Free Glide

While Janet was sitting in a cyber café sending emails to friends and surfing the web, there was a person sitting three tables away reading each email she sent before they ever got to the email server. During this period of time, the thief was able to get access to her bank account, passwords to several business websites, and her credit card number. Now imagine that you were the on sitting in the café. This scenario is not far from reality and is the main reason that using cryptography is so important in today’s technological world. Identity theft is a growing problem and there are ways you can help protect yourself frombecoming the victim.

Most people think that cryptography is an island in the magical land of make believe. However, cryptography is very real and not as complex as most would believe. If you use the Internet, you are likely to use applied cryptography in your day-to-day functions. This can be accessing you bank account to retrieve your monthly balance to purchasing automotive parts from a warehouse or manufacturer. Companies use cryptography to make sure sensitive data stays confidential between the intended parties and the data stays intact. Cryptography is the art of converting messages into a secret code or cipher. This process alters a plaintext message using an algorithm to create a ciphertext/encrypted message.

History of Ciphers
Cryptography has been in use for thousands of years. In fact, it was in use before 2000 B.C. Egypt in the form of hieroglyphs. The Greeks even used encryption referred to as the Scytale cipher and was worn as a belt by couriers. The Scytale was designed a combination of a long strip of leather with writing on it and a specific sized staff. This leather strip would be wrapped around the staff to decrypt the ciphertext. Julius Caesar also used a cryptographic algorithm referred to as ROT-3. This encryption shifts the alphabet three spaces to the right and was very effective at the time.

Applied Cryptography
Ok, but how does it affect you? The basic uses of cryptography are to provide confidentially (secrecy of the data), integrity (protection from intentional or unintentional alteration), and authentication (prove you are who you say you are). Some forms even allow for Nonrepudiation services that prove that the message was written, sent, or received. We will briefly discuss the most commonly used cryptographic schemes that you may use every day while leaving the trivial details out.

You will hear the terms X.509 and digital certificates (used in digital signatures) throughout this paper. Digital certificates are used in the same way a real signature is used as a verification of endorsement. The most well know companies that sell these certificates are:

• Verisign – http://www.verisign.com/
• Thwarte – http://www.thawte.com/
(Offers free personal email digital certificates)

Internet traffic (Securing website traffic and email)
HTTPS: Hypertext Transfer Protocol over Secured Socket Layer. Do not mistake HTTPS with SSL. This is a common misnomer that is spread by those that do not understand SSL. HTTPS uses SSL to create an encrypted tunnel between a client and a server. This tunnel lasts the entire connection and is the most common website security feature on the Internet. This form of encryption is established by the use of a server side X.509 certificate that digitally signs the message.

S/MIME: Secure Multipurpose Internet Mail Exchange. S/MIME uses two X.509 certificates (also called digital signature) and both signs and encrypts the email. The author digitally signs the email with their private key. Once this happens, the message is then encrypted with the recipient’s public key and sent. When the message reaches the recipient the message is decrypted with the recipient’s private key, and then verified using the author’s public key. This ensures that people using a packet sniffer (a program that allows a person to view traffic crossing the network) do not see your account information. Email clients like Netscape Communicator and Microsoft Outlook can use S/MIME with little setup required.

S-HTTP: Secured HTTP. The benefit of S-HTTP over HTTPS is the fact that each message is encrypted rather then using a tunnel that is vulnerable to both a man-in-the-middle and a session hijack attack. Another advantage of S-HTTP is that it allows for two-way client/server authentication

Tunneling encryption (Securing network traffic)
IPSec: IP Security Protocol is the most commonly used network encryption for the corporate world. When most people in the computer industry think about Virtual Private Networks (VPN)s, they immediately think of IPSec. Companies that use IPSec need an encrypted tunnel that allows all network traffic to flow through. Unlike SSL, IPSec is not limited to a port. Once the IPSec tunnel has been established, the system should have the same network access that it would have at the physical location. This offers far more power, but also requires far more overhead. Another issue is security. The more open the network, the more vulnerable it is. This is another reason why VPNs are usually on the outside of a firewall. Vulnerabilities to IPSec include session hijacking, and replay attacks.

