The Interwebz Warrior

Pivoting to Security and taking the Security+!

It has been quite some time since I have updated this blog, so here we go. If you've been following me, you know that I was studying hard for the CCNA. Long story short, I did not pass it. I missed it by about 150 points. I then retook the exam after more labbing and studying and failed the exam again by a similar amount of points. I decided to change course for the time being and focus on cybersecurity. With my Comptia A+ and Network+ expiring in February of 2022, I decided now was a better time than ever to recertify them for another 3 years and gain knowledge in information security by going for the Security+. I put in about 3 months of studying and passed my first try! The Security+ is considered e"entry-level" as far as infosec certs, but was by no means an easy exam, especially for someone relatively new to security and with no professional security experience. I had to memorize about 20 pages worth objectives, which you can see here:
https://www.comptia.jp/pdf/Security%2B%20SY0-501%20Exam%20Objectives.pdf

I passed with a 763, so ..it was close. I have been doing IT Support/helpdesk for about 4 and a half years now and this completes the holy trio (A+,Net+,Sec+) for me. My best advice to those planning to go for this cert is to power through those questions. You don't want the clock to run out with 10 or 20 questions still left (granted, I am a sloooww test taker.) I know you can flag the questions, but I always tell people - Just hit the question once and give it your best. Don't bother going back to any. Here's what worked for me, if anyone cares:

*Mike Meyers Sec+501 course on Udemy (Mike Meyers is tha man, his nack for breaking things down and keeping the energy on is the best thing about his courses)
*Professer Messer's 501 videos and his practice question sessions (though I probably watched more videos from Meyers)
*Jason Dion's 501 practice exams on Udemy (comes with 6 practice exams, questions were good. I would say they were fairly in line with the real thing...though the real thing DEF hit me with some curveballs!
*Black Hills Infosec Intro to Security online 4-day course. I cannot say enough great things about these guys and gals. Pay-what-you-want, interactive labs provided via VM, and taught by some of the absolute best in the industry. This course really let me get my hands dirty with infosec and was really awesome. I'll be attending many more of their events in the future.*Printed out the objectives list and put chickenscratch notes all over all 20 pages of that sucker, highlighted ALL the acronyms I didn't have memorized and did my best (though to be honest, I never succeeded in memorizing absolutely ALL the acronyms. There's just SO many on there).

Next on the agenda: Labbing and getting more hands-on with with tools like Wireshark, Metasploit, netcat, and more! Stay tuned for more of my IT journey!

The Myth of the Cybersecurity Candidate Drought

“There are nearly 465,000 unfilled cyber jobs across the nation, according to data gathered under a Commerce Department grant”.

This is a quote from a Washington Post article dated August 2nd, 2021 on the subject of unfilled cybersecurity roles in the United States.

Cybersecurity is an immensely expansive field. From Application security to Network security to Network monitoring to Client/end-user security to Pentesting and malware development to social engineering to wireless attacks to physical security to compliance /legal frameworks, there are hundreds upon hundreds of tools and applications available for the plethora of different Infosec/Cybersecurity roles existing, many open source, and many with a hefty price tag. It takes lots of time to master any single one and can often be difficult to try to predict what any particular prospective company might want you to know, but as students in the realm of cybersecurity, we learn to delve into nearly everything we can, while obviously focusing in on tools we know to be popular (NMAP, BURP, OWASP ZAP, Nessus, Wireshark, John the Ripper, Metasploit, Cain and Abel, and Nikto are just a few that come to mind). But where does that leave us in the end as it relates to bringing on fresh talent in cybersecurity departments? If you ask most directors or CEOs or hiring managers, you’re likely to hear the same tired, perpetuated myth of the “drought of candidates in cybersecurity”. This claim could not be any further from the truth and it’s time we started facing the reality of the situation. The “drought” that is often referred to has been imagined. Fabricated, if you will, by companies who will not entertain the idea of hiring absolutely any cybersecurity candidates who have anything less than mid to senior-level corporate cybersecurity work experience. Herein lies the problem.

It stands to reason that companies would want absolute cream-of-the-crop experts handling something as important as their digital security. But where then do we draw the line between hiring experienced candidates and acting as old guard gatekeepers that keep out those who have worked tirelessly through the years to build a foundation in IT and Cybersecurity that just haven’t yet been graced with the opportunity to work an outright Cybersecurity role? As all things do, it comes down to the bottom line, money. Who wants to train a competent candidate with a solid foundation when they can just hire someone who has been in a Senior-level security engineer role for the past 5-10 years? Well, they can certainly find these candidates if they look hard enough but enticing them to apply and keeping them on is a different story entirely. Candidates such as these have any option in the world as far as employment opportunities, and rightly so. They’ve earned it. Top-tier pentesters, for instance, have their pick of the litter among fortune 500 companies with six figure offers. But how many of these candidates exist in the United States? I’ll give you a hint: Not 465,000 of them.

