The Little Geeni

The future of security tools has changed greatly for the last several years. Today the network must respond to network attacks maintaining the network reliability, business performance and cyberspace security. The aim of cyber security issue is to make the network more flexible in order to prevent attacks and to keep on working.

Network security is a primary issue for every company, organization or individual. There exist various types and levels of network attacks. The main differences between national, corporate and information cyber security lie in the level of network security and tools applied. The national data requires the highest possible level of network security. The corporation has to use a multilayered approach in order to protect the information located on the computer from network attacks. The level of information security depends on an organization, state or individual, who use it. Thus, the level of network security is defined according to this principle.

Department of Homeland Security and Cyberspace Security (DHS) has been created to improve the cyber security of America. DHS is responsible for developing the national plan for securing the state resources and infrastructure of the US; giving crisis management concerning cyber attacks; providing technical assistance to the government entities concerning emergency recovery plans of critical information systems; coordinating with agencies of the federal government to provide advice about appropriate protective measures to organizations including the private sector, academia, and the public; funding research that will lead to new technologies in support of homeland security.

Strategic principles of the National Homeland Security are directed at securing cyberspace via the following:

• Preventing cyber attacks against US infrastructures;

• reducing national vulnerability to cyberspace attacks;

• reducing the recovery time after a cyber attack occurs.

The national cyber space security has several priorities. They are:

1. The national cyberspace security response system. This system is public/private architecture for analyzing, warning and managing cyber incidents of national importance.

2. The national cyberspace security threat and vulnerability reduction program.

3. The national cyberspace security awareness and training program.

4. Government security cyberspace.

5. International cyberspace security program. It is aimed at preventing cyber attacks that could influence national security. This program improves the international response to attacks of such kind.

Computer Security Cyber, National, Security

Information security refers to all levels of cyber security. Information storage is of primary importance for corporations, states and individuals as users of the Internet. Information cyber security is aimed at securing data. Corporations, states and individuals implement security policies, plans and strategies in order to prevent a cyber attack and keep the information safe. Information cyber security differs from national and corporate security as it has the only purpose – maintaining the information and its security. The information security strategy is a part of a corporation’s strategic planning, a part of the security tools used by an individual. The strategy serves as a plan of actions for implementing and maintaining the security level. The strategy denotes the information security program and contains activities and processes that are required for effective work and data storage. Information cyber security strategic plan includes the protection of data considering the operating conditions, culture and mission of a corporation.

Information security policy is a collection of major principles of a corporation that establishes the limits of information usage. Some corporations have a strict policy concerning collecting data by its employees. They prohibit opening and copying any files on a working computer in order to protect the organization from any kind of threat. Moreover, there exists a security control, such as separation of duties, access control, authentification and authorization, etc.

Application control covers the protection tools created to prevent network attacks on the computer. Application control tools protect computers from network attacks during all the stages of an attack. Application control decreases the computer’s attack via static rules and decisions. It acts as the last defense technology and is helpful in the space that reduces the number of threats when other defense tools do not act. For instance, a static environment can have limited program control regulations.

The usage of application compliance refers to another developing area of application control technology. It gives the chance ‘to apply a corporate policy on application compliance, operating system level and peer-to-peer applications before network access is given’. Enforcing this application model makes the system state and the whole network space enhanced. Thus, application control tools are like firewall technology based on the possibility to find a threat by applying necessary regulations. Application control is a necessary tool in a multi-layered computer protection system, however, it is not recommended to apply it as a single defense technology of a dynamic system.

Network security is a primary issue for every company, organization or individual. There exist various types and levels of network attacks. The main differences between national, corporate and information cyber security lie in the level of network security and attack prevention tools applied. The national data requires the highest possible level of network security. The corporation has to use a multilayered approach in order to protect the information located on the computer from network attacks. The level of information security depends on an organization, state or individual. Thus, the level of network security is defined according to this principle.

Computer Security Cyber, Information, Security

It is no secret that there are computer hackers out there and any information on our computer systems is susceptible to attack. Ensuring confidentiality of sensitive information is critical to any organization. Any compromise of information about your business, customers, employees or partners could lead to very costly consequences.

Various technologies have been implemented to protect our computers and when choosing the right security, one can feel protected. But how much do you know about network security and how to protect your information?

As critical as it is to protect information, industry solutions still remain a bit behind the times. Rare are solutions that can be applied across an entire IT infrastructure, helping to secure both infrastructure and business applications. Many solutions are limited to detecting an anomaly versus preventing it from happening in the first place.

An effective security strategy requires a holistic approach based on a framework that extends across applications, middleware and data stores.

