About Me
Cisco Certified Network Associate (CCNA)
1 Network Fundamentals
1-1 Explain the role and function of network components
1-2 Describe characteristics of network topology architectures
1-3 Compare physical interface and cabling types
1-4 Identify interface and cable issues (collisions, errors, mismatch protocols)
1-5 Compare TCP to UDP
1-6 Configure and verify IPv4 addressing and subnetting
1-7 Describe the need for private IPv4 addressing
1-8 Configure and verify IPv6 addressing and prefix
1-9 Compare IPv6 address types
1-10 Describe IPv6 address autoconfiguration
1-11 Verify IP parameters for Client OS (Windows, Linux, Mac OS)
1-12 Describe wireless principles (SSID, BSS, ESS)
1-13 Describe virtualization fundamentals (hypervisor)
1-14 Describe switching concepts
2 Network Access
2-1 Configure and verify VLANs (normal range) spanning multiple switches
2-2 Configure and verify interswitch connectivity (trunking, DTP, VTP)
2-3 Configure and verify Layer 2 discovery protocols (CDP, LLDP)
2-4 Configure and verify (Layer 2Layer 3) EtherChannel (LACP)
2-5 Describe the need for and basic operations of Rapid PVST+ Spanning Tree Protocol
2-6 Compare Cisco Wireless Architectures and AP modes
2-7 Describe physical infrastructure connections of WLAN components (AP, WLC, accesstrunk ports, and LAG)
2-8 Describe AP and WLC management access connections (Telnet, SSH, HTTP, HTTPS, console, and TACACS+RADIUS)
2-9 Configure the components of a wireless LAN access for client connectivity using GUI only
3 IP Connectivity
3-1 Interpret the components of routing table
3-2 Determine how a router makes a forwarding decision by default
3-3 Configure and verify IPv4 and IPv6 static routing
3-4 Configure and verify single area OSPF
3-5 Describe the purpose of first hop redundancy protocols
4 IP Services
4-1 Configure and verify inside source NAT using static and pools
4-2 Configure and verify NTP operating in a client and server mode
4-3 Explain the role of DHCP and DNS within the network
4-4 Explain the function of SNMP in network operations
4-5 Describe the use of syslog features including facilities and levels
4-6 Configure and verify DHCP client and relay
4-7 Explain the forwarding per-hop behavior (PHB) for QoS such as classification, marking, queuing, and congestion
4-8 Configure network devices for remote access using SSH
4-9 Describe the capabilities and function of TFTPFTP in the network
5 Security Fundamentals
5-1 Define key security concepts (threats, vulnerabilities, exploits, and mitigation techniques)
5-2 Describe security program elements (user awareness, training, and physical access control)
5-3 Configure and verify device access control using local passwords
5-4 Describe security password policies elements, such as management, complexity, and password alternatives (multifactor authentication, certificates, and biometrics)
5-5 Configure and verify access control lists (ACLs)
5-6 Configure and verify Layer 2 security features (DHCP snooping, dynamic ARP inspection, and port security)
5-7 Configure and verify IPv6 access control lists (ACLs)
5-8 Describe wireless security protocols (WPA, WPA2, and WPA3)
5-9 Configure and verify wireless security settings
5-10 Describe the components of a comprehensive security policy (acceptable use policy, password, updates, and patches)
6 Automation and Programmability
6-1 Explain how automation impacts network management
6-2 Compare traditional networks with controller-based networking
6-3 Describe controller-based and software defined architectures (overlay, underlay, and fabric)
6-4 Compare traditional campus device management with Cisco DNA Center enabled device management
6-5 Describe characteristics of REST-based APIs (CRUD, HTTP verbs, and data encoding)
6-6 Recognize the capabilities of configuration management mechanisms Puppet, Chef, and Ansible
6-7 Interpret JSON encoded data
6-8 Identify the appropriate Automation and Programmability solution for a given scenario
CCNA: 5 Security Fundamentals

CCNA: 5 Security Fundamentals

Key Concepts

Firewalls

Firewalls are network security devices that monitor and control incoming and outgoing network traffic based on predetermined security rules. They act as a barrier between a trusted internal network and untrusted external networks, such as the internet. Firewalls can be hardware devices, software programs, or a combination of both.

Example: Think of a firewall as a bouncer at a nightclub. The bouncer checks the credentials of everyone trying to enter the club (network) and only allows those who meet the specified criteria (security rules) to pass. This ensures that only authorized individuals can access the club's resources.

Access Control Lists (ACLs)

ACLs are a series of commands used to filter traffic entering and leaving a network based on source and destination IP addresses, protocols, and ports. They are implemented on routers and switches to control access to network resources and enhance security. ACLs can be used to allow or deny specific types of traffic.

Example: Consider ACLs as a list of permissions for a gated community. The list specifies which vehicles (traffic) are allowed to enter the community based on their license plates (source IP addresses) and the purpose of their visit (protocol). This ensures that only authorized vehicles can access the community's facilities.

Virtual Private Networks (VPNs)

VPNs are technologies that create secure, encrypted connections over less secure networks, such as the internet. They allow remote users to access a private network securely by encapsulating and encrypting data packets. VPNs are commonly used by organizations to provide secure remote access to their internal networks.

Example: Think of a VPN as a secure tunnel that connects a remote worker's home office (untrusted network) to their company's headquarters (trusted network). The tunnel ensures that all data passing through it is encrypted, making it safe from eavesdropping and unauthorized access.

Intrusion Detection Systems (IDS)

IDS are security systems that monitor network traffic for suspicious activity and potential security breaches. They analyze network traffic against a set of known attack signatures and generate alerts when suspicious activity is detected. IDS can be network-based or host-based and are often used in conjunction with firewalls.

Example: Consider an IDS as a security camera system in a store. The cameras continuously monitor the store's activities (network traffic) and alert the security personnel (network administrators) if they detect any suspicious behavior (potential security breaches). This allows the personnel to take immediate action to prevent theft or damage.

Encryption

Encryption is the process of converting data into a coded format that can only be read by someone who has the decryption key. It is used to protect sensitive information from unauthorized access and ensure data confidentiality. Encryption is widely used in various security applications, including VPNs, secure communications, and data storage.

Example: Think of encryption as a secret code that you use to write messages to a friend. Only you and your friend have the key (decryption key) to decode the messages. This ensures that no one else can read the messages, even if they intercept them.

© 2024 Ahmed Baheeg Khorshid. All rights reserved.