Cisco Mag: October 2008

Windows XP Tips and Tricks

My Favorite Tips for Windows XP SP2

Windows XP Service Pack 2 (SP2) is a big deal. It provides immediate benefits, but it also comes with some potential pitfalls. Before you do a mass rollout of XP SP2, arm yourself with my favorite tips and tricks for deploying SP2 and dealing with some difficulties you'll likely run into after you deploy it.Click here for more.

Windows XP Technical Overview

Windows XP is the next version of Microsoft Windows beyond Windows 2000 and Windows Millennium. Windows XP brings the convergence of Windows operating systems by integrating the strengths of Windows 2000—standards-based security, manageability and reliability with the best features of Windows 98 and Windows Me—Plug and Play, easy-to-use user interface, and innovative support services to create the best Windows yet.This article provides a broad technical overview of what’s new in Windows XP. It shows how new technologies and features make it easier to get work done, share information, manage your desktop, stay productive while traveling with a mobile computer, obtain help and support, and perform many other computing tasks.Windows XP is built on an enhanced Windows 2000 code base, with different versions aimed at home users and business users: Windows XP Home Edition and Windows XP Professional. Unless otherwise noted, this article addresses technologies and features common to both versions of the operating system.Click here for more.

Windows XP and .NET: An Overview

The release of Windows XP comes at a time of transition and growing maturity of the Internet.The Web has grown to include many millions of sites on almost every conceivable topic. Although more information is available than ever before, the opportunities to fully manage and customize it have remained limited. Until now.The Microsoft .NET initiative aims to change this through a framework built around XML-based Web services that interoperate via existing open Internet protocols such as TCP/IP and HTTP.And at the heart of the .NET platform for knowledge workers, business users, and consumers lies the new client operating system, Windows XP.Click here for more.

Want to remove MSN Messenger?

A lot of people want to know how to remove the MSN Messenger service from XP... here's how:Locate SYSOC.INF in the \Windows\INF folder (hidden file and folder), Open it in Notepad and locate the line: msmsgs=msgrocm.dll,OcEntry,msmsgs.inf,hide,7

OR (XP Pro Only) leave it installed, but tell Windows to never let
it run. If you're running XP Professional, you can use GPEDIT.MSC to
prevent Messenger from loading. Otherwise, even disabling it in
startup won't cause it to "always" not run. NOTE: Outlook, Outlook
Express and some Microsoft web pages can still make it load.

Start, Run and enter GPEDIT.MSC

Computer Configuration > Administrative Templates > Windows
Components > Windows Messenger

You can now modify whether it starts initially and/or whether
it's to run at all.

UPDATE: I have recieved some email that say this fix slows
down outlook when starting, that is because outlook wants to start
messenger when it starts, the easiest and fastest way to disable
messenger and still have a quickj starttime with outlook is to
rename the exe file, located here c:\program files\messenger\msmsgs.exe,
to something other than msmsgs.exe, such as msmsgsnew.exe.

AVG Anti-Virus Free Edition

AVG Free Edition is the well-known antivirus protection tool.

Features:

Free of charge to home users for the life of the product.
Rapid virus database updates are available for the lifetime of the product
Easy to use

Not slow your system down

include automatic update functionality, the AVG Resident Shield and AVG Virus Vault for safe handling of infected files.

Download link

Intel six-core chip technology

Intel is expected to announce the first six-core processor “Dunnington” processor later this month.

Microsoft Certified Systems Engineer

(or
MCSE) is the best-known and premiere Microsoft certification. It
qualifies an individual as being able to analyze the business requirements for

information systems solutions, and design and implement the infrastructure
required.

As of 2007, the MCSE is available for two different product lines;

Windows 2000 and

Windows Server 2003, each of which requires a different set of exams.

For the MCSE 2003, candidates must pass six core
design exams (Four networking exams, one client operating system and one design
exam) and one elective exam, for a total of seven exams. For the MCSE 2000, a
candidate needs to pass five Core Exams (Four operating system exams, one design
exam) and two electives. For the MCSE NT 4.0 (which is no longer available to
earn, though it is still recognized as a valid certification), a candidate
needed to pass four Core Exams (Networking Essentials, Windows NT Workstation,
Windows NT Server and Windows NT Server in the Enterprise) and two electives.

The topic of these exams include

network security,

computer networking

infrastructure,

Active Directory,

Microsoft Exchange Server,

Microsoft SQL Server, and other topics of both general

networking interest as well as specific Microsoft products.