Network security starts from authenticating any user, most likely with a username and a password. Once authenticated, authorization enforces which resources this user has access to across the enterprise system. Though effective to prevent unauthorized

access, this component fails to check potentially harmful contents such as computer worms being transmitted over the network. An intrusion prevention system (IPS) helps detect and prevent such malware. IPS also monitors network traffic for suspicious content, volume, and anomalies to protect the network from attacks such as denial of service.

With a large company, managing security policies for thousands of users across hundreds of applications can be a daunting task. Using automated user provisioning and de-provisioning, and self-service user functions such as password resets and delegated administration, dramatically reduces costs and improves security. Various sized businesses, from a home business to a large government operation will each have their own unique challenges. Depending on who you are, your system will have to be tailored to your needs. Below are just a few quick examples of what you should look for within your system.

Small homes

* A basic firewall.

* A basic Antivirus software like Norton AntiVirus, AVG Anti-Virus or Windows Defender. Others may suffice if they contain a virus scanner to scan for malicious software.

* When using a wireless connection, use a robust password.

Medium businesses

* A fairly strong firewall

* A strong Antivirus software and Internet Security Software.

* For authentication, use strong passwords and change them on a bi-weekly/monthly basis.

* When using a wireless connection, use a robust password.

* Raise awareness about physical security to employees.

* Use an optional network analyzer or network monitor.

Large businesses

* A strong firewall and proxy to keep unwanted people out.

* A strong Antivirus software and Internet Security Software.

* For authentication, use strong passwords and change them on weekly/bi-weekly basis.

* When using a wireless connection, use a robust password.

* Exercise physical security precautions by employees.

* Prepare a network analyzer or network monitor and use it when needed.

* Implement physical security management like closed circuit television for entry areas and restricted zones.

* Use security fencing to mark the company’s perimeter.

* Provide fire extinguishers for fire-sensitive areas like serve rooms and security rooms.

* Hire security guards to help to maximize security.

Government

* A strong firewall and proxy to keep unwanted people out.

* A strong Antivirus software and Internet Security Software.

* Strong encryption, usually with a 256 bit key.

* Whitelist authorized wireless connection, block all else.

* All network hardware is in secure zones.

* All hosts should be on a private network that is invisible from the outside.

* Put all servers in a DMZ, or a firewall from the outside and from the inside.

* Security fencing to mark perimeter and set wireless range to stay within the perimeter.

Computer Security Computer’s, Information, securing

By Jose Allan Tan

Threats of security continue to pervade the global market since September 11. Bombings and threats promising mayhem and destruction had led to a surge in investments around security and surveillance systems. This is fueling the change in how we capture, store, and monitor video.

According to Shivanu Shukla, an industry analyst at Frost & Sullivan “There has been strong interest in being able to remotely monitor surveillance cameras, run video analytics, and integrate surveillance with other physical security systems.”

Shukla notes that network-based video surveillance systems are becoming popular. Frost estimates the video surveillance market to grow from $992.1 million in 2006 to $3956.7 million in 2013.

Analog vs. digital

Analog video surveillance systems consists of analog cameras connected via cables to multiplexers and in-turn connected to monitors and key boards. But what happens when the area that needs to be monitored is a significant distance away and there is a need to record 7×24?

Network surveillance solutions allow existing analog cameras to be connected to a video server, which is connected to the network, and monitored by any computer that is on the network, or the existing control room.

“Storage of the video can be done by network video recorders (NVRs), which can be anywhere on the network, as opposed to digital video recorders (DVRs), which need to be placed close to the cameras or the switcher/multiplexer. In a complete network surveillance solution, network cameras are used to connect directly to the IP network, without the need for an external encoder,” says Shukla.

Video surveillance deployments in Asia are mostly analog based due in part to the market’s price sensitivity. But this is changing as the security threats continue to remain high on radar of both commercial and the public.

Kiran Kumar, a Frost Research Associate, notes that government and transportation sectors are spearheading video surveillance deployments, with large projects for airports, city surveillance, and other critical infrastructure surveillance.

“Fast developing physical infrastructure such as airports, seaports, highways, and rail networks is a key driving force for the strong adoption for video surveillance systems,” says Kumar.

There are three main factors limiting the continuing growth of analog video surveillance systems:

Cost: Set-ups and installation costs of traditional coaxial or fiber-based cabling for analog video systems over large areas is very high. Large-scale projects for city surveillance and monitoring of harbors and ports take a significant role in effecting change to network surveillance.

Scalability: Despite DVRs having improved the recording quality of analog cameras, there is still the physical restriction of its installation near the analog matrix.

Flexibility: Integration of analog video surveillance systems with other systems can be cumbersome. Analog surveillance systems are limited to centralized video analytics, which requires additional hardware, cabling and is difficult to scale.

