Network Automation
Network automation is something that is in the CCNA v1.1 exam and is 10% of that exam. Network automation covers topics like AI and machine learning, Ansible and Terraform, REST API’s and API’s in general along with JSON. Automation replaces manual processes to improve the speed, efficiency, and helps reduce human error. This is using software to configure and manage the network infrastructure. It can also operate both physical and virtual devices along with helping to test the infrastructure.
Artificial Intelligence and Machine Learning
This deals with the differences of generative AI, agentic AI, and machine learning. Generative AI is something that creates something new like new data or images. Agentic AI is more for autonomous actions to achieve something. There is also predictive AI that can predict variances in network baselines over time or something to predict future trends.
Machine learning is something that is used mainly for pattern detection and learning from the data. Machine learning is something that can analyze data flows to detect anomalies and variance from a network baseline. Generative AI can help with creating scripts or generating CLI commands for a given task. Agentic AI is where the AI can remediate issues with the network devices like isolation of an existing system due to an attack.
Ansible and Terraform
Ansible and Terraform both accomplish certain roles in network automation. Terraform is something that is more of infrastructure as code and is used for a desired end-state. Terraform does better at provisioning infrastructure and sets up the containers whereas Ansible is more for setting up the configuration of the network devices or the servers. Terraform works with HashiCorp Configuration Language (HCL) and Ansible uses YAML mainly for its configurations.
APIs, REST APIs, and JSON
APIs allow the software of one application to work with the software of another application. A REST API is something that is a structured way to talk to an API that acts as more of a style that works over HTTP. JSON is the language that is used to carry the data over the API using a REST API format.
Conclusion
I have the current CCNA v1.1 exam that I passed in December 2024. This exam covers Network Automation, AI/ML, Ansible and Terraform, REST APIs, APIs, and JSON. This information can help on the exam, which was in my opinion one of the exams that took longer to complete out of the time available. There are more technologies associated with network automation like Python, NAPALM and NETCONF APIs.
Network automation can provide enhanced network security, improve compliance, increase visibility and provide faster troubleshooting. This also provides the ability to automate VLAN changes, provide configuration backups and even software updates. Network automation lowers operational costs and provides faster provisioning of network services.
Zero Trust
Zero trust is where the device or user is no longer trusted by the network. This is effective in the context of verify explicitly, least privilege, and assume breach. These are the three main concepts of zero trust. There are also six foundational pillars that are Identity, Endpoints, Application, Data, Infrastructure and Networks. This zero-trust model is a foundational security strategy that removes the perimeter-based security to a new model where users are no longer trusted by the network.
Zero Trust Concepts
These are combined into a zero-trust matrix where the user or device must be verified explicitly, meaning that the user should re-authenticate as needed to maintain security. Applying the concept of least privilege also allows the user to only be given permissions to what they need to do their job role. The assume breach concept is when there is an assumption that the attacker has already established a foothold in the network.
By verifying explicitly, you can use the user identity, location metrics and things like device health to verify if a user should be authenticated. With using the least privilege, you can limit a user with just-enough-access in addition to risk-based policies to minimize a compromise. For the assuming breach concept you can design security policies with the mindset that attackers are already in. This could be by encrypting data or using analytics for detecting threats.
Foundational Pillars
Within the Microsoft Zero Trust implementation, it categorizes six foundational pillars. For Identity, there should be strong authentication verification of users, devices and services. Endpoints should comply with the service health metrics before gaining access. With Application make sure that you manage shadow IT and any unauthorized applications.
Data is considered to be zero trust by classifying, labeling and encrypting data to provide security where that data lives. Infrastructure should be monitored to detect anomalies and flag any activity on the severs or VMs that are suspicious. Using network segmentation and micro-segmentation provides an additional layer of security.
Conclusion
Zero trust is often paired with defense in depth where there are controls at different levels and an attacker would need to peel the onion layer by layer in order to breach a network. There are the foundational pillars of zero trust that add to the three core concepts and provide more knowledge of the defense in depth strategy.
I currently hold the SC-900 and the CCST Cybersecurity exams and can relate my knowledge to the concept of Zero Trust. If you are studying for any of these two exams try to remember to look at the exam topics. Try to also run through the topics to see where you are weaker and study them more. It is wise to set up a study plan and attack each exam with consistent study sessions.
