Worldwide Locations
205 Results Found
The OSI model is a conceptual tool used to discuss and describe network functions. The use of a standard reference model is essential to communicating ideas as well as creating new technologies. It is a good idea to be familiar with the OSI model, the features assigned to each layer, and examples of common protocols or technologies associated with the OSI layers.
The OSI model is a conceptual tool used to discuss and describe network functions. The use of a standard reference model is essential to communicate ideas as well as create new technologies. It is a good idea to be familiar with the OSI model, the features assigned to each layer, and examples of common protocols or technologies associated with the OSI layers.
Diane Teare, Global Knowledge's Cisco Course Director, discusses the advantages to taking our CCNA Boot Camp.
Course director Jim Thomas explains how our custom labs, which utilize external hosts, ISR routers, and DMZ, provide a real-world environment for students.
Rather than looking back over the past year, organizations and individuals need to start assessing cybersecurity threats that lie ahead in the New Year. While there is always the chance for a new threat or risk to be unearthed this year, often the risks of the New Year are predicable from the trends of attacks from the previous year. However, other factors need to be considered as well, including new technologies, new software and applications, mobility, etc. Here are my predictions of the areas to watch for new security threats. When it comes to cybersecurity, we have a lot to look out for, take precautions against and be paranoid about.
One of the many useful features of tunneling is to carry non-IP traffic across an IP network, and this is still the case when dealing with IPv6 traffic. This transition mechanism makes use of a configured tunnel to transport IPv6 over a native IPv4 network, which may consist of two sites or more. Unlike the previous transition mechanisms, tunneling is not monolithic; while the basic principles may be similar, the operations are different. The following chart gives a breakdown of the current, major tunneling types in use, particularly in a Cisco environment:
Learning how to program and develop for the Hadoop platform can lead to lucrative new career opportunities in Big Data. But like the problems it solves, the Hadoop framework can be quite complex and challenging. Join Global Knowledge instructor and Technology Consultant Rich Morrow as he leads you through some of the hurdles and pitfalls students encounter on the Hadoop learning path. Building a strong foundation, leveraging online resources, and focusing on the basics with professional training can help neophytes across the Hadoop finish line.
As with the adoption of any new technology, the move from IP version 4 to IP version 6 will take a number of years to complete. During that transition phase, various mechanisms will be necessary to continue support of the older protocol as the newer gains widespread momentum. In addition, there has been some evolution even within the availability of these mechanisms, some of which have already passed from general use into deprecated status. Network engineering professionals already proficient in the use of IPv6, as well as the available coexistence mechanisms, will undoubtedly stay in high demand throughout this process.
Risk is something we deal with on a daily basis. Living in New Jersey and having the occasional storm, I’ve recently performed my own risk assessment determining the value of certain assets and activities and made a decision on what I was willing to spend to reduce risk to what I perceived as an acceptable level. My management of risk was a rather simple case. Sure, in my revised business continuity plan for my home, I’ll make sure that I have more D cell batteries, have my garage door adjusted so it opens manually again, more food I can heat on a stove and that doesn’t rely on refrigeration, and finally I’ll consider a whole house gas generator that uses natural gas, which has always been available to power critical systems like the sump pump in my basement. What if, however, I was a really large business? One with lots of components and interdependencies that require a tight integration in order to succeed? How and where can a large volume of information necessary to management, business continuity, and disaster recovery be correlated and communicated to those individuals who, because of their roles and responsibilities, need to make the critical decisions regarding the management of risk?
The STP (Spanning Tree Protocol) standard (IEEE 802.1d) was designed when the recovery after an outage could wait a minute or so and be acceptable performance. With Layer 3 switching in LANs, switching began to compete with routers running protocols because they are able to offer faster alternate paths. Rapid Spanning Tree Protocol (RSTP or IEEE 802.1w) brought the ability to take the twenty seconds of waiting for the Max Age counter plus fifteen seconds of Listening plus fifteen seconds of Learning or fifty seconds down to less than one second for point-to-point connected and edge switches and six seconds for root switches.
