I’m pretty sure that there are many examples out there to create NetFlow configuration and very well documented as well, however, I wanted to give my config a crack and also wanted to share. I’m adding one more bit of information as it is very useful to keep your network on-check, and that is the NBAR addition.
Which Direction for NetFlow? I have read somewhere, and I refuse to look for the document again, thinking it was from Lancope’s website, but I remember reading that NetFlow works better if applied in only one direction. Pretty sure that many people out there will have their opinions and reasons to do it in very different directions on the same interface, but after lots of thinking, it made sense to me.
I finished last year with an incomplete challenge and lots of things in my to-do list. This exam was one of them, so I ended up moving lots of my objectives to 2018
I presented this exam at the beginning of November-17 and failed with few or a lot of incorrect questions. It really took me by surprise some of the things that I thought I knew needed more re-enforcing on my end. It is also very important to understand that these exams are also created with technology in mind, and many of them get to be un-updated for a while, so I was also tested on things that are End of Life (which I think got the best of me)
As part of the CCNP Security 300-206 (SENSS) - I have found interesting topics along the ways and this one catches my attention. So here is a quick high-level overview + some configuration examples on IP TCP Intercept
What TCP Intercept is looking to prevent? This feature looks to prevent Denial of Service Attacks, by limiting incomplete connections to a host, in this case, a Web Server could be a good example.
Ok, I’m going to give this one a try, and hope all readers help me keep myself honest on this one. Initially, the title of this Post was based on CCNP Security and Cisco Prime Infrastructure Security Use Cases. So I have been looking for some Security use cases with Cisco Prime Infrastructure, and I think I found some based on correlation and other important things the tool has to offer.
A quick video on how to install Cisco ACS Version 5.8
Here are the VM Requirements: Minimum Requirements
CPU 2 CPUs (dual CPU, Xeon, Core2 Duo or 2 single CPUs) 2 GHz CPU speed
Memory 4 GB RAM
Hard Disk A minimum of 60 GB is required.
Maximum storage is up to 750 GB. Note: ACS partitions the available disk space automatically during the installation process.
Note: It is recommended that you allocate the hard disk size to be greater than 500 GB for the secondary instance, which acts as a log collector.
To all visual learners, like me, and to the ones that need to do the stuff in order to learn. Also for the love of virtualization, I thought it will be a good idea to include videos and demonstrations on how things could be done.
The Video https://youtu.be/XSsrW1gFx3A
The Content This is just going over the installation of an ASAv and a CSR1000v
What will be next? There will be some more content on the installation of ACS, hopefully, sooner than later
Looking at the Objectives and the Exam topics, I found something that I was not entirely familiar and decided to take a look at it. At this point, I’m not sure if Cisco Security Manager is still something that is worth taking a look at or a product that is widely used by Security professionals in the field.
I asked around with a few colleagues and all of them agreed that CSM was already faced out by other tools, like Cisco Firepower Management Console and even other third-party integrations out there.
So like anything else, is just very hard for me to begin something without first coming up with a plan, so I decided to treat this as a project, with planning and designing included into it.
The main constraint you may ask if any? Time, so time is valuable and the day of my first exam approaches very quickly, I have been doing lots of studying so far and also labs here and there, also I’m very familiar with the topics on SENSS, so hopefully, I can knock it down with no problems. But this time is different, I want to share all the ride with the people that read this blog.
If you have read this blog before you will notice that I have lots of stuff going on some good and some meh!, from Collaboration, Security, Enterprise Networks and some other stuff non-related to Cisco, which I recommend you checking out in case you are interested. Initially, I started sharing my Journey to the CCIE Collaboration back in 2014. I completed my adventure last year (2016), and I’m very happy to say that I fully enjoyed the ride. Now I would like to focus most of my posts on Security and on my ride on completing my CCNP Security following it up with the CCIE Security by the beginning of next year (hope it works). UC and Collaboration will still be playing a HUGE roll into my writing as I find it very fun! and I still have LOTS of pending posts and Videos
There is a constant evolution of security technologies and also Security threats, which makes the need for additional and enhanced visibility of the network. Cisco keeps on improving its Security portfolio, and this time I’m looking more closely at the Cisco Identity Services Engine. At a first glance, to me it looked like just an 802.1x solution with very complicated features.
I decided that I wanted to get more involved, and I have been working with the product for the last month in a more serious note this time, trying to understand the product I decided to make a list with important Features that are packed into the solution