SSH: Secure Shell provides a terminal like tunnel that protects the data crossing the network and should replace clear text protocols like Telnet and FTP. This allows you to connect to a server over the Internet securely over the Internet and administer remote systems without allowing the rest of the world to see everything you are doing. One of the most popular windows SSH clients is Putty.

SSL: Secured Socket Layer can be used to create a single port/socket Virtual Private Network (VPN) using a server side X.509 certificate. The most common use of SSL is webpage traffic over HTTP or HTTPS. SSL is vulnerable to man-in-the-middle attacks. Anyone can create a CA to distribute certificates, but keep in mind that a digital certificate is only as trustworthy as the CA that controls the certificate.

WEP: Wired Equivalent Privacy. This algorithm uses either a 40-bit key or a 128-bit (24 of the bits is used for the initialization vector) key. Most devices also allow for a wireless access point to filter MAC addresses to increase access controls onto the device. WEP is vulnerable and has been exploited by criminal hackers (crackers) while wardriving since WEP has hit the market. Some of the more popular tools used for wardriving are: Airopeek – a WiFi packet sniffer Airsnort – a WEP encryption key recovery tool Kismet – an 802.11 layer2 wireless network detector Netstumbler – an 802.11 layer2 wireless network detector

WPA: Wi-Fi Protected Access is a new standard that will overtake the old WEP technology in the near future. WPA uses a Pre-Shared Key (PSK) for SOHO networks, and Extensible Authentication Protocol for other wired/wireless networks for authentication. Some cryptoanalysts claimPSK is a weakness due to the fact that a cracker can access the key and brute force the key until it is known. The encryption scheme that is used is Temporal Key Integrity Protocol (TKIP). TKIP ensures more confidentiality and integrity of the data by using a temporal key instead ofthe traditional static key. Most people welcome this technology over the less secure WEP.

File access (Securing individual files)
Stenography: Stenography is the art of concealing files or messages in other media such as a .JPG image or .MPG video. You can add this data in the unused bits of the file that can be seen by using a common hex editor. Stenography is the easiest way to hide a message, but is by far the least secure. Security by obscurity is like a lock on a car door. It is only intended to keep the honest people honest.

PGP: Pretty Good Privacy is a free program that was created by Philip Zimmerman in 1991 and was the first widely accepted public key system. PGP is suite of encryption tools used for encrypting various types of data and traffic. PGP can be used for S/MIME and digitally signing a message. PGP uses a web of trust that allows the community to trust a certificate rather than a hierarchy Certification Authority (CA) to verifythe user’s identification. More information can be found at http://web.mit.edu/network/pgp.html

Personal/Freeware: This can be downloaded from MIT for free.
• Diffie-Hellman key exchange
• CAST 128 bit encryption
• SHA-1 hashing function

Commercial: PGP® Software Developer Kit (SDK) 3.0.3 has received Federal Information Processing Standards (FIPS) 140-2 Level 1 validation by the National Institute of Standards and Technology (NIST).
• RSA key exchange
• IDEA encryption
• MD5 hashing function

CryptoAPI: Microsoft’s cryptography component that allows developers to encrypt data. Microsoft has also developed an ActiveX control called CAPICOM that will even allow script access to the CryptoAPI.

Each encryption model is vulnerable to one attack or another. Below is a list of attack techniques that are used by cryptoanalysts to break the keys used to protect the messages

Ciphertext-Only: This is the easiest to instigate, but hardest to succeed. The attacker retrieves the ciphertext data through listening to the network traffic. Once the key is has been salvaged, the cracker can attempt to brute force the message until it resembles something legible.

