Adding Cisco.com Searches and Tools to Your Browser

Please check it out here

http://www.cisco.com/web/tsweb/searchplugins/plugin_homepage.html#

CCNA Security Chapter 5 Review

Securing the Router အေႀကာင္းပါ...ဖတ္လို႔ အဆင္ေၿပပါတယ္...ဒါေပမဲ႔ Internet ကေန Securing the Router ဆိုၿပီးေတာ႔ Articles ေတြ ရွာၿပီး ဖတ္သင္႔ပါေသးတယ္...
http://www.securityfocus.com/infocus/1734
http://www.securityfocus.com/infocus/1749
http://www.debianadmin.com/securing-cisco-routers-by-disabling-unused-services.html

Security Contexts ???

The virtual firewall methodology enables a physical firewall to be partitioned into multiple standalone firewalls. Each standalone firewall acts and behaves as an independent entity with its own configuration, interfaces, security policies, routing table, and administrators. In Cisco ASA, these virtual firewalls are known as security contexts.

Read Sample Chapter Here : http://www.informit.com/articles/article.aspx?p=426641&seqNum=2

AAA Server Steps

- Cisco PIX Firewall က AAA Server Authentication Protocols ႏွစ္ခုကို support လုပ္တယ္...
1) RADIUS ( UDP connection ကိုသံုးတယ္ client(NAS) နဲ႔ server(AAA)ႀကားမွာ...combines Authentication and Authorization )
2) TACACS+ ( TCP connection ကိုသံုးတယ္...sends Authentication and Authorization separately )

- Cisco Secure ACS က Cisco ရဲ႕ AAA Server Product ၿဖစ္တယ္...WindowsNT/2000ေပၚမွာ သံုးလို႔ရတယ္...CSACS က RADIUS ေရာ TACACS+ ႏွစ္ခုလံုးကို support လုပ္တယ္...

AAA

CCNA Security Chapter4 မွာ AAA အေႀကာင္းကို ေရးထားပါတယ္...သိပ္ႀကီး မရွင္းဘူး...ဒါနဲ႔ AAA ကုိနားလည္ရလြယ္ေအာင္ Google ႀကည္႔လိုက္ေတာ႔ http://www.netcraftsmen.net/welcher/papers/aaabasics01.html ေတြ႔သြားပါတယ္....နားလည္လြယ္ေအာင္ကို ေသခ်ာရွင္းၿပထားပါတယ္....အဲဒါကို အရင္ဖတ္ၿပီးမွပဲ CCNA Security Chapter4 AAA အေႀကာင္းကို ၿပန္ဖတ္ႀကည္႔ရင္ ပိုအဆင္ေၿပမယ္ ထင္ပါတယ္....အၿခား AAA TACACS+ နဲ႔ ပက္သက္ၿပီး နားလည္လြယ္ေအာင္ေရးထားတဲ႔ white paper , tutorials ေလးမ်ား ရွိရင္လည္း comment မွာ share ေပးဖုိ႔ ေတာင္းဆိုခ်င္ပါတယ္...ေက်းဇူးတင္ပါတယ္...

CCNA Security Chapter3 Review

Chapter 3 Defending the Perimeter ... ဒီ Chapter က ေတာ္ေတာ္ေလးေကာင္းပါတယ္...သံုးေခါက္ေလာက္ကို မွတ္မိသြားေအာင္ ဖတ္သင္႔ပါတယ္....Password-Protecting a Router အေႀကာင္းပါ...Router ကို ဘယ္လို Password ေတြေပးလို႔ရတယ္ ဆိုတာကို ရွင္းၿပသြားပါတယ္...Creating Command-Line Interface Views နဲ႔ Protecting Router Files အပိုင္းေတြဟာ မွတ္သားဖုိ႔ေကာင္းပါတယ္...

CCNA Security Chapter2 Review

Chapter2 ကေတာ႔ ဒီေလာက္ႀကီး စိတ္၀င္စားစရာ မေကာင္းပါဘူး ကၽြန္ေတာ္႔အတြက္ေတာ႔...Backup Sites သံုးခုကေတာ႔ မွတ္သားဖိုု႔ေကာင္းပါတယ္...ၿပီးေတာ႔ Security Evaluation Tools ေလးေတြလဲ စမ္းႀကည္႔သင္႔ပါတယ္...ပထမပိုင္းမွာေတာ႔ SDLC, Disaster Recovery ေတြကို ေၿပာၿပီး ေနာက္ပိုင္းမွာ Cisco Products ေတြ အေႀကာင္းကို ေၿပာပါတယ္...Summarize လုပ္ရရင္ Chapter2 က သိပ္အေရးမႀကီးေလာက္ဘူး ထင္ပါတယ္...

