Just passed my 642-617 exam. Here’s a link to my study notes in bullet form about topics I found interesting / useful in everyday tasks:
I’ve also found mindmaps to be a very useful tool in my studies.
So here is the above link’s content in mindmap format (click on the download link in the top right hand side for an enlarged format)
2 thoughts on “Nugget Post: CCNP Security 642-617”
thanks for the blog because I learned a lot from it.
I ran into a problem recently and not sure if you know the right tool:
I’m trying to implement access control to a Linux server based on a list of IP address stored in a database. Basically, access to certain port is granted if the incoming client’s IP address matches the stored IP address.
The current method I use is use the shell script to pull all IP addresses and stuff them into IPtables’s memory. The problem is the list is getting too large and the shell script consume 60% cpu and takes a long time to process.
The other solution I found is TCP wrapper using /etc/hosts.access but I’m not sure how I can implement database support. Any idea?
I’ve never done it with databases, but the ipset feature performs very well with large numbers of Ip addresses: