Network Security Releases!

Posted: 7th April 2021 by ccna7guru in NETSEC

The Network Security 1.0 course is now available – with a highly interactive design to engage your students. 

This enhanced curriculum ​introduces the core security concepts and skills needed to configure and troubleshoot computer networks and help ensure the integrity of devices and data. Students will gain practical, hands-on skills to design, implement, and manage network security systems and ensure their integrity, preparing them for entry-level network security positions. 

Network Security complements CCNA, CyberOps Associate, IoT Security, or DevNet Associate courses. Students can pursue a career in network security, expand their cybersecurity expertise, or broaden their networking or software skills. ​ 

What’s New? 

  • Digital badge – Now available for students who successfully complete the instructor-led course. 
  • Highly interactive – Designed for engagement and real skills development, students build and reinforce knowledge throughout the curriculum.  Course includes labs with Packet Tracer, virtual machines, and real equipment, plus, quizzes, videos, interactive activities, assessments, a final exam, and more. 
  • Same equipment as CCNA – We’ve removed the additional equipment requirements. If you’re teaching CCNA, you’re ready to go!  
  • Improved interface – Built with the new user interface, now mobile-friendly and more accessible​.
  • Streamlined for just-in-time learning – We’ve removed outdated products and processes and updated the virtual machines and Packet Tracer labs. ​ Information about equipment and configuration is now moved into labs reducing the amount of reading with more emphasis on just-in-time learning. ​ 
  • Updated Assessments – We completely updated the assessments to give students more ownership and instructors more control over exams. Now featuring self-assessments, module quizzes, module group exams, updated PTSA & Skills Assessment, updated practice final, and a new secured, dynamic final exam.​ 

Network Security 1.0 is available now on NetAcad.com in English and consists of approximately seventy hours of instructional material.  

This course replaces the CCNA Security course.  CCNA Security in English is now end-of-life (EOL) with last class start date on 31 March 2022.  

User Mode [Cisco Router]

Posted: 1st April 2021 by ccna7guru in SRWE, ENSA, ITN
  • <1-99>
  • connect [ WORD ]
  • disable
  • disconnect <1-16>
  • enable [ <0-15> | view [ WORD ] ]
  • exit
  • logout
  • ping [ ip | ipv6 ] WORD
  • resume [ <1-16> | WORD ]
  • show
    • arp
    • cdp
      • entry
        • * [ protocol | version ]
        • WORD [ protocol | version ]
      • interface
        • Ethernet <0-9>/<0-24>[ . ][ <0-4294967295> ]
        • FastEthernet <0-9>/<0-24>[ . ][ <0-4294967295> ]
        • GigabitEthernet <0-9>/<0-24>[ . ][ <0-4294967295> ]
        • Serial <0-9>/<0-24>
      • neighbors [ detail ]
    • class-map [ WORD ]
    • clock
    • controllers
      • Ethernet <0-9>/<0-24>
      • FastEthernet <0-9>/<0-24>
      • GigabitEthernet <0-9>/<0-24>
      • Serial <0-9>/<0-24>
      • Serial <0-9> <0-24> <0-4294967295>
      • Serial <0-9> <0-24> <0-4294967295> <16-1022>
    • crypto key mypubkey rsa
    • dot11 interface
    • flash:
    • frame-relay
      • lmi
      • map
      • pvc
        • <16-1022>
        • interface Serial <0-9>/<0-24> [ <16-1022> ]
        • interface Serial <0-9>/<0-24> [ <16-1022> ]
        • interface Serial <0-9> <0-24> <0-4294967295>
        • interface Serial <0-9> <0-24> <0-4294967295> <16-1022>
    • history
    • hosts
    • interfaces
      • Dot11Radio <0-9>/<0-24>
      • Ethernet <0-9>/<0-24>[ . ][ <0-4294967295> ] [ switchPort ]
      • FastEthernet <0-9>/<0-24>[ . ][ <0-4294967295> ] [ switchPort ]
      • GigabitEthernet <0-9>/<0-24>[ . ][ <0-4294967295> ] [ switchPort ]
      • Loopback <0-2147483647>
      • Serial <0-9>/<0-24>
      • Serial <0-9> <0-24> <0-4294967295>
      • Tunnel <0-2147483647>
      • Virtual-Access <1-2>
      • Virtual-Template <1-200>
      • Vlan <1-1005>
      • switchport
      • trunk
    • ip
      • arp
      • bgp [ neighbors | summary ]
      • dhcp binding
      • eigrp
        • interfaces [ <1-65535> ]
        • neighbors [ <1-65535> ]
        • topology
          • [ <1-65535> ]
            • [ A.B.C.D A.B.C.D ]
          • [ A.B.C.D ][ A.B.C.D ]
          • all-links
        • traffic [ <1-65535> ]
      • interface
        • Dot11Radio <0-9>/<0-24>/<0-24>
        • Ethernet <0-9>/<0-24>[ . ][ <0-4294967295> ]
        • FastEthernet <0-9>/<0-24>[ . ][ <0-4294967295> ]
        • GigabitEthernet <0-9>/<0-24>[ . ][ <0-4294967295> ]
        • Loopback <0-2147483647>
        • Serial <0-9>/<0-24>
        • Tunnel <0-2147483647>
        • Virtual-Access <1-2>
        • Virtual-Template <1-200>
        • Vlan <1-1005>
        • brief
        • nbar port-map
        • nat translations
        • ospf
          • <1-65535>
            • <0-4294967295>
              • database
              • interface
                • Ethernet <0-9>/<0-24>[ . ][ <0-4294967295> ]
                • FastEthernet <0-9>/<0-24>[ . ][ <0-4294967295> ]
                • GigabitEthernet <0-9>/<0-24>[ . ][ <0-4294967295> ]
                • Loopback <0-2147483647>
                • Serial <0-9>/<0-24>
              • neighbor
                • Ethernet <0-9>/<0-24>[ . ][ <0-4294967295> ][ detail ]
                • FastEthernet <0-9>/<0-24>[ . ][ <0-4294967295> ][ detail ]
                • GigabitEthernet <0-9>/<0-24>[ . ][ <0-4294967295> ][ detail ]
                • Loopback <0-2147483647>[ detail ]
                • Serial <0-9>/<0-24>[ detail ]
                • detail
              • virtual-links
            • A.B.C.D
              • database
              • interface
                • Ethernet <0-9>/<0-24>[ . ][ <0-4294967295> ]
                • FastEthernet <0-9>/<0-24>[ . ][ <0-4294967295> ]
                • GigabitEthernet <0-9>/<0-24>[ . ][ <0-4294967295> ]
                • Loopback <0-2147483647>
                • Serial <0-9>/<0-24>
              • neighbor
                • Ethernet <0-9>/<0-24>[ . ][ <0-4294967295> ][ detail ]
                • FastEthernet <0-9>/<0-24>[ . ][ <0-4294967295> ][ detail ]
                • GigabitEthernet <0-9>/<0-24>[ . ][ <0-4294967295> ][ detail ]
                • Loopback <0-2147483647>[ detail ]
                • Serial <0-9>/<0-24>[ detail ]
                • detail
              • virtual-links
            • border-routers
            • database
            • interface
              • Ethernet <0-9>/<0-24>[ . ][ <0-4294967295> ]
              • FastEthernet <0-9>/<0-24>[ . ][ <0-4294967295> ]
              • GigabitEthernet <0-9>/<0-24>[ . ][ <0-4294967295> ]
              • Loopback <0-2147483647>
              • Serial <0-9>/<0-24>
            • neighbor
              • Ethernet <0-9>/<0-24>[ . ][ <0-4294967295> ][ detail ]
              • FastEthernet <0-9>/<0-24>[ . ][ <0-4294967295> ][ detail ]
              • GigabitEthernet <0-9>/<0-24>[ . ][ <0-4294967295> ][ detail ]
              • Loopback <0-2147483647>[ detail ]
              • Serial <0-9>/<0-24>[ detail ]
              • detail
            • virtual-links
          • border-routers
          • database
          • interface
            • Ethernet <0-9>/<0-24>[ . ][ <0-4294967295> ]
            • FastEthernet <0-9>/<0-24>[ . ][ <0-4294967295> ]
            • GigabitEthernet <0-9>/<0-24>[ . ][ <0-4294967295> ]
            • Loopback <0-2147483647>
