I created this Cisco TrustSec cheat sheet for my students, hope it helps.
I created this Cisco TrustSec cheat sheet for my students, hope it helps.
Artificial intelligence (AI) is an area of computer science that emphasizes the creation of intelligent machines that work and reacts like humans.
Some applications of AI include expert systems, speech recognition and machine vision.
But can we really call this AI , yes but this is not the Ultimate goal of AI , developers looking to create Machines more smarter than Humans , which leads many to warn from this step.
Elon Musk believes that the advancement in technology can create super intelligence that can threaten human existence.
This smart than Human AI ( we call it Artificial Super Intelligence ASI ) could be presented as network of computing power, it can be a human-computer interface(hybrid) or it can be a biologically advanced brain.
But we still far away from that, we did not even reach yet the point where AI machine can be smart as human beings. (We call it Artificial General Intelligence AGI )
The Singularity Summit (2012) predicted this may happen around 2040 based on inputs from experts.
Most of the AI systems in place today are Weak Artificial Intelligence (WAI), which were designed to solve a specific problem.
Such as AlphaGo, who beat human champions in board game.
We are moving from WAI to AGI but slowly
Read More in my Article here :
Everything started with Virtualization products (such as VMware) then Data Centers came (Cisco Nexus & UCS) that leads to Cloud Computing (Microsoft Azure , Google Cloud & Amazon AWS) then the needs of containers pop up (Dockers) and that is why Microsoft added a complete chapter for how to use docker on windows 2016 server
Same time we used to have Network functions virtualization NFV (Virtual Router, Switch, Firewall,IPS..etc) which leads to even having Virtual switch independent products ( VMware VSS,VDS/ Cisco Nexus 1000v /AVS/OVS).
Then we got the new term “Network Virtualization” where a complete network is just virtualized, solutions such as VXLAN provide us this concept where you can had a complete virtual layer 2 network overlay Physical layer network.
Story continue, Devices now had API (such as Cisco NX-API / Cisco onePK / eAPI)
Read More in my article here:
Network Security Monitoring NSM
is the collection, detection and analysis of network security data.
The majority of NSM is dedicated to Detect in an effort to better Respond.
Example for NSM is Security Onion
Security Onion is a Linux distro specialized on network security monitoring and intrusion prevention, simplify the whole network management with a Ubuntu-based distro that you can start using with just few steps.
It comes with many valuable security software to monitor your network in real time or perform analysis on pcap files and/or system logs.
Here are tools you will find on Security Onion:
Snort is a Network Intrusion Detection System (NIDS). It sniffs network traffic and generates IDS alerts.
Suricata is a free and open source, mature, fast and robust network threat detection engine. Suricata inspects the network traffic using a powerful and extensive rules and signature language, and has powerful Lua scripting support for detection of complex threats.
Bro is a powerful network analysis framework that is much different from the typical IDS you may know. While focusing on network security monitoring, Bro provides a comprehensive platform for more general network traffic analysis as well.
Bro monitors your network traffic and creates logs
netsniff-ng is a free Linux networking toolkit, a Swiss army knife for your daily Linux network plumbing if you will. Its gain of performance is reached by zero-copy mechanisms, so that on packet reception and transmission the kernel does not need to copy packets from kernel space to user space and vice versa.
OSSEC watches it all, actively monitoring all aspects of system activity with file integrity monitoring, log monitoring, rootcheck, and process monitoring.
System Monitor (Sysmon) is a Windows system service and device driver that, once installed on a system, remains resident across system reboots to monitor and log system activity to the Windows event log. It provides detailed information about process creations, network connections, and changes to file creation time.
Autoruns This utility, which has the most comprehensive knowledge of auto-starting locations of any startup monitor, shows you what programs are configured to run during system bootup or login, and when you start various built-in Windows applications like Internet Explorer, Explorer and media players.
syslog-ng allows you to flexibly collect, parse, classify, and correlate logs from across your infrastructure and store or route them to log analysis tools.
The tools in the bottom row are dedicated to the collection and production of raw NSM data.
The tools in the middle row are associated with the optimization and maintenance of the data. For example, Bro, OSSEC & syslog-ng all produce flat files with one log entry per line. The ELSA system takes this raw data and organizes it into a relational MySQL database, using high-performance Sphinx indexing.
The tools that are listed in the top row are responsible for the presentation of the data to the analyst.
also Latest version of Security Onion is shipped with ELK software as well.
But what is ELK > to answer this question we need to answer another question first , What is SIEM?
Security event and incident management (SEIM)
SIEM systems are data correlation tools that capture data from multiple sources and provide data analysis and reports to management on system, application and network activity and possible security events.
These tools can be used to detect compliance violations, identify known attacks and provide reporting.As shown in exhibit a SEIM system gathers data from multiple sources and correlates and analyzes that datato develop reports for management on the wider picture of security across the systems of the organization
Most modern SIEMs also integrate with other information systems to gather additional contextual information to feed the correlation engine.
Cisco ISE and Cisco Stealthwatch are examples of an identity management system and flow collector that are able to integrate with most of the SIEM systems.
Examples of SIEM software: Splunk , IBM QRadar , Log Rhythm , HP ArcSight and ELK , ELK is open source SIEM
“ELK” is the acronym for three open source projects: Elasticsearch, Logstash, and Kibana.
The ELK stack consists of the open source products Elasticsearch, Logstash and Kibana.
Logstash is a receiver for log data from virtually any source.
It can filter, process, correlate and generally enhance any log data that it encounters.
(is a server‑side data processing pipeline that ingests data from multiple sources simultaneously, transforms it, and then sends it to a “stash” like Elasticsearch)
Elasticsearch is the storage engine and is one of the best solutions in its field currently available. (it is an open source, distributed, RESTful, JSON-based search and analytics engine)
Kibana is the visualization portion of the equation, and it is hands down one of the best visualization system the open source community has yet produced. (lets users visualize data with charts and graphs in Elasticsearch.)
Logstash, a part of the ELK stack, uses input plugins to collect logs; however, it also can accept input from more purpose-built solutions such as OSSEC or Snort.
The Elastic Stack is the next evolution of ELK.
To Make ELK collect data from different servers and services we need some agents to be installed on these servers, we call it Beats.
Beats are lightweight data shippers that you install as agents on your servers to send specific types of operational data to Elasticsearch.
The servers that are running Logstash agents are called shippers.
If you preparing for PMPv6 exam, here is a list of notes you should take care of:
1-Read “AGILE PRACTICE GUIDE” book ISBN: 978-1-62825-199-9 since PMP now is completely running with Agile spirit.
2-Time Management Knowledge Area name changed to Schedule Management
3-Human Resources Management Knowledge Area name changed to Resources Management
4-Estimate Activity Resources moved from Time Management to Resources Management
5- Three new process added :
6-Nine process renamed
7-Process Close Procurement REMOVED and details of it added to Close Project or Phase process
8-New chapter for the role of project manager has been added (chapter 3)
9- recategorize many tools and techniques