In a recent post, I gave an overall description of a service portfolio and the key components of a portfolio. Here, I will describe how a cloud services provider might implement an ITIL service portfolio. A cloud services provider will regularly have a set of services under development, a set of service in live operation, and a set of services that are retired.
This short example illustrates basic VLAN operation. Examining VLANs in a large-scale installation can show the full benefits of VLANs. Consider that this is a small portion of a large corporate headquarters with 5,000 devices connected in a 20 building campus.
In 1998, the Internet Engineering Task Force (IETF) released RFC 2460, outlining the technical specifications of IPv6, which addressed the shortcomings of the aging IPv4 protocol. As with any evolution of technology, new elements exist in the protocol that may seem strange and unfamiliar. This certainly includes address representation, space, and so forth, but also includes a number of different types of addresses as well. A subset of these new addressing types has corresponding types in IPv4, but many will seem significantly different. The purpose of this white paper is to examine addressing classifications in detail and outline their functions within the context of the protocol.
Depending on the switch vendor, the exact steps will vary on how to set up and configure VLANs on a switch. For the network design shown, the general process for setting up VLANs on the switch is:
For several years, most news articles about a computer, network, or Internet-based compromise have mentioned the phrase "zero day exploit" or "zero day attack," but rarely do these articles define what this is. A zero day exploit is any attack that was previously unknown to the target or security experts in general. Many believe that the term refers to attacks that were just released into the wild or developed by hackers in the current calendar day. This is generally not the case. The "zero day" component of the term refers to the lack of prior knowledge about the attack, highlighting the idea that the victim has zero day's notice of an attack. The main feature of a zero day attack is that since it is an unknown attack, there are no specific defenses or filters for it. Thus, a wide number of targets are vulnerable to the exploit.
Now that the network is installed, each switch has a bridge ID number, and the root switch has been elected, the next step is for each switch to perform a calculation to determine the best link to the root switch. Each switch will do this by comparing the path cost for each link based on the speed. For paths that go through one or more other switches, the link costs are added. The switch compares this aggregate value to the other link costs to determine the best path to the root switch.
That depends on their configurations. For example: While it makes very good sense to include redundant physical links in a network, connecting switches in loops, without taking the appropriate measures, will cause havoc on a network. Without the correct measures, a switch floods broadcast frames out all of its ports, causing serious problems for the network devices. The main problem is a broadcast storm where broadcast frames are flooded through every switch until all available bandwidth is used and all network devices have more inbound frames than they can process.
I recently responded to a message on LinkedIn from a regular reader of this blog. He asked several questions which I will answer over the course of several posts. As part of his first question, he described a strategy report that his group is producing. The audience for this strategy report considers ITIL important to the future of their business, and so he must describe which ITIL processes his data center operations group works most closely with.
The most obvious difference is that hubs operate at Layer 1 of the OSI model while bridges and switches work with MAC addresses at Layer 2 of the OSI model. Hubs are really just multi-port repeaters. They ignore the content of an Ethernet frame and simply resend every frame they receive out every interface on the hub. The challenge is that the Ethernet frames will show up at every device attached to a hub instead of just the intended destination (a security gap), and inbound frames often collide with outbound frames (a performance issue).
“Twisted Pair” is another way to identify a network cabling solution that’s also called Unshielded Twisted Pair (UTP) and was invented by Alexander Graham Bell in 1881. Indoor business telephone applications use them in 25-pair bundles. In homes, they were down to four wires, but in networking we use them in 8-wire cables. By twisting the pairs at different rates (twists per foot), cable manufacturers can reduce the electromagnetic pulses coming from the cable while improving the cable’s ability to reject common electronic noise from the environment.