Known-Plaintext: This covers the scenario of the cracker having both the plaintext and corresponding ciphertext of one or more messages. In WWII, the Japanese relied on cryptography, but had a weakness of sending formal messages. These messages were able to be broken because the ciphertext started and ended with the same message. Part of the plaintext was known and cryptoanalysts were able to decipher the message using the known-plaintext method.

Chosen-Plaintext: Similar to the know-plaintext attack, but the attacker can choose the plaintext to be encrypted. An attacker can assume someone else identity and send a message to target that needs to be encrypted. Since the plaintext is chosen and the target sends the encrypted message, the chosen-plaintext attack is successful.

Chosen-Ciphertext: The cryptoanalyst is chooses the ciphertext and has access to the decrypted plaintext.

Birthday Paradox: This attack is successful when a hash value of a plaintext matches the hash value of a completely different plaintext. This anomaly is proven mathematically among 23 people, there are 23*22/2 = 253 pairs, each of which being a potential candidate for a match.

Brute-Force: This form of attack is implemented by passing through every possible solution or combination until the answer is found. This is the most resource and time intensive method of attack

Dictionary: The attacker compares the target hash values with hash values of commonly used passwords. Dictionary files can be downloaded from hundreds of Internet sites.

Man-in-the-Middle: The attacker intercepts messages between two parties without either target knowing that the link between them has been compromised. This allows the attacker to modify the message at will.

Replay: Replay attacks are simply the replay of captured data in an attempt to trick the target into allowing the unauthorized access.

Back at the cyber café, if Janet connected to a secured web server using SSL to do her online banking and used S/MIME to send private email, the cyber thief would have never had a chance of seeing her unmentionables.

About the author:
Jeremy Martin CISSP, ISSMP, ISSAP, CEI, CEH, CCNA, Network+, A+
Sr. Information Systems Security Consultant
PLUSS Corporation – http://www.pluss.net
Information Security – http://www.infosecwriter.com (requires flash)
(800) 835-9609 / (406) 892-8600

Member of:
BECCA – Business Espionage Controls & Countermeasures Association
ISACA® Information Systems Audit and Control Association
(ISC) – International Information Systems Security Certification Consortium
ISSA – Information Systems Security Association
OISSG – Open Information Systems Security Group
YEN NTEA – Young Executives Network

Broadband industry experts are not pleased with the budget report. The budget announcement saw Alistair Darling promising that the government will be providing funds for the Digital Britain Universal Broadband connectivity project, but the promise has attracted a lot of flak.

The head of rural business development at the CLA (Country Land and Business Association) and a broadband industry expert, Charles Trotman, pointed out that the funding plan had a major defect in it. He said that the plan would see funds released only in the year 2012, which is also the target year before which universal access has to be achieved.

He said that the situation is confusing and not enough thought has been given to the plan. He said that he realized this flaw only after he had gone through the entire budget report. The money promised is to come from the Digital TV switchover and it is unclear as to how much money will ultimately become available. Moreover, the estimated £250 million may not eventually be left over from the Digital TV switch.

The Digital Britain project has already attracted its fair share of criticism and some are even saying that the target speed of 2Mb for broadband UK is too low.

The CEO of broadband analysis company Point Topic, says that the planned investment is meagre compared to the $9 billion to be invested by the US or the A$22 billion promised investment by Australia. He said that since there were not enough details in the current proposal, he would wait for the final Digital Britain report by Lord Carter.

Ever heard the saying “Penny-wise and Dollar-foolish”?

Well bargain priced website hosting may just represent the
perfect example of watching a jar full of pennies while bucket
loads of dollars fly out the window!

When I launched my first website (way back in the “dark ages”
of 1997) I paid almost $150 a month in hosting and data
transfer charges. My web host watched how many files I
uploaded like a hawk and always seemed to send their hefty
invoices earlier with each passing month.

I’m obviously not the only one who felt that way, because
suddenly a whole industry of “bargain” web hosts sprang up all
over the web.