MS Certification Team

Microsoft™ has extended its

Second Shot offer for certification exams.You can now take advantage of the
opportunity to get a free second chanceto pass a Microsoft IT Professional,
Developer, or Microsoft Dynamics™certification exam through June 30, 2008. This
offer is availableworldwide, to anyone who registers for

Second Shot and does not passtheir first attempt at one of these exams.It’s
easy to register:

Step 1: Before taking your exam, register for

Second Shot and receiveyour exam voucher number.

Step 2: Using the voucher number, schedule and pay for your
initialexam via Prometric's web site, call center or test center locations. (Toqualify,
you must have the voucher number prior to registering withPrometric.)

Step 3: Take your exam.

Step 4: If you do not pass on your first
attempt, register for your freeretake exam via Prometric's web site, call
center or test center locationsusing the same voucher number.NOTE: To allow for
test results to be entered into the system, please waitone day after the failed
exam to register for your Second Shot retake.For more information,
or to register,

go to:

http://www.microsoft.com/learning/mcp/offers/secondshot/default.mspx

MCSE(MICROSOFT CERTIFIED SYSTEMS ENGINEER)Tutorials Part-4

Logical Topologies: are two types

1. Work group.

2. Domain

Workgroup (peer to peer):

Collection of computers connected together to share the resources.
No Servers or Server Operating Systems are used.
Only Client Operating System is mostly used.
Any Operating Systems like, DOS, Windows 95, Windows 98, workstation, Windows 2000 Pro, and Windows XP Pro can be configured as work-group model.
Suitable for smaller organizations.
Where security is not the criteria.
No administrator is required
Where we are not using client server based applications. Like oracle, SQL and exchange etc.

Domain (Client/Server)

Domain is a collection of computers connected together with a Server and users
Domain model can have servers like UNIX, Novell NetWare, WIN-NT server, Windows 2000 server,Windows 2003 server and Windows 2008.
Provides centralized administration to manage the resources.
Suitable for medium to large size networks/organizations.
Suitable when we have client server architecture (Back ends & front ends)
Domain offers security and provides logon authentication.
Suitable if security is criteria
Requires an administrator.

MCSE(MICROSOFT CERTIFIED SYSTEMS ENGINEER)Tutorials Part-3

Network Topologies:

The way of cabling or physical layout is called topology or the architecture of a network is called
topology For example Bus, Star, Ring, and Mesh Topologies.

Bus Topology:

Components of Bus Topology:

1. Co-axial cable (back bone cable)

2. T- connectors

3. BNC (British Network Connector)

4. Terminator

5. Patch cable

Disadvantages of Bus:

If anything goes wrong with backbone cable whole network is down. Follows a serial communication. Outdated these days.

Star Topology:

Star topology is an advanced version over bus topology. Where it uses either a hub or a switch, it uses cat5/6 cables. It uses connecters called (Recommend Jack) - RJ45.Star topology offers faster data transfer or processing.

Ring Topology:

Ring topology is useful when we want redundancy (fault tolerance) we go with this type of topology. Ring topology uses a device called MSAU. (Multi Station Access Unit) It is a unit inside which a logical ring is formed. This ring ensures the availability of Network.
The availability of ring ensures availability of network.
It was basically implemented in IBM networks.

MCSE(MICROSOFT CERTIFIED SYSTEMS ENGINEER)Tutorials Part-2

Networking devices:

Repeater or Hub:

Connects two segments of your network cable.
Retimes and regenerates the signals to proper amplitudes and sends them to the other segments.
In ethernet topology, a hub is used as a repeater.
Require a small amount of time to regenerate the signal. This can cause a propagation delay which can affect network communication when there are several repeaters in a row.
Work at the physical layer of the OSI network model
It communicate by broadcasting

SWITCH:

Advanced version over a Hub.
The main benefit of switch is Unicast in short data packets are transmitted only to the target computer instead of all(Broadcasting).
Maintains a table called MIT(Mac Information Table.) which is generated as soon as we turn on the switch. MIT contains the port no, IP address and MAC(Media Access Control) address or Physical(It is an address burnt in the NIC by the manufacturer have 48 bits).
Work at the data link layer of the OSI network model

ROUTER:

Router is a device connects two different networks.
Routing occurs at the network layer of the OSI model.
They can connect networks with different architectures such as Token Ring and Ethernet.
Although they can transform information at the data link level, routers cannot transform information from one data format such as TCP/IP to another such as IPX/SPX.
Routers do not send broadcast packets or corrupted packets. If the routing table does not
indicate the proper address of a packet, the packet is discarded.

Router creates the routing table to determine the best path

MCSE(MICROSOFT CERTIFIED SYSTEMS ENGINEER)Tutorials Part-1

NETWORK: A network is a collection of computers connected together.

