Wednesday 8 March 2017

Can You Run A Business via a Smartphone?

Smartphones have come so far in the last decade. But could you ditch your laptop for one? The answer is maybe.

from Tom's IT Pro
via CERTIVIEW
Posted by at No comments:
Labels: , , , , , , , ,

Firefox 52 is the Last for Windows XP

The latest version of Firefox will allow complex apps to run faster and it supports WebAssembly.

from Tom's IT Pro
via CERTIVIEW
Posted by at No comments:
Labels: , , , , , , , ,

Justify Your Investment in Video Conferencing Software

Video conferencing software is one way many businesses are creating collaborative, virtual work environments for employees — no matter where they reside. But can you convince the execs?

from Tom's IT Pro
via CERTIVIEW
Posted by at No comments:
Labels: , , , , , , , ,

How to Create Your First Chocolatey NuGet Package

Chocolatey is a favorite open source tool that uses NuGet to allow IT administrators to download and silently install software.

from Tom's IT Pro
via CERTIVIEW
Posted by at No comments:
Labels: , , , , , , , ,

Tuesday 7 March 2017

ITIL Certification Guide: Overview And Career Paths

ITIL is the de facto standard for IT service management frameworks. In this certification guide we cover ITIL's current certifications and training options as well as ITIL-related careers.

from Tom's IT Pro
via CERTIVIEW
Posted by at No comments:
Labels: , , , , , , , ,

Best Technologies That Enable Digital Handoffs

Apple, Microsoft, Samsung, HP and Google are all trying to bridge the computing divide and bring us a more continuous computing existence from mobile to desktop.

from Tom's IT Pro
via CERTIVIEW
Posted by at No comments:
Labels: , , , , , , , ,

Monday 6 March 2017

Are Subscription-Based IT Training Plans Worth The Money?

More content providers are jumping into the business of offering ongoing, subscription-based certification training and prep packages. Are these all-embracing training programs worth it?

from Tom's IT Pro
via CERTIVIEW
Posted by at No comments:
Labels: , , , , , , , ,

Report: PowerShell Trojan Uses DNS Queries

A targeted attack that's delivered by a malicious Word doc was uncovered by researchers at Cisco's Talos threat research group. The PowerShell scripts do a remarkable job of hiding its intentions and uses the Domain Name Service (DNS) to execute. MORE: DD

from Tom's IT Pro
via CERTIVIEW
Posted by at No comments:
Labels: , , , , , , , ,

Is Your Pay Keeping Pace with the Market?

New online tools promise to give quick answers about salaries, but you'll need more data to accurately determine your worth in today's marketplace.

from Tom's IT Pro
via CERTIVIEW
Posted by at No comments:
Labels: , , , , , , , ,

Business Guide to Cloud Backup

Cloud-based backup is a no-brainer, but sometimes you need more ammo than that to convince the higher ups.

from Tom's IT Pro
via CERTIVIEW
Posted by at No comments:
Labels: , , , , , , , ,

Sunday 5 March 2017

Docker Launches Enterprise Edition

Not content to own the container management space, Docker is opening its enterprise doors to pump up adoption within corporations.

from Tom's IT Pro
via CERTIVIEW
Posted by at No comments:
Labels: , , , , , , , ,

Friday 3 March 2017

How ITIL Differentiates Problems and Incidents

Students in ITIL® Foundation classes often find it challenging to differentiate between incidents and problems. To address this issue and offer clarification, this blog will identify the differences between incidents and problems, how they are related, and why it matters.

What is an Incident?

According to ITIL, an incident is an unplanned interruption to a service or a degradation in the quality of a service. What often determines the classification of something as an incident is whether or not the service level agreement (SLA) was breached. However, ITIL allows for raising an incident even before an SLA has been breached in order to limit or prevent impact.

In layman’s terms, an incident is the representation of an outage.

What is a Problem?

According to ITIL, a problem is the root cause of one or more incidents. Problems can be raised in response to one or more incidents, or they can be raised without the existence of a corresponding incident.

