Contents

An SSL certificate has become an important symbol of trust for any online merchant, providing assurance to their customers that their data is safe and it cannot be counterfeit and ensure that its customers' sensitive data is transmitted securely and safely.

Security is the number one concern for internet shoppers today.

Security is the number one concern for internet shoppers today.The e-commerce business is all about making money and then finding ways to make more money. Of course, it's hard to make (more) money, when consumers don't feel safe executing a transaction on your Web site. That's where SSL (Secure Socket Layer) comes into play. Understanding how SSL affects e-commerce business can also potentially help you to unlock (more) money from your customers.You need SSL if... -Your business partners log in to confidential information on an extranet.-You have offices that share confidential information over an intranet.-You process sensitive data such as address, birth date, license, or ID numbers.-you have an online store or accept online orders and credit cards-You need to comply with privacy and security requirements.-You value privacy and expect others to trust you.If you are doing online business where sensitive information such as credit cards, Personal data will be transferred, you surely need to secure your website. Gaining your customers trust is of the utmost importance. Your customers will only purchase the product if they feel safe and confidant about you.Before the introduction of SSL it was difficult to ensure privacy over the web in online transactions. There was a general distrust of the ability to conduct online transactions and a fear that an individuals credit card information could be picked up by a third party and used for unauthorized purchases. SSL should be enacted on pages requiring a password or might contain personal data most clients would like to keep private. Some sites will place SSL on some pages and forget other pages that are equally as sensitive. For the sake of your personal experience with ecommerce, you should implement SSL protocol.Any website that conducts business over the Internet and has e-commerce transactions should use SSL (Secure Socket Layer). It is the standard way to secure transactions by encrypting data and providing authentication over the web. SSL prevents hackers from accessing personal information, impede misuse of information.A certificate authority (CA) is an authorized company or individual for that matter that has the ability to issue and verify digital certificates. There are several of websites that offer a digital certificate. One of the popular Global Certification authorities is MindGenies (www.sslgenie.com).

Cisco CCNA / CCNP Certification Exam: Attending A Video Boot Camp

Cisco CCNA / CCNP Certification Exam:  Attending A Video Boot Camp

When you're studying for the CCNA and CCNP exams, you've got a lot of different choices when it comes to training. One popular choice is choosing one of the many "boot camps" and five-day in-person courses that are out there. I've taught quite a few of these, and while many of them are good, they do have drawbacks. Of course, one is cost. Many employers are putting the brakes on paying for CCNA and CCNP boot camps, and most candidates can't afford to pay thousands of dollars for such a class. Then you've got travel costs, meals, and having to possibly burn your own vacation time to take the class. Add in time away from your family and boot camps become impractical for many CCNA / CCNP candidates. Another issue is fatigue. I enjoy teaching week-long classes, but let's face facts - whether you're training for the CCNA or CCNP exams, you're going to get a lot of information thrown at you in just a few days. You're going to be mentally and physically exhausted at the end of the week, and that's when some boot camps actually have you take the exam! You've got to be refreshed and rested when you take the exam to have your best chance of success.How can you get the benefit of an experienced instructor without paying thousands of dollars? By taking a Video Boot Camp! There are some high-quality computer-based training (CBT) courses out there, and these courses offer quite a few advantages for the CCNA and CCNP candidate. These courses run hundreds instead of thousands of dollars, and you can train on your own schedule. It is important for you to make and keep that schedule, but instead of spending thousands of dollars and having to travel, you can get world-class CCNA and CCNP training in the comfort of your own home.By combining a high-quality CCNA or CCNP CBT or video boot camp with a strong work ethic, you're on your way to passing the exam and accelerating your career. Now get to work!

Cisco CCNP / BCMSN Exam Tutorial: Changing Root Bridge Election Results

Cisco CCNP / BCMSN Exam Tutorial: Changing Root Bridge Election Results

Your BCMSN and CCNP studies will include mastering the details of Spanning Tree Protocol (STP). While you learned some of these details in your CCNA studies, quite a bit of it may be new to you. Before going on to the intermediate and advanced STP features, let's review the root bridge election process and learn how to change these results.Each switch will have a Bridge ID Priority value, more commonly referred to as a BID. This BID is a combination of a default priority value and the switch's MAC address, with the priority value listed first. For example, if a Cisco switch has the default priority value of 32,768 and a MAC address of 11-22-33-44-55-66, the BID would be 32768:11-22-33-44-55-66. Therefore, if the switch priority is left at the default, the MAC address is the deciding factor.Switches are a lot like people - when they first arrive, they announce that they are the center of the universe! Unlike some people, the switches will soon get over it. BPDUs will be exchanged until one switch is elected Root Bridge, and it's the switch with the lowest BPDU that will end up being the Root Bridge.If STP is left totally alone, a single switch is going to be the root bridge for every single VLAN in your network. Worse, that single switch is going to be selected because it has a lower MAC address than every other switch, which isn't exactly the criteria you want to use to select a single root bridge.The time will definitely come when you want to determine a particular switch to be the root bridge for your VLANs, or when you will want to spread the root bridge workload. For instance, if you have 50 VLANs and five switches, you may want each switch to act as the root bridge for 10 VLANs each. You can make this happen with the spanning-tree vlan root command.SW1(config)#spanning-tree vlan 1 ?forward-time Set the forward delay for the spanning treehello-time Set the hello interval for the spanning treemax-age Set the max age interval for the spanning treepriority Set the bridge priority for the spanning treeroot Configure switch as rootIn this example, we've got two switches, and SW1 has been elected the root bridge for VLANs 10, 20, and 30. We'll use the spanning-tree vlan root command on SW2 to make it the root bridge for VLANs 20 and 30.SW2(config)#spanning-tree vlan 20 root primarySW2(config)#spanning-tree vlan 30 root primarySW2#show spanning vlan 20VLAN0020Spanning tree enabled protocol ieeeRoot ID Priority 24596Address 000f.90e2.1300This bridge is the rootSW2#show spanning vlan 30VLAN0030Spanning tree enabled protocol ieeeRoot ID Priority 24606Address 000f.90e2.1300This bridge is the rootSW 2 is now the root bridge for both VLAN 20 and 30. Notice that the priority value has changed from the default of 32768.In the next CCNP / BCMSN tutorial, we'll take a look at more STP features.