NETWORKING: is a process of communication between the interconnected devices for the sake of network resources sharing.

Benefits of Networking:

Share resources like hardware , Data etc

Share Software

Sharing of license

Types of Networks:

1) Local Area Network (LAN): Systems connected within the same or limited geographical area is called LAN. A LAN can span 2 kilometers.

Components of LAN:

NIC (Network Interface Card) or Ethernet Card
Cable – Co axial, Twisted Pair cat5 or cat6, Fiber optical

Hubs or Switches.

2) Metropolitan Area Networking: MAN is a combination of LANs or WANS located and connected within the same city.

Components of MAN:

Router

Brouter (Brouter is a combination of bridge or
router)

ATM Switches

DSL connectivity (DSL – Digital Subscriber Link)
ex: Star cables

3) Wide Area Networking (WAN): Interconnection of LANs or MANs located within the same geographical area or different area it depends on telecommunication services.

Router
Brouter (Brouter is a combination of bridge or
router)

ATM Switches

DSL connectivity (DSL – Digital Subscriber Link)
ex: Star cables

Ethical Hacking

Ethical hackers

Employed by companies also known as white hat to perform penetration tests or
computer and network expert who attacks a security system on behalf of its
owners, seeking vulnerabilities that a malicious hacker could exploit.

Penetration test or Ethical hacking

Legal attempt to break into a company’s network to find its weakest link , also
known

Access computer system or network without authorization through skills,
tactics and detailed knowledge. Also known as “Black hat” (a malicious or
criminal hacker).He breaks the law and can go to prison.

Ethical hacker

Also known as “Black hat“.Performs most of the same activities as hackers
performs but with owner’s or organization permission.

Crackers

Illegally break into systems to steal [...]

Learn or Understand IPv6 Part-5

Comapre IPV4 and IPV6

IPV4

Source and destination addresses are 32 bits (4 bytes) in length.
Over 109; possible addresses
IPSec support is optional.
Represented by dotted decimal notation
Packet Header is of variable size this is time consuming to handle
No identification of packet flow for QoS handling by routers is present within the IPv4
header.
Fragmentation is performed by the sending host and at routers, slowing router performance.
Has no link-layer packet size requirements and must be able to reassemble a 576-byte packet.
Header includes a checksum.
Header includes options.
ARP uses broadcast ARP Request frames to resolve an IPv4 address to a link-layer address
Internet Group Management Protocol (IGMP) is used to manage local subnet group membership.
ICMP Router Discovery is used to determine the IPv4 address of the best default gateway and is optional.
Broadcast addresses are used to send traffic to all nodes on a subnet.
Must be configured either manually or through DHCP for IPv4.
Uses host address (A) resource records in the Domain Name System (DNS) to map host names to IPv4 addresses.
Uses pointer (PTR) resource records in the IN-ADDR.ARPA DNS domain to map IPv4 addresses to host names.

IPV6

Source and destination addresses are 128 bits (16 bytes) in length.
Over 1038; possible addresses
IPSec support is required.
Represented by hexadecimal with colons and shortcuts (abbreviations); IPv4 addresses a special case
Packet Header is of fixed size (40 Octets) this is more efficient
Packet flow identification for QoS handling by routers is present within the IPv6 header using the Flow Label field.
Fragmentation is performed only by the sending host.
Link layer must support a 1,280-byte packet and must be able to reassemble a 1,500-byte packet.
Header does not include a checksum.
All optional data is moved to IPv6 extension headers.
ARP Request frames are replaced with multicast Neighbor Solicitation messages.
IGMP is replaced with Multicast Listener Discovery (MLD) messages.
ICMPv4 Router Discovery is replaced with ICMPv6 Router Solicitation and Router Advertisement messages and is required.

There are no IPv6 broadcast addresses. Instead, a link-local scope all-nodes multicast address is used. Does not require manual configuration or DHCP for IPv6. Uses AAAA records in the DNS to map host names to IPv6 addresses. Uses pointer (PTR) resource records in the IP6.INT DNS
domains to map IPv6 addresses to host names.

