How to Respond to Apache Log4j using Cisco Secure Analytics

IT and Security professionals worldwide are working to assess and mitigate their exposure to Apache Log4j vulnerability (CVE-2021-44228). The following guide has been put together for current Secure Network Analytics and Secure Cloud Analytics customers, providing suggested ways to leverage your deployment to assist in your detection and response efforts. 

Customers can research any prior interactions with known indicators such as IP addresses tracked by Cisco Talos intelligence group and should create Custom Security Events and Watchlists to identify any future communication with the known indicators. Customers should keep a close eye on any issued detections that would indicate an attack might be underway, since the activity following this exploit can vary greatly. Potentially related detections include Suspected Cryptocurrency Activity, Watchlist Observations, Unusual Geographic Access, Lateral Movement, Data Hoarding, etc.

Vulnerability Description

Apache Log4j is a java-based logging framework library.  The JNDI (Java Naming and Directory Interface) component in Apache Log4j versions 2.0-beta9 through 2.14.1 improperly handles log messages.  Certain user-supplied log messages are improperly executed prior to being written to log files.  Unauthenticated remote attackers can leverage specially crafted LDAP log messages to download and execute arbitrary code with elevated privileges.  Please note that due to the widespread use of this library that other vectors besides LDAP are possible depending on the implementation.

Exploitation

This vulnerability is being exploited in the wild, first detected on December 9, 2021.  Public proof of concept code is also available from multiple sources, which can be easily weaponized.

Monitoring Indicators of Compromise

Cisco Talos has published a series of Indicators of Compromise (IOC’s) including IP addresses of hosts serving malicious payloads in their blog located at: https://blog.talosintelligence.com/2021/12/apache-log4j-rce-vulnerability.html

Please check the Talos blog regularly for updates.

There are several methods to detect evidence of exploitation in your environment using Secure Analytics products.  We’ll start with Secure Network Analytics, followed by the techniques you can use for Secure Cloud Analytics.

Secure Network Analytics

The Secure Network Analytics screen shots below were taking in version 7.4.0, the latest software release.  Older versions of software may look or function slightly differently as we are constantly adding new features and functionality.  The general concept and steps will still apply in older versions even if the screen shots are not an exact match.

Search for Past Evidence of Exploitation using Secure Network Analytics – Method One

Users should perform a Flow Search going back at least 7 days for the IP’s provided by Talos. Exploitation was first detected on December 9, 2021, but it is possible that activity was happening prior to this date. Consider searching back further than 7 days.

1. From the Manager’s web UI click on the Analyze menu then select Flow Search.

2. Select “Last 7 Days” for the Time Range.

3. Select “Inside Hosts” as the Subject host group.

4. Enter the Talos IP’s as Peer Host IP Addresses.

5. Click on Search to return any matches between inside hosts and the Talos IP’s.

The Flow Search criteria should look like the following:

Search for Past Evidence of Exploitation using Secure Network Analytics – Method Two

Users should perform a Host Search for the IP’s provided by Talos. The Host Search will report if Secure Network Analytics has ever seen an IP address, and if so, when it was first seen, last seen, the total bytes, and by which Flow Collector.

1. From the Manager’s web UI click on the Analyze menu then select Host Search.

2. Enter the Talos IP’s in the IP Address field.

3. Click on Search to run the Host Search and view the results. Ideally, the report will read “Never” next to each IP for the First Sent and Last Sent columns and “None” for the Total Bytes column.

The Host Search criteria should look like the following:

Detect Future Malicious Communications using Secure Network Analytics

Users should create an outside host group containing the Talos IP’s.  A Custom Security Event (CSE) can be built to look for traffic to this outside host group.  This CSE will fire on future communications to these IP’s.

1. From the Manager’s web UI click on Configure then select Host Group Management.

2. Click on the ellipses (…) to the right of the Outside Hosts host group and select Add Host Group. (Users may wish to nest this new host group under another parent depending on their host group structure.)

3. Enter “Log4j Talos IP Watchlist” (or similar) as the Host Group Name field.

4. Enter the Talos IP’s in the IP Addresses And Ranges field.

5. Click on Save to create the new host group.

The new host group criteria should look like the following:

5. To create the CSE click on the Configure menu and select Policy Management.

6. Click on Create New Policy near the top-right of the page and select Custom Security Event.

7. Enter “.CSE: Log4j Talos IP Watchlist Traffic” (or similar) into the Name field.

8. Click on the plus (+) sign under the Find field and create the following criteria:

◉ Subject Host Groups: Inside Hosts

◉ Peer Host Groups: Log4j Talos IP Watchlist

9. Toggle the Status to On.

10. Click on Save to create the CSE, which will then fire any time traffic is seen between inside hosts and the Talos IP’s in our watchlist host group. Take note of the description that is built inside the CSE describing when it will fire: When any host within Inside Hosts communicates with any host within Log4j Talos IP Watchlist, an alarm is raised.