On the surface they all sound great, especially when you think
you can go from $150 a month down to $4.95 a month!

Five bucks a month sounds great, until you realize the amount
of data transfer (number of page views) and bandwidth (the
amount of data transfer your host allows in a given period)
you get for that low price potentially hampers your ability to
do business.

This realization – along with a panic attack and a quick
lesson in calculating data transfer and bandwidth – usually
comes at the least convenient time.

When you exceed your limits, a bargain host usually just shuts
you down with no warning. Most webmasters realize they’ve made
a mistake choosing a bargain host when their site suddenly
loads a blank page in the middle of a big promotion traffic
spike.

Believe me, everything just stops!

Here are a few bargain hosts that provide good service, but
you need to carefully check the fine print for how much
bandwidth they allow.

www.FeaturePrice.com For about $24.95 a month you get to host
up to six independent websites with a single account. You get
unlimited data storage, unlimited email and a variety of other
higher end services, but their bandwidth policy seems hard to
understand.

They did shut me down when we had a moderate level of success
even though I paid them an extra $300 to get what they called
“maximum” bandwidth. I was NOT pleased and promptly moved the
site (http://www.7dayebook.com) to another host.

www.HostSave.com Host Save is another low price hosting
company that delivers a wide range of services for only $6.95
per month. They recently raised their allowable data transfer,
but their policy on how much bandwidth you can use at a given
time seems non-existent.

www.DotEasy.com For $25 DotEasy offers a domain name purchase
along with one year’s hosting. Sounds incredible until you
read the fine print to discover they limit you to 1 Gigabyte
of data transfer a month. Not much data once you start getting
reasonable site traffic.

The moral here?

Either prepare to have your business shut down mid-stream if
you get successful, or pay a few extra bucks each month to
ensure you have enough bandwidth and data transfer to operate
without any service interruptions.

At a minimum, specifically ask about and read the fine print
regarding the host’s policies before it’s too late!

Jim Edwards is the co-author of the best selling ebook:

“33 Days to Online Profits”

About the Author

How much would you pay to get day-by-day instructions from
2 top Internet marketing experts every day for 33 days?
** How about 88 cents? **
You can start with a few bucks and a good idea to make lots
of money online! I did, and I’ll teach you how no matter what
product you sell… ===> http://www.33daystoonlineprofits.com

For all of us family is very important. We share very deep bond and affinity with our family. Our parents, our siblings and our children are the people who make our world apart from our spouse. How to wish family members on their birthday with free birthday ecards? Let us find out.

Birthdaty ecards for father and mother- please look for subdued colors. Prefer nature as the image background. Try to get free ecards with large font sizes and look for text that is heart warming.

Birthdaty ecards for brother- you grew up with your brothers. You know their color choice better than anybody else. Send ecards that translates your feelings as closely as possible. An ecard written with some text about the childhood spent together will be a good choice.

Birthdaty ecards for sister – do not select very bright colors. Warm colors would be preferable to cool colors, as they look more emotional. Use text that talks about a brother/sisters love for sister. If your sister has any special preference, try to find a card accordingly.

Birthdaty ecards for son and daughter- pour your parental love in the ecard. Let the ecard be very warm looking with text that describes a parents love. Use bright and very cheerful colors. The text should be funny with a message for your childs future.

For every family member, you should select different type of ecards to wish a happy birthday. Your relation with them, age difference and their preference would help you look for the ecard that would make them enjoy your birthday wishes.

The author C.D.Mohatta writes fun quizzes and fun tests on topics like love, personality, dating, relationships, friendship, movies, tv, music, business, etc. The author also writes for free ecards and greetings on holidays, birthday, love, friendship, family, expressions, celebrations and all events and occasions. One more site associated with the author has free sports games which surfers can play online.