Learn IPv6 Part-4

Compare IPv6 header VS. IPv4 header

Learn IPv6 Part-3

Move from or Compare IPv4 to IPv6 Address

IPv4

32 bit long(4bytes)
Address= Network+Host
Network and Host portion depends on classes
Classes for identification depends upon the initial bits
Total no of IPv4 addresses are 4,294,967
Represented by dotted decimal or binary (192.168.100.1)

IPv6

128 bit long(16bytes)
Basic architecture = (64 bits) network + (64 bits) host .
Host Portion often be the MAC address or interface identifier
Classes for identification depends upon the initial bits
Total no of IPv6 addresses are 340,282,366,920,938,463,463,374,607,431,770,000,000
Represented by8 groups of 4 hexadecimal characters separated by “:“

Learn IPv6 Part-2

Understand IPv6 Addresses

In IPv4 there were three type of addresses unicast, broadcast and multicast addresses. In IPv6 we have unicast, multicast and anycast.

The broadcast addresses are not used anymore in IPv6, because they are replaced with
multicast addressing.

IPv6 addresses can be categorized by type and scope:

Unicast addresses. A packet is delivered to one interface similar to the unicast address in IPv4.

There are further four types of unicast addresses:

Global unicast addresses, which are conventional, publicly routable address, just like conventional IPv4 publicly routable addresses.The scope is global (IPv6 Internet addresses).
Link-local addresses The scope is the local link (nodes on the same subnet).They are similar to the private, non-routable addresses in IPv4 (10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16).
Unique local addresses are also meant for private addressing, with the addition of being unique, so that joining two subnets does not cause address collisions.The scope is the organization (private site addressing).
Special addresses are loopback addresses, IPv4-address mapped spaces, and 6-to-4 addresses for crossing from an IPv4 network to an IPv6 network.The scope of a special address depends on the type of special address.

Multicast addresses. A packet is delivered to multiple interfaces.
A packet sent to a multicast address is delivered to every interface in a group.Only hosts who are members of the multicast group receive the multicast packets. IPv6 multicast is routable, and routers will not forward multicast packets unless there are members of the
multicast groups to forward the packets to.
Anycast addresses. A packet is delivered to the nearest of multiple interfaces (in terms of routing distance).
A packet sent to an anycast address is then delivered to the first available node. This way
you can provide both load-balancing and automatic failover.

Learn IPv6 Part-1

What is IPv6 and Features as Compare to IPv4?

IPv6 is short for “Internet Protocol Version 6″. IPv6 is the “next generation” protocol designed by the Internet Engineering Task Force (IETF) to replace the current version Internet Protocol, IP Version 4 (”IPv4″).

Most of today’s internet uses IPv4, which is now nearly twenty years old. IPv4 has been remarkably resilient in spite of its age, but it is beginning to have problems. Most importantly, there is a growing shortage of IPv4 addresses, which are needed by all new machines added to the Internet.

IPV6 Features:

IPv6 has a much larger address space than IPv4

Extended address length eliminates the need to use network address translation
IPv6 has a new packet format, designed to minimize packet-header processing.
Addresses in IPv6 are 128 bits long versus 32 bits in IPv4.
IPv6 has address space = 2¹²⁸(about 3.4×10³⁸) addresses
It Supports unicast, anycast, and multicast.
IPv6 introduces the concept of address scopes.

Cisco CCNA Security 640-553 IINS Tutorials Part-9

Fibre Channel Security Protocol (FC-SP)
Designed to overcome the security challenges for enterprise-wide fabrics by providing switch-to-switch and host-to-switch authentication. The focus of FC-SP is protecting data in transit throughout the Fibre Channel network.

Fibre Channel zoning The partitioning of a Fibre Channel fabric into smaller subsets for security purposes.

Firewall Allows for the segmentation of networks into different physical subnetworks, thereby
helping limit the potential damage that could spread from one subnet to another. This term comes from firewalls in buildings, which limit the spread of a fire. A firewall may be a piece of software or hardware that acts as a barrier between the internal (trusted) network and the external (untrusted) network, such as
the Internet.

Gatekeeper Can be thought of as the “traffic cop” of the WAN. For example, because bandwidth on a WAN typically is somewhat limited, a gatekeeper can monitor the available bandwidth. Then, when there is not enough bandwidth to support another voice call, the gatekeeper can deny future call attempts.

Gateway Can forward calls between different types of networks. For example, you could
place a call from an IP phone in your office, through a gateway to the PSTN, to call your home.

Hashing Used to provide data integrity. Hashes are based on one-way mathematical
functions that can be easy to compute but extremely challenging to reverse. The way that hashing works in practice is that data of an arbitrary length is input into the hash function and is processed through the function, resulting in a fixed-length hash. The resultant fixed-length hash is called either the digest or fingerprint.

Heap overflow A type of buffer overflow that occurs in the heap data area. Memory on
the heap is dynamically allocated by the application at runtime and typically contains program data. A heap overflow is not as likely to result in a condition permitting remote code execution as a buffer overflow.