The CSE criteria should look like the following:

Detection with the Flow Sensor Payload Data using Secure Network Analytics

Customers with Flow Sensors can search payload data looking for “ldap://” going back at least 7 days in a flow search.  Exploitation was first detected on December 9, 2021, but it is possible that activity was happening prior to this date.  Consider searching back further than 7 days.

1. From the Manager’s web UI click on the Analyze menu then select Flow Search.

2. Select “Last 7 Days” for the Time Range.

3. Select “Inside Hosts” as the Subject host group.

4. Select “Outside Hosts” as the Peer host group.

5. At the bottom-center of the flow search criteria, expand the Advanced Connection Options.

6. In the Payload field in the Advanced Connection Options and enter the following: ldap://

7. Click on Search to return any matches for that payload. Please note that legitimate uses of LDAP will appear depending on your environment’s implementation.  Look for any unusual requests to servers that are not domain controllers or LDAP servers.  You may wish to exclude these hosts in revised Flow Searches.  Alternatively, set both the Subject and Peer host groups to Inside Hosts to look for internal exploitation.

The Flow Search criteria should look like the following:

Search for Abnormally Large LDAP Queries using Secure Network Analytics

Users should perform a flow search going back at least 7 days looking for abnormally large LDAP queries between affected servers and outside hosts.  Exploitation was first detected on December 9, 2021, but it is possible that activity was happening prior to this date.  Please note that this vulnerability exists in a library that the attack vectors may vary greatly depending on the implementation.  Customers should adjust flow search criteria to match the ports, protocols, and applications that match their exact implementation.  You may also consider making an Inside Hosts host group of known vulnerable servers and focus on that host group.

1. From the Manager’s web UI click on the Analyze menu then select Flow Search.

2. Select “Last 7 Days” for the Time Range.

3. Select “Inside Hosts” as the Subject host group.

4. Select “Outside Hosts” as the Peer host group.

5. Under the center Connections box, click on Select under Applications. The Applications Selector will appear on the left-side of the page.

6. Either search for or scroll down and select the following applications on the Include tab (this is the default tab):

1. LDAP

2. LDAP (unclassified)

3. LDAPS

4. LDAPS (unclassified)

The selections should look like the following in the Applications Selector:

1. Click on Apply in the bottom-right corner of the Applications Selector to return to the Flow Search.

2. At the bottom-left of the flow search criteria, expand the Advanced Subject Options.

3. In the Subject Bytes field in the Advanced Subject Options enter the following: >100

4. Click on the radio button labeled Client under Orientation at the bottom of the Advanced Subject Options.

5. Click on Search to display any abnormally large LDAP queries from a vulnerable server reaching out to download a malicious payload. Depending on how your environment is configured you may find legitimate large LDAP queries with certain hosts.  You may wish to exclude these hosts in revised Flow Searches.  Alternatively, set both the Subject and Peer host groups to Inside Hosts to look for internal exploitation.

The Flow Search criteria should look like the following:

Detect Future Abnormally Large LDAP Queries using Secure Network Analytics

A Custom Security Event (CSE) can be built to automatically detect abnormally large LDAP queries.  Please note that this vulnerability exists in a library that the attack vectors may vary greatly depending on the implementation.  Customers should adjust flow search criteria to match the ports, protocols, and applications that match their exact implementation.  Users will want to use the refined the search criteria used in the previous Flow Searches and make those criteria match the CSE.  For example, excluding servers which legitimately perform large LDAP queries on a regular basis to avoid generating a lot of noise.  You may also consider making an Inside Hosts host group of known vulnerable servers and focus on that host group.

5. From the Manager’s web UI click on Configure then select Policy Management.

6. Click on Create New Policy near the top-right of the page and select Custom Security Event.

7. Enter “.CSE: Log4j Abnormally Large LDAP Queries” (or similar) into the Name field.

8. Click on the plus (+) sign under the Find field and create the following criteria:

◉ Subject Host Groups: Inside Hosts

◉ Peer Host Groups: Outside Hosts

◉ Subject Applications to Include: LDAP, LDAP (unclassified), LDAPS, LDAPS (unclassified)

◉ Subject Bytes: >100

◉ Subject Orientation: Client

9. Toggle the Status to On.

10. Click on Save to create the CSE, which will then fire any time abnormally large LDAP requests are made from a vulnerable server reaching out to download a malicious payload. Take note of the description that is built inside the CSE describing when it will fire: When any host within Inside Hosts, acting as a client; using any disallowed application; with a total payload of >100 bytes communicates with any host within Outside Hosts, an alarm is raised.

