The History of DevOps & NetDevOps

Everything started with Virtualization products (such as VMware) then Data Centers came (Cisco Nexus & UCS) that leads to Cloud Computing (Microsoft Azure , Google Cloud & Amazon AWS) then the needs of containers pop up (Dockers) and that is why Microsoft added a complete chapter for how to use docker on windows 2016 server

https://www.docker.com/

https://www.docker.com/cisco

Same time we used to have Network functions virtualization NFV (Virtual Router, Switch, Firewall,IPS..etc) which leads to even having Virtual switch independent products ( VMware VSS,VDS/ Cisco Nexus 1000v /AVS/OVS).

Then we got the new term “Network Virtualization” where a complete network is just virtualized, solutions such as VXLAN provide us this concept where you can had a complete virtual layer 2 network overlay Physical layer network.

Story continue, Devices now had API (such as Cisco NX-API / Cisco onePK / eAPI)

Read More in my article here:

https://learningnetwork.cisco.com/docs/DOC-35235

What is NSM (Security Onion) & SIEM (ELK)?

Network Security Monitoring NSM

is the collection, detection and analysis of network security data.

The majority of NSM is dedicated to Detect in an effort to better Respond.

Example for NSM is Security Onion

Security Onion is a Linux distro specialized on network security monitoring and intrusion prevention, simplify the whole network management with a Ubuntu-based distro that you can start using with just few steps.

It comes with many valuable security software to monitor your network in real time or perform analysis on pcap files and/or system logs.

Here are tools you will find on Security Onion:

  • Reassembler
  • tcpdump
  • OSSEC (HOST IPS)
  • hunt
  • Squert
  • Xplico
  • tshark
  • Bro
  • dsniff
  • ELSA
  • tcpxtract
  • ngrep
  • Snort (IDS/IPS)
  • sslsniff
  • Snorby
  • tcpstat
  • Wireshark
  • Suricata
  • mergecap
  • sguil
  • tcpslice
  • ssldump
  • barnyard2
  • driftnet
  • p0f
  • tcpreplay
  • NetworkMiner
  • u2boat
  • netsniff-ng
  • Sniffit
  • scapy
  • Argus
  • u2spewfoo
  • driftnet
  • tcpick
  • chaosreader
  • Daemonlogger
  • netsed
  • labrea
  • hping

Snort is a Network Intrusion Detection System (NIDS). It sniffs network traffic and generates IDS alerts.

Suricata is a free and open source, mature, fast and robust network threat detection engine. Suricata inspects the network traffic using a powerful and extensive rules and signature language, and has powerful Lua scripting support for detection of complex threats.

Bro is a powerful network analysis framework that is much different from the typical IDS you may know. While focusing on network security monitoring, Bro provides a comprehensive platform for more general network traffic analysis as well.

Bro monitors your network traffic and creates logs

netsniff-ng is a free Linux networking toolkit, a Swiss army knife for your daily Linux network plumbing if you will. Its gain of performance is reached by zero-copy mechanisms, so that on packet reception and transmission the kernel does not need to copy packets from kernel space to user space and vice versa.

OSSEC watches it all, actively monitoring all aspects of system activity with file integrity monitoring, log monitoring, rootcheck, and process monitoring.

System Monitor (Sysmon) is a Windows system service and device driver that, once installed on a system, remains resident across system reboots to monitor and log system activity to the Windows event log. It provides detailed information about process creations, network connections, and changes to file creation time.

Autoruns This utility, which has the most comprehensive knowledge of auto-starting locations of any startup monitor, shows you what programs are configured to run during system bootup or login, and when you start various built-in Windows applications like Internet Explorer, Explorer and media players.

syslog-ng allows you to flexibly collect, parse, classify, and correlate logs from across your infrastructure and store or route them to log analysis tools.

The tools in the bottom row are dedicated to the collection and production of raw NSM data.

The tools in the middle row are associated with the optimization and maintenance of the data. For example, Bro, OSSEC & syslog-ng all produce flat files with one log entry per line. The ELSA system takes this raw data and organizes it into a relational MySQL database, using high-performance Sphinx indexing.

The tools that are listed in the top row are responsible for the presentation of the data to the analyst.

also Latest version of Security Onion is shipped with ELK software as well.

But what is ELK > to answer this question we need to answer another question first , What is SIEM?

Security event and incident management (SEIM)

SIEM systems are data correlation tools that capture data from multiple sources and provide data analysis and reports to management on system, application and network activity and possible security events.