So what’s the solution? It’s time to face the facts. Cybersecurity roles that are lower-tier than Senior need to be embraced and introduced as a standard at more companies alongside the Senior-level roles which already exist. While nobody expects any company to put a candidate through a bachelors or masters degree's-worth of training, a lot more needs to be done on the part of employers to grow their cybersecurity departments organically. Perhaps not from an absolute beginner standpoint, but certainly from an upper-entry-level to intermediate one. Junior SOC Analyst and Jr Incident Response Analyst roles need to be introduced for candidates who are fit to fill those roles, with Senior-level engineers offering even just a few short weeks worth of training to overlay the Junior's already existing knowledge and perhaps help in filling in some gaps along the way. Some companies already have scenarios like this in place, but if we are to understand that 465,000 desks are sitting empty, then it’s time to face reality instead of continuing to perpetuate this long-told myth of the “Cybersecurity candidate drought”.

Naomi Buckwalter, a seasoned Cybersecurity professional, has actually started a foundation called Gate Breakers dedicated to addressing this topic as well. You can see a great, albeit heated, interview with Naomi here:
https://www.youtube.com/watch?v=pAvfW0_FvqI

For more information on Naomi's foundation itself, please visit:
https://www.cybersecuritygatebreakers.org/

VLANs and Trunking! Here we go!

When I first learned about VLANs a while back, the concept was a little difficult to grasp, but that's the magic of staying on the path with computer networking. All of the concepts that come off as a bit fuzzy at first become more and more clear as you revisit them. I obtained my Comptia Network+ certification last February, which delved into VLANs and Trunking, but not to the extent the CCNA does (that is, if Wendell Odom's excellent books are any indication of what's to come when I take the exam). It should come as no surprise that there is an absolute encyclopedia of different VLAN Cisco IOS commands that one needs to know for the CCNA. Below are my notes from the chapter that dealt with VLANs and Trunking:

"Reasons for using VLANs:
*To reduce CPU overhead on each device, thereby improving host performance by reducing the number of devices that receive each broadcast frame

*To reduce security risks by reducing the number of hosts that receive copies of frames that the switches flood (broadcasts, multicasts, and unknown unicasts)
*To improve security for hosts through the application of different security policies per VLAN

*To create more flexible designs that group users by department or by groups that work together instead of by physical location

*To solve problems more quickly, because the failure domain for many problems is the same set of devices as those in the same broadcast domain

*To reduce the workload for spanning tree protocol by limiting a VLAN in a single access switch

VLAN tagging- a process caused by setting up VLAN trunking (multi-switch, single VLAN) whereby the sending switch adds another header to the frame before sending it over the trunk (VLAN ID field)

VLANS can be set up across multiple switches without trunking using a separate cable between switches for each VLAN existing. This is not as ideal as trunking, in which one linked cable between switches uses VLAN tagging to handle multiple VLAN’s traffic.

2 VLAN standards- ISL(not typically supported now) and 802.1q. Both use 12-bit vlan tag, 802.1q also uses extra 4-byte header

No 802.1q header? Then defaults to native vlan (must be agreed upon by both switches)

Normal VLAN range = 1 to 1005 (on all switches) some switches use extended range VLANS of 1006 to 4094
Separate VLANS are also on separate subnets and can only communicate between each other via a router or a Layer 3 switch (which includes routing ability)

Show interfaces fa0/12 switchport -shows admin settings and status of port,vlan, etc

Show interfaces trunk-displays info only on trunking links, not access. If no trunking links are configured, this will display nothing. Broken up into 3 output categories:
*VLANs allowed: VLANs 1 - 4094, minus those removed/left out by the switchport trunk allowed VLAN command
*VLANs allowed and active:Shows VLANs allowed, minus VLANs not configured or in shutdown (administratively disabled mode ) or not learned of through VTP
*VLANs in spanning tree: Same output as VLANS allowed and active., minus those in STP blocking state and those pruned/excluded from the trunk

Switchport trunk native vlan 02 - command for setting native vlan. If two switches have a different native vlan set, this causes a frame mismatch issue called VLAN hopping.

Switchport access vlan - tells the switch to assign the port(s) to a single VLAN as opposed to using trunking

Switchport mode access -disables the protocol that negotiates trunking (Dynamic trunking protocol). Use this along with the above command.

