Today I spent most of my time in break out sessions. As usual they were extremely well done presentations. The first one was on the ongoing game of cat and mouse between security professionals and hackers. As usual it is an ongoing arms race. I don’t see that ending anytime soon based on the material […]
Today the classes and summits began. Unlike the traditional Cisco Live US hour to two hour break out sessions, most people, including myself, were in much longer summits devoted to various verticals and topics. It became clear that Cisco wants to make security part of everything it does. Cyber Security Summit I was torn between […]
I’ll call this day 0 since the main conference starts in earnest tomorrow. Today is similar to Sunday at Cisco Live US where it is mainly purchased labs and techtorials. Location, Location, Location Cisco Live Latin America is being held this year at the Moon Palace resort in Cancun, Mexico. I’m fortunate to be here […]
Sometimes I run across a tidbit that isn’t really a full blog article, but it’s still something important. I’m going to refer to these as Packet Fragments. Today’s fragment is about the Cisco ASA. Especially when doing software upgrades I want to make sure that I’m on the correct unit before typing my commands. Instead […]
Describe these concepts as they are documented in NIST SP800-86: evidence collection order, data integrity, data preservation, volatile data collection Implementing Cisco Cybersecurity Operations (210-255) The best way to study for this objective is to read or at least read the highlights of the NIST document. Here are some of my notes. Evidence Collection Order […]
Define these activities as they relate to incident handling Implementing Cisco Cybersecurity Operations (210-255) Identification Continuous monitoring of the environment by the SOC allows for identification of true positive incidents. This monitoring can come from multiple sources including IPS/IDS, Firewalls, Endpoint Agents and the SIEM. Once detected and confirmed the incident is sent to the […]
Apply the NIST.SP800-61 r2 incident handling process to an event Implementing Cisco Cybersecurity Operations (210-255) The NIST.SP800-61 r2 incident handling process document contains several example scenarios. These are all contained in Appendix A of the document. Below are some of the suggested questions for each phase from section A-1 of the document. Preparation: Would the […]
In my last PowerShell post, I hope I convinced you that PowerShell isn’t just for the server engineers. This time we’ll take a look at a few more cmdlets that can come in handy for network engineers. A Ping of a Different Color Ok so ping is not exactly revolutionary, but if you’re wanting to […]
Today in the mail I saw the all too familiar envelope from my bank’s debit card issuer. No, my debit card isn’t expired. As usual, it’s been involved in yet another credit card processing breach. Again, as usual, my bank doesn’t tell me where my card number was compromised. This time though I have a […]
Classify intrusion events into these categories as defined by the Cyber Kill Chain Model Implementing Cisco Cybersecurity Operations (210-255) The cyber kill chain model outlines all of the steps necessary for a cyber attack to be successful. If the chain is broken, the attack will fail. The cyber kill chain is also an ordered list […]
© Ben Story 2020.
© Pack IT Forwarding 2020. Powered by WordPress