In layman’s terms, a problem is the representation of the cause or potential cause or one or more outages.

What is the Relationship Between Incidents and Problems?

Generally speaking, the relationship between the two is that one problem is the cause of one or more incidents. However, it is possible to have an incident (or group of incidents) that is caused by more than one problem.

Why Does ITIL Distinguish Between Incidents and Problems?

The point of distinguishing between incidents and problems is the same as separating cause and effect. Problems are the cause, and incidents are the effect.

ITIL encourages organizations to distinguish between these things because the two are often treated and resolved differently. Addressing an incident simply means that whatever service was impacted has been temporarily restored. It does not mean that the incident will not recur at some time in the future. When I say “temporarily,” keep in mind that could mean one minute or 10 years. The point is that a resolution to an incident is not permanent.

Problems, however, are the cause of incidents. We might use different techniques to identify the root cause of a problem and ultimately resolve that problem. When a resolution occurs, change management is invoked because addressing root causes often entails some amount of risk.

Effective incident management ensures that as a service provider you are able to keep the promises you made in your SLAs by providing a mechanism to quickly restore service when it’s necessary. Problem management ensures that as a service provider you are able to reactively respond to incidents so that they don’t recur and proactively prevent incidents from happening.

These are separate processes because they often require different skill sets and activities. Incident management wants to quickly restore service in line with any SLAs that are in place whereas problem management wants to eliminate the root causes of incidents. Sometimes to properly address a problem, a service provider must cause or extend an existing outage.

Our Solution

Students apply problem management process and techniques based on their specific workplace experiences in our Mastering Problem Management course. This non-certification, exercise-driven learning approach gives learners the tools they need for real world ITIL application.



from
CERTIVIEW
Posted by at No comments:
Labels: , , , , , , ,

Business Phone Services: Best Picks and Buying Guide 2017

Which business phone service is right for your small-to-medium business? We’ve narrowed the best choices for IT professionals to the top three: Nextiva, RingCentral and ShoreTel.

from Tom's IT Pro
via CERTIVIEW
Posted by at No comments:
Labels: , , , , , , , ,

How To Create a Custom DSC Resource

PowerShell cmdlets can help you create your own custom DSC resource.

from Tom's IT Pro
via CERTIVIEW
Posted by at No comments:
Labels: , , , , , , , ,

Thursday 2 March 2017

How to Troubleshoot Cisco’s Dynamic Multipoint VPN (DMVPN)

Dynamic Multipoint Virtual Private Network (DMVPN) is a network solution for those that have many sites that need access to either a hub site or to each other. It was designed by Cisco to help reduce the complexities in configuring and supporting a full mesh of VPNs between sites. There are other vendors that now support DMVPN, but Cisco is where it started.

Benefits of using DMVPN

The dynamic component of DMVPN is that a portion of the VPNs may not have to be pre-configured on all end points of the VPNs. DMVPN allows for the possibility of dynamic spoke-to-spoke communication, once the spokes have made contact with the hub or hubs.

It was intended to be used in a hub-and-spoke configuration (with the possibility of redundant hubs). DMVPN is based on RFC-based solutions: Generic Routing Encapsulation (GRE RFC 1701), Next Hop Resolution Protocol (NHRP RFC 2332) and Internet Protocol Security (IPSec, there are multiple RFCs and standards).

The main idea is to reduce the configuration on the hub(s) router and push some of the burden onto the spoke routers. Using the NHRP to register the spokes to the hub, the spoke can then use the hub as a resolution server to be able to build dynamic tunnels to other spokes.

What if it doesn’t work?

There are several moving parts here to look at: base configuration of the tunnel interfaces (and the basic connectivity), the registration of the spokes to the hub(s), and IPSec.

First off, the tunnel interfaces have to be configured with a source interface or address to create the tunnel, known as the public address relative to DMVPN. The addressing can be either IPv4 or IPv6, but the addressing for the source of the tunnel interfaces must be reachable by the other routers. Whether it’s spoke to hub or hub to spoke, using a ping or traceroute is the best way to verify connectivity.