Whether you’ve only just moved into a new place of residence & require a whole collection of domestic appliances & fittings; or you just need a new kettle – John Lewis will help you out. It is universally known that the kitchen is the core of every house, so it’s vital to own the right home appliances after all, as the incorrect sandwich maker can make a huge difference

Evidently some purchases are more crucial than others; you may possibly allow additional time considering which freezer or washing machine you want to buy rather than thinking about your next blender. But, even the tiniest of items can substantially improve the look and feel of any kind of kitchen. Moreover, getting many items from one retail shop presents you the opportunity to give your kitchen a more current look & feel by organising the style of your purchases. Surfing through the John Lewis site you might also see ideas for kitchen products you may not have thought off prior – juicers for instance.

But it is not purely the ‘look’ of the appliances you should consider but also the use; for example what particular size of toaster do you need? How many settings must there be on your dishwasher? Do you desire a gas or an electric hob? For added information & guidance on opting for the ideal domestic appliances take a look at John Lewis’s customers’ guides, which can be found on their online store.

Buying from the John Lewis online shop could not be any easier or more functional. Not only will you receive free standard delivery on all orders; you can very easily upgrade to next day delivery should you need that steam iron in an emergency; as well as free returns should you be discontented by your merchandise. John Lewis also nowadays grants two day express delivery on a variety of home appliances such as washing machines, dishwashers and cookers. Therefore, you can defiantly buy from John Lewis’s internet shop with complete trust. Buy steam irons online from John Lewis.

Do you remember when gaming laptops were a specialist product? For sure they weren’t produced in massive qty’s but resellers did make a lot of cash on them. The price was just too big to justify buying these types of notebook for the masses. Plainly they were the best laptops available for purchase. As badly as I wanted one I was unable to afford to buy laptops like them. Recently all that has appeared to have changed as the massive manufacturers have noticed the opportunities in gaming notebooks.

In contrast to the tiny system builders these manufacturers know they can generate even more cash. With notebooks being perceived like consumer electronics this is an excellent profit center for them. Getting prospects to buy laptops is kinda easy for bigger companies. I am trying to think what the the reaction from local manufacturers will be. I am already seeing some price reductions. With the capital at their disposal they can easily finish the littler competition. I reckon buying from a well know brand additionally gives the perception of added value for money.

The notebook computers being introduced by brand name manufacturers are all contending for the best laptop computer status. This has the potential to be increasingly beneficial for local system builders. Being able to get exactly what parts they want is a large plus for many potential customers who are considering buying a gaming laptop computer. Generally lots of evaluations of the tech specs will be done and the tech savvy can judge what the superior notebook really is. In my opinion I reckon people care more about the power instead of styling.

Obviously from the consumers position, its a good thing. In the end, the prices will be dropped even further causing the latest technology to be an alternative that we can buy. Even though I say that, I am not actually sure of my claims. I believe technology is getting more advanced but the new laptops will typically be expensive. I think we will have to watch whether this overcrowding causes any big benefits for people.

There are about as many ways to perform data recovery as there are files and systems in the computing world.

The most important thing to know when it comes to data recovery is how to prevent ever needing to perform it. Having a separate backup for critical data is vital and there are many ways to go about doing this. The easiest way is to simply save data to an external device, such as a tape drive. You can perform the same function with a CD-R drive and burn your data to a CD whenever necessary. On the other end of the spectrum are the software and hardware solutions specifically geared toward keeping your data secure and always available. Many of the companies that offer data recovery services also provide software tools that will assist you in backing up data on your system, keeping it free from virus attacks, accidental deletion or other system failures. The type of backup system you need will depend upon the criticality of your data. Of course, it may not seem critical until its gone, so at the very least, it is a good idea to save a copy of things like your “My Documents” folder on an external device every few months.

So what do you do if you haven’t been using a backup plan and your system crashes or a virus wipes out your files? You will probably have to call in the pros at this time. There are many companies that specialize in recovering data from any type of media for just about any type of system failure. Some of the companies also specialize in recovering certain types of files that have been corrupted. For example, if you have a corrupted Microsoft Excel file, look for a company that specifies expertise with that type of file.

