March Posts

This past week I’ve been learning more about network security and monitoring. The weakest link in a network is the 2nd Layer. 2 types of Layer 2 attacks that focus on gaining administrative access to a network device are Cisco Discovery Protocol reconnaissance, and Telnet Attacks. With Cisco Discovery Protocol attacks a hacker can potentially find many types of information including: IP addresses, IOS version information, user platform information, or native VLAN information; you can potentially stop the exploitation of Cisco Discovery Protocol attacks by deactivating or disabling the Cisco Discovery Protocol globally or per each interface that you are not using, and by ensuring that access to the ports are secure. The brute force attack is a type of telnet attack that creates sequential character combination in attempts to guess a password, often paired with a dictionary tool to maximize chances of cracking a passcode. Another telnet attack is DoS(Denial of Service) when constinuoily requesting a telnet connection is done in order to attempt to make resources unavailable for administrator to remotely access the switch. Overall, learning about these different types of attacks was very informative, especially as cybersecurity is a very large growing field with 100’s of job opportunities and also just to better prepared if I am ever in charge of a network.

This past week I’ve been learning about Simple Network Management Protocol. Simple Network Management Protocol is an Internet Standard protocol for organizing and collecting information about devices managed on IP networks and for editing that information to change device reactions and behaviors. Simple Network Management Protocol was developed to allow administrator to manage nodes, such as routers and switches on an IP network and enables network administrators to manage network performance and find and solve network problems and plan for network growth. 3 main elements of an Simple Network Management Protocol system are the managers, agents, and MIBs. 3 Simple Network Management Protocol manager actions include GET, SET, and TRAPS. GET collects information from an agent, SET changes configuration data or setting on a an agent, and TRAP forward information directly to an Network Management System. MIBs are primarily stored on local agents. Simple Network Management Protocol uses UDP and port 162 to communicate between managers and clients. The SET Simple Network Management Protocol action can change the configuration variables of an agent or initiate actions within the agent. Unsolicited TRAPS are used to notify the Network Management System of certain events immediately. All of these features and functions come together to create the Simple Network Management Protocol which effectively allows an administrator to manage resources from a central location maximizing productivity.

This past week I've been learning about Catalyst Switched Port Analyzer. Catalyst Switched Port Analyzer is the Cisco proprietary feature, which is sometimes called port mirroring or port monitoring, selects network traffic for analysis by a network analyzer. Two of the specialized devices that Cisco’s Catalyst Switched Port Analyzer delivers to are Packet Analyzer and Intrusion Prevention Systems. Packet Analyzer is an Intrusion Detection Systems, intrusion detection systems differ from intrusion prevention systems in that they only notify an administrator that there is potentially damaging traffic entering the network, unlike Intrusion prevention systems that actively defend the network from potentially damaging network traffic. Packet analyzers are most commonly used for troubleshooting purposes, an IPS analyzes traffic in real time and can take action upon the discovery of malicious traffic patterns. The 2 types of Cisco’s Catalyst Switched Port Analyzer session associations are with the source and destination ports, and VLANs and the destination ports. An important thing to consider when configuring a Cisco Catalyst Switched Port Analyzer is that the destination port cannot be a source port, and the source port cannot be a destination port. RSPAN is a tool that allows the packet analyzer or the IPS to be on a different switch than the one that the traffic is being monitored, proving useful for remote management. Overall, SPAN is a very useful tool especially for preventing and mitigating attacks which are increasing in frequency and intensity as our society becomes more and more dependent on the internet.