by VMWare (see /proc/pci), the sensor recognized the VMWare
    virtual ethernet cards.

    By modifying this file you are able to use interface types a platform normally
    will not support (Gigabit cards in the 4215).

    With this VM I was able to use IDM from a windoze system, create own signatures
    and put a sensing interface between two dynamips instances (aletring each
    time it sees EIGRP packets). This should be proof enough!

    Well, this are nearly all the information I collected during 8-12 hours of
    experimenting in a few sentences. However, there are still some quirks and areas
    I dont understand well, for example, the problems caused by the absence of the
    file /usr/share/zoneinfo/cidsZoneInfo.

    I hope this Howto is a start and encourages people to modify and enhance it.

    Have fun!


    einval

    INSTALLATION
    ============

    1. VMWare

    Extract the content of the archive to a place you remember; you'll need to
    specify the location of the BIOS file soon.

    Start VMWare and create a new Virtual Machine (VM). The wizard starts; please
    use the following options:

    - "Custom" configuration
    - "Workstation 5" format
    - Guest: "Linux" / Version: "Red Hat Linux"
    - Name: whatever you like, maybe "Cisco:IPS"
    make sure you remember the path listed in "Location"
    - "One" processor
    - 512 MB RAM
    - "use brdged networking"
    - SCSI Adapter: "BusLogic" (doesnt matter)
    - "create a new virtual disk"
    - Disk type "IDE"
    - Size 0.3GB (yes, 300MB not GB)
    - accept, then click "Finish"

    Edit your VM Settings.

    - Remove the sound adapter
    - Remove the USB controller
    - Remove the floppy disk

    - Add two additional Ethernet adapters
    The network connection type doesnt matter at the moment (leave
    it as bridged, for example)

    - Add one additional hard disk
    - "create a new virtual disk"
    - Disk type "IDE"
    - Size 4 GB (yes, 4GB this time, values below 4 GB will not
    work)
    - accept, then click "Finish"

    - modify CD-ROM settings
    - "use ISO image"
    point it to the IPS recovery CD iso file

    Now, finish modifications and quit VMWare.

    Go to the folder where your VM resides (for me, it is ~/vmware/<VM_name>), and
    edit the VM configuration file (.vmx).

    Put in the config option that tells VMWare to boot an alternative BIOS:

    bios440.filename =
    "<path_were_you_extracted_the_archive>/CISCO_IDS4215_440.BIOS.ROM"

    Put in the device type for the Ethernet adapters (we want Intel GE cards):

    ethernet0.virtualDev = "e1000"
    ethernet1.virtualDev = "e1000"
    ethernet2.virtualDev = "e1000"

    Now save and close the configuration file.

    2. Recovery Image installation

    Start VMWare and fire up the newly created VM. The recovery CD iso file will
    automatically selected for loaded; you have to enter "k" to start the CD boot
    process.

    The recovery CD loads and does a full re-imaging of the VM hard drives. Please
    ignore any errors about failed platform identification and wait until the system
    reboots.

    When rebooting (VMWare BIOS message is presented), STOP the VM and continue to
    read the next step.

    3. First boot

    Before we continue, we have to modify the GRUB boot parameters to get into
    single user mode. When the system boots for the first time after re-imaging, and
    the GRUB menu is displayed, press any key to stop the timer (up/down arrow, for
    example). Without that, the system boots and get stuck at hardware detection.

    Now that you know it is safe to turn on the VM again. Wait until GRUB menu is
    displayed amd select "Cisco IPS".

    Press "e" to enter edit mode.

    Select the second line (the one starting with "kernel"), and press "e" again.

    Scroll to the left until you see the entry "init=loadrc". replace loadrc with 1
    (should read "init=1") - dont touch any other option.

    Press Enter and then "b" to start the boot process. After booting linux, the
    system stop at init level 1.

    4. Modifications

    Press Enter to get a shell. Execute (english keymap!)

    /loadrc
    /etc/init.d/rc.init
    touch /usr/share/zoneinfo/cidsZoneInfo

    Now determine the speed of your CPU:

    cat /proc/cpuinfo

    by looking at the line named "cpu MHz". Write down the value (int only). Make a
    copy of the file ids_functions and modify it:

    cd /etc/init.d
    cp ids_functions ids_functions.orig
    vi ids_functions

    Search for the string "4215" or go directly to the line #252 that reads

    elif [[ 'isCPU 845' -eq $TRUE && ...
    MODEL=$IDS4215
    ...
    Modify the string "845" to the CPU speed you determined earlier - use only the
    int value (for example, 2659). Of course you can copy the whole line, comment
    the original one and keep it for further reference.