            • Serial <0-9>/<0-24>
          • neighbor
            • Ethernet <0-9>/<0-24>[ . ][ <0-4294967295> ][ detail ]
            • FastEthernet <0-9>/<0-24>[ . ][ <0-4294967295> ][ detail ]
            • GigabitEthernet <0-9>/<0-24>[ . ][ <0-4294967295> ][ detail ]
            • Loopback <0-2147483647>[ detail ]
            • Serial <0-9>/<0-24>[ detail ]
            • detail
          • virtual-links
        • protocols
        • rip database
        • route [ WORD | bgp | connected | eigrp | ospf <1-65535> | rip | static ]
        • ssh
    • ipv6
      • access-list [ WORD ]
      • eigrp
        • interfaces <1-65535>
        • neighbors <1-65535>
        • topology
          • <1-65535>
            • X:X:X:X::X/<0-128>
            • X:X:X:X::X/<0-128>
            • all-links
          • traffic <1-65535>
      • general-prefix
      • interface
        • Ethernet <0-9>/<0-24>[.][<0-4294967295>]
        • FastEthernet <0-9>/<0-24>[.][<0-4294967295>]
        • GigabitEthernet <0-9>/<0-24>[.][<0-4294967295>]
        • Loopback <0-2147483647>
        • Serial <0-9>/<0-24>[.][<0-4294967295>]
        • Tunnel <0-2147483647>
        • brief
      • neighbors
        • Ethernet <0-9>/<0-24>[.][<0-4294967295>]
        • FastEthernet <0-9>/<0-24>[.][<0-4294967295>]
        • GigabitEthernet <0-9>/<0-24>[.][<0-4294967295>]
        • Loopback <0-2147483647>
        • Serial <0-9>/<0-24>[.][<0-4294967295>]
        • Vlan <1-1005>
      • ospf
        • <1-65535>
          • <0-4294967295>
            • database
            • interface
              • Ethernet <0-9>/<0-24>[.][<0-4294967295>]
              • FastEthernet <0-9>/<0-24>[.][<0-4294967295>]
              • GigabitEthernet <0-9>/<0-24>[.][<0-4294967295>]
              • Loopback <0-2147483647>
              • Serial <0-9>/<0-24>[.][<0-4294967295>]
            • neighbor
              • Ethernet <0-9>/<0-24>[.][<0-4294967295>][detail]
              • FastEthernet <0-9>/<0-24>[.][<0-4294967295>][detail]
              • GigabitEthernet <0-9>/<0-24>[.][<0-4294967295>][detail]
              • Loopback <0-2147483647> [detail]
              • Serial <0-9>/<0-24>[.][<0-4294967295>][detail]
              • detail
          • A.B.C.D
            • database
            • interface
              • Ethernet <0-9>/<0-24>[.][<0-4294967295>]
              • FastEthernet <0-9>/<0-24>[.][<0-4294967295>]
              • GigabitEthernet <0-9>/<0-24>[.][<0-4294967295>]
              • Loopback <0-2147483647>
              • Serial <0-9>/<0-24>[.][<0-4294967295>]
            • neighbor
              • Ethernet <0-9>/<0-24>[.][<0-4294967295>][detail]
              • FastEthernet <0-9>/<0-24>[.][<0-4294967295>][detail]
              • GigabitEthernet <0-9>/<0-24>[.][<0-4294967295>][detail]
              • Loopback <0-2147483647>[detail]
              • Serial <0-9>/<0-24>[.][<0-4294967295>][detail]
              • detail
          • border-routers
          • database
          • interface
            • Ethernet <0-9>/<0-24>[.][<0-4294967295>]
            • FastEthernet <0-9>/<0-24>[.][<0-4294967295>]
            • GigabitEthernet <0-9>/<0-24>[.][<0-4294967295>]
            • Loopback <0-2147483647>
            • Serial <0-9>/<0-24>[.][<0-4294967295>]
          • neighbor
            • Ethernet <0-9>/<0-24>[.][<0-4294967295>][detail]
            • FastEthernet <0-9>/<0-24>[.][<0-4294967295>][detail]
            • GigabitEthernet <0-9>/<0-24>[.][<0-4294967295>][detail]
            • Loopback <0-2147483647> [detail]
            • Serial <0-9>/<0-24>[.][<0-4294967295>][detail]
            • detail
        • border-routers
        • database
        • interface
          • Ethernet<0-9>/<0-24>[.][<0-4294967295>]
          • FastEthernet <0-9>/<0-24>[.][<0-4294967295>]
          • GigabitEthernet <0-9>/<0-24>[.][<0-4294967295>]
          • Loopback <0-2147483647>
          • Serial <0-9>/<0-24>[.][<0-4294967295>]
        • neighbor
          • Ethernet <0-9>/<0-24>[.][<0-4294967295>][detail]
          • FastEthernet <0-9>/<0-24>[.][<0-4294967295>][detail]
          • GigabitEthernet <0-9>/<0-24>[.][<0-4294967295>][detail]
          • Loopback <0-2147483647> [detail]
          • Serial <0-9>/<0-24>[.][<0-4294967295>][detail]
          • detail
      • protocols
      • rip database
      • route ospf
    • policy-map [ WORD | interface [ Ethernet <0-9> <0-24> <0-4294967295> | FastEthernet <0-9> <0-24> <0-4294967295> | GigabitEthernet <0-9> <0-24> <0-4294967295> | Serial <0-9> <0-24> | Serial <0-9> <0-24> <0-4294967295> ]
    • privilege
    • protocols
    • queue
      • Ethernet <0-9>/<0-24>[.][<0-4294967295>]
      • FastEthernet <0-9>/<0-24>[.][<0-4294967295>]
      • GigabitEthernet <0-9>/<0-24>[.][<0-4294967295>]
      • Serial <0-9>/<0-24>[.][<0-4294967295>]
    • queueing
    • sessions
    • ssh
    • tcp [brief]
    • terminal
    • users
    • version
    • vlan-switch [ brief | id <1-1005> | name WORD ]
    • vtp
      • counters
      • status
  • ssh
    • -l WORD [ WORD | -v 1 WORD]
    • -l WORD [ WORD | -v 2 WORD]
    • -v 1 -l WORD WORD
    • -v 2 -l WORD WORD
  • telnet [ WORD ][<0-65535>]
  • terminal history size <0-256>
  • traceroute WORD