Cisco CCNP / BSCI Exam Tutorial: Introduction To Policy Routing

Cisco CCNP / BSCI Exam Tutorial:  Introduction To Policy Routing

Policy routing is a major topic on your BSCI exam, and you'll find quite a bit of policy routing going on in today's production networks. But what exactly is policy routing?Policy-based routing, generally referred to as "policy routing", is the use of route maps to determine the path a packet will take to get to its final destination. As you progress through your CCNP studies and go on to the CCIE (or to a Cisco Quality Of Service certification), you'll find that traffic can be "marked" by policy routing in order to give different levels of service to various classes of traffic. (This is done by marking the traffic and placing the different classes of traffic in different queues in the router, allowing the administrator to give some traffic higher priority for transmission.)There are some basic policy routing rules you should know:Policy routing doesn't affect the destination of the packet, but does affect the path that is taken to get there.Policy routing can forward traffic based on the source IP address or the destination IP address (with the use of an extended ACL).Policy routing can be configured at the interface level, or globally.Applying policy routing on an interface affects only packets arriving on that interface:R2(config)#int s0R2(config-if)#ip policy route-map CHANGE_NEXT_HOPApplying the policy globally applies the route map to packets generated on the router, not on all packets received on all interfaces.Whether you're running policy routing at the interface level, on packets created locally, or both, always run the command show ip policy to make sure you've got the right route maps on the proper interfaces.R2#show ip policyInterface Route maplocal CHANGE_NEXT_HOPSerial0 CHANGE_NEXT_HOPAnd here's the big rule to remember....If a packet doesn't match any of the specific criteria in a route map, or does match a line that has an explicit deny statement, the data is sent to the routing process and will be processed normally. If you don't want to route packets that do not meet any route map criteria, the set command must be used to send those packets to the null0 interface. This set command should be the final set command in the route map.There are four possibilities for an incoming packet when route maps are in use. The following example illustrates all of them.R2(config)#access-list 29 permit host 20.1.1.1R2(config)#access-list 30 permit host 20.2.2.2R2(config)#access-list 31 permit host 20.3.3.3R2(config)#access-list 32 permit host 20.4.4.4R2(config)#route-map EXAMPLE permit 10R2(config-route-map)#match ip address 29R2(config-route-map)#set ip next-hop 40.1.1.1R2(config-route-map)#route-map EXAMPLE permit 20R2(config-route-map)#match ip address 30Assuming the route map has been applied to the router's ethernet0 interface, a packet sourced from 20.1.1.1 would meet the first line of the route map and have its next-hop IP address set to 40.1.1.1.A packet sourced from 20.2.2.2 would match the next permit statement (sequence number 20). Since there is no action listed, this packet would return to the routing engine to undergo the normal routing procedure. All traffic that did not match these two addresses would also be routed normally - there would be no action taken by the route map.Perhaps we want to specifically block traffic sourced from 20.3.3.3 or 20.4.4.4. We can use multiple match statements in one single route map, and have packets matching those two addresses sent to the bit bucket - the interface null0.R2(config)#route-map EXAMPLE permit 30R2(config-route-map)#match ip address 31R2(config-route-map)#match ip address 32R2(config-route-map)#set ? as-path Prepend string for a BGP AS-path attribute automatic-tag Automatically compute TAG value comm-list set BGP community list (for deletion) community BGP community attribute dampening Set BGP route flap dampening parameters default Set default information extcommunity BGP extended community attribute interface Output interface ip IP specific information level Where to import route local-preference BGP local preference path attribute metric Metric value for destination routing protocol metric-type Type of metric for destination routing protocol origin BGP origin code tag Tag value for destination routing protocol weight BGP weight for routing tableR2(config-route-map)#set interface null0Any traffic matching ACLs 31 or 32 will be sent to null0, resulting in its being discarded by the router. Any traffic that didn't match any of the route map statements will be returned to the routing engine for normal processing.Knowing policy routing and how to apply it are essential skills for passing the BSCI exam, earning your CCNP, and becoming more valuable in today's job market. Get some hands-on practice in a CCNA / CCNP home lab or rack rental to go along with learning the theory, and you'll be writing and applying policy routing in no time at all.