VTP (virtual trunking protocol) - Cisco proprietary tool that advertises each VLAN configured in one switch (with the vlan number command) so that all other switches in the network learn about that vlan.

Vtp mode off - works on newer switches to disable vtp

Vtp mode transparent-works on older and newer switches to effectively disable vtp

^Both modes prevent VTP from learning and advertising about VLAN configs. The modes allow a switch to configure all VLANS, including standard and extended range VLANS. Switches using either of these modes also list the vlan config commands in running-config file

Switchport trunk allowed VLAN - If you want all VLANS on switch to utilize the trunk link, there is no need to use this command.However, if you want only a certain amount of the configured VLANS on a switch to utilize the trunk, this command is needed.
E.G. =switch(config-if)# switchport trunk allowed vlan 5-15 (thereby removing all others from traversing/utilizing the trunk)

Never experiment with VTP settings on a switch in a production environment. You can end up deleting VLANs and causing outages.

Switchport mode access-always act as an access (non-trunking) port

Switchport mode trunk-always act as a trunk port

Switchport mode dynamic desirable- Initiates negotiation messages and responds to negotiation messages to dynamically choose whether to start using trunking

Switchport mode dynamic auto- Passively waits to receive trunk negotiation messages, at which point the switch will respond and negotiate whether to use trunking (If two connected switches are set to this, nothing will happen as both will not initiate negotiation. If one is set to dynamic desirable, communication/negotiation will then occur)

Show interfaces gigabit 0/1 switchport- If “Operational mode:static access” appears, switches both set to dynamic auto and trunking has not been initiated as communication has not gone through.

Switchport nonegotiate - disables Dynamic Trunking Protocol (DTP) . Setting a port to switchport mode access also disables DTP (DTP=negotiation between switches of either the use of 802.1q or ISL

The operational mode (static access) means that the port is not a trunking port but instead is assigned to one VLAN. The access mode VLAN (11) is the VLAN to which the port is assigned, assuming that it is acting as an access port.

IP Telephony port key topics:
*Configure these ports like a normal access port to begin: Configure it as a static access port and assign it an access VLAN

*Add one more command to define the voice VLAN (switchport voice vlan 2 e.g.)

*Look for the mention of the voice VLAN ID, but no other new facts, in the output of the show interfaces fa0/2 switchport command

*Look for both the voice and data (access) VLAN IDs in the output of the show interfaces fa0/2 trunk command

Do not expect to see the port listed in the list of operational trunks as listed by the show interfaces trunk command

show interfaces trunk and show interfaces switchport are the best commands to check trunking-related facts (and for troubleshooting)

These commands are near-impossible to memorize without constant lab practice. I tend to bounce back and forth between using my physical lab and using Packet tracer. Packet tracer is great for scenarios involving equipment that I simply don't have the money to recreate in the physical capacity. Another great thing about packet tracer is the pre-made packet tracer labs/files that others have already made and are often free for download. www.thekeithbarker.com is a great resource for pre-made Packet Tracer labs (with accompanying videos) and Keith is a very energetic and informative host (no pun intended). This following link was also extremely helpful for putting VLAN commands to practice: https://www.youtube.com/watch?v=aBOzFa6ioLw In the meantime, back to the lair! More posts coming soon!

Back on track

It's been some time since my last post, but I am back on track with my CCNA studies. Cisco recently made some changes to the certification exam, combining ICND1 and ICND2 into a single exam/cert that includes additional topics not in the previous one. I purchased Wendel Odom's Official Cert Guide books for the 200-301 CCNA (the new one) and I cannot give the books enough praise so far. He does an excellent job of explaining the concepts, putting them to practice, and providing helpful analogies. I've been making it a priority to spend at least two hours a day reading the book or putting things to practice on my router/switch lab.
Image may contain: 2 people

What I have found helpful is making bullet point-style notes of any concepts or commands that I am unfamiliar with in a Word document I have up. I do this chapter-by-chapter as I go through the book. I also take advantage of the chapter questions and use a program called Flashcard Hero to retype any questions/answers in the book that I got incorrect. This is by the far the most confident I have felt studying for the CCNA to date and is a study recipe that I highly recommend. My goal is take and pass the CCNA this year.

Welcome

Hello and welcome. This blog is meant to chronicle my journey into and through the never-ending and invigorating rollercoaster ride that is IT and computer networking. I intend to share with you the story of how I ended up on my IT path, as well as share tips and tricks that help me with certain concepts as I learn them. My hope is that I will encourage others who are receptive to the IT/Networking path to take the plunge as I did.

