Prueba de Habilidades Prácticas CISCO CCNA

El avance de las nuevas tecnologías nos lleva a replantearnos como y de qué manera avanzamos con ellas, para eso es necesario que el ser humano se mantenga actualizado constantemente. El diplomado CISCO propone nuevas alternativas para lograr el conocimiento apropiado, practico y ajustado a las capacidades y tiempo de cada alumno, en este escrito se condensará el contenido propuesto por la Universidad y se reflejará a la altura de la situación el desarrollo consciente y estructurado de este. Las infraestructuras modernas requieren de especialistas que estén en capacidad de abordar los retos y la expansión de la industria sea el que sea el campo de aplicación de los sistemas de enrutamiento y switching esperamos los conocimientos sean aplicados con la técnica adecuada. Palabras Claves: Enrutamiento, Switching, Especialistas, CISCO.The advance of new technologies leads us to rethink how and in what way we advance with them, for this it is necessary for the human being to be constantly updated in order to keep up-to-date. The CISCO program proposes new alternatives to achieve the appropriate, practical knowledge and adjusted to the abilities and time of each student, in this paper the content proposed by the University will be condensed and structured developed. Modern infrastructures require specialists who are capable of addressing the challenges and the expansion of the industry, whatever the field of application of routing and switching systems, we hope that the knowledge will be applied with the appropriate technique. Key Words: Routing, Switching, Specialists, CISCO

Router security effect on performance of a network

Recently many of the devices that create a computer network offer security to help protect networks from hackers, such as computers, servers, firewalls and even routers. In most cases when protecting a network from hackers having more security is not always the best, because the more resources of the device is used by the security in inspecting connections, and it can compromise performance of the network. This thesis investigates performance benefit of having security on a router and its impact on the connection rate of the network when it is under security attacks. In this thesis, different security features and configurations offered by the router are tested to see how they affect the connection rate of the network under different security attacks, and compare with the benchmark network performance when there was no security used at all in the router

Networking vendor strategy and competition and their impact on enterprise network design and implementation

Thesis (M.B.A.)--Massachusetts Institute of Technology, Sloan School of Management; and, (S.M.)--Massachusetts Institute of Technology, Dept. of Electrical Engineering and Computer Science; in conjunction with the Leaders for Manufacturing Program at MIT, 2006.Includes bibliographical references (leaves 93-99).While a significant amount of literature exists that discuss platform strategies used by general IT vendors, less of it has to do with corporate networking technology vendors specifically. However, many of the same strategic principles that are used to analyze general IT vendors can also be used to analyze networking vendors. This paper extends the platform model that was developed by Michael Cusumano and Annabel Gawer to networking vendors, outlining the unique strategic aspects that the networking market possesses. The paper then reviews the strategy of the first dominant corporate datacom vendor, IBM, how it achieved its dominance, and how it lost it. The paper then discusses the strategies of various vendors who attempted to replace IBM as the dominant networking platform vendor and how they failed to do so. Finally, the paper discusses Cisco Systems, a vendor who did manage to achieve a level of dominance that parallels IBM's, and how that company has utilized its strategy to achieve and maintain its current dominance. Finally, Cisco's current strategic challenges are discussed. The impact of the strategies of the various vendors on the evolution of corporate networking is also discussed.by Ray Fung.S.M.M.B.A

Diplomado de Profundización CISCO Prueba de Habilidades Prácticas CISCO CCNP

El examen de habilidades comprende protocolos de routing dinámico (RIPv2, OSPF), configuración de servers DHCP, Network Address Translation (NAT), Listas de control de acceso (ACL), las cuales se implementan en routers para mayor seguridad de una red o aplicar políticas de entrada y salida de paquetes para equipos específicos. Durante el desarrollo de este informe se pone en práctica todos los conocimientos adquiridos durante este semestre, se realizan actividades prácticas dando solución a 2 escenarios propuestos en la guía de actividades; con el fin de identificar las habilidades adquiridas durante todo este proceso de aprendizaje profesional. Los problemas propuestos son de descripción detallada del paso a paso de cada una de las etapas realizadas durante su desarrollo, el registro de los procesos de verificación de conectividad mediante el uso de comandos ping, traceroute, show ip route, entre otros.The skills test includes dynamic routing protocols (RIPv2, OSPF), DHCP server configuration, Network Address Translation (NAT), Access Control Lists (ACL), which are implemented in routers for greater security of a network or apply Package entry and exit policies for specific equipment.   During the development of this report, all the knowledge acquired during this semester is put into practice. Practical activities are carried out, solving 2 scenarios proposed in the activity guide; in order to identify the skills acquired throughout this professional learning process.   The proposed problems are a detailed description of the step-by-step of each of the stages carried out during its development, the registration of the connectivity verification processes through the use of ping, traceroute, show ip route commands, among others

Diplomado de profundización CISCO.