Cisco CCNP / BCMSN Exam Tutorial: Dynamic VLANs and VMPS

Knowledge of Dynamic VLANs and VMPS is important in your efforts to pass the BCMSN exam and earn your CCNP, and it's also a great skill to have for your networking career. As a CCNA and CCNP candidate, you know how and why to configure static VLANs. Static VLANs can be a powerful tool for reducing unnecessary broadcast and multicast traffic, but if hosts are moved from one switch port to another, you've got to make those changes manually on the switch. With Dynamic VLANs, the changes are made - how else? - dynamically.The actual configuration of dynamic VLANs is out of the scope of the BCMSN exam, but as a CCNP candidate you need to know the basics of VMPS - a VLAN Membership Policy Server.Using VMPS results in port VLAN membership changes being performed dynamically, because the port's VLAN membership is decided by the source MAC address of the device connected to that port. (Yet another reason that the first value a switch looks at on an incoming frame is the source MAC address.) In my home lab network, I've got a host connected to switch port fast0/1 that resides in VLAN 12. What if we had to move Host 1's connection to the switch to port 0/6? With static VLANs, we'd have to connect to the switch, configure the port as an access port, and then place the port into VLAN 12. With VMPS, the only thing we'd have to do is reconnect the cable to port 0/6, and the VMPS would dynamically place that port into VLAN 12.I urge you to do additional reading regarding VMPS. Use your favorite search engine for the term configuring vmps and you'll quickly find some great official Cisco documentation on this topic.To review, the VLAN membership of a host is decided by one of two factors. With static VLANs, the host's VLAN membership is the VLAN to which its switch port has been assigned. With dynamic VLANs, it is dependent upon the host's MAC address.

Cisco CCNA / CCNP Home Lab Tutorial: Configuring An Access Server

As your CCNA / CCNP home lab expands, an access server such as the Cisco 2509 or 2511 is one of the best investments you can make. In this article, we'll look at the basic configuration for an access server and discuss how to connect to the other routers and switches in your pod through the AS.Here's part of a configuration from one of my access servers:ip host FRS 2006 100.1.1.1ip host SW2 2005 100.1.1.1ip host SW1 2004 100.1.1.1ip host R2 2002 100.1.1.1ip host R1 2001 100.1.1.1ip host R3 2003 100.1.1.1interface Loopback0 ip address 100.1.1.1 255.255.255.255 no ip directed-broadcastThis is an IP Host table, and this is what makes the entire AS setup work. Your PC will connect to the access server, and the access server is in turn physically connected to your other routers and switches via an octal cable. One end of the octal cable splices off into eight separate cables, each terminated with an Rj-45 connector. That connector will be placed into the console port of one of your home lab devices. In this configuration, I have connector 1 connected to the console port of R1, connector 2 to R2, connector 3 to R3, connector 4 to Sw1, and so forth. (The connectors are physically numbered as well.)The IP Host table entries here are linked to the loopback address shown. The loopback can be any address, but it must match the address in the IP Host table. This allows you to create reverse telnet sessions to the routers and switches.To open the reverse telnet sessions upon opening a connection to the AS, type the entire name of the device and press the enter key twice. A connection to that device will now be visible, as shown here:Access_Server#r1Trying R1 (100.1.1.1, 2001)... OpenR1#To get back to the access server, use the key combination followed by pressing the "x" key. Keep doing this until you've opened a connection to every router and switch in your pod.Once you've opened the lines, you will not use the full device name to connect to the home lab devices. You should press only the number corresponding to the reverse telnet session you opened. For instance, in this configuration I opened telnet session 1 to R1, session 2 to R2, and session 3 to R3. Once I opened those sessions, I just use those numbers to reconnect to the devices, as shown here:Access_server#1[Resuming connection 1 to r1 ... ]R1#Access_server#2[Resuming connection 2 to r2 ... ]R2#Access_server#3[Resuming connection 3 to r3 ... ]R3#If you type the full hostname again after initially opening the connection, you will see this message:Access_server#r1Trying R1 (100.1.1.1, 2001)...% Connection refused by remote hostThe connection is refused because you already have an open connection to that router.There's one more important part of an access server config your CCNA / CCNP home lab will need:line 1 8 no exec transport input allThe line numbers may differ according to your access server, but "no exec" is very important here. This will stop rogue EXEC sessions from refusing connections that it shouldn't be refusing. Without this command, you'll commonly see "connection refused by remote host" when you shouldn't be. That message is the most common error you'll see on an access server, and it's there because you already have an open connection or you left "no exec" out of your configuration. "No exec" isn't mandatory, but it will help you keep your sanity!

Summary

An SSL certificate has become an important symbol of trust for any online merchant, providing assurance to their customers that their data is safe and it cannot be counterfeit and ensure that its customers' sensitive data is transmitted securely and safely.