To start, I want to lay some groundwork on my career bio. I went to school and earned my bachelor degree in 3D animation and visual FX. Although I learned some very neat aspects of the 3D animation pipeline, I eventually realized after graduating that this was not the field I wanted to pursue. The Hollywood Visual FX industry is very difficult to break into, to the point where entry level positions that pay next to nothing were incredibly difficult to obtain, even with a degree. Mid-level positions were also nearly impossible to land for anyone not graduating top-of-the-class. Even some of the brightest and most talented students I went to school with were passed on by large studios left and right- not because of any shortcomings on the student's part, but because of the nature of the industry and the over-saturated applicant pool for what is a fairly "niche" market. Working in VFX can also be very unstable and geographically-limiting. When a show's season wraps up, when a movie project wraps up, contracts end. Geographically, Los Angeles and New York City are the two most logical cities that one in this field would find themselves in within the US. These caveats did not sit well with me and so I decided I needed a change.

Fast-forward 3 years. My foray into technology began with a recommendation from a good friend to apply to a large Internet Service Provider as a tech support agent. This was a call center position and because of the vast amount of verbal abuse endured by these call center agents (and because most of the systems being used were proprietary), the company was more than willing to train agents from scratch who may not have had the most pertinent backgrounds in technology/networking.

This was the perfect opportunity for me. I was soon configuring various Small Office/Home Office routers to troubleshoot somewhat-basic networking issues. The calls would normally be in regards to slow speeds, unstable/intermittent connections, or a complete lack of connection. But occasionally, the issues would get quite a bit more complex. As I continued to be exposed to more and more networking issues and master the proprietary software our ISP developed for diagnostics, I began to go down the deep, seemingly bottomless rabbit hole of IT and networking. Calls ranged from older folks who could not figure out how to connect to their wifi to unexpected conference calls between myself and high-level network admins trying to figure out why their switches or routers could not reach the web or communicate to various subnetworks within their offices. Predicaments such as the latter were far beyond the scope of what my company expected or even wanted a Tier 1 agent (or really anyone there, regardless of tier) to be concerned with, but with every call, I gathered another little piece of the puzzle. Some ISPs draw their demarcation line (troubleshooting jurisdiction) at the router they provide, meaning that if their tests show no issues so far as their equipment, then anything on the other side is not their problem. However, certain other ISPs (and especially managed service providers) go far beyond that and after almost 3 years with my company, I knew that was the direction I had to pursue.

Soon enough, I outgrew my position and the company itself. I obtained my Comptia A+ certification and used this with my few years ISP experience to launch myself into a legitimate IT support role. I finally had the opportunity to troubleshoot Windows issues in an enterprise environment, an opportunity I had not had previously. Though we live in the internet age and have nearly-limitless opportunities to learn, there are certain troubleshooting experiences you can only come to encounter when you are supporting hundreds of end users across the country.

So that leaves us off where I am now, troubleshooting Windows 10 operating system and application issues and doing basic network troubleshooting with my new company. I am now Comptia Network+ certified as well. I tend to take baby steps in my certification path. Some had suggested I go for the CCNA at the time, but I did not feel ready. Upon my successful completion of the Network+, I immediately purchased a 3-switch,3-router Cisco lab with a thick lesson plan book from https://certificationkits.com . It's now official: I am embarking on my quest for the CCNA.

The Cisco journey begins

Most users tend to go with Cisco packet tracer, the free virtual lab software from Cisco which used to cost money but has now been generously made free by Cisco for all of us. I have nothing against virtual labs and do use Cisco Packet tracer occasionally for certain network scenarios, but I find I learn best on the physical equipment. For someone still learning to swim in the world of advanced networking, skills like putting together the mounting rack, attaching the devices and experimenting with physical ports and cables are invaluable. The fact that this setup cost me about $600 total also has me continually motivated to make the most out of what I have already spent. It works as a driving force to keep me focused.

With a virtual lab, I tend to get more easily distracted and put off learning with it. $600 might sound like a lot, but in the grand scheme of things it's nothing. Consider that a decent computer networking course at a decent community college is likely to span the course of a month or two and cost $1,000-$1,500. You've got a set amount of time to absorb the concepts and when it's over, you've got no equipment to use. Consider also that Networking bootcamp courses in general commonly cost several thousand dollars more than that. So now I've built my own classroom, get to go at my own pace, and I get to keep the equipment or sell it if/when I so feel the need. Add to this, that you can purchase courses from Udemy.com for $10-15 average that will introduce you to even more networking scenarios that you can now apply to your home lab. Though some will recommend purchasing everything separately from ebay, newegg, etc to save money, a complete all-in-one kit like this really makes things easier and will save you a bunch of time. I decided on a kit that fit my needs and it included three Cisco 1841 routers, three Cisco 2960 24-port switches, a bunch of crossover and straight-through (patch) cables, a console to serial cable (though I did have to buy a usb to serial adapter separately to utilize it. This could have been avoided if they instead provided a console to USB cable, but not a huge deal) and their lessons book that includes chapters on everything from RIPv2 routing to VLAN and Trunking setups, to name just a few. They also included a super helpful laminated CCNA Cram Sheet with a plethora of need-to-know concepts all plastered throughout the 3-page booklet. Also included is a small book on subnetting as well as IOS backup disc. I have even reached out to their support reps for help on certain lessons and could not believe how friendly and helpful they were in answering my questions. If you are motivated enough, I highly recommend checking them out.