Se comienza analizando el planteamiento y obteniendo una topología lógica, según las necesidad de cantidad de usuarios, conexiones, y uso de la red; para luego continuar configurando los parámetros básicos de seguridad y direccionamiento de cada router y switch, así como los parámetros básicos de servicios y direccionamiento de los PC y servidores, pasando por el enrutamiento dinámico, DHCP, NAT, hasta listas de control de acceso ACL. Primero se tiene una red WAN con 3 routers con interfaces Ethernet y Serial, en donde primero se configuran los routers con configuraciones básicas y de contraseñas, además del direccionamiento, luego se desarrollan verificación de dispositivos vecinos, rutas, y conectividad en ciertos tramos, para luego configurar el protocolo de enrutamiento dinámico EIGRP, el cual permite que exista conectividad en todos los tramos, allí también se verifican vecinos EIGRP y se verifican las tablas de enrutamiento, para verificar que se agregaron rutas dinámicamente por EIGRP con el indicativo D; luego, una vez que se cuenta con conectividad total, se restringen ciertos paquetes, para implementar seguridad en la red, en donde ciertas redes LAN no pueden acceder a otras, excepto al servidor ubicado en una de esas LAN, esto se logra al implementar listas de control de acceso ACL, en ciertas interfaces, en determinadas direcciones, y a determinados protocolos y servicios. Adicionalmente se tiene una red MAN, la cual accede a internet en la oficina central, por medio de una red Ethernet; allí se implementan políticas de seguridad un poco más fuertes, incluso desde la configuración básica de los routers, al implementar acceso con usuarios y contraseñas, un máximo de intentos para acceder, un máximo tiempo de permanencia, y un servidor tftp para hacer backups de cada router remotamente, también, se establece autenticación en el protocolo de enrutamiento dinámico OSPF al tener que configurar una misma contraseña en cada interfaz que se conecta con el vecino OSPF el cual deber tener configurada la misma contraseña; en esta red se configura un router como servidor DHCP solo para 2 de las 3 redes LAN; también se configura NAT para traducir las direcciones de la MAN, a una dirección IP global interna (publica), con la cual se accede a internet, implementando NAT y PAT; y finalmente se aplican listas de control de acceso ACL, principalmente a fin de que cada VLAN solo acceda a terminados sectores y servicios.It begins by analyzing the problem and the logical topology, according to the need of number of users, connections, and use of the network; and then configuring the basic security and addressing parameters of each router and switch, as well as the basic services and addressing parameters of the PCs and servers, through dynamic routing, DHCP, NAT, up to ACL access control lists. First there is a WAN network with 3 routers with Ethernet and Serial interfaces, where first the routers with basic configurations and passwords are configured, in addition to the addressing, then, continue with verification of neighboring devices, the routes, and connectivity are verified in certain sections, to then configure the EIGRP dynamic routing protocol, which allows full connectivity in all sections, there, the EIGRP neighbors are verified and routing tables are verified, to verify that routes were dynamically added by EIGRP with the callsign D; then, once full connectivity is available, certain packets need to be restricted to implement network security, where, certain LAN networks cannot access others, except to the server located on one of those LANs, this is achieved by implementing of lists ACL access control, on certain interfaces, on certain addresses, and on certain protocols and services. Additionally, there is a MAN network, which accesses the Internet in the head office, through an Ethernet network; there, a little stronger security policies are implemented, even from the basic configuration of the routers, when implementing access with users and passwords, a maximum of attempts to access, a maximum time of permanence, and a tftp server to make backups of each Router remotely, then, also establishes authentication in the OSPF dynamic routing protocol by having to configure the same password on each interface that it's connects to the OSPF neighbor, which must be the same password configured; then, in this network a router is configured as a DHCP server only for 2 of the 3 LAN networks; NAT is also configured to translate the addresses of the network MAN, to an internal (public) global IP address, with which the internet is accessed, implementing NAT and PAT; and finally ACL access control lists are applied, mainly so that each VLAN only accesses to a determinate sectors and services

CYBER SECURITY @ HOME: The Effect of Home User Perceptions of Personal Security Performance on Household IoT Security Intentions