The configuration may require IPSec, but try the tunnels without it. Ping the tunnel interface address, known as the private address. If the tunnels work without IPSec but don’t work with it, jump to troubleshooting IPSec. If the tunnels aren’t able to pass traffic without IPSec, then start looking at the basic configuration of the tunnel and the next hop resolution protocol.

The configuration of the hub is minimal, typically, relative to NHRP; most is done on the spoke routers. Make sure that mapping states are correct—ip(v6) nhrp map “private-address” “public-address.” Also, make sure the next hop server command is pointing to the public address of the hub—ip(v6) nhrp hns “public-address.”

interface Tunnel123
 ip address 192.168.123.1 255.255.255.0
 ip nhrp map 192.168.123.2 10.1.1.2
 ip nhrp map multicast 10.1.1.2
 ip nhrp network-id 1
 ip nhrp nhs 192.168.123.2
 tunnel source FastEthernet0/0
 tunnel mode gre multipoint

In this example, the 192.168.123.0/24 address space is the private addressing and 10.1.1.x is the public.

The router will let you misconfigure these commands with the incorrect addresses with no errors. You can use the show ip nhrp nhs detail to check if the spoke-to-server request is successful.

R1#show ip nhrp nhs detail
Legend: E=Expecting replies, R=Responding, W=Waiting
Tunnel123:
192.168.123.2  RE priority = 0 cluster = 0  req-sent 2  req-failed 0  repl-recv 2 (00:03:13 ago)

On the next hop server, you can verify that the registration was successful with the show ip nhrp command.

R2#show ip nhrp
192.168.123.1/32 via 192.168.123.1
   Tunnel123 created 00:04:30, expire 01:55:29
   Type: dynamic, Flags: unique registered
   NBMA address: 10.1.1.1
192.168.123.3/32 via 192.168.123.3
   Tunnel123 created 00:04:30, expire 01:55:29
   Type: dynamic, Flags: unique registered
   NBMA address: 10.1.1.3

If the intent is to allow the spoke to dynamically form tunnels, but they aren’t formed, check to ensure the shortcut forwarding is enabled on the spokes in question. The interface command ip nhrp shortcut is needed to enable this shortcut forwarding. Try doing a traceroute from one spoke to another and see if the hub shows up as an intermediate hop. If so, then shortcut forwarding is not enabled.

Another consideration with DMVPN is the registration process. This process is initiated by the spokes, not the hub. If the hub router reloads or if the tunnel interface goes down and comes back up, you may have to shut down or “no shutdown” the spoke routers interfaces. This issue has been resolved in 15.2 code and anything more recent.

If communication works without IPSec, but doesn’t with IPSec configured, it’s time to troubleshoot the IPSec configuration. The policies for phase 1 (key exchange) and phase 2 (transformation of the data) have to be the same between the hub router(s) and spokes. There can be different policies for specific spokes, but that would require different tunnel interfaces.  Check the key exchange by using the show crypto isakmp policy command on the routers in question.

R1#sh crypto isakmp policy

Global IKE policy
Protection suite of priority 10
        encryption algorithm:   Three key triple DES
        hash algorithm:         Secure Hash Standard 2 (256 bit)
        authentication method:  Pre-Shared Key
        Diffie-Hellman group:   #2 (1024 bit)
        lifetime:               86400 seconds, no volume limit

To verify that phase 1 is successful, use the show crypto isakmp sa command.

R1#sh crypto isakmp sa detail
Codes: C - IKE configuration mode, D - Dead Peer Detection
       K - Keepalives, N - NAT-traversal
       T - cTCP encapsulation, X - IKE Extended Authentication
       psk - Preshared key, rsig - RSA signature
       renc - RSA encryption
IPv4 Crypto ISAKMP SA

C-id  Local           Remote          I-VRF  Status Encr Hash   Auth DH Lifetime Cap.

