Browsed by
Month: September 2017

Security Operations Center Data Analytics

Security Operations Center Data Analytics

Log mining is a type of log analysis that takes several forms, including the following: Sequencing: Reconstructing or following the network traffic flow. Path analysis: An interpretation of a chain of consecutive events that occur during a set period of time. Path analysis is a way to understand an attacker’s behavior in order to gain actionable insights into log data. Log clustering: Used to mine through large amounts of log data to build profiles and to identify anomalous behavior.  Raw…

Read More Read More

Source Guard

Source Guard

Cisco Switch IP Source Guard has following features – Allows DCHP traffic by default – Enable DHCP shooping first – Create ip source binding table for static IPs – No ARP Police on trusted port interface GigabitEthernet1/0/33 ip verify source port-security ip source binding AAAA.BBBB.CCCC vlan 13 10.10.10.10 interface GigabitEthernet1/0/33 show ip verify source show ip source binding

VLAN Acess-List (VACL) in Cisco Switch

VLAN Acess-List (VACL) in Cisco Switch

To create VLAN Access-Lists following steps are required a. create mac/ip ACLs based on requirements b. combine created ACLs under vlan access-map and indicate actions(drop/forward) c. do not forget to allow all other traffic by permit all ACL d. apply access-map to vlan by vlan filter command mac access-list extended TEST-MAC-VACL permit host 0000.1234.5678 any ip access-list extended PERMIT-VACL permit ip any any ip access-list extended TEST-VACL permit tcp host 10.0.0.1 any eq 345 permit udp host 10.0.0.1 any eq…

Read More Read More