This study explored potential human factors predictors of home user security intentions through the lens of past performance, perceived self-efficacy, and locus of control. While perceived self-efficacy and locus of control are elements in several organizational and individual security models, past performance has been less frequently studied. The variable, past performance, which has been referred to in other studies as prior experience, knowledge, and information security awareness, is usually a single question self-assessment of familiarity or comfort with technology. This study explores user technical prowess in further depth, using formal technical education, informal technical education, employment in an IT/CS field, and self-reported email and internet security measures as a measurement of technical ability. Security intentions were determined by best practices in hardware security, network security, and IoT device protection. Studying IoT security in home users is important because there are 26.6 billion devices connected to the Internet already, with 127 devices are being added to the network every second, which creates a very large attack surface if left unsecured. Unlike organizations, with dedicated IT departments, home users must provide their own security within their network. Instead of building security around the user, this research attempts to determine what human factors variables effect intentions to use existing security technologies. Through an online survey, home users provided information on their background, device usage, perceived ability to perform security behaviors, level of control over their environment, current security intentions, and future security intentions. Hierarchical linear regression, path modeling, and structural equation modeling determined that past performance was consistently the strongest predictor of security intentions for home users. Self-efficacy and locus of control had varying results among the disparate methods. Additionally, exposure to security concepts through the survey had an effect on user security intentions, as measured at the end of the survey. This research contributed an initial model for the effects of past performance, self-efficacy, and locus of control on security intentions. It provided verification for existing self-efficacy and locus of control measurements, as well as comprehensive, modular security intentions survey questions. Additionally, this study provided insight into the effect of demographics on security intentions

Use of locator/identifier separation to improve the future internet routing system

The Internet evolved from its early days of being a small research network to become a critical infrastructure many organizations and individuals rely on. One dimension of this evolution is the continuous growth of the number of participants in the network, far beyond what the initial designers had in mind. While it does work today, it is widely believed that the current design of the global routing system cannot scale to accommodate future challenges. In 2006 an Internet Architecture Board (IAB) workshop was held to develop a shared understanding of the Internet routing system scalability issues faced by the large backbone operators. The participants documented in RFC 4984 their belief that "routing scalability is the most important problem facing the Internet today and must be solved." A potential solution to the routing scalability problem is ending the semantic overloading of Internet addresses, by separating node location from identity. Several proposals exist to apply this idea to current Internet addressing, among which the Locator/Identifier Separation Protocol (LISP) is the only one already being shipped in production routers. Separating locators from identifiers results in another level of indirection, and introduces a new problem: how to determine location, when the identity is known. The first part of our work analyzes existing proposals for systems that map identifiers to locators and proposes an alternative system, within the LISP ecosystem. We created a large-scale Internet topology simulator and used it to compare the performance of three mapping systems: LISP-DHT, LISP+ALT and the proposed LISP-TREE. We analyzed and contrasted their architectural properties as well. The monitoring projects that supplied Internet routing table growth data over a large timespan inspired us to create LISPmon, a monitoring platform aimed at collecting, storing and presenting data gathered from the LISP pilot network, early in the deployment of the LISP protocol. The project web site and collected data is publicly available and will assist researchers in studying the evolution of the LISP mapping system. We also document how the newly introduced LISP network elements fit into the current Internet, advantages and disadvantages of different deployment options, and how the proposed transition mechanism scenarios could affect the evolution of the global routing system. This work is currently available as an active Internet Engineering Task Force (IETF) Internet Draft. The second part looks at the problem of efficient one-to-many communications, assuming a routing system that implements the above mentioned locator/identifier split paradigm. We propose a network layer protocol for efficient live streaming. It is incrementally deployable, with changes required only in the same border routers that should be upgraded to support locator/identifier separation. Our proof-of-concept Linux kernel implementation shows the feasibility of the protocol, and our comparison to popular peer-to-peer live streaming systems indicates important savings in inter-domain traffic. We believe LISP has considerable potential of getting adopted, and an important aspect of this work is how it might contribute towards a better mapping system design, by showing the weaknesses of current favorites and proposing alternatives. The presented results are an important step forward in addressing the routing scalability problem described in RFC 4984, and improving the delivery of live streaming video over the Internet

A Deep Dive into Technical Encryption Concepts to Better Understand Cybersecurity & Data Privacy Legal & Policy Issues

