Skip to main content

Posts

Risk Management - Quantitative risk assessment

The name kind of give away the type of assessment we talk about "Quantitative" according to google translate:

relating to, measuring, or measured by the quantity of something rather than its quality.
Well although it is most likely not always going to be the case were you can place a $ value to a risk, with Quantitative  risk assessment that is the goal, and it can be achieved for assets are tangible (server, safe, storage...) or intangible ( patent, software...)
Step 1 Determine the Asset you wish to protect and from what is the threat is risking the asset.
Step 2AV - determine the asset value in $ value

EF - assess the Exposure factor or how bad would the asset be impacted in case threat exploit happened and the value is in %

SLE = AV * EF , that is single loss expectancy or in other words the $ value of single incident

ARO - Annual rate of Occurrence basically it is a counter of how many times we expect that incident to happen in 1 year, and it can be a whole number or a frac…
Recent posts

Awesome Neil Anderson Cisco CCNA Lab Guide

I was honored to be approached earlier today by Mr. Neil Anderson fellow CCIE :-) that have his very cool and highly popular site www.flackbox.com, Neil have done some grate work building a new elaborate and ready to use CCNA Lab guide that I am more then happy to share his link over my blog: http://www.flackbox.com/cisco-ccna-lab-guide

I have taken a quick look and it for the CCNA Candidate it would be a grate guide to get to know his way around the Cisco Networking Practical work, in addition Neil have made it for you all that easy by keeping it all within the Virtual environment of GNS3 so you would not have to lift your ass of the seat even (Like I did back in the days ~20y ago) 

So for all the CCNA to be (and I would add to the once that are as well) highly recommended


Good Luck

Domain 1 Security and Risk Management - Part 1

First Domain of the CISSP hold 12 Sections and discuss aspects of Risk Management Concepts, Tools, Laws, Standards, around People Process and Technology.  here are some short highlights from my notes:
Understand and apply concepts of confidentiality, integrity, and availability CIA (Confidentiality / Integrity / Availability ) if I would to say them in my own words I would say that  Confidentiality is the way to assure asset is kept secret from any unauthorized system and / or person. 
How To Protect: most common is the use of encryption taking data and encrypting is done by multiple different techniques. Integrity is the assurance that asset you have was not handled in any way shape or form by an unauthorized system and / or person.
How To Protect:That is more complex however can be done by introducing multiple mechanisms like together refereed to as the AAA (Triple AAA from networking or 5 A from ISC2 world) Identification Authentication Authorization Audit Accounting  Availability ma…

What is about to change in CISSP from Apr 2018

Change have arrived and like with other professional certification there is almost a standard time before certification gets its update, with most anywhere it is between 3 - 4 years, CISSP is no different and since last update was on 2015 the change is arriving here as well.

For the people that wish to see the official existing and new outline

I have decided to write this post as the new out line is more of a list of Domain and Sections within the domain without hint or indication to what was modified actually and I could not find anyone else that done that comparison, I had to take the task and do the comparison, please be advised that I have done it for my own "pleasure" so apologies if I missed something :-)
Lets start with the obvious change:
CISSP - Before Apr 2018CISSP - from Apr 20181. Security and Risk Management16%15%2. Asset Security10%10%3. Security Engineering12%13%4. Communications and Network Security12%14%5. Identity and Access Management13%13%6. …

Do not be scared from WCCP

I would like to try with you (my readers) explanation in a format of Q&A , hopefully that will make it easier to understand as WCCP is not that hard.

Q:What is WCCP (web cache communication protocol)?

A:To make it simple WCCP is a protocol running between a router and a network appliance for allowing safer and smarter redirection of traffic.

Q:When you say network appliance what do you mean?

A: In WCCPv1 the protocol was used only for redirection of web traffic (and only TCP port 80) so it was clearly very limited for web application (hence the name), however since WCCPv2 the usage and capability expended and WAN optimization devices (WAAS, Riverbed SteelHead etc.) Security Appliances (Cisco WSA, Bluecoat WAF etc.) are using WCCP to receive traffic for optimization or content security handling.

Q: What are the main components of WCCP?

A: That is an Excellent Question :-) , well

Redirector - The Router or group of routersWeb Cache - That is the misleading part as is called a web ca…

DNS Proxy with Juniper SRX

It is often when you come across deployments where branch users need reach an internal resource that is also mapped for external users via DNS however the problem start when user inside the corp is resolving that address over the public DNS he will get response of the public address of that resource and in order for him to reach that address packet will need to go out form the internal trust zone to outside and back in , this is what is called a DNS Split Horizon problem!
to fix that you can either use some static host configuration that is very unscaleable or use a DNS proxy and Internal forwarders, for that there are 2 main methods (with Juniper SRX):
Method 1  Split DNS configuration where all DNS traffic is default to 8.8.8.8 with the exception of sguez.net that is using 198.168.1.200 (Internal DNS) root@SRXv01# show system services dns | display set set system services dns dns-proxy interface ge-0/0/1.0 set system services dns dns-proxy default-domain * forwarders 8.8.8.8 set sy…

VRF Maximum Routes

Maximum routes under customer vrf, if the service provider had unlimited resources he would not have needed that!
however normally resources are limited and expensive, and Service provider would like to make money from his available resources. maximum routes configured under VRF provide a mean of controlling PE local resource and abuse avoidance from the CE side.I have vrf called DC_EXTRANET, you can see that I have 16 routes, I have configured 10 maximum routes under that vrf however I did not want to be aggressive so I have set the warning only option. See that immediately I get a notice that I have more routes then the maximum, however no action is taken other then alerting and sending a syslog. ! PE_ashdod_otherisp.n(config-vrf)# maximum routes 10 warning-only % The current number of routes in the routing table is equal to, or exceeds the configured warning limit PE_ashdod_otherisp.n(config-vrf)# *Nov 26 20:39:41.175: %IPRT-3-ROUTELIMITWARNING: IP routing table limit warning - DC_…