Benefits of network surveillance

Digital technology is helping extend the capability of surveillance beyond what can be achieved with traditional systems.

Technology now allows us to monitor an area from any location in the world in real-time without any significant investment.

Storage of video can be done on NVRs that can be anywhere on the network. How much video we can store digitally is limited only by the amount of hard disk space. And because the video traverses through the network, backups can be done remotely.

Scalability of network surveillance systems is easy and inexpensive. Network cameras can be connected to the network without rewiring.

With network surveillance systems, intelligence can be distributed either directly at the camera or encoder, or centralized on the NVR or a separate server.

Network surveillance systems are cheaper to build and maintain with reusability of existing IP network infrastructure, highly scalable with little incremental costs, low maintenance costs, and ability to reuse existing legacy surveillance cameras and other display and monitoring equipment as key factors for adoption of digital surveillance techniques.

Limitations of going digital

Not everything is bright and rosy. Due to its dependence on the network, security teams will need the support of the IT department.

“The key challenge to adoption is to get the security and IT teams to adopt network surveillance. Existing network infrastructure makes the proposition of network surveillance stronger. However, organizations where such infrastructure is less developed would be slow to move to network surveillance,” says Shukla.

He concedes that network surveillance adoption is changing the dynamics between the security personnel and the IT teams within enterprises, hindering its adoption rate. The introduction of network surveillance implies the participation of the IT division in security matters.

“Security personnel are typically more conservative and not open to major changes in their environments. Network surveillance adoption would depend on the successful interactions and communication between the two teams within an enterprise,” notes Shukla.

Although Frost & Sullivan expects the trend towards network surveillance to be strong, adoption of analog system will continue to grow as well, albeit slower than network surveillance deployments.

“While remote access, scalability, and distributed intelligence are the key drivers for network video surveillance, price, perceived reliability, and conservative nature of security teams to change and adopt new technologies will hinder adoption,” says Kumar.

Traditionally, cameras have been the point of entry for vendors into the market; subsequently their offerings include DVRs, NVRs, encoders, and software, together with switchers and multiplexers.

Increasingly, due to the emergence of network surveillance solutions, there is an effort from vendors to approach the surveillance solution from the NVR or DVR front, by offering better management software, virtual matrix systems and video content analytics as a solution package.

As traction for network video surveillance picks up in Asia Pacific, providing complete end-to-end surveillance solutions is expected to become a key to succeed in the market.

Computer Security Asia, Networkbased, Shift, Surveillance, Toward, Understanding, Video

Nowadays, implementation of wireless networks is very common. There are very less clutters in a wireless network, so it is a convenient way of network implementation and management. The troubleshooting of wireless network is easier than wired networks, so people prefer having wireless networks at workplace as well as at home.

However, wireless networks are more vulnerable to security flaws along with the convenience and easy approach of implementation. Even a person with less IT knowledge can easily access an unsecured wireless network and use unethically. Therefore, it is very important to restrict unauthorized access of wireless networks available at home or at your workplace. There are some standard security measures of securing your wireless networks from unauthorized access. In order to secure your wireless network, you can adopt following actions:

Restrict Wireless Network Broadcasting
The default setting of your Wi-Fi router allows automatic network broadcasting so that devices with wireless access feature can detect the wireless networks available in range. Choosing this default setting makes your wireless network open to everybody. To restrict automatic wireless network discovery you can disable this feature. Go through your wireless router manual to learn how to disable this feature.

Enable Data Encryption
Data Encryption is a well-accepted protocol to secure wireless networks. Nowadays, almost every Wi-Fi router or access points come with WEP (Wired Equivalent Privacy) or WPA (Wi-Fi protected access) encryption schemes. By enabling any of these two encryption schemes, you can restrict the access of your Wi-Fi network.

Choosing Strong Network Password
While enabling data encryption, you are required to set a password to allow access to your wireless network. Choosing a strong password is very important to achieve required level of security. An ideal password is combination of alphanumeric keys and comprise of several characters. Avoid using your name, Date of Birth, or other common things as a password for your wireless network.

Activating Firewall
All wireless access points come with an in-built firewall to stop unauthorized incoming and outgoing connections through your wireless network. Learn how to use and customize this firewall for maximum level of wireless network security.

By following above instructions, you can secure wireless networks at your home or at workplace and enjoy the benefits of going wireless without any worries.

Computer Security Ensuring, Networks, Security, Wireless

In a recent report issued by CompTIA, the Computer Technology Industry Association, 50% of small and medium sized businesses (SMBs) had very little trust in the security offered by VoIP vendors, or for that matter, voice over IP security in general.

It is true, having your voice and data running on the same infrastructure leaves your telecommunications particularly vulnerable to all the security threats inherent in an IP network. Viruses, Trojan Horses, and worms can all wreak havoc on a network, and having your voice network go down for even the shortest time is intolerable for most business.