Remember, when looking for a professional data recovery service, it is always a good idea to get multiple quotes and check the Better Business Bureau for complaints.

Written by Deron Van, president Gotta get my info. You can find more about data recovery and all things related to computers at the Computer page at Gotta Get My Info.

(Authors permission is granted to share this full article with others. Just leave the signature line intact, please.)

About The Author
Deron Van is a software engineer at Intel, he received his bachelor degrees in CIS and marketing from Arizona State University and is the marketing manager at http://www.gottagetmyinfo.com you can email him at deron@gottagetmyinfo.com.

IT or technological illiteracy is a choice

Computer literacy is required in almost any business field. It not only puzzles me, but irks me when I hear forty-something male business executives boasting of their computer or cyber ineptitude. I’ve actually heard a deficient male saying in an ‘aren’t I naughty’ kind of voice, “I can’t even send an e-mail!’ Shame on the idiot. To gender credit, I’ve never heard a woman executive proclaiming her deficiencies.

IT buffs or ‘techies’ are techies precisely because they love their field. One typical characteristic of such folk is that they love sharing their passion and getting others too, to share it. The result is that if you ask for help, advice or information, you’ll almost always get an answer – and sometimes a rather more detailed one than you bargained for!

As the saying goes, ‘The easiest way to eat an elephant is one bite at a time.’ And the easiest way to absorb computer or other technological skills (for we non-techies) is in incremental little bites.

Take inspiration from two seventy-something women I assisted into computer literacy. A third – my seventy six year-old godmother – keeps in touch with us from Australia by e-mail, off her own state of the art notebook computer. So it’s never ‘too late to start’.

I see medical professionals being left behind and facing a steadily eroding patient base because of technophobia. My erstwhile dentist used to run a very tight ship and on the professionalism and hygiene front, couldn’t be faulted. But when I used another dentist for a specific procedure, I realised how archaic (albeit squeaky clean) were his processes. He still used standard syringes for injecting pre a filling or other treatment. It was almost inevitable that he literally struck a nerve when doing so. The impression paste he used, along with the adhesive for bonding, left a vile taste in your mouth that persisted for hours. Even his X-rays were still developed by the old method.

The ‘new’ dentist has state of the art pain management equipment and it was only when I felt my gum going numb that I realised I’d ‘been given an injection’. So teeny was the needle and so subtle the computer-driven pulses of through-the-skin anaesthetic that you literally had no discomfort during any of the procedures other than that of sitting with your mouth agape. Her X-ray equipment is digital and the instant the shot’s been taken, the (magnifiable) image is visible on her seriously large LCD computer screen for her and you to discuss.

Whether the resistance to change is driven by the (obvious) economic investment required, or simply by a dislike of on-going learning, I have no idea. But I guess one day the old dentist will have to shut up shop because he’s not attracting any new patients and he’ll ask himself, ‘Why?’

Essential components in a ’student’, one who is being mentored, or someone on a growth curve, are curiosity and a genuine desire to learn more. Then comes that crucial attitudinal ingredient – humility. If we think we’re too ’senior’, experienced or important to get back to crawling in nappies while we learn a new skill or process, our regression journey will have started in earnest. We will garner neither respect nor admiration from those (particularly the young) around us. And we will remain trapped in our self-selected cocoon of ineptitude, ignorance and inexorable failure.

About the Author

Clive is a marketing and communications strategist and published book author. His speciality is facilitating sustainable change in individuals and organizations. Website: www.imbizo.com

So your printer ink has run out. You’re faced with the prospect of having to spend some big bucks on a new set of cartridges. The problem is though, these new cartridges are really expensive! Sometimes they cost more than what you paid for your printer! So you have an easy solution right? Buy an inkjet ink refill kit! Not so fast!

