Archive for the ‘Certification’ Category
CCNA Security 640-553 Cert Flash Cards Online available
The CCNA Security 640-553 Cert Flash Cards Online provides a concise review of all objectives on the IINS exam 640-553. This online exam preparation tool consists of a custom flash card application loaded with 250 total questions that test your skills and enhance retention of exam topics.
Questions are organized by exam objective, allowing you to focus your study on selected topics. You can choose to view cards in order or at random, and you can create custom sets from the entire bank of cards. The engine provides you with the ability to mark each question correct or incorrect and provides a detailed score report by category at the end of the exam. You can even write notes on each question and then get a printable PDF of all your notes aligned to the relevant questions.
These robust features make this a truly unique learning tool:
. Test your knowledge by entering your own answers
. Grade your answers against the correct answer
. Create custom question sets
. View detailed score reports
. Enter and print notes for each question
. Use on any device that has a web browser and Internet connection
CCNA Security 640-553 Cert Flash Cards Online is an online, internet-based service, available in both desktop and mobile device formats, allowing you to test yourself at home, at work, or on the go.
System Requirements:
Web browser and Internet connection
US: $24.99 / CAN: $29.99
Table of Contents
1. Describe the security threats facing modern network infrastructures
2. Secure Cisco[r] routers
3. Implement AAA on Cisco routers using local router database and external ACS
4. Mitigate threats to Cisco routers and networks using ACLs
5. Implement secure network management and reporting
6. Mitigate common Layer 2 attacks
7. Implement the Cisco IOS[r] IPS feature set using SDM
8. Implement site-to-site VPNs on Cisco Routers using SDM
source: http://www.ciscopress.com/bookstore/product.asp?isbn=1587058588
Tags: 640-553, Ressources, training
Networking Essential Free Poster !
A free Networking Essentials Free Poster with cable types, Osi Layer, Protocles, Network Topologies, …
Defense-in-Depth with defense in breadth
You can find in the Cisco certification guide for the Cisco 640-553 this explanation of the Defense-in-Depth security approach :
“Cisco recommends multiple and overlapping solutions. These overlapping solutions target different aspects of security, such as securing against insider attacks and securing against technical attacks. These solutions should also be subjected to routine testing and evaluation. Security solutions should also overlap in a way that eliminates any single point of failure.
Defense in Depth is a design philosophy that achieves this layered security approach. The layers of security present in a Defense in Depth deployment should provide redundancy for one another while offering a variety of defense strategies for protecting multiple aspects of a network. Any single points of failure in a security solution should be eliminated, and weak links in the security solution should be strengthened.”
But if you consider attacks targeting the different aspect of security : Confidentiality, Integrity, and Availability, (CIA) things are not such simpler.
Read this article on “Observations on the effects of defense in depth on adversary behavior in cyber warfare”. They have built different networks with different number of security layers. Then a team tried to catch flags that correspond to the realization of an attack on the different CIA security aspects for each network.
The goal is to see the factor between the number of security layer in each network and the corresponding time for the attacker to successfully launch all the three attack ( Confidentiality, Integrity, Availability)
The result is that to launch a read or modify attack the workload that take two hours at configuration level one and two, take 26 hours at level 3. The big change is in the time to develop the attack instead of launching it.
You can see that in the following graph :
But what happens to availability attacks ?
More you have systems, more you have possibility to exploit a vulnerability from the chain of systems and to denial service to it.
Look at the following graph :
Less time to launch a denial of services attack with more layer of security.
Therefore, what to do ? Plans carefully your different layer and the overlaps between them , think about not only the number, but the scope covered by the layer think about “Defense-in-Depth” with “Defense-in-breadth”.
The following graph from the US Transport Security Agency is an example of the “Defense-in-Depth” with “Defense-in-breadth” security approach, you have multiple layer that’s overlaps with each other to form a large area of defense.
Source : http://www.tsa.gov/what_we_do/layers/index.shtm
In conclusion, adding security layers to a system does not necessarily guarantee increased assurance. Introducing new layers of security has the potential to introduce new vulnerabilities, or control surfaces, for sophisticated adversaries to exploit. Defensive layers must be analyzed to gain a thorough understanding of how they work together before they are integrated into an operational system.