    3 lines below there are variables named "DEFAULT_MGT_OS" and "DEFAULT_MGT_CIDS".
    Modify their values to:

    DEFAULT_MGT_OS="ma0_0"
    DEFAULT_MGT_CIDS="Management0/0"

    Save the file and close vi.

    Now, modify the interface cofiguration file:

    cd /usr/cids/idsRoot/etc
    cp interface.conf interface.conf.orig
    vi interface.conf

    Scroll down until you find the section for the IDS-4215 (its the second one).

    Modify the pci-bus numbers in the slot definition subsection:

    [models/IDS-4215/slots/1]
    # lower slot
    pci-bus=0 # change this to 1
    pci-device=17

    [models/IDS-4215/slots/2
    # upper slot
    pci-bus=0 # change this to 2
    pci-device=19

    Now, modify the built-in Interfaces by going to [models/IDS-4215/interfaces/1]

    [models/IDS-4215/interfaces/1]
    # built-in 10/100 TX mgmt interface, Intel 82559ER
    # was eth1 (int1) in 4.x
    # rightmost connector on front panel
    # labeled "Ethernet 1" on panel
    name-template=FastEthernet0/0 # change this to Management0/0
    pci-bus=0
    pci-device= 14 # change this to 17
    pci-function=0
    vendor-id=0x8086
    device-id=0x1209 # change this to 0x100f
    type=ge # change this to ge
    mgmt-capable=yes

    Modify the second interface

    [models/IDS-4215/interfaces/2]
    # built-in 10/100 TX sensing interface, Intel 82559ER
    # was eth0 (int0) in 4.x
    # leftmost connector labeled "Ethernet 0"
    name-template=FastEthernet0/1 # change this to GigabitEthernet0/1
    pci-bus=0
    pci-device= 13 # change to 18
    pci-function=0
    vendor-id=0x8086
    device-id=0x1209 # change to 0x100f
    type=fe # change to ge
    sensing-capable=yes
    tcp-reset-capable=yes

    CREATE a third interface by copying the whole [models/IDS-4215/interfaces/2]
    section

    [models/IDS-4215/interfaces/2] # rename to /3
    name-template=GigabitEthernet0/1 # rename to GigabitEthernet0/2
    pci-bus=0
    pci-device= 18 # change to 19
    pci-function=0
    vendor-id=0x8086
    device-id=0x100f
    type=ge
    sensing-capable=yes
    tcp-reset-capable=yes

    Now increase the interface number by 1 for the remaining (dummy) interfaces
    [models/IDS-4215/interfaces/3] to 6; the ones that have "1 x 4-FE card" in the
    comment.

    Save the file and quit vi.

    Now move to the IPS bin directory and replace the file smbios_bios_info

    cd /usr/cids/idsRoot/bin/
    mv smbios_bios_info smbios_bios_info.orig
    vi smbios_bios_info

    Enter the following content into this file:

    #!/bin/sh
    echo
    echo "Platform: IDS-4215"
    exit 0

    Save and quit. Now make the file executeable and test it

    chmod +x smbios_bios_info
    ./smbios_bios_info

    The system should display "Platform: IDS-4215". And thats it for all the system
    modifications.

    Now reboot the VM by entering

    reboot

    5. second boot

    After making all the modifications, the VM sould start and present you a login
    promt. If it gets stuck (no login), reload it again - this can happen when you
    booted the system completely without going into runlevel 1 in step 4.

    There is still a yellow warning about modifications since last reboot - this
    message disappears after the next reboot.

    Log on with the factory default account (cisco/cisco) and assign a new password.

    Now assign the service account a password:

    conf t
    username service pass <yourpass> privi service
    exit

    Log out and login as user "service" - you will have a shell. Do a switch user to
    root "su -", the password is the same as for the user "service".

    Now look if the file "/usr/share/zoneinfo/cidsZoneInfo" is still there. If not,
    "touch /usr/share/zoneinfo/cidsZoneInfo" it. Without that file, you are not able
    to see any config in the CLI (for whatever reasons). Exit until you reach the
    login prompt again.