HMAC Keyed Hash Message Authentication Code. An HMAC in cryptographic terms is a
type of message authentication code calculated by using a cryptographic hash function along with a secret key. This may be used to simultaneously verify both the data’s integrity and the message’s authenticity. An iterative cryptographic hash function such as MD5 or SHA-1 may be used to calculate the HMAC. When these are used, the resulting MAC algorithm is called HMAC-MD5 or HMAC-SHA-1, for instance. The cryptographic strength of the underlying hash function, along with the key’s size and quality and the hash output length in bits, define the cryptographic strength of the HMAC.

Cisco CCNA Security 640-553 IINS Tutorials Part-8

Extended access control list (ACL) Made up of a series of statements created in global mode.With extended ACLs, IP packets may be filtered based on a number of attributes. Extended ACLs can filter packets according to protocol type, source and IP address,
destination IP address, source TCP or UDP ports, destination TCP or UDP ports, and optional protocol type information if finer granularity of control is required.

Extensible Authentication Protocol-Flexible Authentication via Secure Tunneling (EAP-FAST)
Protects authentication messages within a secure Transport Layer Security (TLS) tunnel using shared secret keys. Security is provided by an SSL (Secure Socket Layer)/TLS certificate on the “server side”/ACS and by a username and password on the client side.

Extensible Authentication Protocol-Message Digest 5 (EAP-MD5)

A standards-based EAP type that uses an MD5-Challenge message. This is much like thechallenge message used in PPP CHAP (Point-to-Point Protocol Challenge HandshakeAuthentication Protocol), which also uses MD5 as its hashing algorithm.

Extensible Authentication Protocol-Transport Layer Security (EAP-TLS) Developed by Microsoft Corporation to address weaknesses found in other EAP types (such as the one-way authentication used by EAP-MD5). EAP-TLS uses certificate-based (X.509
certificate-based) authentication. It requires both a supplicant and an authentication server to possess a digital certification to perform mutual authentication.

Extensible Authentication Protocol-Tunneled Transport Layer Security (EAP-TTLS) Uses a secured Transport Layer Security (TLS) tunnel to send other EAP authentication messages.

Fibre Channel In terms of SAN networking, this is the primary SAN transport used for
hostto- SAN connectivity.

Fibre Channel Authentication Protocol (FCAP)
Born from Switch Link Authentication Protocol (SLAP), the first authentication protocol proposed for Fibre Channel. This optional authentication mechanism may be employed between any two devices or entities on a Fibre Channel network. It uses certificates or optional keys
to provide security.

Fibre Channel over IP (FCIP) Represents the implementation of Fibre Channel in an IP
implementation that relies on TCP/IP as the network protocol.

Fibre Channel Password Authentication Protocol (FCPAP)

An optional password-based authentication key-exchange protocol. It may be used in
Fibre Channel networks to provide mutual authentication between Fibre Channel ports. As compared to FCAP, FCPAP does not require a PKI to operate.

Cisco CCNA Security 640-553 IINS Tutorials Part-7

Disaster A disruption category in which normal business operations are interrupted for one or
more days. However, not all critical resources at a site are destroyed.

Disaster recovery plan Sometimes called a business continuity plan. Addresses actions taken during and immediately following a disaster.

Dynamic ARP Inspection (DAI) Uses trusted and untrusted ports. ARP replies are allowed
into the switch on trusted ports. However, if an ARP reply enters the switch on an untrusted port, the contents of the ARP reply are compared to the DHCP binding table to verify its accuracy. If the ARP reply is inconsistent with the DHCP binding table, the ARP reply is dropped, and the port is disabled.

Dynamic firewall This fourth-generation firewall technology, sometimes called a stateful firewall, keeps track of the communication process through the use of a state table. This firewall
operates at Layers 3, 4, and 5.

EAP Extensible Authentication Protocol. Dictates the specific authentication messages transported by 802.1x and RADIUS protocols used in an IEEE 802.1x solution.

Education More comprehensive than training because it covers a larger body of knowledge.
Obtaining a college degree focusing on IT security is an example of a comprehensive security education.

Elevation of privileges The act of exploiting a bug in a software application to gain
access to resources that normally would be protected from an application or user. The result is that the application performs actions with more privileges than intended by the application developer or system administrator.

Encapsulating Security Payload (ESP) An Internet standard that allows for the authentication and encryption of IP packets. ESP over Fibre Channel provides a means of protecting data in transit throughout the Fibre Channel network. However, it does
not address the need to secure data while it is stored on the Fibre Channel network.

Endpoint The final point of connection in a communication channel.