CCNA Security Chapter1 Review

CCNA Security စာအုပ္က ေတာ္ေတာ္ေလးေကာင္းမဲ႔ ပံုပါပဲ...Chapter1 ေတာ႔ ဖတ္ၿပီးသြားပါၿပီ...

Review the following topics

- Understanding IP Spoofing ( Page 27 )

- Understanding Confidentiality Attacks ( Page 31 )

- Understanding Integrity Attacks ( Page 33 )

- Understanding Availability Attacks ( Page 36 )

အထက္ပါ topics ေလးခု ကေတာ႔ ႏွစ္ေခါက္ သံုးေခါက္ေလာက္ ၿပန္ဖတ္သင္႔ပါတယ္...ကိုယ္ပိုင္ အယူအဆပါ...
Chapter 1 ရဲ႕ ေနာက္ဆံုးမွာပါတဲ႔ Cisco ရဲ႕ Best-Practice Recommendations ေလးကိုလဲ မွတ္မိေအာင္ ဖတ္သင္႔ပါတယ္...Network Security ကို Routing&Switching ေလာက္ စိတ္မ၀င္စားပါဘူး...ၿပန္သံုးသပ္ႀကည္႔ေတာ႔ CCIE (Security) ထိ မသြားရင္ေတာင္ CCNA Security အေၿခခံေလာက္ကိုေတာ႔ သိထားသင္႔တယ္ဆိုတဲ႔ ကိုယ္ပိုင္ယူဆခ်က္နဲ႔ ဒီCCNA Security စာအုပ္ကို စဖတ္ၿဖစ္သြားတာပါ...Security နဲ႔ ပက္သက္တဲ႔ စာအုပ္ေတြကလည္း အမ်ားႀကီးဆိုေတာ႔ အရင္က ဘယ္စာအုပ္က စဖတ္လို႔ ဖတ္ရမွန္းမသိပါဘူး... Security နဲ႔ ပက္သက္လုိ႔ အေၿခခံကေန စဖို႔ရာ Cisco က CCNA Security Exam ကို launch လုပ္လိုက္ေတာ႔ ဒီCCNA Security စာအုပ္ကေန စဖတ္မယ္ဆိုၿပီး Idea ရသြားတာပါ...
Kevin Wallance ကေတာ႔ CCNA Security နဲ႔ ပက္သက္လို႔ အခုလို ေၿပာသြားပါတယ္...
http://www.informit.com/podcasts/episode.aspx?e=caf1122a-1dbd-4b60-a15f-1f0160ed2dcf

CCNA Security

Part 1 Network Security Concepts

Chapter 1 Understanding Network Security Principles

Three primary goals of network security

- Confidentiality

- Integrity

- Availability (DoS Attack)

Categorizing Data

Government and Military Classification Model

Data Category

Description

Unclassified


Sensitive but unclassified (SBU)


Confidential


Secret


Top-secret


Organizational Classification Model

Data Category

Description

Public


Sensitive


Private


Confidential


Data Classification Characteristics

Characteristic

Description

Value

How valuable the data is to the organization

Age

How old the data is

Useful life

How long the data will be considered relevant

Personal association

How personal the data is

Classification Roles

Owner

- Initially determines the classification level

- Routinely reviews documented procedures for classifying data

- Gives the custodian the responsibility of protecting the data

Custodian

- Keeps up-to-date backups of classified data

- Verifies the integrity of the backups

- Restores data from backups on an as-needed basis

- Follow policy guidelines to maintain specific data

User

- Accesses and uses data in accordance with an established security policy

- Takes reasonable measures to protect the data he or she access to

- Use data for only organizational purposes

Cisco defines three security controls

1- Administrative Controls

, such as a log book entry that is required by a security policy

2- Physical Controls ( Security Systems, Physical Security Barriers, Climate protection systems )

, such as an alarm that sounds when a particular door is opened

3- Technical Controls ( Firewall, IPS, VPN Termination Devices, RADIUS or TACACS+, OTP and biometric security scanners )

, such as an IPS appliance generating an alert

Control Types : Preventive, Deterrent and Detective

REFERENCE : CCNA Security ( Official Exam Certification Guide )

Michael Watkins & Kevin Wallance, CCIE No. 7945

Creating a Network Baseline by Chris Bryant, CCIE #12933

Creating A Network Baseline:

A Cisco Networking Tutorial

By Chris Bryant, CCIE #12933

The first thing we've got to do in order to document our network is to create a network baseline. After all, if we don't know our goals, we can't accomplish them. A baseline is really a "network snapshot", a picture of our network devices and their performance - which also helps us spot issues before they happen.

