- *****************Consultancy****************
- HLD (High Level Design) vs LLD (Low Level Design)
- Network Professional Services/Consultancies
- Common Network Architectures/Designs/Topologies
- Cisco Device Hardening for IOS, IOS-XE, IOS-XR, NX-OS
- Cisco Parts and Materials (BOM (Bill of Materials)/Cisco CCW (Cisco Commerce Renewals)/SKU Tool)
- Check Device Coverage
- Cisco Security Software Checker
- Power Connectors (Video)
- UK BS1363 Male Plug Angled Down to IEC320 C13 Connector (Kettle Lead) Vs. IEC320 C14 Male Plug to C13 Connector (Jumper Cord)
- UK BS1363 Male Plug Angled Down to IEC320 C13 Connector (Kettle Lead) Vs. IEC320 C14 Male Plug to C13 Connector (Jumper Cord)
- ************Cisco CCNA/CCNP Enterprise************
- Recommended Releases for Catalyst 9200/9300/9400/9500/9600 and Catalyst 3650/3850 Platforms
- Cisco Catalyst 9000 Series Licensing
- Subnet Calculator
- Subnetting and TCP/IP
- EtherChannel L2 and L3
- Easy transfer of files to/from Cisco Router/Switch (pscp -scp -v -P 32254 cat3k_caa-universalk9.16.12.05b.SPA.bin COMPANY@X.X.X.X:cat3k_caa-universalk9.16.12.05b.SPA.bin)
- Bundle Mode or Install Mode: How to Upgrade your Cisco IOS Switch (Video)
- Catalyst 9300 Upgrading IOS-XE 16.6.2 onward (Install Mode)
- Comparison: Cisco ISR vs ASR
- Difference Between Cisco ISR and ASR
- Netflow vs. SNMP for Network Monitoring System (NMS)
- NetFlow vs SNMP for Network Monitoring?
- Install a remote probe for PRTG in 4 steps
- Cisco NetFlow Intro and Config
- PRTG Tutorial – Bandwidth Monitoring (Channels List/TopLists) With Flow/NetFlow
- Five Things To Know About DHCP Snooping
- *************Cisco CCNA/CCNP Security*************
- Cisco Firepower Threat Defense Configuration Guide for Firepower Device Manager
- Firepower Threat Defense – Common Practice Guide Walkthrough (Video)
- Backup and Restore Cisco ASA FIrewalls
- *************Cisco CCNA/CCNP Data Center*************
- Cisco Software-Defined Access Compatibility Matrix
- Cisco 10GBASE SFP+ Modules Data Sheet
- Cisco Optics-to-Device Compatibility Matrix (TMG (Transceiver Module Group) Tool)
- Best Security Practices for Cisco Nexus OS (NX-OS) on Management Plane
- Cisco Nexus 9000 Software Upgrade NX-OS Tutorial
- Upgrade Process for a vPC Topology on the Primary Switch
- vPC(Virtual Port Channel) Basic Concept in Nexus Switches
- Virtual Port-Channel Config and Concepts
- Nexus vPC | How vPC works (Videos)
- The Complete Cisco Nexus VPC Guide
- *************Palo Alto PCNSA/PCNSE*************
- Understanding Palo Alto the Best Practice Assessment (BPA) Tool (Video)
- Palo Alto PAN-OS EoL Summary
- Palo Alto Security Advisories
- Palo Alto Hardware EoL
- Palo Alto BOM (Bill of Material) and SKU (Stock Keeping Unit)
- Palo Alto Support Plans
- Complete Guide to Upgrading Palo Alto Firewalls and Panorama
- How to perform PANOS upgrade from CLI?
- CLI Cheat Sheet: User-ID
- How to check Status, Clear, Restore, and Monitor an IPSEC VPN Tunnel
- CLI Cheat Sheet: HA
- CLI Cheat Sheet: Device Management
- CLI Cheat Sheet: Networking
- Palo Alto NAT Examples
- Simple configuration examples of source and destination NAT
- How To Packet Capture (tcpdump) On Management Interface
- How to Configure DNS Sinkhole
- How to Import and Export Address and Address Objects (CLI) (Creating objects from a file of IPs)
- *************Fortigate NSE4/NSE5*************
- Configure the management interface for initial access
- Fortigate Commands Cheat Sheet
- Using virtual IPs (VIP) to configure (Destination NAT) port forwarding
- *************Checkpoint CCSA/CCSE*************
- ********************Interview Questions******************
- Networking Interview Questions (Videos)
Important Links
- Network Consultant’s Handbook
- Palo Alto ACE/PCNSE
- Cisco CCNA/CCNP/CCIE Security
- Cisco CCNA/CCNP/CCIE Enterprise
- Checkpoint CCSA/CCSE
- Fortinet NSE4/NSE5
- Juniper SRX
- Cisco Meraki and Aruba APs
- VmWare
- CompTIA Linux+/LPIC1
- Microsoft MCSA
- HPE Switches
- CISA (Certified Information Systems Auditor)
- CISSP (Certified Information Systems Security Professional)
- Cisco CCNA/CCNP CyberOps
- SD-WAN Basics
- Useful Tools
- Professional Services (PS)/Consultancies (Private)
IT Compliance, Standards, Guidelines, Frameworks and Industry Best Practices:
- https://www.itgovernance.co.uk/standards
- ITIL4 (Information Technology Infrastructure Library) (ITSM (IT Service Management) Standard)
- ISACA ITAF (IT Assurance Framework) (IS Audit Standards, Guidelines and Code of Ethics)
- GDPR (General Data Protection Regulation)
International Standards:
ISO/IEC 27001 and 27002
National Standards:
NIST Cybersecurity Framework (National Institute of Standards and Technology)
Cyber Essentials Plus (National Cyber Security Centre (NCSC))(Cyber Essentials is a UK Government-backed, industry-supported scheme to help organisations protect themselves against common online threats.)
