There are many best practices in the Information Technology field and it is up to you, as the Certified Information Professional, to use your knowledge to find the correct strategy for your company and figure out how to protect its assets.
"It happens to all too many tech professionals at some point. Someone clicks, views or opens something that causes a virus to take over their computer. Or a team member chooses a poor password that makes it easy for their email to be hacked into." Read the opening lines of Forbes recent article. These are situations that many of us know all too well. As the end of 2018 approaches we're prompted to review our hits and misses of the year, honing in on ways we can innovate, improve and grow. Could Cybersecurity be one of the areas that your organization needs to improve upon? Make 2019 the year that your company goes cybersecurity breach free by educating your coworkers about cybersecurity best practices. Read Forbes entire list of best practices here, then check out our library of security courses that are sure to help you reach your 2019 security goals.
Catalyst switch port security is so often recommended. This is because of a couple of important points:
- There are many attacks that are simple to carry out at Layer 2
- There tends to be a gross lack of security at Layer 2
- Port Security can guard against so many different types of attacks such as MAC flooding, MAC spoofing, and rouge DHCP and APs, just to name a few
I find when it comes to port security, however, many students cannot seem to remember two main points:
- What in the world is Sticky Learning and how does it work?
- What is the difference between the different violation modes and how can I remember them?
Sticky learning is a convenient way to set static MAC address mappings for MAC addresses that you allow on your network. What you do is confirm that the correct devices are connected. You then turn on sticky learning and the port security feature itself, for example:
switchport port-security maximum 2
switchport port-security mac-address sticky
It was a dark, cold night in late December, and Bob, (the optimistic firewall technician), had a single ASA to deploy before going home for the holidays. The requirements for the firewall were simple. Bob read them slowly as follows:
- R1 should be able to ping the server "Radio.INE.com" by name.
- PC should be able to ping the server "Radio.INE.com" by name.
Bob also read the background information to see if this was something he could finish before leaving the office. Bob read the following:
One of the many skills that you must demonstrate as a CCENT candidate is your ability to configure basic password security on a Cisco router or switch. This blog post walks you through the configurations you must have mastered in order to succeed in this area of the exam.
There are some fundamental processes in network security that you should be aware of as you begin your journey to a Cisco Certified Technician. Some of these processes are obvious, while others are not so obvious. This blog post intends to make each one very simple to understand.
I. Security Fundamentals
a. Why Needed?
i. A closed network allows no connection to a public network; although security is still an issue due to a majority of attacks coming from inside networks today
Here is a portion of some notes that I came across for IPS - instead of wasting away on my hard drive, I figured I would post in case some of you might enjoy. I will post more sections if I receive no hate mail :-)
I. IPS Overview
a. Detection versus Protection
i. Detect can do just that - detect
ii. Prevention systems can detect and prevent - risks include latency, false positives, and the risk of the device being overrun
One of the things you have to really watch out for in life (and the CCENT exam) is ensuring that you are not sending CDP information to devices that you do not trust. The last thing you want to do is advertise to potential hackers of your network exactly what Cisco devices you are running and what Layer 3 addressing they possess.