Make sure you count the cost…

It may seem like a good idea to buy an ink refill kit but it may end up costing you more than you bargained for. First off, refilling your own ink cartridges is often messy. Be prepared for the possibility that your hands, desk, kids, get ink all over them. Secondly, even if you follow all of the instructions exactly,this is no guarantee that the ink cartridge will work properly once you place it back in the printer.

Ink Refill problems include…

The ink cartridge may decide to leak into the bottom of your printer or worse, right through the printer and onto your desk. While many times this is an annoyance at best and will not damage your printer… this is no guarantee. If you are one of those people who experience a regular dose of bad luck, the leaking ink may short something in your printer forcing you to go out and buy a new one.

Another concern is that your ink cartridge print heads may be clogged with dry ink. On most inkjet printer cartridges, this is pretty close to impossible to fix. In fact, for most inkjet ink cartridges where the print head is attached to the cartridge, you usually have a limited amount of time that your ink cartridge will continue to be functional. Most printer manufacturers will tell you to expect 6 months of life from your ink cartridge.

Is an Ink Refill always a bad idea?

The short answer is no. If you have an inexpensive printer and you will most likely trash the printer if you have to pay full price for the cartridges, you will lose alot less money buying a refill kit than testing out the printer with brand new ink cartridges only to find out that the printer is defective.

For many printers, having a professional that fills ink cartridges regularly do it for you is still cheaper than buying a new cartridge. Just keep in mind that they too cannot guarantee that the ink refill will work satisfactorily.

When you are thinking about an ink refill, being aware of the potential pitfalls will also help you avoid common frustrations and headaches.

Lucila Duchesne is the webmaster of printerinfosite.com which specializes in offering its visitors an inkjet printer information directory along with links to other printer related info on the internet. Reprint freely as long as you point the live links in this resource box to my website.

To pass the CCNA exam, you’ve got to create a study plan. Part of that plan is scheduling your study time, and making that study time count.

You’ve scheduled your exam you’ve created a document to track your study time you’ve planned exactly when you’re going to study. Now the plan must be carried out, without exception.

What exceptions do I mean? Cell phones. Televisions. IPods. Significant others. The list can go on and on.

It’s one thing to have a plan, and an important thing now you’ve got to make sure you carry it out to its fullest potential. That’s easy to say until you’re studying and a friend calls, or you remember that TV show you wanted to watch is on tonight, or you start surfing the Web for Cisco information and end up playing a game.

You MUST make these small sacrifices in order to achieve your main goal, the CCNA. Any worthwhile accomplishment requires some small sacrifice.

TV will be there when you’re done studying. Your significant other will be there when you’re done studying. And believe it or not, people once existed without cell phones! Turn the phone off. Turn your instant messenger service off. Turn your text pager off. Despite what we think, the world can do without communicating with us for 90 minutes. Remember, it’s better to have 90 minutes of great study than 180 minutes of constantly interrupted study. Studies show that while a single phone call causes an 11-minute interruption on average, it takes well over 20 minutes to get back to what you were doing with the proper mental focus. This is true at the office and at your home!

How To Spend Your Study Time CCNA candidates generally spend their time split between book study, practice exams, and lab time on real Cisco equipment. The best study is done by a combination of these, not by overly relying on one. Let’s take a look at each method.

Book study – I’ve never understood why some people (usually the trolls we were talking about earlier) talk about book study like it’s a bad thing. “You can’t learn about technology from books.” What a load of manure. You have to learn the theory before you can understand how a router or switch operates. The best way to learn the theory is to read a good book.

At the CCNA level, you doubtless know that you have dozens of choices when it comes to books. Some of the better-known books really do gloss over some important topics, such as binary math and subnetting. Make sure to pick a book or books that go beyond just explaining the theory and that give you a lot of explanation of router configs and real-world examples as well.