Network Security Concepts
Network Security is essentially the intersection between computer networking and cybersecurity. This field is one of the eight main CISSP domains and is something that I want to pursue. Some of the network security concepts include the CIA Triad, Defense in Depth, Firewalls, Encryption, Decryption, Network Segmentation, VPNs, and IDS/IPS devices.
CIA Triad
The CIA Triad is Confidentiality, Integrity, and Availability. This along with Authentication, Authorization and Non-repudiation are the main components of the CIA Triad. Confidentiality uses encryption to keep data protected. Integrity makes sure that the data is unaltered and accurate when data is in use. Availability is making data available for the people that are authorized to use the data.
Defense in Depth
Defense in Depth is the concept that everything should be protected and used as another layer of security so that an unauthorized user doesn’t have access to other systems which are protected by other security measures. These can be physical, administrative or technical controls that are used to prevent access to essential data or systems.
Network Security Devices
Firewalls, Intrusion Detection Systems, and Intrusion Prevention Systems are network security devices that can help protect a network. Firewalls are essentially perimeter security devices that can inspect, filter or control data in any direction from getting into or out of a network.
Intrusion Detection Systems are a network security device that is not inline and detects then alerts attempts to breach the network. Intrusion Prevention Systems are inline and can detect, alert, and prevent attacks from happening using automated responses. Firewalls, IDSs, and IPSs are able to be used together and will allow for a more secure network perimeter.
Other Concepts
VPNs can allow for encryption and decryption of data from different sites or remotely into an HQ and with Network Segmentation can be combined to form some of the Defense in Depth controls. Network Segmentation is mainly used for VLAN security in a LAN environment and there are also VXLANs that can separate client networks in a cloud environment.
Conclusion
These Network Security Concepts are sometimes used to justify network security measures. With Defense in Depth controls, there are some additional protections that network security has which is at the core of enterprise security measures. Network Segmentation is something that can happen in a Data Center with VXLANs providing virtual segmentation over an underlay network which are the physical switches and routers.
Network Security is the main field that I am wanting to go into, and I already have the Cisco CCST Cybersecurity and the SC-900 from Microsoft. These two complement each other nicely and I will be pursuing the ISC2 Certified in Cybersecurity as those three certifications will replace the need for me to get a CompTIA Security+ certification.
VLANs and VTP
Virtual Local Area Network or VLANs are a way to segment traffic in a network. These VLANs are built on the concept of trunking which on a Cisco switch allow traffic from multiple VLANs to access that link. The trunk is essentially for two or more VLANs that can go across it. VTP is Virtual Trunking Protocol and is a Cisco proprietary protocol that can help manage the VLANs on multiple networking devices. Understanding VLANs and VTP is something that would help you study for and pass the CCNA exam.
Trunking
Trunking is something on a Cisco switch that allows for tagging VLANs that are able to access the trunk link. If set up correctly with the 802.1q encapsulation you can manage the trunk links by tagging these trunks and keeping the untagged ports as access ports. There are some additional settings like allowed VLANs on a trunk link. A trunk link must have the 802.1q encapsulation on both sides of the link in order to operate as a trunk. There is a Cisco encapsulation that is an older way to configure trunks which is ISL or Inter-Switch Link.
VLANs and VLAN Pruning
VLANs have some settings that you can configure like allowing a Voice VLAN, an access VLAN and the native VLAN, that is the default option for VLANs. VLAN pruning is something that is more for disabling a certain VLAN on a switch so that the VLANs don’t require extra work on a switch that doesn’t need it. The VLAN pruning option is configured for the switches that don’t use all of the allowed VLANs on a trunk.
VTP Modes and Domains
VTP has three modes which are Transparent, Client, and Server. These modes replicate changes to the VLAN database with Client only receiving the updates, Server managing the updates and Transparent that doesn’t allow anything but local updates. There are some configuration items for VTP like configuring a VTP Domain, and a VTP Password. Additionally, the revision number is the thing that switches look at to see if they have the newest VTP changes.
Conclusion
VLAN and VTP configurations do matter on the network as this is how the VLAN database changes are configured on a LAN. There are additional configuration options that are available and note that you need to configure an access port with switchport mode access and switchport access VLAN 10 or whatever the VLAN is for it to work. In order to configure a trunk on a Cisco switch you will need to set the encapsulation on both sides and then configure the switchport mode trunk to get both sides to enable the trunk.