That said, security has come a long way, and most attacks can be stopped at the gateway by a good network administrator. While attacks on VoIP networks in particular are by no means widespread, the possibilities are there, if not imminent, and pose a very real threat to the very time sensitive requirements of voice over IP.

The following is a compilation of just some of the security threats facing a voice over IP network, as well as some security measures that could be taken to prevent such attacks.

SPIT: The new Spam for VoIP

Most anybody that receives email is familiar with the term Spam. Who among us has not received dozens of unsolicited emails, clogging up our mailboxes and causing us to waste our valuable time? Laws have been made to reduce the clutter in our mailboxes, and major offenders have been fined heavily and in some cases put in jail.

Spam is basically the broadcasting of advertisements, announcements, or other unwanted messages, over a network or networks, ending up in the mail boxes of anyone that has an email address on that network. At worst, spam is frustrating for the recipient, and can also cause network problems utilizing a good majority of bandwidth that is meant for other things. As email applications are connectionless and not sensitive to time delay, eventually the recipient will receive their emails intact, albeit a few minutes later than it would normally take.

Spam over Internet telephony, otherwise known as SPIT, can have far greater consequences than email spam. Spitters that target VoIP gateways can use up the available bandwidth, severely disrupting Quality of Service and causing a major degradation in voice quality.

The open nature of VoIP phone calls makes it easy for spitters to broadcast audio commercials just as email advertisements are broadcast. On closed networks like Vonage or Skype, or even your companies LAN, it is a little more difficult as the spitter would have to hack into the network in order to implement the broadcast. It can, however, be done.

The ability to broadcast audio messages over a VoIP network is not, in itself, necessarily a bad thing. Companies should be able to get out important messages quickly, and on a broader scope, emergency services could easily communicate mandatory evacuations, or warn of impending disasters in the event of catastrophe.

While Spit is certainly a technical possibility, to date, we have not seen a lot of it. In 2004, the peer to peer VoIP network Skype got hacked into, and users were inundated with unsolicited audio messages. Shortly thereafter, Skype had found and closed the loophole in the network. One other legal recourse is to get on the national Do Not Call list, to prevent solicitors from bombarding your voice mail box

Eavesdropping

Probably one of the scariest vulnerabilities of VoIP is the ability of an outsider to eavesdrop on a private conversation. This concept is nothing new to IP data networks, and generally requires a packet analyzer to intercept IP packets, and in the case of VoIP, saving the data as an audio file. Hackers then have the ability to learn user ids and passwords, or worse, to gain knowledge of confidential business information.

While it is true that eavesdropping occurs on traditional telephone lines as well as cellular networks, for someone to tap into your home phone line pretty much requires a physical presence outside your house. In the case of an IP network, a hacker requires only a laptop, some readily available software, and the knowledge of how to hack into your network.

Security analysts have long used encryption techniques to protect the confidentiality of data traveling through an IP network, and the same concept holds true for voice packets. The challenge with voice is to encrypt strongly and quickly, to protect confidentiality and as not to slow down the packet flow.

Nevertheless, if someone really wants to listen in on your calls, no type of telecommunication is 100% secure.

Phishing the Waters of Voice over IP

Another variation of an email attack, Phishing is designed to trick a user into revealing sensitive data such as user names, passwords, bank accounts, credit cards, and even social security numbers. In the case of VoIP, the attack could come as a voice mail message urging you to call a designated number and provide your user information. Even if the call is automated, touch tones can be easily deciphered. Depending on what information they get, hackers can use it to access bank accounts, or to steal identities.

While you can program a PBX to restrict call backs to known phishers, as more users become familiar with the pitfalls of the Internet, it becomes common knowledge to never give out sensitive information to automated media, be it via data or voice.

SIP Registration Hijacking

The Session Initiation Protocol (SIP) is becoming widely accepted as the method for setting up VoIP phone calls. The process involves a Registrar (in some cases the company PBX itself), which maintains a database of all users subscribed to the network, and basically maps their telephone number to an IP address.

Registration hijacking occurs when the packet header of either party is intercepted by a hacker, who substitutes his IP address for that of the legitimate one. Attacks can take the form of fraudulent toll free calls, denial of service attacks that can render the users device useless, or a simple diversion of communication.

Spoofing

Another hack that is well known in data networks is spoofing Also known as a man in the middle attack, spoofing requires hacking into a network and intercepting packets being sent between two parties. Once the IP address or phone number of the trusted host is discovered, hackers can use this attack to misdirect communications, modify data, or in the case of Caller ID Spoofing, transfer cash from a stolen credit card number.