Practice Exams: Practice exams are good in moderation, but don’t use them as your main focus of study. Occasionally, I’m asked for study tips by candidates who have taken the exam a few times and not passed yet. I ask them what they’re doing to prepare, and they give a list of companies they bought practice exams from. (You see a lot of this on Internet forums as well.)

Don’t fall into this trap. Practice exams are fine if used as a readiness check, but some candidates just take them over and over again, which renders them basically useless.

On top of that, some of them cost hundreds of dollars. That’s money you’d be much better off spending on Cisco equipment to practice on.

Again, I’m not against practice exams as a supplement to your studies. Just don’t make them the main focus of your study. Taking practice exams over and over and hoping the exam will be just like the practice exam is a recipe for disaster. As I tell my students, when you’re in front of a rack of routers and switches during a job interview (or at 2AM when you’ve been called in to fix a problem), the correct answer is not “D”. You’ve got to know what to do.

And how do you learn these skills? Funny you should ask…. Lab Time On Real Cisco Equipment. Again, speaking from experience: This is the most important part of getting your CCNA, succeeding on the job, and going on to get your CCNP.

Getting hands-on experience is critical to developing your networking skills, especially your troubleshooting skills. Although simulators are better than they used to be, they’re still not Cisco routers, and they never will be.

You do your best learning not only when you’re configuring your routers, but when you screw something up.

That’s so important, I want to repeat it – loudly: You do your best learning when you screw something up. Why? Because then you have to fix it that’s how you develop your troubleshooting skills. You can read about all the debug and show commands in the world, but you don’t really understand how they work until you’re figuring out why your Frame Relay connection isn’t working, or your RIP configuration isn’t working.

This is true at every level of the Cisco Learning Pyramid. I can show you the show ip protocols output or what you get when you run debug ip rip, and you might remember it for a little while. But when you use it to troubleshoot a lab configuration, you WILL remember it.

Putting your own practice lab together will also help get you over what I call “simulator question anxiety”. If you spend any time on CCNA Internet forums, you’ll see discussion after discussion about these exam questions. To a certain point, this discussion is justified. The simulator questions carry more weight on your exam than any other question while you can earn partial credit on them, you’ve got to get them right or you will most likely fail the exam.

There’s no reason to be anxious about them if you’re prepared. You don’t want to be the person who walks into the testing room that’s scared to have to create a VLAN or an access list you want to be the person who walks into the testing room confident of their ability to perform any CCNA task. The best way to be that confident is to know you’ve done it – on real Cisco equipment.

There are several vendors that sell routers and switches on ebay most of them sell CCNA and CCNP kits that include all the cables and transceivers that you’ll need as well. (And how is a simulator going to help you learn about cables and transceivers?) Keep in mind that you can always sell the equipment after you’re done with the CCNA, or you can add a little equipment to it to go after your CCNP.

Whichever of these methods you use (and I hope you’ll use all of them), make sure to keep them in balance with each other. Don’t depend too much on just one.

On the topic of learning how to troubleshoot… as you run labs on your Cisco equipment, you’ll run into questions or problems that you don’t know the answer to yet. Get used to using Google (or your favorite search engine) to find the answer to these problems – but try to figure it our yourself first!

There’s nothing wrong with asking questions of someone else if you’re not able to find the answer yourself. Trying to find the answer yourself is another important troubleshooting skill you need to start developing today. Don’t be one of these people who posts a simple question on a forum without trying to find the answer on your own. Besides, you get more satisfaction and build more confidence when you determine the answer yourself.

Chris Bryant, CCIE #12933, is the owner of The Bryant Advantage, home of free CCNA and CCNP tutorials, The Ultimate CCNA Study Package, and Ultimate CCNP Study Packages.

For a FREE copy of his latest e-books, “How To Pass The CCNA” and “How To Pass The CCNP”, visit the website and download your free copies. You can also get FREE CCNA and CCNP exam questions every day! Get your CCNA study guide with The Bryant Advantage!