Spanning Tree Path Cost

Posted: 29th March 2021 by ccna7guru in SRWE
Tags: , , ,

The interface STP cost is an essential component for root path calculation because the root path is found based on the cumulative interface STP cost to reach the root bridge. The interface STP cost was originally stored as a 16-bit value with a reference value of 20 Gbps.
As switches have developed with higher-speed interfaces, 10 Gbps might not be enough. Another method, called long mode, uses a 32-bit value and uses a reference speed of 20 Tbps. The original method, known as short mode, is the default mode.

Devices can be configured with the long-mode interface cost with the command spanningtree pathcost method long. The entire Layer 2 topology should use the same setting for every device in the environment to ensure a consistent topology. Before enabling this setting in an environment, it is important to conduct an audit to ensure that the setting will work.

802.1D Port States

Posted: 29th March 2021 by ccna7guru in SRWE
Tags: , , ,

802.1D Port States
In the 802.1D STP protocol, every port transitions through the following states:
Disabled: The port is in an administratively off position (that is, shut down).
Blocking: The switch port is enabled, but the port is not forwarding any traffic to
ensure that a loop is not created. The switch does not modify the MAC address table.
It can only receive BPDUs from other switches.
Listening: The switch port has transitioned from a blocking state and can now send or
receive BPDUs. It cannot forward any other network traffic. The duration of the state
correlates to the STP forwarding time. The next port state is learning.
Learning: The switch port can now modify the MAC address table with any network
traffic that it receives. The switch still does not forward any other network traffic
besides BPDUs. The duration of the state correlates to the STP forwarding time.
The next port state is forwarding.
Forwarding: The switch port can forward all network traffic and can update the
MAC address table as expected. This is the final state for a switch port to forward
network traffic.
Broken: The switch has detected a configuration or an operational problem on a port
that can have major effects. The port discards packets as long as the problem continues
to exist.

Free DEVASC 200-901 Course

Posted: 3rd February 2021 by ccna7guru in ITN

Download Full Course here

The OWASP Top 10

Posted: 31st January 2021 by ccna7guru in ITN

Now that you know about three of the most well-known attacks, here is the entire OWASP Top 10 list.