SIP registration hijacking is a form of spoofing. Both of these spoofs, as well as other hacks such as eavesdropping, can be prevented by employing encryption techniques at the call set up phase. Today, the up and coming mechanism to achieve this is to send SIP messages over an encrypted Transport Layer Security channel. Putting these two protocols together forms the acronym SIPS.

There is no doubt that IP networks can be, and are, hacked into. Since a converged network consists of data and voice, VoIP is as vulnerable as any application to these disruptions, but with a downtime tolerance of no more than 5 minutes a year, such interruptions are considered intolerable for voice applications.

As of today, most of these security threats are not wide spread, and are presented here as a what could happen in the future scenario. Industry experts agree that as voice over Internet telephony becomes more wide spread, malicious hacking attempts are bound to follow.

These and other security threats can be prevented by a vigilant network staff, using all the known security precautions typical of an IP network. No VoIP solution is secure out of the box, and must be locked down by using common sense approaches, including but not limited to changing default passwords, closing down unused ports and services, utilizing firewalls and VPNs for network communications, and diligent intrusion detection.

Computer Security Explained, Security, Threats, VoIP

Here I am going to give u free guidelines, video tutorials for all this certifications. I am working on that.. Expect the free stuffs soon..

Networking videos

Cisco Networking:

Cisco Systems, Inc. (NASDAQ: CSCO, SEHK: 4333) is a multinational corporation with more than 63,000 employees and annual revenue of US$35 billion as of 2007. Headquartered in San Jose, California, it designs and sells networking and communications technology and services under five brands, namely Cisco, Linksys, WebEx, IronPort, and Scientific Atlanta.

Cisco Certifications:

Cisco Career Certifications are IT professional certifications for Cisco products. The tests are administered by Pearson VUE (Prometric previously administered the test; but as of 1 Aug 2007, no longer does).

There are three levels of certification:

* Associate,

* Professional, and

* Expert.

Associate certifications:

* Cisco Certified Network Associate (CCNA)

* Cisco Certified Design Associate (CCDA)

Cisco certified network associate (CCNA):

Candidates have the option of gaining the certification by passing two tests (ICND1 640-822 and ICND2 640-816), or one single test (CCNA 640-802); the two-test option has the advantage of allowing the candidate to focus on certain subjects.

The certification is valid for three years; at that time a CCNA holder must either

* re-take the CCNA or ICND exam, or

* take and pass an exam for one of the Professional (e.g., CCNP) or Specialist level certifications (excluding the sales specialist exams), or pass the CCIE written exam.

These exams are known by their corresponding numbers. When the curriculum of the exam changes the exam number also changes. The current exam number for CCNA is 640-802 (from 15 Aug 2007). New ICND Part1 (640-822 ICND1) and ICND Part2 (640-816 ICND2) available from 15 Aug 2007. Part 1 by itself will give you a CCENT.

These exams are conducted by authorized test centers at a cost of $125 USD each for the ICND1 or ICND2 exams and $150 USD for the full CCNA exam.

There is also the Cisco Networking Academy, which brings the CCNA and CCNP curricula into traditional educational institutions in over 150 countries.Students enrolled in Cisco Networking Academy can request exam vouchers that allow them to take the retired exam for an extended period of time.

Cisco Certified Design Associate (CCDA):

The CCDA certification indicates an apprentice knowledge of Cisco network design. Individuals who have earned a CCDA are capable of designing switched or routed networks consisting of LANs, WANs, and various dial services. While a CCNA certification is not required to take the CCDA exam, Cisco recommends being familiar with CCNA material. Also recommended is knowledge of BCMSN.

Professional certifications:

* Cisco Certified Network Professional (CCNP)

* Cisco Certified Design Professional (CCDP)

* Cisco Certified Internetwork Professional (CCIP)

* Cisco Certified Security Professional (CCSP)

* Cisco Certified Voice Professional (CCVP)

Cisco Certified Network Professional (CCNP):

The CCNP is considered proof of having the ability to work with medium-sized networks (between 100 and 500 end devices) and with technology such as QoS, broadband, VPNs, and security-minded features. To acquire a CCNP one must possess a CCNA certification first and then pass three or four tests, depending on the path one chooses. The four tests path requires the candidate to pass the following tests:

* 642-901 BSCI: Building Scalable Cisco Internetworks (BSCI) – Deals with routing

* 642-812 BCMSN: Building Cisco Multilayer Switched Networks (BCMSN) Deals with switching

* 642-825 ISCW: Implementing Secure Converged Wide Area Networks (ISCW) – Deals with wide area networks

* 642-845 ONT: Optimizing Converged Cisco Networks (ONT) – Deals with using Qos to tune networks to work effectively with IP Telephony.