1002  10.1.1.1        10.1.1.3               ACTIVE 3des sha256 psk  2  23:58:43
       Engine-id:Conn-id =  SW:2

1001  10.1.1.1        10.1.1.2               ACTIVE 3des sha256 psk  2  23:58:42
       Engine-id:Conn-id =  SW:1

IPv6 Crypto ISAKMP SA

If it looks like phase 1, check that the transform sets are consistent by comparing the output of the show crypto ipsec transform-set command on the hub and spoke routers.

R1#show crypto ipsec transform-set
Transform set default: { esp-aes esp-sha-hmac  }
   will negotiate = { Transport,  },

Transform set MyTS: { ah-sha256-hmac  }
   will negotiate = { Tunnel,  },
   { esp-3des  }
   will negotiate = { Tunnel,  },

To verify that the IPSec negotiation was successful, use the show crypto ipsec sa command. This can show you the packets that are being sent and whether they’re encrypted or not.

R1#sh crypto ipsec sa

interface: Tunnel123
    Crypto map tag: Tunnel123-head-0, local addr 10.1.1.1

protected vrf: (none)
   local  ident (addr/mask/prot/port): (10.1.1.1/255.255.255.255/47/0)
   remote ident (addr/mask/prot/port): (10.1.1.2/255.255.255.255/47/0)
   current_peer 10.1.1.2 port 500
     PERMIT, flags={origin_is_acl,}
    #pkts encaps: 55, #pkts encrypt: 55, #pkts digest: 55
    #pkts decaps: 54, #pkts decrypt: 54, #pkts verify: 54
    #pkts compressed: 0, #pkts decompressed: 0
    #pkts not compressed: 0, #pkts compr. failed: 0
    #pkts not decompressed: 0, #pkts decompress failed: 0
    #send errors 0, #recv errors 0

     local crypto endpt.: 10.1.1.1, remote crypto endpt.: 10.1.1.2
     path mtu 1500, ip mtu 1500, ip mtu idb (none)
     current outbound spi: 0x51F10868(1374750824)
     PFS (Y/N): N, DH group: none

     inbound esp sas:
      spi: 0x59A9D043(1504301123)
 —
- output omitted -

For troubleshooting DMVPN issues, the best thing is to break it down to its components—basic connectivity, basic tunnel function and then security.
For more DMVPN troubleshooting options, visit http://ift.tt/2lxo1gR.

Related Courses
CIERS1 – Cisco Expert-Level Training for CCIE Routing and Switching v5.0
CIERS2 – Cisco Expert-Level Training for CCIE Routing and Switching Advanced Workshop 2 v5.0



from
CERTIVIEW
Posted by at No comments:
Labels: , , , , , , ,

Cloud Office Suites Compared: Microsoft vs. Free

Microsoft Office 365 will cost you, but is it the best? We compared it to six of its free cloud-based office suite competitors to find out which works for business.

from Tom's IT Pro
via CERTIVIEW
Posted by at No comments:
Labels: , , , , , , , ,

CompTIA Launches New Intermediate-Level Cybersecurity Certification

CompTIA launched the CompTIA Cybersecurity Analyst (CSA+), which aims to fill the gap between the entry-level Security+ and CompTIA Advanced Security Practitioner (CASP) certifications.

from Tom's IT Pro
via CERTIVIEW
Posted by at No comments:
Labels: , , , , , , , ,

Wednesday 1 March 2017

Greatest Risk to Remote Access Software Is Credential Theft

While vital to many businesses, remote access is not without its security risks.

from Tom's IT Pro
via CERTIVIEW
Posted by at No comments:
Labels: , , , , , , , ,

Dropbox Paper: What Is It

This new collaboration platform is designed to take on Office 365. Is it right for your business?

from Tom's IT Pro
via CERTIVIEW
Posted by at No comments:
Labels: , , , , , , , ,
Subscribe to: Posts (Atom)