VLANs and VTP
Virtual Local Area Network or VLANs are a way to segment traffic in a network. These VLANs are built on the concept of trunking which on a Cisco switch allow traffic from multiple VLANs to access that link. The trunk is essentially for two or more VLANs that can go across it. VTP is Virtual Trunking Protocol and is a Cisco proprietary protocol that can help manage the VLANs on multiple networking devices. Understanding VLANs and VTP is something that would help you study for and pass the CCNA exam.
Trunking
Trunking is something on a Cisco switch that allows for tagging VLANs that are able to access the trunk link. If set up correctly with the 802.1q encapsulation you can manage the trunk links by tagging these trunks and keeping the untagged ports as access ports. There are some additional settings like allowed VLANs on a trunk link. A trunk link must have the 802.1q encapsulation on both sides of the link in order to operate as a trunk. There is a Cisco encapsulation that is an older way to configure trunks which is ISL or Inter-Switch Link.
VLANs and VLAN Pruning
VLANs have some settings that you can configure like allowing a Voice VLAN, an access VLAN and the native VLAN, that is the default option for VLANs. VLAN pruning is something that is more for disabling a certain VLAN on a switch so that the VLANs don’t require extra work on a switch that doesn’t need it. The VLAN pruning option is configured for the switches that don’t use all of the allowed VLANs on a trunk.
VTP Modes and Domains
VTP has three modes which are Transparent, Client, and Server. These modes replicate changes to the VLAN database with Client only receiving the updates, Server managing the updates and Transparent that doesn’t allow anything but local updates. There are some configuration items for VTP like configuring a VTP Domain, and a VTP Password. Additionally, the revision number is the thing that switches look at to see if they have the newest VTP changes.
Conclusion
VLAN and VTP configurations do matter on the network as this is how the VLAN database changes are configured on a LAN. There are additional configuration options that are available and note that you need to configure an access port with switchport mode access and switchport access VLAN 10 or whatever the VLAN is for it to work. In order to configure a trunk on a Cisco switch you will need to set the encapsulation on both sides and then configure the switchport mode trunk to get both sides to enable the trunk.
CIA Triad
The CIA Triad is a fundamental security model in cybersecurity and is composed of Confidentiality, Integrity, and Availability. Confidentiality is something that ensures that data is kept confidential by allowing only authorized users access to the data.
The main thing about Integrity is that data is kept to the same level of protection and that the data could only be changed by the person that changed it thus providing non-repudiation. Availability is the concept that data remains available for the authorized users provided that they are authenticated.
Confidentiality
Confidentiality is the thing that ensures data is kept private and only accessible for authorized users. This is ensured by encryption, access controls and with strong authentication measures. Confidentiality builds trust in the security measures and ensures legal compliance by protecting the organization’s reputation. Threats to confidentiality include phishing, social engineering and password attacks.
Integrity
This makes sure that data has not been altered by malicious users or compromised. Integrity of data is that it maintains its trustworthiness and accuracy. Hash validation is one way to maintain integrity and verify if data has been corrupted or altered. Integrity protects against intentional and accidental modifications of data ensuring that the information remains trustworthy. Threats to Integrity include modifying data, man in the middle attacks and unauthorized file modifications.
Availability
This is where data is available to users for business continuity. Also, where data and systems are available to authorized users when necessary. This includes items like data backups and server maintenance. Availability ensures that the business can continue to function in the event of an incident or a failure of a system. Threats to availability include ransomware, denial of service attacks, distributed denial of service attacks, hardware failures and natural disasters.
Substack Note on Impostor Syndrome
I have posted a note on Substack that is a short form blog post that is about imposter syndrome. It can be found at the following link:
https://substack.com/@dejongaaron/note/c-207972601
In this Substack note the main point that I was covering was that one of the pain points in studying for cybersecurity exams is imposter syndrome. This is further discussed in the Substack note. I will do a post next time; it was my first time doing Substack so bear with me.
Conclusion
The CIA Triad is useful as a security model for understanding fundamental cybersecurity principles, incident response and disaster recovery. It also serves as the basis for understanding security vulnerabilities and creating policies that protect data at rest, data in transit and data in use.