Thus far, I have learned how to create a SSH (Secure Shell) line to my router, configured a VLAN across two different switches so that my 2 hosts/laptops could ping and communicate with one another, and configured one of my routers with double NAT, so that it can work in conjunction with my ISP router to reach the web. The latter was a lot more difficult than I expected, but only because it was a new venture for me. Learning the basics of the Cisco Command Line Interface also took some time.

Getting familiar with a Cisco enterprise router

If I didn't mention it before, I tended to skip around in the lessons I went through as it relates to my 1841 Router(s). It's crucial to first understand the Cisco Command Line Interface and the fact that commands you enter will only be recognized if they are entered in the correct user mode. Cisco themselves have provided a brief rundown that can help you get started: https://www.cisco.com/c/en/us/td/docs/switches/wan/mgx/mgx_8850/software/mgx_r3/rpm/rpm_r1-1/configuration/guide/appc.html

While I certainly picked up some skills and was able to get two of my Cisco 1841 routers to ping each other, something was still off. Although they could communicate with each other, I could not reach the web when plugging my laptop into Router 1. Surely, the end-goal of most routers is to connect subnetworks so that users can reach the internet, not just to be able to talk to other devices in the same location. I spent about a week scratching my head over this. I had a straight through cable running from a free port in my ISP router to my Cisco 1841 router. The port lit up green on the ISP router, the port lit up green on it's connecting port to my 1841 (FastEthernet Fe0/0), as I had made sure to enable the interface. Why could I still not reach the internet when plugging my laptop into port Fe0/1 on my 1841??

This is the part of my blog where I absolutely have to give a huge shoutout to the Cisco forum community. If you are serious about truly learning this stuff, you are going to run into issues that you may not be able to figure out, even with the help of Google.
I strongly suggest creating a free account with the Cisco community using the link below:
https://community.cisco.com/t5/technology-and-support/ct-p/technology-support

The Cisco community was able to help me get my 1841 router to work in conjunction with my ISP router and fully connect to the internet (you can see that thread here for the exact commands that needed to be entered). Looking back, this should have been the first thing I figured out how to do. The main issue I was running into was that my ISP router had Network Address Translation set up (which is common for most ISP routers). A VERY in-depth guide to NAT can be found here: https://computer.howstuffworks.com/nat.htm , but just know that my ISP router has a public IP address unique to the entire world and a private IP address that is unique only to the other devices in my home. Because of the fact that NAT was already at play on the ISP router, this required double NATing to be set up via my 1841 router, meaning that yet another private IP address range/subnet (172.16.0.x in my case ) needed to be configured on the Fe0/1 port of which my host computer was plugged into. Fe0/0 needed only to be given an IP address within the already-present private range that my ISP router was giving out. My ISP router (the default gateway) has a private IP address of 192.168.1.1. Because it is directly connected to my 1841 router via Fe0/0, that Fe0/0 port needed only to be assigned the address of 192.168.1.2 to be linked to the default gateway/ISP router. And now, SUCCESS! My laptop plugged in to Fe0/1 can finally reach that little old thing known as the world wide web!

Immediately upon getting online with my home lab, I decided it was a good time to display all my configurations so that I could familiarize myself with what I now know to be the correct configurations to do so. This has helped me immensely in understanding how routers connect networks and in hindsight, should have been among the first things learned. Below, I am going to show you several readouts of my Router config that will hopefully help you understand why it is configured the way it is and how it is reaching the web. I will also provide you with some command prompt information from my host laptop with hope that it will help solidify things further. I have included show running-config, show ip route, show ARP, as well as an ipconfig and a traceroute to google.com ran from my laptop connected to Fe0/1, just to help bring it all home. I've separated each by color to help make it easier to differentiate them. Click the link below to view the pdf of all readouts:
https://drive.google.com/file/d/1FNx7nJTLRjJeHAGw7QfMlWEPrsjMzXYm/view?usp=sharing