I’m pretty sure that there are many examples out there to create NetFlow configuration and very well documented as well, however, I wanted to give my config a crack and also wanted to share. I’m adding one more bit of information as it is very useful to keep your network on-check, and that is the NBAR addition.
Which Direction for NetFlow? I have read somewhere, and I refuse to look for the document again, thinking it was from Lancope’s website, but I remember reading that NetFlow works better if applied in only one direction. Pretty sure that many people out there will have their opinions and reasons to do it in very different directions on the same interface, but after lots of thinking, it made sense to me.
I finished last year with an incomplete challenge and lots of things in my to-do list. This exam was one of them, so I ended up moving lots of my objectives to 2018
I presented this exam at the beginning of November-17 and failed with few or a lot of incorrect questions. It really took me by surprise some of the things that I thought I knew needed more re-enforcing on my end. It is also very important to understand that these exams are also created with technology in mind, and many of them get to be un-updated for a while, so I was also tested on things that are End of Life (which I think got the best of me)
As part of the CCNP Security 300-206 (SENSS) - I have found interesting topics along the ways and this one catches my attention. So here is a quick high-level overview + some configuration examples on IP TCP Intercept
What TCP Intercept is looking to prevent? This feature looks to prevent Denial of Service Attacks, by limiting incomplete connections to a host, in this case, a Web Server could be a good example.
Ok, I’m going to give this one a try, and hope all readers help me keep myself honest on this one. Initially, the title of this Post was based on CCNP Security and Cisco Prime Infrastructure Security Use Cases. So I have been looking for some Security use cases with Cisco Prime Infrastructure, and I think I found some based on correlation and other important things the tool has to offer.
A quick video on how to install Cisco ACS Version 5.8
Here are the VM Requirements: Minimum Requirements
CPU 2 CPUs (dual CPU, Xeon, Core2 Duo or 2 single CPUs) 2 GHz CPU speed
Memory 4 GB RAM
Hard Disk A minimum of 60 GB is required.
Maximum storage is up to 750 GB. Note: ACS partitions the available disk space automatically during the installation process.
Note: It is recommended that you allocate the hard disk size to be greater than 500 GB for the secondary instance, which acts as a log collector.
Looking at the Objectives and the Exam topics, I found something that I was not entirely familiar and decided to take a look at it. At this point, I’m not sure if Cisco Security Manager is still something that is worth taking a look at or a product that is widely used by Security professionals in the field.
I asked around with a few colleagues and all of them agreed that CSM was already faced out by other tools, like Cisco Firepower Management Console and even other third-party integrations out there.