  • Injection – This item consists of all sorts of injection attacks. We talked earlier about SQL injection, but this is only the most common. All databases, such as LDAP databases, Hibernate databases, and others, are potentially vulnerable. In fact, any action that relies on user input is vulnerable, including direct commands. You can mitigate these types of attacks by using parameterized APIs, escaping user input, and by using LIMIT clauses to limit exposure in the event of a breach.
  • Broken Authentication – This item relates to multiple problems with user credentials, from stolen credentials database to default passwords shipped with a product. You can mitigate these attacks by avoiding default passwords, by requiring multi-factor authentication, and using techniques such as lengthening waiting periods after failed logins.
  • Sensitive Data Exposure – This item refers to when attackers steal sensitive information such as passwords or personal information. You can help to prevent these attacks by storing as little personal information as possible, and by encrypting the information you do store.
  • XML External Entities (XXE) – This item refers to attacks made possible by a feature of XML that enables users to incorporate external information using entities. You can solve this problem by disabling XML Entity and DTD processing, or by simply using another format, such as JSON, instead of XML.
  • Broken Access Control – This item refers to the need to ensure that you have not built an application that enables users to circumvent existing authentication requirements. For example, attackers should not be able to access admin functions just by browsing directly to them. In other words, do not rely on “security through obscurity”. Make sure to protect all resources and functions that need to be protected on the server side, ensuring that any and all access really is authorized.
  • Security Misconfiguration – This item refers to the need to ensure that the system itself is properly configured. Is all software properly patched and configured? Is the firewall running? Prevention of these types of problems requires careful, consistent hardening of systems and applications. Reduce the attack surface that is available. To do this, only install the services you actually need, and try to separate out components that are not related to different systems to reduce the attack surface further.
  • Cross-Site Scripting (XSS) – This item refers to the ability for an attacker to use the dynamic functions of a site to inject malicious content into the page, either in a persistent way, such as within the body of comments, or as part of a single request. Mitigating these problems requires careful consideration of where you are including untrusted content in your page, as well as sanitizing any untrusted content you do include.
  • Insecure Deserialization – This item describes issues that can occur if attackers can access, and potentially change, serialized versions of data and objects, that is, text versions of objects that can be reconstituted into objects by the server. For example, if a user’s information is passed around as a JSON object that includes their access privileges, they could conceivably give themselves admin privileges by changing the content of that object. Because objects can include executable code, this exploit can be particularly dangerous, even if it is not necessarily simple to exploit. To help prevent issues, do not accept serialized objects from untrusted sources, or if you must, ensure validation before deserializing the objects.
  • Using Components with Known Vulnerabilities – One of the advantages today’s developers have is that most of the core functions you are trying to perform have probably already been written and included in an existing software package, and it is probably open source. However, many of the packages that are available also include publicly available exploits. To fix this, ensure that you are using only necessary features and secure packages, downloaded from official sources, and verified with a signature.
  • Insufficient Logging and Monitoring – This item reminds you that your most basic responsibility is to ensure that you are logging everything important that is happening in your system so that you can detect attacks, preferably before they succeed. It is particularly important to ensure that your logs are in a common format so that they can be easily consumed by reporting tools, and that they are auditable to detect (or better yet prevent) tampering.

STP Port States and BPDU Timers

Posted: 13th December 2020 by ccna7guru in ITN

To facilitate the learning of the logical spanning tree and avoid loops, each switch port transitions through five possible port states and uses three BPDU timers.
The five STP port states are as follows:
Blocking: The port is a non-designated port and does not participate in frame forwarding. The port continues to process received BPDU frames to determine the location and root ID of the root bridge and what port role the switch port should assume in the final active STP topology.
Listening: STP has determined that the port can be selected as a root port or designated port based upon the information in the BPDU frames it has received so far. At this point, the switch port is not only receiving BPDU frames, it is also transmitting its own BPDU frames and informing adjacent switches that the switch port is preparing to participate in the active topology. The port returns to blocking state if it is determined that the port does not provide the lowest cost path to the root bridge.
Learning: The port prepares to participate in frame forwarding and begins to populate the MAC address table.
Forwarding: The port is considered part of the active topology and forwards frames and also sends and receives BPDU frames.
Disabled: The Layer 2 port does not participate in spanning tree and does not forward or process frames. The switch port is administratively disabled.

