CCNA Security 640-553 Cert Flash Cards Online available

The CCNA Security 640-553 Cert Flash Cards Online provides a concise review of all objectives on the IINS exam 640-553. This online exam preparation tool consists of a custom flash card application loaded with 250 total questions that test your skills and enhance retention of exam topics.

 

Questions are organized by exam objective, allowing you to focus your study on selected topics. You can choose to view cards in order or at random, and you can create custom sets from the entire bank of cards. The engine provides you with the ability to mark each question correct or incorrect and provides a detailed score report by category at the end of the exam. You can even write notes on each question and then get a printable PDF of all your notes aligned to the relevant questions.

 

These robust features make this a truly unique learning tool:

     .    Test your knowledge by entering your own answers

     .    Grade your answers against the correct answer

     .    Create custom question sets

     .    View detailed score reports

     .    Enter and print notes for each question

     .    Use on any device that has a web browser and Internet connection

 

CCNA Security 640-553 Cert Flash Cards Online is an online, internet-based service, available in both desktop and mobile device formats, allowing you to test yourself at home, at work, or on the go.

 

System Requirements:

Web browser and Internet connection

 

US: $24.99 / CAN: $29.99

 

Table of Contents

 

1. Describe the security threats facing modern network infrastructures

2. Secure Cisco[r] routers

3. Implement AAA on Cisco routers using local router database and external ACS

4. Mitigate threats to Cisco routers and networks using ACLs

5. Implement secure network management and reporting

6. Mitigate common Layer 2 attacks

7. Implement the Cisco IOS[r] IPS feature set using SDM

8. Implement site-to-site VPNs on Cisco Routers using SDM

 

source: http://www.ciscopress.com/bookstore/product.asp?isbn=1587058588

Tags: , ,

Change your IP address for testing purpose : free VPN service

Sometimes you need to change your IP address to see what others see of your network.

You can use the Loki Network utility to change your IP address and do some testing :

"Loki Network Project is free VPN service and SSL based free VPN server. It is an opportunity to protect your private data (IP address, e-mail/FTP/HTTP passwords, web-sites visited, uploaded/downloaded files and etc…) and bypass certain Internet access limitations you may have at your location.

An example, free Public Loki VPN Service allows you:

– Protect your data from being intercepted by various network sniffers in your LAN segment
– Safely bypass traffic interception and analyses on corporate, ISP or even country level firewall

Bypass any limitations in visiting web-sites or any other Internet services (if access to Loki VPN Servers is not blocked directly).
Loki Network Project can suggest two scenarios to protect your private data:

To use our Public VPN Service that includes set of Loki VPN Servers located in different countries. Guest access to our public service is free to use.

To create your custom service based on your own copy of VPN Server installed on your dedicated or home server. Community version of Loki VPN Server Desktop Edition is free for download and use.

According to all scenarios you have to download and install our free VPN Client software used to help you to create your own security schema.

Download it here : Version 1.2.0.9  Size 4 MB

 

Other useful link : http://www.freeproxy.ru/en/free_proxy/cgi-proxy.htm

Networking Essential Free Poster !

A free Networking Essentials Free Poster with cable types, Osi Layer, Protocles, Network Topologies, …

Tags: , ,

SDLC : Systems Development Life Cycle Poster

Systems Development Life Cycle (SDLC), or Software Development Life Cycle, in systems engineering and software engineering relates to models or methodologies, that people use to develop systems, generally computer systems.

Systems_Development_Life_Cycle

OSI and the Cisco Three-Layer Hierarchical Model Poster

Free OSI and the Cisco Three-Layer Hierarchical Model poster from TextBuddy

OSI Model

 Click for full sized image !

Cisco System Development Life Cycle Mindmap

System Development Life Cycle

Tags: ,

Defense-in-Depth with defense in breadth

You can find in the Cisco certification guide for the Cisco 640-553 this explanation of the Defense-in-Depth security approach :

“Cisco recommends multiple and overlapping solutions. These overlapping solutions target different aspects of security, such as securing against insider attacks and securing against technical attacks. These solutions should also be subjected to routine testing and evaluation. Security solutions should also overlap in a way that eliminates any single point of failure.

Defense in Depth is a design philosophy that achieves this layered security approach. The layers of security present in a Defense in Depth deployment should provide redundancy for one another while offering a variety of defense strategies for protecting multiple aspects of a network. Any single points of failure in a security solution should be eliminated, and weak links in the security solution should be strengthened.”

But if you consider attacks targeting the different aspect of security : Confidentiality, Integrity, and Availability, (CIA) things are not such simpler.

Read this article on “Observations on the effects of defense in depth on adversary behavior in cyber warfare”. They have built different networks with different number of security layers. Then a team tried to catch flags that correspond to the realization of an attack on the different CIA security aspects for each network.

The goal is to see the factor between the number of security layer in each network and the corresponding time for the attacker to successfully launch all the three attack ( Confidentiality, Integrity, Availability)

The result is that to launch a read or modify attack the workload that take two hours at configuration level one and two, take 26 hours at level 3. The big change is in the time to develop the attack instead of launching it.

You can see that in the following graph :

 

image

But what happens to availability attacks ?

More you have systems, more you have possibility to exploit a vulnerability from the chain of systems and to denial service to it.

Look at the following graph :

 

image

 

Less time to launch a denial of services attack with more layer of security.

 

Therefore, what to do ? Plans carefully your different layer and the overlaps between them , think about not only the number, but the scope covered by the layer think about “Defense-in-Depth” with “Defense-in-breadth”.

 

The following graph from the US Transport Security Agency is an example of the “Defense-in-Depth” with “Defense-in-breadth” security approach, you have multiple layer that’s overlaps with each other to form a large area of defense.

Graphic which shows layers of security used to ensure the security of the traveling public and the Nation's transportation system.

Source : http://www.tsa.gov/what_we_do/layers/index.shtm

In conclusion, adding security layers to a system does not necessarily guarantee increased assurance. Introducing new layers of security has the potential to introduce new vulnerabilities, or control surfaces, for sophisticated adversaries to exploit. Defensive layers must be analyzed to gain a thorough understanding of how they work together before they are integrated into an operational system.

Excel workbook to create IPSec template for Cisco IOS

Use this sheet from TechRepublic to get a commented configuration IPsec template for your IOS devices.

Sample output from this tool:

ipsec template result sample for Cisco IOS devices
ipsec template result sample for Cisco IOS devices

 

You can download this tool here : ipsec_worksheet

SAN Security ressources from SanSecurity.com

A simple site with a FAQ and a lot of links concerning System Area Network Security :

Ressources :
http://www.sansecurity.com/san-security-articles.shtml

Here is the FAQ :

Read the rest of this entry »

MindMap for Encryption, IPsec, ACL, …

A mind map is a diagram used to represent words, ideas, tasks or other items linked to and arranged radially around a central key word or idea. It is used to generate, visualize, structure and classify ideas, and as an aid in study, organization, problem solving, and decision making.

Each mind map illustrates the complex relationship between the topics of a domain and the components of a particular topic.

 You can find some other mindmap here: http://www.mindcert.com/resources/

Tags:

Recent Posts

Blogroll

Partner Site