    Login as "cisco" and you should be able to do a "show conf". Bacup the
    configuration with "copy current-config backup-config" and reload by doing a
    "reset".

    After the next reboot, the system is fully useable.

    USAGE/HINTS/ISSUES
    ==================

    - initial setup

    The first thing you shoud to is to get network access to the VM via
    ssh/PDM/telnet. Make sure the VMWare "Ethernet 1" is connected as you need it
    (bridged to the VMWare host NIC for example).

    In the cli, enter

    conf t
    service host
    network-settings
    host-ip x.x.x.x/<maks>,<gateway> # for example, host-ip
    192.168.1.2/24,192.168.1.1
    access-list x.x.x.x/<mask> # for example, access-list 192.168.1.0/24
    telnet-option enabled # if you want telnet access
    exit
    exit
    exit

    This allows anybody specified in access-list to access the sensor Management IP
    address, specified by host-ip. IDM access works then out of the box.

    - network access

    After my VM starts, I'm not able to use any network interface unless I
    disable/enable the corresponding VMWare NIC (right click in the network card
    icon in VMWare status line).

    - PDM

    PDM does not show system information under Monitoring. Cometic issue, IMHO.

    - IPS Updates

    I didnt applied version 5 service packs, but I'm certain that with each update
    that brings modifications to the underlying OS, you have to check your
    modifications again.

    I didnt tried software release 6 either; it may force you not only to apply my
    modifications again, but also introduce improved hardware checking, making the


    اعتقد الموضوع ممكن معقد قليل والموقع بل اللغة الصينية ولكن ممتع جدا في رأي فقط طبق الموضوع .
    وانشاء الله يكون الموضوع واضح واي استفسار انا حاظر انشاء الله

    السلام عليكم

  8. #8
    عضو
    تاريخ التسجيل
    Apr 2007
    المشاركات
    532
    معدل تقييم المستوى
    0

    رد: CCIE SECURITY LAB انشاء الله

    مشكور ويعطيك ربي الف عافيه

    انه بعد عندي اهتمام بالسكيورتي وان شاء الله راح ادرس CCSP

    وقاعد ابي اضبط لاب حق دراستها وربك يسهل ان شاء الله

  9. #9
    مشرفة سابقة
    تاريخ التسجيل
    Nov 2006
    المشاركات
    1,273
    معدل تقييم المستوى
    19

    رد: CCIE SECURITY LAB انشاء الله

    اقتباس المشاركة الأصلية كتبت بواسطة dhrai2020 مشاهدة المشاركة
    السلام عليكم

    هذا هو ال workbook الخاص بي ال CCIE SECURITY LAB

    https://mihd.net/dl
    شكرا لك اخي بس ماقدرت انزل ال workbook الخاص بي ال CCIE SECURITY LAB ممكن تتاكد من الرابط
    [SIZE="2"][COLOR="Teal"] [CENTER]
    اللَّهُمَّ اجعل حبك أحب الأشياء إليّ
    و اجعل خشيتك أخوف الأشياء عندي
    و اقطع عني حاجات الدنيا بالشوق إلى لقائك
    و إذا أقررت أعين أهل الدنيا من دنياهم ، فأقرر عيني من عبادتك
    [/CENTER]
    [/COLOR][/SIZE]

المواضيع المتشابهه

  1. ccie security
    بواسطة sheno في المنتدى منتدى الشهادات العام
    مشاركات: 35
    آخر مشاركة: 15-02-2016, 16:29
  2. CCIE OR CCNP- Security
    بواسطة nabaweka في المنتدى الأرشيف
    مشاركات: 2
    آخر مشاركة: 14-01-2012, 15:33
  3. CCIE Security Lab on GNS3
    بواسطة م/ أحمد بخيت في المنتدى الأرشيف
    مشاركات: 9
    آخر مشاركة: 13-10-2011, 15:26

الكلمات الدلالية لهذا الموضوع

المفضلات

ضوابط المشاركة

  • لا تستطيع إضافة مواضيع جديدة
  • لا تستطيع الرد على المواضيع
  • لا تستطيع إرفاق ملفات
  • لا تستطيع تعديل مشاركاتك
  •