IT departments have multiple opportunities and challenges as a result of the Bring Your Own Device (BYOD) invasion. The most common opportunity is to reinforce enterprise network security from both the inside and the outside. Supporting BYOD also offers more monitoring and tracking of activities that provide a more detailed view of network traffic flow. Alternatively, it will be a challenge for some IT departments to give up control over which devices may access their enterprise network. Another challenge will be to have the users doing configurations for network access, which adds human error to a crucial part of the process. The opportunities and challenges BYOD represents are real. Enterprises must make their network infrastructure BYOD ready to meet the onslaught.
Good question! There are lots of networks, so I’m sorry to say that it depends. Let me explain. The smallest computer-based networks are usually PANs or Personal Area Networks. They can connect a wireless keyboard, mouse, or other devices to a computer. You may find them wirelessly linking a printer to your computer. You may have noticed these all include wireless connections. A PAN most often uses wireless technologies like infrared and Bluetooth, so it is really a WPAN (Wireless Personal Area Network).
Your business has been hacked, leaving you with a persistent bot; now what? In this hour-long webinar, security expert David Willson will discuss ways you can eliminate the threat in an act of self-defense or defense of property. As new laws are explored, old ones amended, and solutions sought, you'll take a look at thinking outside the box to give the good guys the advantage-or at least a fighting chance.
For us wireless folks that aren’t stellar routing and switching guys, one of the most daunting network tasks is integrating our WLAN infrastructure with the existing wired infrastructure and its services. Understanding wired design topics is pretty fundamental to installing or managing any network, so it really should be on our priority list to spruce up those skills. To give you a nudge on your journey, let’s talk about DHCP for wireless clients.
In this hour-long webinar, security expert and Global Knowledge instructor Phillip D. Shade will provide insight into the emerging network security science of network forensics analysis, a.k.a. security event analysis and reconstruction. Using case studies, you will examine the role of data retention in network forensics analysis, and you will learn about applying forensics analysis techniques to handle application-based attacks, VoIP call interception, and worms, bots, and viruses.
In this hour-long webinar, Global Knowledge instructor John Barnes will guide you through implementing Cisco private VLANs. He will review VLANs and 802.1q, and he will discuss private VLAN fundamentals and operation, covering primary VLANs and secondary VLANs. He will cover VLAN mapping and discuss using private VLANs between multiple switches. He will also provide a use case example.
An attacker needs to destroy evidence of his presence and activities for several reasons like being able to maintain access and evade detection (and the resulting punishment). Erasing evidence of a compromise is a requirement for any attacker who wants to remain obscure and evade trace back. This usually starts with erasing the contaminated logins and any possible error messages that may have been generated from the attack process.
I attended a meeting this week with a customer of mine and a potential new vendor. The new vendor was there to pitch his configuration and setup service offerings for a specific ITSM toolset. My customer has already had one bad experience with an ITSM tool configuration vendor who promised one thing and delivered much less. He ended up with a tool that’s minimally used and not configured to match his business needs. He’s looking for a vendor that can understand his business needs and priorities and quickly help him get his tool configured and working in a short time frame. Then the topic of standard changes came up. My customer asked for examples of standard changes. The vendor responded, “Server reboots are an example of standard changes.”
Planning for a cyber disaster makes recovering from one much easier. Still, as important as disaster planning is, it's often overlooked or put off until it is too late. In this webinar, Global Knowledge instructor Debbie Dahlin discusses planning for the unexpected -- whether the unexpected means a simple power outage, a network security breach, or a major natural disaster. She'll discuss risk analysis and risk management techniques and explain the importance and process of creating a business continuity plan. Using a fictional company as an example, Debbie will walk you through the disaster planning process a security professional should use, and she will provide simple tricks to reduce your company's downtime before, during, and after a disaster.
In this webinar, the second of two based on our Cybersecurity Foundations course, you'll build on what you learned in the first of the series, Protecting Your Network with Authentication and Cryptography.