These tools can be used to detect compliance violations, identify known attacks and provide reporting.As shown in exhibit a SEIM system gathers data from multiple sources and correlates and analyzes that datato develop reports for management on the wider picture of security across the systems of the organization

Most modern SIEMs also integrate with other information systems to gather additional contextual information to feed the correlation engine.

Cisco ISE and Cisco Stealthwatch are examples of an identity management system and flow collector that are able to integrate with most of the SIEM systems.

Examples of SIEM software: Splunk , IBM QRadar , Log Rhythm , HP ArcSight and ELK , ELK is open source SIEM

ELK” is the acronym for three open source projects: Elasticsearch, Logstash, and Kibana.

The ELK stack consists of the open source products Elasticsearch, Logstash and Kibana.

Logstash is a receiver for log data from virtually any source.

It can filter, process, correlate and generally enhance any log data that it encounters.

(is a server‑side data processing pipeline that ingests data from multiple sources simultaneously, transforms it, and then sends it to a “stash” like Elasticsearch)

Elasticsearch is the storage engine and is one of the best solutions in its field currently available. (it is an open source, distributed, RESTful, JSON-based search and analytics engine)

Kibana is the visualization portion of the equation, and it is hands down one of the best visualization system the open source community has yet produced. (lets users visualize data with charts and graphs in Elasticsearch.)

Logstash, a part of the ELK stack, uses input plugins to collect logs; however, it also can accept input from more purpose-built solutions such as OSSEC or Snort.

The Elastic Stack is the next evolution of ELK.

To Make ELK collect data from different servers and services we need some agents to be installed on these servers, we call it Beats.

Beats are lightweight data shippers that you install as agents on your servers to send specific types of operational data to Elasticsearch.

The servers that are running Logstash agents are called shippers.

https://securityonion.net/

https://www.elastic.co/

PMPv6 Changes Summary

If you preparing for PMPv6 exam, here is a list of notes you should take care of:

1-Read “AGILE PRACTICE GUIDE” book ISBN: 978-1-62825-199-9 since PMP now is completely running with Agile spirit.

2-Time Management Knowledge Area name changed to Schedule Management

3-Human Resources Management Knowledge Area name changed to Resources Management

4-Estimate Activity Resources moved from Time Management to Resources Management

5- Three new process added :

  • Manage Project knowledge (executing) process added to Integration Management
  • Implement Risk Responses (executing) process added to Risk Management
  • Control Resources (monitoring & controlling) process added to Resources Management

6-Nine process renamed

7-Process Close Procurement REMOVED and details of it added to Close Project or Phase process

8-New chapter for the role of project manager has been added (chapter 3)

9- recategorize many tools and techniques

CISSP 15-April 2018 Changes Summary

To understand these changes lets first go two versions back CISSP 2012 made from 10 Domains:

  1. Information Security Governance and Risk Management
  2. Access Control
  3. Security Architecture and Design
  4. Physical and Environmental Security
  5. Telecommunications and Network Security
  6. Cryptography
  7. Business Continuity and Disaster Recovery
  8. Legal, Regulations, Compliance, and Investigations
  9. Software Development Security
  10. Security Operations

In 2015 new changes happened to CISSP and the 10 domains became 8 domains:

  1. Security and Risk Management
  2. Asset Security
  3. Security Engineering
  4. Communication and Network Security
  5. Identity and Access Management
  6. Security Assessment and Testing [the official book is 1304 pages, this domain is 49 pages ONLY!!]
  7. Security Operations
  8. Software Development Security

Summary for what happened in 2015:

  • No topics were REMOVED from the exam.
  • New topics were added to the exam.7% such as:
  1. Talking about SCADA & Dnp3 protocol, IoT
  2. More about Converged protocols (e.g., FCoE, MPLS, VoIP, iSCSI)
  3. New Investigation types, Asset types
  4. DevOps , Agile and Scrum overview
  5. Attribute-based access control ABAC
  • The Book was condensed from 10 domains to 8 domains but the content was not removed. It was simply restructured

In April 2018 few changes happened again, But we still have 8 domains:

  1. Security and Risk Management
  2. Asset Security
  3. Security Architecture and Engineering
  4. Communication and Network Security
  5. Identity and Access Management (IAM)
  6. Security Assessment and Testing
  7. Security Operations
  8. Software Development Security

Summary for what happened in 2018:

  • “Security Engineering” Domain name changed to “Security Architecture and Engineering”
  • No topics were REMOVED from the exam.
  • Only 1% New topics were added to the exam and Official Book.
  • Content restructured again.
  • Domains weight changed in the exam