The BSCI and BCMSN tests can be taken as one single composite test known as the 642-892 Composite which covers subjects for Building Scalable Cisco Internetworks (BSCI) and Building Cisco Multilayer Switched Networks (BCMSN).

In order to retain the certification one must either re-certify or pass one of the CCIE written exams before the Professional certification expires. Additional resources and tools to aid in preparing for the certification are available on the CCNP Prep Center.

Cisco Certified Design Professional (CCDP):

The CCDP certification is an advanced network design certification provided by Cisco Systems, Inc. Candidates for the certification are tested for advanced knowledge of Cisco devices and the way to interconnect them. This certification is considered a professional level certificate by Cisco Systems. (The CCNA and CCDA are prerequisite.)

Cisco Certified Internetwork Professional (CCIP):

The CCIP certification is a professional certification covering the end-to-end protocols used in large scale networks.

To attain this certification tests must be passed in the areas of routing, BGP, MPLS and Quality of service.

Cisco Certified Security Professional (CCSP):

The CCSP certification is an advanced network security certification. Candidates for the certification are tested for advanced knowledge of various Cisco security products.

To attain this certification several tests must be passed in the areas of VPN, IDS, PIX firewall, Secure IOS, the Cisco SAFE, as well as having a CCNA or higher level certification (e.g. CCNP or CCIP).

The common practice is to take five exams which include one elective paper. The list of exams and elective papers can be found in the Cisco website.

Cisco Certified Voice Professional (CCVP):

The CCVP is a certification covering all aspects of IP Telephony/VOIP networks and applications.

To attain this certification, five tests must be passed in the areas of Quality of service, Cisco VoIP, IP Telephony Troubleshooting, Cisco IP Telephony, and Gateway Gatekeeper.

Expert-level certifications:

The expert-level certification is the Cisco Certified Internetwork Expert (CCIE). It is the highest level of professional certification that Cisco provides. There are 5 active CCIE tracks, as shown below. As of April 6, 2008 there are 16,335 people with active CCIE certifications in the world.

Cisco began its CCIE program in 1993 originally with a two day lab, later changing it to the one day format used today. Fewer than 3% of Cisco certified individuals attain CCIE certification, and on average will spend thousands of dollars and 18 months studying before passing. Many candidates build mock-labs at home using old Cisco equipment, selling it again to other candidates after passing. Alternatively candidates may rent “rack time” online and practice lab scenarios on Cisco equipment hosted on the Internet for that purpose.

Cisco refers to the CCIE as the “most respected IT certification”, and from 2002 to 2005 it was voted as such in CertCities magazine. It has also been voted the most technically advanced IT certification by CertMag, and is generally reported as the highest salaried certification in IT salary surveys.

The CCIE is comprised of a written exam and a “lab” exam (each in the specific area of the chosen track). The written exam is required to take the lab exam, and has a cost of $315 USD per attempt. Upon passing the written exam, the candidate is qualified to have a first attempt the lab exam for 18 months. If the first attempt is unsuccessful the candidate has 3 years from the date the written exam was passed to successfully complete the lab. If a candidate does not pass the CCIE lab in that time, they must pass the CCIE written exam again before making additional attempts at the CCIE lab exam. As many attempts can be made to pass the lab exam for up to 3 years after passing the written, so long as the first attempt is within 18 months. There is a minimum waiting time between attempts of one month.

The CCIE Lab is currently $1,400 USD per attempt and are offered only at ten Cisco lab exam locations worldwide. The locations are Bangalore; Beijing; Brussels; Dubai; Hong Kong; Research Triangle Park, NC; San Jose, CA; São Paulo; Sydney; and Tokyo. Some CCIE tracks do not have lab exams available at all locations. For example, the Storage Networking lab is available only at the Research Triangle Park, NC and Brussels locations. In addition, according to a survey by Cisco the average cost to prepare for CCIE certification is $9,050 as of April 2006, spent mostly on practice equipment and self study material.This is partially offset by the increased salary the certification commands, which a March 2007 Network World article estimates at 10% – 15% over similarly experienced engineers who do not have a CCIE.

The lab is an 8-hour hands-on exam designed to demonstrate that the candidate not only knows the theory, but is also able to practice it. Many prospective CCIEs need multiple attempts to pass the lab exam.

There are no formal prerequisites for the CCIE exam, but Cisco recommends one has at least 3 – 5 years experience in networking before attempting to become a CCIE. CCIE was the first Cisco Certified qualification, and as such there were no other certifications that could be taken prior. The development of the associate and professional certifications was due to recognition of the fact that a CCIE is overkill for many networking personnel, and also for the vast majority of businesses who employ such people, and that certifications needed to be offered at lower levels. Despite the development of the lower certifications, Cisco has chosen not to make them formal requirements for the CCIE certification.