Introduction
In the Computer Networking industry there are some topologies for setting up the network in the LAN or Local Area Network. When you begin to develop a sense of computer networking you can group networks into network types and network topologies. Understanding the basics of computer networking will allow you to develop your skills in Cybersecurity.
There are also other network types like the LAN that are MAN (Metropolitan Area Network) or WAN (Wide Area Network). These are general network types that are non-vendor specific and can be instituted in other networks. Some of these other network types include the PAN or Personal Area Network and the CAN which is the Campus Area Network.
The network topologies include the bus, ring, star, mesh, full mesh, and hybrid topologies. The bus topology is something that has happened in the past and is less common where all of the computers are situated along one cable. This is a configuration that was common in the beginning of networking.
Ring Topology
The ring topology includes some older technology as well, which is Token Ring. Token Ring is a technology that was used by setting up computers in a ring-shaped topology where the computers are all located along the ring and use the token to communicate.
Star Topology
Going into the star topology, it is used today and is where the computers sit around a central switch which resembles a star shaped topology. The star topology could also be around a hub or a piece of technology that is centrally connecting computers together. The star topology is useful in a LAN environment where there are buildings or floors that need to be connected to each other from a central location.
Mesh and Full Mesh Topologies
There are some other topologies that are connected in either a mesh or full mesh shaped topology where the central devices are connected to each other resembling more of a modern network topology with the full mesh being something where the central devices are fully connected to all other switches.
Conclusion
There is also a hybrid topology which is a combination of network topologies. This is usually the most common type of topology. The network topologies can include the physical topology which is the physical equipment and a logical topology where the flow of data goes across the different network types.
Within computer networks there are some basic knowledge items that will help you in your journey in IT and in both computer networking and cybersecurity specifically. Helping you understand these topics will help you in the path that you are wanting to do for your IT career.
aaron597.com
The way that I am going about the content on this blog is to go over more technical training and educator kind of content. This blog is also more for the actual information on the technical content as I will be going through AWS, Microsoft, and Cisco technologies. This content is something that I am working on as far as my nine IT certifications and the things that I will be going through include Linux Essentials, ITF+, A+, CCST Networking, CCST Cybersecurity, CCNA, MS-900, AZ-900, and SC-900 topics.
Technical Training
On this blog, I will be posting about my journey in the technical training and educator certifications. I’m working on some training before I can get the Microsoft Certified Trainer certification as I need to have an eligible certification which I have chosen as the AZ-104. There are also some courses that I will be studying on Udemy which include a CTT+ course and a Train the Trainer course. The CTT+ is a retired certification and is no longer offered by CompTIA.
Technical Content
I will be focusing on the certifications that I have passed for the technical content that I will be working on for this blog. Some of the topics that I will be doing include Computer Networking, Cybersecurity, and Linux. Focusing on these areas will help to alleviate some of the pain points that come up with studying for certification exams which is what my sole proprietorship’s mission is.
There are some things that I could do with my technical content like Microsoft focused snippets on my blog and some more in-depth articles about similar topics. In addition, I could work with Cybersecurity focusing more on the SC-900 and CCST Cybersecurity content. There are some IT Fundamentals that I could do with the ITF+, A+, and MS-900. There is also Networking and Linux content that I could do for the CCNA and Linux Essentials building on the prerequisites for Cybersecurity.
Conclusion
There will be technical content that I will be doing next week on this blog which will be scheduled for 2:05pm MST on Saturday’s. This is only a portion of what we do at Aaron W. DeJong, to see the other content please check out aaronwdejong.net and I will be rolling out another website. This website will focus on alleviating pain points on studying for certification exams. It will be on mrcertification.tech and I am working on this coming out in the next few weeks.
I will be working on more content this year and will work more on the blogs and articles with a better plan on how to structure my content. The way that I am going to deliver on this is by developing more content and expanding my reach on Medium, aaron597.com, and aaronwdejong.net along with developing another channel on mrcertification.tech.