Domain Average Weight in CAT exam

Security and Risk Management 15%

Asset Security 10%

Security Architecture and Engineering 13%

Communication and Network Security 14%

Identity and Access Management (IAM) 13%

Security Assessment and Testing 12%

Security Operations 13%

Software Development Security 10%

So Nothing really changed from 2015 version to 2018 version, just remember that exam now in CAT format since December 2017

https://www.isc2.org/Certifications/CISSP/CISSP-CAT

My Free Documents & Articles in CLN

All my Cisco Learning Network Documents & Guides for free
Last Update 28-Mar-2019
CCIEv5 R&S Documents & Guides
———————
CCIEv5 IPv4 Multicast Study Guide
CCIEv5 BGP Attributes & Best Path Selection
Introduction to QoS
CCIEv5 MPLS (LDP,vrf lite,MPLS VPN) Study Guide
CCIEv5 BGP Load Sharing & Load Balancing
CCIEv5 DHCP/DNS/DHCPv6 Labs
CCIEv5 IPv6 Over MPLS (6PE,6VPE) Labs.
CCIEv5 BGPv6 (IPv6 Over BGP) Lab.
CCIEv5 PPP Mega Lab (IPCP,PPPOE,CHAP,PAP)
CCIEv5 VRF Lite Lab (BLUE,GREEN,YELLOW,RED VRFs)
CCIEv5 BGP AS 4bytes Lab
CCIEv5 BGP Dynamic Neighbor Lab
CCIEv5 Bidirectional Forwarding Detection (BFD) Overview
CCIEv5 IPv6 FHS (First Hop Security) Quick Guide
CCIEv5 EPC Overview
CCIEv5 VTPv3 Overview
CCIEv5 Quick Guide For Redistribution & Path Control
CCIEv5 New Topics Workbook
CCIEv5 New Lab Topics Resources
————————————————-
CCIEv5 R&S & Security Documents & Guides
CCIEv5 Security IGP,EGP Authentication
CCIEv5 DMVPN Quick Guide
CCIEv5 DMVPN Labs Workbook
CCIEv5 Unprotected GRE Tunnel , Protected GRE Tunnel with IPsec -VTI
————————————————-
CCIEv5 Security Documents & Guides
——————–
CCIE Security SSL VPN IOS & ASA
CCIE Security EASY VPN IOS & ASA
CCIE Security DMVPN Dual Hub Workbook
CCIE Security IKEv2 & FlexVPN Quick Overview
CCIE Security GET VPN Quick Overview
CCIE Security IOS/ASA PKI Quick Overview
CCIEv5 Security Introduction to Net Flow & StealthWatch System
Introduction to FirePOWER & FireSIGHT Policies
Cisco FirePOWER & FireSIGHT HA,Clustering and Staking
Introduction to ASA with FirePOWER
CCIE Security v5 & FTD
Attacking Cisco R&S with Kali (Backtrack)
Configuring ASA for CWS
CCIEv5 Security IGP,EGP Authentication
https://learningnetwork.cisco.com/docs/DOC-32905

————————————————–

Other Topics
—————
Introduction to SDN
What is Cisco ACI?
Learn Python , Now!
IS-IS Study Guide Cisco IOS,IOS-XR
Understating Cisco IOS v15 Licenses
CCNA Security Risk Quantitative Assessment
Cisco Catalyst ME 3400 Overview & Configuration
Understanding Cisco EEM by examples Part 1
Understanding Cisco EEM by examples Part 2
CCNA Workbook Lab 1
Zone Based Firewall Part 1
Introducing CCNA v3.0 New Topics
Cisco Routers Password Types
Protection Techniques from Wardriving attack
CCNP R&S (TSHOOT) MALLOCFAIL Errors and General Memory Problems
MTU issues in CCIE R&S TS Section
PPP over Frame Relay (PPPoFR) Lab
Load Sharing with HSRP Multigroup HSRP (MHSRP) Lab
Frame Relay Lab without FR core or Back2Back.
Cisco Router As Type 7 Decryptor
The Myth about Proctor
IGP Limitations
Creating Menu in Cisco Routers
How To Create Comm Access Server Router with ISR G2 ?
Role-Based Command Line

CCNA Workbook Lab 2
https://learningnetwork.cisco.com/docs/DOC-34396

The History of DevOps & NetDevOps
https://learningnetwork.cisco.com/docs/DOC-35235

ISE 2.4 Resources and prerequisites
https://learningnetwork.cisco.com/docs/DOC-35993

Introduction to AI & Machine Learning Part 1
https://learningnetwork.cisco.com/docs/DOC-35163

#ciscochampion