Lawyers wishing to exercise a meaningful degree of leadership at the intersection of technology and the law could benefit greatly from a deep understanding of the use and application of encryption, considering it arises in so many legal scenarios. For example, in FTC v. Wyndham1 the defendant failed to implement nearly every conceivable cybersecurity control, including lack of encryption for stored data, resulting in multiple data breaches and a consequent FTC enforcement action for unfair and deceptive practices. Other examples of legal issues requiring use of encryption and other technology concepts include compliance with security requirements of GLBA & HIPAA, encryption safe harbors relative to state data breach notification laws and the CCPA, the NYDFS Cybersecurity Regulation, and PCI standards. Further, some policy discussions have taken place in 2020 regarding encrypted DNS over HTTPS, and lawyers would certainly seem to benefit from a better understanding of relevant encryption concepts to assess the privacy effectiveness of emerging encryption technologies, such as encrypted DNS. Finally, the need for technology education for lawyers is evidenced by North Carolina and Florida requiring one or more hours in technology CLE and New York in 2020 moving toward required CLE in the area of cybersecurity specifically. This article observes that there is a continuing desire for strong encryption mechanisms to advance the privacy interests of civilians’ online activities/communications (e.g., messages or web browsing). Law enforcement advocates for a “front door,” requiring tech platforms to maintain a decryption mechanism for online data, which they must produce upon the government providing a warrant. However, privacy advocates may encourage warrant-proof encryption mechanisms where tech platforms remove their ability to ever decrypt. This extreme pro-privacy position could be supported based on viewing privacy interests under a lens such as Blackstone’s ratio. Just as the Blackstone ratio principle favors constitutional protections that allow ten guilty people to go free rather than allowing one innocent person suffer, individual privacy rights could arguably favor fairly unsurveillable encrypted communications at the risk of not detecting various criminal activity. However, given that the internet can support large-scale good or evil activity, law enforcement continues to express a desire for a front door required by legislation and subject to suitable privacy safeguards, striking a balance between strong privacy versus law enforcement’s need to investigate serious crimes. In the last few decades, law enforcement appears to have lost the debate for various reasons, but the debate will likely continue for years to come. For attorneys to exercise meaningful leadership in evaluating the strength of encryption technologies relative to privacy rights, attorneys must generally understand encryption principles, how these principles are applied to data at rest (e.g., local encryption), and how they operate with respect to data in transit. Therefore, this article first explores encryption concepts primarily with regard to data at rest and then with regard to data in transit, exploring some general networking protocols as context for understanding how encryption can applied to data in transit, protecting the data payload of a packet and/or the routing/header information (i.e., the “from” and “to” field) of the packet. Part 1 of this article briefly explores the need for lawyers to understand encryption. Part 2 provides a mostly technical discussion of encryption concepts, with some legal concepts injected therein. Finally, Part 3 provides some high level legal discussion relevant to encryption (including arguments for and against law enforcement’s desire for a front door). To facilitate understanding for a non-technical legal audience, I include a variety of physical world analogies throughout (e.g., postal analogies and the like)

DEVELOPING AN EXPANDABLE GUI TOOL TO ENHANCE NETWORKING EDUCATION: GRAPHICAL USER INTERFACE FOR SHELL ENTRY (GUISE)

The lack of systemic education dedicated to computer networks and the general inadequacy of students' comprehension of the structure and the dynamics of the networks are arguably issues in most public schools. In the situation where the internet is a commodity, the increase in the threat of global attacks on many computing resources is exceptionally high, and so is the consequential importance of the global cyber workforce. Most people achieve their basic understanding through their routine use of computers at home, and it is both pragmatic and more effective to consider using basic home tools because of their didactic benefits. We designed and developed GUISE (GUI for Shell Entry) as an intuitive interface that makes command entry and network analysis easier for masses of users. GUISE leverages the operating system's capabilities and allows inexperienced users with no expertise in the computer networking domain to acquire enhanced network situational awareness in a competent manner. The ultimate benefit of the GUISE tool is providing its users with an educational aspect focused on the networking elements of their home computer infrastructure. That approach has the potential to directly support the growth of their networking literacy and proficiency, and their navigation of the networking landscape with enhanced confidence and safety.Outstanding ThesisCivilian, SFSApproved for public release. Distribution is unlimited

Tragedy of the routing table: An analysis of collective action amongst Internet network operators

S.M. thesisThis thesis analyzes and discusses the effectiveness of social efforts to achieve collective action amongst Internet network operators in order to manage the growth of the Internet routing table. The size and rate of growth of the Internet routing table is an acknowledged challenge impeding the scalability of our BGP interdomain routing architecture. While most of the work towards a solution to this problem has focused on architectural improvements, an effort launched in the 1990s called the CIDR Report attempts to incentivize route aggregation using social forces and norms in the Internet operator community. This thesis analyzes the behavior of Internet network operators in response to the CIDR Report from 1997 to 2011 to determine whether the Report was effective in achieving this goal. While it is difficult to causally attribute aggregation behavior to appearance on the CIDR report, there is a trend for networks to improve their prefix aggregation following an appearance on the CIDR Report compared to untreated networks. This suggests that the CIDR Report did affect network aggregation behavior, although the routing table continued to grow. This aggregation improvement is most prevalent early in the study period and becomes less apparent as time goes on. Potential causes of the apparent change in efficacy of the Report are discussed and examined using Ostrom s Common Pool Resource framework. The thesis then concludes with a discussion of options for mitigating routing table growth, including the continued use of community forces to better manage the Internet routing table.S.M