Industry-Specific Standards:
PCI DSS (Payment Card Industry Data Security Standard)
HIPAA (Health Insurance Portability and Accountability Act)
Security Advisories:
US-CERT:
https://www.us-cert.gov/ncas/current-activity
Palo Alto: https://securityadvisories.paloaltonetworks.com
Checkpoint: https://www.checkpoint.com/advisories/
https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsecurityalerts=#severity=&type=Security+Alerts&product=&version=
Cisco: https://tools.cisco.com/security/center/publicationListing.x
Meraki: https://meraki.cisco.com/blog/cisco-meraki-customer-advisories
Juniper: https://kb.juniper.net/InfoCenter/index?page=content&channel=SECURITY_ADVISORIES
EoL links:
Cisco: https://www.cisco.com/c/en/us/products/security/asa-5500-series-next-generation-firewalls/eos-eol-notice-listing.html
https://www.curvature.com/resources/cisco-end-of-life-guide
Palo Alto: https://www.paloaltonetworks.com/services/support/end-of-life-announcements/end-of-life-summary
https://www.paloaltonetworks.com/services/support/end-of-life-announcements/hardware-end-of-life-dates
Meraki: https://documentation.meraki.com/zGeneral_Administration/Other_Topics/Product_End-of-Life_(EOL)_Policies
Checkpoint: https://www.checkpoint.com/support-services/support-life-cycle-policy/
CVE (Common Vulnerabilities and Exposures) and CVSS (Common Vulnerability Scoring System):
https://www.cvedetails.com/cvss-score-distribution.php
https://nvd.nist.gov/vuln-metrics/cvss
https://cve.mitre.org/
Important Organizations:
- United States Computer Emergency Readiness Team (US-CERT)
- National Cybersecurity and Communications Integration Center (NCCIC)
- Cybersecurity and Infrastructure Security Agency (CISA)
- National Institute of Standards and Technology (NIST)
- National Cyber Security Centre (NCSC)
- National Security Agency (NSA)
- Government Communications Headquarters (GCHQ)
- Cybersecurity and Infrastructure Security Agency (CISA)
- The Council for Registered Ethical Security Testers (CREST)
Gartner Magic Quadrant: NGFWs and SD-WAN:
Protected: Etherchannel L2 and L3
Protected: Subnetting and TCP/IP
Protected: Common Network Architectures
HP Switches
Cisco CCNA/CCNP CyberOps
Fortinet NSE4/NSE5
SD-WAN Basics
ISO/IEC 27001 and 27002
ISO/IEC 27001 and 27002 (International Standards Organization/International Electrotechnical Commission)(International standards for ISMS (Information Security Management Systems))(10 sections known as clauses and 4.0 to 10.0 are mandatory)(Clause 6.0 requirements are also called Annex A which has 14 sections and 114 clauses)
https://www.itgovernance.co.uk/blog/iso-27001-the-14-control-sets-of-annex-a-explained
https://www.isms.online/iso-27001/requirements-controls/
SNMP Configuration Cisco
Switches
ip access-list standard SNMP-Permitted
10 permit 192.168.130.242
1.3.6.1.2.1.4.21 – ipRouteTable (IP route table)
1.3.6.1.2.1.4.22 – ipNetToMediaTable (IPv4 ARP table) (deprecated by ipNetToPhysicalTable)
1.3.6.1.2.1.4.35 – ipNetToPhysicalTable (combined IPv4/IPv6 translation table)
1.3.6.1.2.1.3 – atTable (layer two address table)
and
snmpUsmMIB, snmpVacmMIB, and snmpCommunityMIB Objects excluded below
snmp-server view Company-RO iso included
snmp-server view Company-RO 1.3.6.1.2.1.4.21 excluded
snmp-server view Company-RO 1.3.6.1.2.1.4.22 excluded
snmp-server view Company-RO 1.3.6.1.2.1.4.35 excluded
snmp-server view Company-RO 1.3.6.1.2.1.3 excluded
snmp-server view Company-RO 1.3.6.1.6.3.15 excluded
snmp-server view Company-RO 1.3.6.1.6.3.16 excluded
snmp-server view Company-RO 1.3.6.1.6.3.18 excluded
snmp-server enable traps
snmp-server ifindex persist
snmp-server engineID local 8000000903005C710DE1D280
snmp-server location London
snmp-server contact support@Company.com
snmp-server group Company_snmp_mon_grp v3 priv read Company-RO access SNMP-Permitted
snmp-server user Company_snmp_mon Company_snmp_mon_grp v3 auth sha 3ZU50CjGs56ikZwxVLLy-5bm07WEQo priv aes 128 09pxfF-HTIJnhxZvL_vJ-VBKZawXqN
snmp-server host 192.168.130.242
snmp-server host 192.168.130.242 version 3 priv Company_snmp_mon
Network and Security Specialist 