It is possible to hold multiple CCIE certifications. This is done by passing both the written and the lab exam in a particular track. As of November 14th, 2007 there are 1,344 individuals who hold multiple CCIE certifications. Of those, 210 hold three or more CCIE certifications.

* CCIE Numbering

* CCIE Routing & Switching

* CCIE Security

* CCIE Service Provider

* CCIE Voice

* CCIE Storage Networking

* CCDE

CCIE Numbering:

Upon successful completion of the hands on lab exam, a new CCIE is awarded a CCIE number. The first CCIE number allocated (in 1993) was 1024, and has increased incrementally from there. A lower number indicates that the CCIE was awarded some time back, a higher number indicated a more recently awarded certification. As of February 2008, the highest CCIE number allocated was just over 20000.

Number 1024 was allocated to the first CCIE lab location, rather than to an individual, and featured as a plaque at the entrance to the lab. Number 1025 was awarded to Stuart Biggs, who created the first written exam and first lab exam. The first person to pass both CCIE written and lab exams was Terrance Slattery, who was consulting to Cisco at the time when the lab was being devised. Terry Slattery (CCIE 1026) was therefore the first CCIE who passed both exams, and the first CCIE who was not an employee of Cisco.

Any CCIE who obtains further CCIE certifications, is not awarded any further numbers, the new CCIE certification is awarded under the same number as the original.

CCIE Routing & Switching:

Routing and Switching is by far the most popular track with 16,355 certified individuals as of March 25, 2008. The certification covers a variety of networking concepts and protocols including but not limited to the following list

1. Routing and Switching

* Frame Relay

* Ethernet

* Catalyst Switch Configuration

2. IP Interior Gateway Routing Protocols

* Open Shortest Path First (OSPF)

* Enhanced Interior Gateway Routing Protocol (EIGRP)

* Routing Information Protocol v2 (RIPv2)

* Routing Information Protocol Next Generation (RIPng) – IPv6

* Open Shortest Path First v3 (OSPFv3) – IPv6

* On-Demand Routing (ODR)

* Filtering, Summarization, Redistribution

3. Border Gateway Protocol (BGP)

* Interior BGP (iBGP)

* Exterior BGP (eBGP)

* Filtering, Summarization, Redistribution, and Traffic Engineering

4. Multicast Routing

* Protocol Independent Multicast (PIM)

* Multicast Source Discovery Protocol (MSDP)

* Distance Vector Multicast Routing Protocol (DVMRP)

* Anycast

5. Quality of Service (QoS)

* Classification

* Congestion Management and Avoidance

* Policing and Shaping

* Signaling

6. Security

* Authentication, Authorization, and Accounting (AAA)

* Traffic Filtering

* IOS Firewall Feature Set

* Access Lists

* Routing Protocol and Catalyst Security

7. IP and IOS Features

* IP addressing

* Dynamic Host Configuration Protocol (DHCP)

* Next Hop Redundancy Protocols (HSRP, VRRP, GLBP)

* IP services

* IOS user interfaces

* System management

* Network Address Translation (NAT)

* Network Time Protocol (NTP)

* Simple Network Management Protocol (SNMP)

* Remote Monitoring (RMON)

* IP Accounting

* Service Level Agreement (SLA)

CCIE Security:

The Security track concentrates on network security and covers subjects such as ASA, IDS, IOS security, and many others.

CCIE Service Provider:

The Service Provider track focuses on networking in the service provider industry. Subjects include Optical networks, DSL, WAN switching, Voice over IP, Content Networking, Broadband Cable and Metro Ethernet.

CCIE Voice:

The Voice track concentrates on voice solutions for the enterprise and includes subjects such as QoS, MGCP, Call Manager (Cisco’s VoIP PBX), Cisco Unity (Cisco’s Unified Messaging platform), Unity Express and IP Contact Center Express.

CCIE Storage Networking:

The latest addition to the CCIE certification tracks is the CCIE Storage Networking track. As the name suggests, the Storage Networking track concentrates on storage networking topics, such as Fibre Channel, iSCSI, FCIP, Intra VSAN Routing and FICON.

CCDE:

Cisco Certified Design Expert CCDE Assesses advanced Network Infrastructure Design Principles and Fundamentals for large networks. A CCDE can demonstrate an ability to develop solutions which address planning, design, integration, optimization, operations, security and ongoing support focused at the infrastructure level for customer networks.

Prerequisites for CCDE There are no formal prerequisites for CCDE certification. Other professional certifications or training courses are not required.

Recommended Training and Experience It is expected that the candidate will have an in-depth understanding of the topics in the exam blueprints, a minimum of seven years job experience, and a thorough understanding of networking infrastructure principles. Please view the written exam information page for more details.