Exploit A malicious program designed to take advantage of a vulnerability.

Cisco CCNA Security 640-553 IINS Tutorials Part-6

Denial of service (DoS) A class of attack in which the attacker seeks to make a given
resource unavailable to legitimate users by overwhelming the resource with requests for service that appear legitimate. The resource, such as a server, seeks to handle all requests but ultimately fails. It either becomes unavailable for legitimate purposes or struggles to such an extent that it cannot respond to legitimate requests in a timely manner

Detective control Can detect when access to data or a system occurs.

Deterrent control Attempts to prevent a security incident by influencing a potential attacker not to launch an attack.

DHCP snooping The Dynamic Host Configuration Protocol snooping feature on Cisco
Catalyst switches can be used to combat a DHCP server spoofing attack. With this solution, Cisco Catalyst switch ports are configured in either a trusted or untrusted state. If a port is trusted, it is allowed to receive DHCP responses. If a port is untrusted, it is not allowed to receive DHCP responses. If a DHCP response attempts to enter an untrusted port, the port is disabled.

Dictionary attack Attempts to match password credentials by guessing passwords from a
“dictionary” of common words.

Diffie-Hellman (DH) algorithm A key exchange algorithm that was invented by Whitfield Diffie and Martin Hellman in 1976. The Diffie-Hellman algorithm derives its strength from the difficulty of calculating the discrete logarithms of very large numbers. The functional usage of this algorithm is to provide secure key exchange over insecure channels such as the
Internet. DH is also often used to provide keying material for other symmetric algorithms, such as DES, 3DES, and AES.

Diffie-Hellman Challenge Handshake Authentication Protocol (DHCHAP)

A variation of CHAP that may be used to authenticate devices connecting to a Fibre Channel switch so that only trusted devices may be added to a fabric. DHCHAP adds a DH exchange that
both strengthens CHAP and provides an agreed-upon secret key.

Digital signature Also called a digital signature scheme. A form of asymmetric cryptography that is used to simulate the security characteristics of a written signature in digital form. Digital signature schemes typically use two algorithms that employ a pair of public and private keys. One of these is used for signing, which involves the user’s secret or private key. The other is used to verify these signatures. This typically involves the use of the user’s public key.

Digital Signature Algorithm (DSA)
The Digital Signature Standard (DSS) outlines the use of the DSA by a signer to generate a digital signature to be applied to data and by a recipient of the data to verify the signature’s authenticity. To create the digital signature, you need both a public key and a private key. The private key is used to generate the signature, and the public key is used to verify it. For both signature generation and verification, the data, which is called a message, is reduced through the use of the Secure Hash Algorithm (SHA).

Cisco CCNA Security 640-553 IINS Tutorials Part-5

Community VLAN Ports belonging to a community VLAN can communicate with one another, but not with ports in other community VLANs.

Confidentiality Data confidentiality is provided by encrypting data. If a third party intercepts
the encrypted data, he or she cannot interpret it.

Context-Based Access Control (CBAC) Represents a significant advance over ACLs in that it provides stateful packet filtering capability. CBAC provides the capacity to monitor several attributes in TCP connections, UDP sessions, and Internet Control Message Protocol (ICMP). This monitoring is done in an effort to be sure that the only traffic allowed through a firewall ACL is the return traffic for a dialogue that was originated on the private side of the firewall.

Cryptographic hash This function is a transformation that takes an input and returns a
string, which is called the hash value. Cryptographic hash functions begin with the assumption that an adversary can deliberately try to find inputs with the same hash value. Creating a well-designed cryptographic hash involves a one-way operation in which there is no practical way to calculate a particular data input that will result in a desired hash value. This one-way nature
makes the hash very difficult to forge.

Cryptography The practice and study of encoding information to protect the original
contents. In modern terms this is considered the breach between mathematics and computer science, combining to provide a means of securing information both in computer systems and on networks.

Data diddling The process of changing data before it is stored in a computing system.

Data Encryption Standard (DES) Typically operates in block mode, where it encrypts data
in 64-bit blocks. Like other symmetric algorithms, DES uses the same algorithm and key for both encryption and decryption. DES has weathered nearly 35 years of cryptographic scrutiny. To this point, no significant flaws have been found. Adding to its appeal, DES may be easily implemented and accelerated in hardware.

Defense in Depth A design philosophy that uses a layered security approach to eliminate a
single point of failure and to provide overlapping protection.

Demilitarized zone (DMZ) Sometimes called a screened subnet. A segment of the overall
network that is cordoned off through the use of two firewalls. One of these firewalls sits between the DMZ and the Internet, and the other sits between the DMZ and the internal network. This configuration may also be referred to as creating a “perimeter” network.