The CSE criteria should look like the following:

Global Threat Alerts

Detect Log4j Scanning and Malware Installation using Global Threat Alerts

Secure Network Analytics customers with Global Threat Alerts (GTA, formerly known as Cognitive Intelligence) have two new Log4j alerts available.  These alerts require enabling the Global Threat Alerts feature, which is included with a Secure Network Analytics license at no additional charge. The Global Threat Alerts integration instructions are available at: https://drive.google.com/file/d/1cMio5EM_6Q_GaQybFxyK4V2aDtHOAHy5/view?usp=sharing

Clicking on either link below will bring you to your GTA console and let you know immediately if the detection has fired and Log4J exploits are in your network

Log4Shell vulnerability scan – this alert checks for outbound scanning which may indicate a vulnerability scan, penetration tests, or exploited devices searching for new vulnerable hosts to exploit.  It can be accessed directly at: https://cognitive.cisco.com/ui/threats/3e494958-8fad-4aea-b540-2d6002886bf6

Malware installation through Log4Shell – this alerts monitors for an outgoing response indicating successful Log4j exploitation. It can be accessed directly at: https://cognitive.cisco.com/ui/threats/69ad2359-dc2b-415a-9a0e-d57b4b7aae79

Secure Cloud Analytics

Search for Past Evidence of Exploitation using Secure Cloud Analytics

Users should search the Event Viewer going back at least 7 days for the IP’s provided by Talos.  Exploitation was first detected on December 9, 2021, but it is possible that activity was happening prior to this date.  Consider searching back further than 7 days.

1. From the Secure Cloud Analytics portal click on the Investigate menu then select Event Viewer.

2. Make sure the Event Viewer is in inline mode by setting the toggle in the top-right of the screen to inline.

3. Change the Start Date to one week ago.

4. Under the Connected_IP field, click on the blue icon to display the filter conditions. Select the third option which reads “In list.”

5. Paste the Talos IP’s in the field under Connected_IP and then click away from the field to accept the list. The query will immediately start running.

The Event Viewer criteria should look like the following:

Detect Future Malicious Communications using Cisco Secure Cloud Analytics

The Talos IP’s are being regularly updated in our threat intelligence feed. Ensure you have the alerting enabled.

1. From the Secure Cloud Analytics portal click on Settings then select Alerts.

2. From the Alert Priorities page, search for “Talos” in the Alert Type field.

3. Set the priority to High and ensure the Alert is “Enabled”

Your alert list should look like the following:

4. We recommend reviewing all alert types, priorities, and whether they are enabled to ensure the detections can be triggered. Because the post-exploit activity could vary greatly, increasing alert priority and sensitivity for many of the tactics and techniques is highly recommended. Delete “Talos” from the search field to return to the complete list of detections for review.

The list of available detections should look like this:

Review Watchlist Observations to ensure any traffic to the Talos IP’s is being investigated in Secure Cloud Analytics

The “Talos Intelligence Watchlist Hit” alert described above is only triggered when a significant amount of traffic is exchanged with the IPs. We suggest you review any interactions with the Talos IPs through our “Watchlist Interaction” observation.

1. From the Secure Cloud Analytics portal click on Monitor then select Observations.

2. Select “Selected Observation” from the left panel

3. Choose “Watchlist Interaction” from the Observation Type Field

4. Set the Time Range to start on December 10th, when the IPs were first added to the Talos watchlists.

Your observation list should look like this:

5. You can investigate internal devices by clicking the down arrow next to device ID and review details on the Device, Alerts associated with the device, and Observations associated with the device.

6. You can investigate the external IP by clicking the down arrow next to the IP address and pivot to a variety of intelligence resources

Detect Suspicious Log4j Activity using Security Analytics and Logging in Secure Cloud Analytics

Secure Cloud Analytics customers with Security Analytics and Logging (SAL) integration can use Confirmed Threat Indicator Match – Hostname observations to detect suspicious Log4j activity.  This functionality does require firewall log data to be sent to SAL.

To check for these observations, follow these steps:

1. Visit https://<tenant-id>.obsrvbl.com/v2/#/observations/selected/type/cts_indicator_match_hostname_v1

2. Users will see the full list of Confirmed Threat Indicator Match – Hostname observations.

3. In the search field, search for “log4j” and click on Apply. If we have seen any suspicious activity related to Log4j starting from November 15, 2021 (15 days before the threat was first detected), there should be an observation.