Step One: CCDE Written Exam You must pass the two-hour, written qualification exam which covers advanced networking infrastructure design principles and concepts. Once you pass the qualification exam, you are them eligible to schedule the practical exam.

Step Two: CCDE Practical Exam The CCDE practical exam is still in development, however it will be an eight-hour exam that will test your ability to identify, manage, and create advanced solutions for large scale networks. You must pass the lab within three years of passing the written exam in order to achieve certification.

Here I am going to give u free guidelines, video tutorials for all this certifications. I am working on that.. Expect the free stuffs soon..

Computer Security Certifications, Cisco, Free, Networking, Tutorials, Video

Gone are the days when a dedicated firewall is sufficient to fend off hackers from cooperate networks. Unified Threat Management (UTM) is an emerging trend in the network security appliance market. Always on the cutting edge, ZyXEL’s ZyWALL 5 UTM is capable of outperforming the current ZyWALL 5 by up to 20 times with just a ZyWALL Turbo Card. This new technology introduces a new all-in-one network security device that provides content filtering, anti-virus, anti-spam and intrusion detection services traditionally handled by multiple systems.

Computer Security Appliance, Av+idp, Icard, Security, Silver, Year, Zywall, Zyxel

Introduction

The creation and maintenance of a network is a serious matter that really goes a long way towards making or breaking the infrastructure of a business. It is impossible to be successful in the business world today without the help of some form of technology and because of that many companies are looking to expand their computer networks across the board. Regardless of whether these people use wired or wireless access in their networks (or both), there are some principles that end up remaining the same regardless of what network is being used. One of those principles has to do with the methods that are used in order to keep a network secure. This is not a subject that can be completely covered in just a few hundred words, but there are three principles that can definitely get you off to a flying start.

Strategy #1

The first strategy in keeping a network secure is to hire someone that actually knows what they’re doing in this regard. The way that truly successful people that start gigantic corporations are able to keep things going is that they are smart enough to hire people that have the ability to get the job done in a quick and efficient manner. This process of delegating or outsourcing work is one that you might want to consider. People that are completely trained in all facets of Computer Science are frequently in school for over a decade and even people that just specialize in network administration are in school for at least a year. This is highly specialized education and exchanging money for the wisdom and experience of someone that is a professional is definitely something to consider.

Strategy #2

Of course, not all people have the ability financially to be able to outsource a job and because of that people sometimes have to learn these things on their own. If you know absolutely nothing about keeping a network secure, the best thing you can do to get yourself started is to make sure that everything on your network is password protected. Make sure that the login is password protected and also make sure that retrieval of any sensitive information or data is also password protected. This process of layering passwords is known as redundant password protection and it is a good way for companies to deal with minor network security threats.

Strategy #3

Finally, this strategy is more common sense than anything else, but make sure that you regularly upgrade the components of your network. As technological advances increase in their frequency and more systems become obsolete, your network components are going to be left in the dust and become large security risks if they are not upgraded regularly. If you lack the funds for an all out upgrade on a regular basis, then cycle it through the different parts of your network based on priority so that every six years or so you have upgraded each component once. Doing this will allow you to keep with the times and eliminate any obvious security risks.

Computer Security Network, Secure, Strategies

Wireless networks are great and allow us to set up networks quickly, easily and without the hassle of physically running cables etc.

However wireless networks need to be secure from outside / unauthorised users otherwise people can use your network for their own malicious intentions. An example of this is people using your wireless connection to connect to the internet and download illegal content. As it is your internet connection it is your responsibility.

So how do you secure your wireless network?

Well there are several things you can do so here are some basic security steps:

TURN OFF SSID Broadcasting – Once you have all your required computers (wireless clients / devices) on your network, TURN OFF SSID broadcasting so that no one can see your wireless network.
Change the name of your SSID from default to something else. For example a SSID named Netgear easily identifies your network and its hardware.
Change default router username and passwords. Most routers have the same, default admin username and password. So all an intruder has to do is login to your router using the defaults and then lock you out.
Use MAC address filtering – set which devices can connect to your wireless network by their MAC address. Use ipconfig / all to identify your MAC address.
Use IP filtering or IP address reservations so that only those IP’s can access the network.
Use Port filtering / blocking to block ports you do not need open.
Use authentication – either PSK or EAP – DO NOT LEAVE AUTHENTICATION OPEN.
Use encryption to protect your data. WEP and WPA are 2 types of encryption however WPA is recommended.
Set logon hours so that people cannot access your network out of hours.
Use a wireless network analyser such as Netstumbler (free) to test your network.

Using the above wireless network security steps will help protect your wireless network from unauthorised use and prying eyes.

Computer Security Network, Secure, Wireless