Yesterday, I have received the newsletter from learning@cisco that announce the release of four new certifications.

“In response to the growing demand for IT professionals who can design, manage, and maintain converged technologies across global network infrastructures, Cisco announced the release of four new certifications at the Cisco Live! show, held this week in San Francisco, CA.

Cisco Certified Architect, CCNP Wireless, and two new Cisco Datacenter Unified Computing Specialists reinforce Cisco’s commitment developing state of the art, technology driven, role based certifications that meet the demands of today’s network professional.”

The Open Shortest Path First (OSPF) protocol, defined in RFC 2328, is an Interior Gateway Protocol used to distribute routing information within a single Autonomous System.

The OSPF protocol is based on link-state technology, which is a departure from the Bellman-Ford vector based algorithms used in traditional Internet routing protocols such as RIP. OSPF has introduced new concepts such as authentication of routing updates, Variable Length Subnet Masks (VLSM), route summarization, and so forth.

An OSPF network can be divided into sub-domains called areas. An area is a logical collection of OSPF networks, routers, and links that have the same area identification. A router within an area must maintain a topological database for the area to which it belongs. The router doesn’t have detailed information about network topology outside of its area, thereby reducing the size of its database.

All areas in an OSPF autonomous system must be physically connected to the backbone area (area 0). In some cases where this physical connection is not possible, you can use a virtual link to connect to the backbone through a non-backbone area. You can also use virtual links to connect two parts of a partitioned backbone through a non-backbone area. The area through which you configure the virtual link, known as a transit area, must have full routing information. The transit area cannot be a stub area.

On June 24, 2009, the The Cisco Product Security Incident Response Team (PSIRT) has published 2 new vulnerability advisories.

1) Cisco Physical Access Gateway Denial of Service Vulnerability
A denial of service (DoS) vulnerability exists in the Cisco Physical Access Gateway. There are no workarounds available to mitigate the vulnerability. This vulnerability has been corrected in Cisco Physical Access Gateway software version 1.1. Cisco has released free software updates that address this vulnerability.

Vulnerable Products
Cisco Physical Access Gateway running software versions prior to 1.1 are vulnerable.

It is not common see a Cisco crash: Software forced crash, Bus Error, Software watchdog timeout, and so on…

But if you would do it, there is a pretty trick : it’s the “test crash” command, an hidden IOS command. This can help you if you are lucky enough to have the real crash exactly like one of those you can test with “test crash” command.

Do you remember Cisco Developer Contest started on October 14, 2008? During this period, nearly 900 registrants from 75 countries have take part to the challange, but only 10 finalist teams are enjoying with the second (last) phase.

Now, during the second phase of the contest, started from May 15, 2009, until August 15, 2009, the top-10 finalists will work with Cisco to bring the applications to maturity using Cisco resources on Cisco virtual AXP blades. After a final judging period, a winner will be announced in October 2009.

These finalists come from four different continents:

• North America: Team Cupertino Systems, Team Service Enabled Networks and Team SNAT
• Europe: Team MADnetwork, Team Bugsbernie and Team RSDevs
• South America: Team Jin Jin and Team Campuser
• Asia: Team Ideate and Team Enhancers
  

CiscoWorks Common Services contains a vulnerability that could allow an unauthenticated remote attacker to access application and host operating system files.

Cisco has released free software updates that address this vulnerability. A workaround that mitigates this vulnerability is available.

Vulnerable Products
Products that have TFTP services enabled and that run CiscoWorks Common Services versions 3.0.x, 3.1.x, and 3.2.x are vulnerable. Only CiscoWorks Common Services systems running on Microsoft Windows operating systems are affected.

The Border Gateway Protocol (BGP) is an interautonomous system routing protocol. An autonomous system is a network or group of networks under a common administration and with common routing policies. BGP is used to exchange routing information for the Internet and is the protocol used between Internet service providers (ISP).

BGP is used between autonomous systems (AS), the protocol is referred to as External BGP (EBGP). If a service provider is using BGP to exchange routes within an AS, then the protocol is referred to as Interior BGP (IBGP).

BGP is a very robust and scalable routing protocol, as evidenced by the fact that BGP is the routing protocol employed on the Internet. The Internet BGP routing tables number more than 90,000 routes. To achieve scalability at this level, BGP uses many route parameters, called attributes, to define routing policies and maintain a stable routing environment.

Cisco has revised the certification requirements for CCIE Routing & Switching (CCIE R&S)-the expert level certification for network engineers.

The new certification standards reflect the job skills employers look for at the expert level and are outlined on the Cisco Learning Network at CCIE R&S v4.0 written exam topics and CCIE R&S v4.0 lab exam topics. The revised CCIE R&S v4.0 exams are scheduled for release on October 18, 2009 and will immediately replace the currently available v3.0 exams.

“To reflect current job tasks, CCIE R&S certification expectations will include planning for network enhancements, implementing MPLS, Layer 3 VPNs, IPv6 EIGRP and multicast, and configuring performance-based routing. To validate the expanded expectations, v4.0 CCIE R&S exams will put less emphasis on equipment operation and concepts generally understood at the professional level. These skills are still assumed, but will not be the sole objective of CCIE test questions. In addition, advances in testing now allow validation of hands-on troubleshooting—a realistic and challenging job task.” says Maurilio Gorito, content manager for CCIE R&S certification.

Cisco announced that its Global Talent Acceleration Program (GTAP) will be available in Latin America for the first time. The Mexico GTAP provides learning and development opportunities for Cisco engineers, recent graduates and established professionals in the industry.

Recognizing that a strong pool of talented network engineering skills is critical to increasing a country’s overall productivity, Cisco is making an initial investment of more than $1 million in training programs in the first six months alone.

The first GTAP courses in Mexico City are scheduled to begin in May 2009. Initially, the GTAP Academy in Mexico City will focus on training existing Cisco engineers and will open the program to external delegates later this year. The program will offer a Professional Track for delegates with up to four years of experience and an Associate Track aimed at recent college graduates.

Cisco ASA is prone to a cross-site scripting vulnerability.

An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site and to steal cookie-based authentication credentials.

Cisco ASA software versions 8.0.4(2B) and prior running on ASA 5500 Series Adaptive Security Appliances are vulnerable.