Latest articles

  1. How to install Cisco Configuration Professional (CCP) in GNS3

    Published: Mon 28 August 2017 in Cookbook.
    Updated: Thu 23 November 2017 (Added details on the Java version to use.)
    A step-by-step guide to get the infamous CCP 2.x (Cisco SDM) up-and-running in a virtual lab.

    The Cisco Configuration Professional (CCP) is a graphical interface allowing to quickly and easily configure, monitor and troubleshoot Cisco IOS-based devices. It does exactly the same thing as one could do using IOS command-line, but using more convenient graphical tools and optional wizards for multi-steps configuration, including operations involving several devices like setting-up a tunnel.

    It comes in two versions:

    • CCP 2.x, also known as Router and Security Device Manager Software (SDM), it is the little brother of ASDM used to configure ASA firewalls. This is a desktop application, the GUI is installed locally on the user’s host.

    • CCP “Express” 3.x: this version is deployed on the Cisco devices themselves and leverage devices’ HTTP port to embed a web configuration interface. CCP Express already existed in the 2.x generation, at that time two flavors were available: the “end-user” one with reduced functionalities (the end-result was …

  2. How to install Cisco Secure Access Control System (ACS) server in GNS3

    Published: Mon 28 August 2017 in Cookbook.
    A step-by-step guide to get Cisco ACS up-and-running in a virtual lab.

    Cisco Secure Access Control System (ACS or CSACS) server is Cisco’s Authentication, Authorization and Accounting (AAA) server, allowing to centralize network devices users permissions and auditing.

    It supports TACACS+ (Cisco proprietary) and RADIUS (open standard, usable with non-Cisco devices) protocols. It has its own users store, which is useful for lab tests, but in real life it will most likely be connected to a Microsoft Active Directory server to centralize users credential management.


    ACS is in the process of being replaced by its successor Identity Service Engine (ISE).

    For some time, the two products were to be used together, with ACS handling authentication and authorization while ISE was focusing on hosts policy-compliance checking.

    For CCNA-Security students, as for now only ACS is really covered by the curriculum. ISE is just mentioned from time to time so you know what it is and why it is used.

    Evaluation …

  3. Cisco CCNA Routing & Switching certification review

    Published: Mon 21 August 2017 in Opinions.
    Facts, advices and personal impressions on the Cisco CCNA Routing & Switching certification.

    The five Ws

    • What: CCNA Routing & Switching is a technical certification about enterprise-grade IT networking from Cisco. It covers the involved devices, protocols and how to implement them using Cisco technologies.

    • When: This is an entry-level certification with no prerequisite.

    • Why: This certification demonstrate a good level of familiarity with enterprise networks and Cisco’s IOS-based devices.

      It is a de-facto standard in terms of IT networking certification, valuable even for employers using different technologies than Cisco, and is also a prerequisite for several other Cisco certifications.


      Note that Cisco certifications may not have the actual CCNA R&S certification as a prerequisite, but the CCENT instead which is half of the CCNA R&S.

      If you are interested in networking (and I expect you are when you intend to pass a Cisco exam) I warmly encourage you to pass the full CCNA R&S certification instead of …

  4. How to add Cisco IOS-based devices in GNS3

    Published: Sat 19 August 2017 in Cookbook.
    An explanation on how physical IOS-based devices work and the available solutions to virtualize them.

    GNS3 historical use-case was to act as a GUI around Dynamips to emulate Cisco devices. However, while stable, this emulation may not be as straightforward as it could be and has some limitations.

    To understand the negatives, we first need to understand how IOS-based Cisco hardware work.

    How real gear works

    Professional switch and router devices cannot be reduced to a general purpose small-factor computer with a few additional network interfaces.

    When using a general purpose computer with classical network adapters to build a router/firewall appliance, all the processing occurs at the software level, generally the operating system kernel.

    On specialized hardware such as Cisco switches and routers, the operating system (here IOS) works tightly with some underlying specific (and usually proprietary) hardware and delegates parts or all of the processing to dedicated chips, the Application Specific Integrated Circuits or ASICs, to allow faster processing.

    On general-purpose computers …

  5. Professional Penetration Testing (Thomas Wilhelm)

    Published: Sat 19 August 2017 in Library.
    Penetration testing not seen as a technical operation but as a business activity: what changes when a hobby becomes a real job?

    This book does not teach you penetration testing technically, it teaches you penetration testing professionally. Here, the pentest is not a technical exercise anymore, it becomes a paid service delivered to a customer to satisfy a business need. This requires more than throwing a bunch of tools and lines of code toward a target. This requires things like planning, methodology, quality and risks management, and communication. This is what this book is about.

    This book target mainly three kind of audiences:

    • People who are already familiar with the technical side of pentesting and are wondering if making it a career would be interesting for them (doing something as a hobby and as a job is not the same) and, if so, how to proceed and what to expect.

    • Pentesters already in the field but who would-like to have a broader view of their current job.

    • Project managers who are already …

  6. Are certifications useful? A few words about career plans.

    Published: Thu 17 August 2017 in Opinions.
    Why the right certification may be beneficial for your employer, for the customers, but above all for yourself.

    I regularly encounter people claiming that certifications have no use, or at best only help to pass HR screening.

    I acknowledge that the importance and impact of certification is often over-emphasized by people selling certification-related books and services (which is to be expected: they are selling something, this is advertisement), and I also agree that a certification is not a proof of anything per see.

    However, I believe that a certification from a well-known and trusted organism benefits the whole IT security chain: it benefits both you, your employer and the final customer.


    I talk here of “certification from a well-known and trusted organism”. There is a tendency for a lot of websites hosting a few training material to deliver “certifications”, praising the value your resume will get with one of these.

    In case of doubts, check job offers: if there is no demand for this particular certification (and …

  7. Why I teach people how to hack (Ýmir Vigfússon)

    Published: Thu 17 August 2017 in Library.
    Why learning to hack is a good thing, explained to the grown-up, serious people :).

    In this short TEDx talk, Ýmir Vigfússon tells us what it means to be a hacker, from the curious teenage who does not really have a “moral compass” (yet!) to the senior professional sharing his knowledge.

    He tells us what leads people in this direction, but above us he tells us how all these people, from the teenage to professional, do all benefit to the society as a whole.

    For those who may not know this text, this video has a strong feeling of the Hacker’s Manifesto, but now explained by a well-respected professional and assistant professor instead of a 11 years old teenager.

    Watch on YouTube

  8. How to add virtual machines (end devices nodes) in GNS3

    Published: Mon 14 August 2017 in Cookbook.
    Updated: Mon 25 September 2017 (Improved "Create your own virtual machine")
    All you need to know to use virtual machines inside GNS3 topologies.

    Virtual machines can be added in GNS3 topologies as end devices nodes and can play various roles:

    • Lightweight ones are very focused for instance to provide just enough to test the network connectivity or provide a functional browser.

      They start blazingly fast and are very light on resources, meaning you can put several of them to test end-user workstation behavior at several places in your topology with little to no worry about the CPU or memory impact.

    • Dedicated appliances are designed to provide a specific service, like networking (firewall, …), applicative (proxy, email filtering, …) or administrative (monitoring, …) services.

      Resource consumption vary greatly depending on the service and the software used by the appliance. However, professional appliances are usually designed to handle a large number of simultaneous operations: some will support with no issue to see the virtual machine resources settings reduced on test environments (some may require a modification in their …

  9. Where to find virtual machines and ISO files?

    Published: Mon 14 August 2017 in Cookbook.
    Updated: Thu 23 November 2017 (Add atrick for older Microsoft download URLs)
    The best places to find ISO images and ready-made virtual machines to feed your virtual lab.

    Free software

    Virtual machines

    Several websites offer a large selection of freely downloadable virtual machines with pre-configured free software, for instance:

    You can also check the marketplaces maintained by virtualization-related software, such as VMware and GNS3.

    ISO files

    Obviously the main place to get free software ISO files is from the projects website.

    However, FrozenCow maintains a centralized list of direct links to a fair number of Linux and BSD installation ISO files.

    Some projects host all previous versions of their system, but sometimes they are not easy to find. Search in priority on the master repository as these older versions may not be copied onto mirrors. Sometimes they are stored in a separate “archive” area. At last, WinWorld does a great job in collecting old systems installation medias, including discontinued Linux distributions.

    If you are not sure which Linux or BSD system to choose, DistroWatch might …

  10. Hacker’s Manifesto (The Mentor)

    Published: Sat 12 August 2017 in Library.
    A heart-moving foundational document on the hacker culture, written 1986 but still current.

    Teenagers interested in computer hacking in the broad sense of the term, where hacking focuses on the technical aspects of computer science and security is just a part of it, often face the same roadblock.

    As this practice is generally not understood and the subject of a lot fantasies and misconceptions, they are often facing the same criticisms: they spend all their time playing on their computer, are anti-social, do not respect authority. In a few words, they are ruining their life.

    However, the most difficult in such situations are not the criticisms by themselves, it is the sense of isolation that they produce. Forty years ago, one of such teenager raised up against this feeling and wrote, under the pen name The Mentor what now counts as one of the most heart-moving and inspirational text about the hacking culture: the Hacker’s Manifesto, also known as The Conscience of …

Pages: 1 2 3 4 5 6

Popular tags see all