Cisco CCNA Security 640-553 IINS Tutorials Part-4

Checksum A mathematical computation used to verify that the contents of a message have not
been altered.

Ciphertext The representation of plain text in an unreadable form.

Cisco Discovery Protocol (CDP) A Layer 2 protocol that permits adjacent Cisco devices to
learn information about one another (for example, protocol and platform information).

Cisco Security Agent (CSA) A host-based IPS (HIPS) solution. The CSA software can be
installed on selected host systems and optionally report suspicious activity to a centralized management server.

Cisco Security Device Manager (SDM) Provides a graphical user interface (GUI) for
configuring a wide variety of features on an IOS router.

Cisco Security Manager An application that can be used to configure security features on a wide variety of Cisco security products.

Cisco Security MARS The Cisco Security Monitoring, Analysis and Response System. The
MARS product offers security monitoring for security devices and applications. In addition to Cisco devices and applications, Cisco Security MARS can monitor many third-party devices and applications.

Cisco Self-Defending Network The Cisco vision for using a network to recognize threats
and then prevent and adapt to them.

class map A way of identifying a set of packets based on their contents using “match” conditions. Classes generally are defined so that you can apply an action to the identified traffic that reflects a policy. The class itself is designated via the class map. Class maps are created using the class-map command. After it is created, the class map is used to match packets to a specified class.

Cold site A cold site offers an alternative site where business operations can be conducted, unlike a hot or warm site. However, a cold site typically does not contain redundant computing equipment such as servers and routers. As a result, the data network would need to be rebuilt from scratch, which might require weeks. Therefore, although a cold site is less expensive initially, as compared to hot or warm sites, a cold site could have more long-term consequences. In fact, the financial consequences could be far greater than the initial cost savings.

Collision When two separate messages have the same message digest. A hash “collision” or hash “clash” happens when two distinct inputs entered into a hash function produce identical outputs. Each hash function has the potential for collisions. However, if you are working with a well-designed hash function, collisions should occur less frequently. In terms of hash functions, collisions inhibit the distinguishing of data, making records more costly to find in hash tables
and data processing.

Cisco CCNA Security 640-553 IINS Tutorials Part-3

Glossary

Awareness Awareness makes the end-user community conscious of security issues, without necessarily any in-depth procedural training. For example, distributing an e-mail or pamphlet describing the issue of viruses and the importance of virus protection creates awareness of the issue.

Block cipher Derives its name from the fact that it transforms a fixed-length “block” of plain text into a “block” of ciphertext. These two blocks are the same length. When the reverse transformation is applied to the ciphertext block, by using the same secret key, it is decrypted.Block ciphers use a fixed length or block size. This generally is 128 bits, but they can range in size.For instance, DES has a block size of 64 bits.

Bootset The collection of a router’s image and configuration files that can be protected using the Cisco IOS Resilient Configuration feature, which keeps a secure copy of the bootset.

Brute-force attack Attempts to match password credentials by guessing a sequence of patterns (for example, the letter a through the letter z, followed by the letters aa through zz, followed by aaa through zzz, and so on). In such an attack, all possible combinations are used until the password is discovered. This may require a great deal of time, but it always eventually succeeds in discovering the password.

Buffer overflow A programming error that may result in erratic program behavior, a memory access exception and program termination, or a possible breach of system security.

Call agent Replaces many of the features previously provided by Private Branch Exchanges (PBX). For example, a call agent can be configured with rules that determine how calls are forwarded. Cisco Unified Communications Manager (UCM) is an example of a call agent.

Catastrophe A disruption category in which all resources at a site are destroyed, and normal business operations must be moved to an alternative site.

Certificate A document issued and signed by the certificate authority (CA) that binds the name of the entity and its public key.

Certificate authority (CA) A trusted third party responsible for signing the public keys of entities in a PKI-based system.

Challenge Handshake Authentication Protocol (CHAP)

An authentication scheme used by Point-to-Point Protocol (PPP) to validate the identity of remote clients. CHAP periodically verifies the client’s identity by using a three-way handshake. Verification is based on a shared secret. CHAP also is the mandatory protocol for iSCCI, as chosen by the Internet Engineering Task Force (IETF). CHAP is based on shared secrets. It periodically verifies the client’s identity by using a three-way handshake. This verification is based on a shared secret. With CHAP, the password never actually crosses the wire, just a hash of the challenge, hostname, and password.