In this webinar, the first of two based on our Cybersecurity Foundations course, you will examine the following topics: verifying users and what they can access, ways a user can be validated to computer and network resources, how cryptography is used to protect data, symmetric and asymmetric encryption and hashes.
No matter which IT field you're working in, there are several skills that are useful for every IT professional to know. Here, seven experienced IT professionals working in the networking, programming, project management, and security fields, share what they believe a...
As any network administrator will tell you, the ASA Security appliance (as well as its forerunner, the PIX) are capable of generating massive amounts of log messages, especially when the firewall/security appliance is set to log messages at debug level to the syslog...
A feature common to IPSec Virtual Private Network implementations throughout the Cisco product line is Perfect Forward Secrecy (PFS). This optional additional component is now a default supplied configuration setting with the Adaptive Security Device Manager (ASDM) I...
Occasionally as I'm teaching a Cisco training class, I get an idea for a blog post and it happened again this week. The Securing Networks with ASA Fundamentals curriculum is mostly based on the Adaptive Security Device Manager (ASDM). While the class describes the us...
Private networks are under constant threat of attack, even when steps have been taken to "secure" them. The large volume of malicious codes, and their ability to evolve and adapt, requires security professionals and common computer/internet users alike to be mindful of their actions and constantly play defense. This white paper focuses on 10 common ways that malicious code can penetrate a network. Knowledge of these methods and the ability to recognize them are the first steps in preventing them from succeeding in harming your network.
The subject of this week’s post was actually prompted by a question from a former colleague. Soon after the PIX Firewall added support for IPSec Virtual Private Networks, a command was added to the command-line, sysopt connection permit-ipsec. This command was subse...
The flexibility, reduced cost, and mobility of cloud computing have made the concept a hot topic. Before implementing this method of computing, however, it is important to consider the security of the "cloud." In this white paper, you will learn some of the risks and benefits of cloud computing to be sure it is the right solution for you.
Microsoft SQL Server has evolved over the years as a scalable, robust database management system and is now competing in the VLDB (Very Large Database) space with Oracle and IBM. The market share for the product continues to grow, based on total cost of ownership and ease of use. This white paper outlines some of the important fundamentals of Microsoft SQL Server 2008 that every DBA should know.
I recently was presented with the challenge of logging ALL of the pertinent connection, disconnection, and termination messages associated with the Cisco SSL AnyConnect client without overwhelming the syslog capture display with extraneous messages. This blog will br...
Subnetting is a complicated topic that has confused students for a very long time. However, subnetting is an important topic for many different certifications with various vendors, including Cisco. In the real world environment, people are used to just punching in the numbers in many of the free subnet calculators that are readily available on the internet. For exam purposes, you still have to do this in a very fast manner since many exams are time-based and you don't have the luxury of spending those precious minutes on any single question. This Cisco training whitepaper will solve some of those age-old and complicated subnetting puzzles.
There are some common misconceptions on the part of some of my students as to how VPN sessions are established from either a remote location or remote user to the ASA firewall. In particular, a “gray area” seems to be when the attributes from the tunnel group are app...
ASA and PIX software version 7.0 introduced the configuration command nat-control which didn’t exist in previous versions of code. Although training course material for both the SNAF (Securing Networks with ASA Fundamentals) and SNAA (Securing Networks with ASA Advan...
You may have noticed that it’s the dynamic routing protocols that get all the glory. Since I like rooting (routing?) for the underdog, let’s talk about static routes! As you may recall, a router has three methods for learning a route. A route can appear in the routi...
Wi-Fi networks have been misunderstood by much of the IT community since their inception. Even the reasons for this misunderstanding are kind of hard to understand. The result has been that myths about 802.11 (better known as Wi-Fi) networks have grown almost as fast as the technology itself. In this web seminar, we'll examine 11 common Wi-Fi myths and explore ways to use correct information to make your networks scalable, secure and satisfying for your users.