Once stable, every active port in the switched network is either in the forwarding state or the blocking state.
The amount of time that a port stays in the various port states depends on the BPDU timers. The following timers determine STP performance and state changes:

Hello time: The time between each BPDU frame sent on a port. The default is 2 seconds, but can be tuned between 1 and 10 seconds.
Forward delay: The time spent in the listening and learning states. The default is 15 seconds, but can be tuned between 4 and 30 seconds.
Maximum age: Controls the maximum length of time a switch port saves configuration BPDU information. The default is 20 seconds, but can be tuned between 6 and 40 seconds.

Spanning-Tree Algorithm

Posted: 13th December 2020 by ccna7guru in ITN

STP ensures that there is only one logical path between all destinations on the network by intentionally blocking redundant paths that could cause a loop. A switch port is considered blocked when network traffic is prevented from entering or leaving that port.


STP uses the spanning-tree algorithm (STA) to determine which switch ports on a network need to be blocking in order to prevent loops from occurring. The STA designates a single switch as the root bridge and uses it as the reference point for all subsequent calculations. Switches participating in STP determine which switch has the lowest bridge ID (BID) on the network. This switch automatically becomes the root bridge.


A bridge protocol data unit (BPDU) is a frame containing STP information exchanged by switches running STP. Each BPDU contains a BID that identifies the switch that sent the BPDU. The lowest BID value determines which switch is root.
After the root bridge has been determined, the STA calculates the shortest path to the root bridge. If there is more than one path to choose from, STA chooses the path with the lowest path cost.
When the STA has determined the “best” paths emanating from the root bridge, it configures the switch ports into distinct port roles. The port roles describe their relation in the network to the root bridge and whether they are allowed to forward traffic:

Root ports: Switch ports closest to the root bridge
Designated ports: Non-root ports that are still permitted to forward traffic on the network
Nondesignated ports: Ports in a blocking state to prevent loops
Disabled port: Ports that are administratively shut down

After a switch boots, it sends BPDU frames containing the switch BID and the root ID every 2 seconds. Initially, each switch identifies itself as the root bridge after bootup.

Port Cost in STP

NEW CCNA 200-301 PATTERN IN EXAMINATION

  1. Network Fundamentals: Includes basic fundamentals of networking 20%
  2. Network Access: How to connect to a network 20%
  3. IP Connectivity: Basics of Routing and Switching 25%
  4. IP Services: Includes services DNS, DHCP, FTP… 10%
  5. Security Fundamentals: Foundational knowledge 15%
  6. Automation and Programmability: Importance, basics and application 10%

Port Address Translation

Posted: 17th November 2020 by ccna7guru in ITN

Port Address Translation (PAT), also known as NAT overload, maps multiple private IPv4 addresses to a single public IPv4 address or a few addresses. This is what most home routers do. The ISP assigns one address to the router, yet several members of the household can simultaneously access the internet. This is the most common form of NAT for both the home and the enterprise.

With PAT, multiple addresses can be mapped to one or to a few addresses, because each private address is also tracked by a port number. When a device initiates a TCP/IP session, it generates a TCP or UDP source port value, or a specially assigned query ID for ICMP, to uniquely identify the session. When the NAT router receives a packet from the client, it uses its source port number to uniquely identify the specific NAT translation.

PAT ensures that devices use a different TCP port number for each session with a server on the internet. When a response comes back from the server, the source port number, which becomes the destination port number on the return trip, determines to which device the router forwards the packets. The PAT process also validates that the incoming packets were requested, thus adding a degree of security to the session.

Click Play in the figure to view an animation of the PAT process. PAT adds unique source port numbers to the inside global address to distinguish between translations.

As R2 processes each packet, it uses a port number (1331 and 1555, in this example) to identify the device from which the packet originated. The source address (SA) is the inside local address with the TCP/UDP assigned port number added. The destination address (DA) is the outside global address with the service port number added. In this example, the service port is 80, which is HTTP.

For the source address, R2 translates the inside local address to an inside global address with the port number added. The destination address is not changed but is now referred to as the outside global IPv4 address. When the web server replies, the path is reversed.