Cisco CCNA Security 640-553 IINS Tutorials Part-2

Asymmetric encryption Employs a two-key technology: a public key and a private key. Often this is simply called public key encryption. In this key pair, the public key may be distributed freely, whereas the private key must be closely guarded. If it is compromised, the system as a whole will fail. The way that public key encryption works is that the public key is used to encrypt the data. After it is encrypted, only the private key can decrypt the data. The opposite is also true.

Auditing The process of recording the actions of an authenticated user. An example is tracking how long a user is authenticated on the network and the resources he or she works with while on the network, as well as the length of usage. Auditing can produce a history of network usage on the part of a given user or users.

Authentication The confirmation that a user who is requesting a service is a valid user of the network services requested. Authentication is accomplished by presenting an identity and credentials. These might be such things as passwords, one-time tokens, or digital certificates.

Authentication, Authorization, and Accounting (AAA) These three primary services give a network security as well as a record of user activity. AAA identifies who the user is, what the user can access, and what services and resources the user is using when he or she makes a connection with a server.

Authentication server A RADIUS server (such as Cisco Secure ACS) that validates a client’s credentials against its user database.

Authenticator A device (such as a Cisco Catalyst switch) that provides access to a network. The authenticator typically does not authenticate the supplicant. Rather, the authenticator acts as agateway, relaying authentication messages between the supplicant and an external authentication server.

Authorization The granting of specific types of service to a user, based on his or her authentication, the services he or she is requesting, and the current system state.

AutoSecure An automated approach to applying security best practices to a router that is invoked from the CLI.

Auxiliary VLAN The VLAN used by a Cisco IP Phone to carry voice traffic is often called an auxiliary VLAN.

Availability The availability of data is a measure of its accessibility. For example, if a server were down only 5 minutes per year, it would have an availability of 99.999 percent (that is, “five nines” of availability).

Cisco CCNA Security 640-553 IINS Tutorials Part-1

Access control list (ACL) ACLs can provide basic traffic-filtering capabilities on Cisco routers. ACLs can be configured for all routed network protocols to filter packets as they pass through a router or security appliance. An ACL may be used for packet filtering (a type of firewall), as well as for selecting types of traffic to be analyzed, forwarded, or influenced in some manner.

Accounting Tracking users’ consumption of network resources. This information may be used for management purposes, planning, billing, or other purposes. Typical information that is gathered includes the user’s name, the nature of the service delivered, when the service began, and when it concluded.

Advanced Encryption Standard (AES) The AES initiative was announced in 1997, when the public was invited to propose candidate encryption schemes to be evaluated as the encryption standard to replace DES. The Rijndael cipher was selected as the AES algorithm in October of 2000 by the U.S. National Institute of Standards and Technology (NIST). In 2002 the U.S. Secretary of Commerce approved the adoption of AES as an official U.S. governmentstandard.

Application layer firewall This third-generation firewall technology evaluates network packets for valid data at the application layer before allowing a connection. Data in all network packets is examined at the application layer and maintains complete connection state and sequencing information. Application layer firewalls also can validate other security items that appear only within the application layer data, such as user passwords and service requests.

Asymmetric algorithm Employs a two-key technology: a public key and a private key. Often this is simply called public key encryption. In this key pair, the public key may be distributed freely, whereas the private key must be closely guarded. If it is compromised, the system as a whole will fail. The way that public key encryption works is that the public key is used to encrypt the data. After it is encrypted, only the private key can decrypt the data. The opposite is also true.

CISCO Certification Exams Guides

640-802 CCNA Exam Guide

Exam Number:
640-802 CCNA

Associated Certifications:
CCNA

Duration:
90 Minutes

Questions:
(50-60 questions)

Cisco Career Certification exams include the following
test formats:

Multiple-choice single answer

Multiple-choice multiple answer

Drag-and-drop

Fill-in-the-blank

Testlet

Simlet

Simulations

Exam Description:

The 640-802 Cisco Certified Network Associate (CCNA) is the composite exam associated with the Cisco Certified Network Associate certification. Candidates can prepare for this exam by taking the Interconnecting Cisco Networking Devices Part 1 (ICND1) v1.0 and the Interconnecting Cisco Networking Devices Part 2 (ICND2) v1.0 courses. This exam tests a candidate’s knowledge and skills required to install, operate, and troubleshoot a small to medium size enterprise branch network. The topics include connecting to a WAN; implementing network security; network types; network media; routing and switching fundamentals; the TCP/IP and OSI models; IP addressing; WAN technologies; operating and configuring IOS devices; extending switched networks with VLANs; determining IP routes; managing IP traffic with access lists; establishing point-to-point connections; and establishing Frame Relay connections.

Cisco Mag