Every network has its "breaking point", the point at which it can no longer transfer data effectively. By creating a baseline, you can see what the current network load is now - and by maintaining that baseline, you can spot network issues well before they become critical. For example, say you baseline all your network routers, and part of that is noting the CPU capability and usage. By maintaining the network baseline, you can note smaller, gradual increases in CPU usage and do something about it before the situation becomes critical.

Establishing a baseline also gives less-experienced network personnel a starting point for troubleshooting, and it gives new network support personnel a starting point as well.

To begin that task, we've got to define where this baseline will begin and end - in other words, we must define the scope of the baseline. Some questions to ask:

  • What is the scope of this baseline?
  • What goals do we have for our network?
  • What network devices will be part of this baseline?
  • What is the objective here? Why are we creating this baseline?

Baseline construction methods differ from one vendor to another, but I recommend the first thing you do when creating a baseline is taking inventory. Why? First, it's hard to create a full network picture if you don't know everything that's in your network; second, many networks are poorly inventoried.

When you're creating network documentation, consistency is vital. This goes for abbreviations, symbols, and icons. There are sets of Cisco icons for use in Microsoft Visio - find and use these icons when documenting and diagramming your network. Keep your usage of these icons consistent as well.

Decide upon your scope and your goals, and stick with that decision. Don't start documenting one part of the network and then jump to another part.

Also, don't hide the documentation! If I have to substitute for you at a client site, I should be able to find the documentation without asking anyone.

Most importantly, maintain the documentation. Nothing is worse than seeing a date at the top of a network baseline doc that's from last year. (Or the last century.) Don't fall into the trap of "I'll catch the documentation up next week", because I can practically guarantee that no matter how great your work ethic is, something's going to happen that will distract you from getting the documentation done. Do it now.

  • In short, when creating network documentation, follow these rules:
  • Define the scope of the documentation and stick to it.
  • Define your objective and the values to be documented.
  • Consistency is key. Keep abbreviations and terminology consistent from document to document.
  • Make sure the appropriate personnel have access to the documentation.
  • Keep the documentation current.

To your success,

Chris Bryant

CCIE #12933

chris@thebryantadvantage.com

SOURCE : http://www.thebryantadvantage.com/CreatingANetworkBaseline.htm

Good Bye Park View Square

၂ ႏွစ္ နီးပါး ၿပည္႔ခါနီး တာ၀န္ေတြလည္း ၿပီးဆံုးသြားၿပီဆိုေတာ႔ Good Bye Park View Square လို႔ ပဲ ႏွဳတ္ဆက္လိုက္ပါတယ္.... လူေတြ အမ်ားႀကီးနဲ႔ သိကၽြမ္းခြင္႔ရခဲ႔တယ္... ဘ၀မွာ မေမ႔ႏိုင္ေအာင္ အေတြ႕အႀကံဳေတြ အမ်ားႀကီးရခဲ႔တယ္... အမ်ားႀကီးလည္း ေလ႔လာသင္ယူခြင္႔ရခဲ႔တယ္... အမ်ားႀကီး ေပ်ာ္ရႊင္ခဲ႔ရတယ္... ခြဲခြာရေတာ႔မယ္ဆိုေတာ႔လည္း အဲဒီ လွပတဲ႔ Building ႀကီးထက္ ေပ်ာ္ေပ်ာ္ရႊင္ရႊင္ အလုပ္တူတူလုပ္ခဲ႔ႀကတဲ႔သူေတြကိုပဲ လြမ္းမိပါတယ္...မေမ႔ႏိုင္စရာတစ္ခုကေတာ႔ အဲဒီက အတူတူအလုပ္လုပ္ခဲ႔တဲ႔လူေတြဟာ အၿမဲပဲ ၿပံဳးၿပံဳးၿပံဳးၿပံဳး နဲ႔ စကားေၿပာဆက္ဆံၿပီး ေပ်ာ္စရာေတြသာ ကၽြန္ေတာ္႔ကိုေၿပာေလ႔ရွိပါတယ္... အၿမဲပဲ စေနာက္ေလ႔ရွိႀကတယ္... အကူအညီေပးရင္ စိတ္လိုလက္ရ ကူညီေပးႀကတယ္... အၿမဲပဲ မုန္႔ေကၽြးႀကတယ္ ကၽြန္ေတာ္႔ကို... အားလံုးကို အၿမဲသတိရၿပီး ေက်းဇူးလည္း အမ်ားႀကီးတင္ပါတယ္...