Impact

The impact of the vulnerability allows attackers to execute arbitrary code from their hosted payload on a vulnerable server. In the event of successful exploitation, Secure Network Analytics and Secure Cloud Analytics will continue to monitor networks for anomalous and malicious activity.  You will have visibility on attacker actions taken, so be on the lookout for an uptick in suspicious behavior from any affected servers.  For example, Cisco Talos has observed attackers exploiting this vulnerability to deploy cryptominers.

CVSS Scoring

◉ https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

◉ Base Score – 10.0

◉ Severity Rating – Critical

Solution

Apache has released an updated version of Log4j and a workaround to address this vulnerability. Affected users of Log4j should upgrade to version 2.16.0 or apply the mitigation described in Apache’s advisory located at: https://logging.apache.org/log4j/2.x/security.html

Apache Log4j version 2.15.0 was found to have an incomplete fix to address CVE-2021-44228. Version 2.16.0 was released to address this incomplete fix and is described in CVE-2021-45046.

Source: cisco.com

Continue reading

Cisco 300-920 | DEVNET Specialist Exam | Free DEVWBX Exam Questions

Cisco DEVWBX Exam Description:

The Developing Applications for Cisco Webex and Webex Devices v1.0 (DEVWBX 300-920) exam is a 90-minute exam associated with the Cisco Certified DevNet Professional and Cisco Certified DevNet Specialist - Webex certifications. This exam tests a candidate's Webex development knowledge as it pertains to Webex API foundations, Webex Meetings, WebEx Devices, messaging, embedding Webex, and administration and compliance. The course, Developing Applications for Cisco Webex and Webex Devices, helps candidates to prepare for this exam.

Cisco 300-920 Exam Overview:

• Exam Name- Developing Applications for Cisco Webex and Webex Devices
• Exam Number- 300-920 DEVWBX
• Exam Price- $300 USD
• Duration- 90 minutes
• Number of Questions- 55-65
• Passing Score- Variable (750-850 / 1000 Approx.)
• Recommended Training- Developing Applications for Cisco Webex and Webex Devices (DEVWBX)
• Exam Registration- PEARSON VUE
• Sample Questions- Cisco 300-920 Sample Questions
• Practice Exam- Cisco Certified DevNet Specialist Webex Practice Test
  

Unlock New Careers with Cisco 300-920 DEVWBX Exam by means of Practice Test

Continue reading

How Cybersecurity Leads to Improved Sustainability

After managing the sudden switch to remote work in 2020, organizations are making a more permanent transition into the flexible hybrid workforce. The Federal Bureau of Investigation (FBI) found that cybersecurity attacks rose by 3-4 times from the transition to remote work in 2020. In addition, experts predict that ransomware will cost the world up to $20 billion in 2021 and is expected to be a greater concern with the hybrid work model. As a result, you’ll need to rapidly scale your security to account for the massive influx of remote and hybrid workers while simplifying and unifying your IT systems.

While implementing security controls is increasingly important, this also means more hardware appliances and virtual instances to secure different parts of the infrastructure. All this extra equipment and instances means more power consumption and heat dissipation, leading to adverse impacts on the environment. We’re taking steps to address this situation. There are a couple of ways we’re approaching this. Cisco products have security features which are built into our switches to prevent the need for separate security appliances.

Innovative methods to detect malware within encrypted layers

As an example, let’s look at the scenario where a traditional method of securing the deployment is used for decryption and identification of malware. As shown in Figure 1, you would first need to decrypt the traffic, then apply analysis (inspection / anti-malware), and finally encrypt the traffic again. The resulting power consumption is shown in Table 1.

Figure 1. Traditional deployment using Secure Sockets Layer (SSL) inspection

Table 1. Power consumption in a traditional deployment

As displayed in Table 1, the total power consumption for all the devices is close to 9500W. In the sustainable method we offer, the Cisco Secure Network Analytics (Cisco Stealthwatch) components like Stealthwatch Management Console (SMC) and Flow Collector (FC) are virtualized, which can be deployed on the existing X86 servers without needing the additional devices as shown in Figure 2.

Figure 2. Innovative and sustainable option using Cisco Secure Network Analytics (Stealthwatch)

In this scenario, Stealthwatch’s patented technology allows analysis of encrypted traffic without decryption. The ETA module in the catalyst switch provides Stealthwatch with the extra information for the analysis of the encrypted traffic without decryption.

Table 2. Power consumption using Cisco Secure Network Analytics with Catalyst switches

As the Stealthwatch components are virtual, they can be deployed in an existing X86 server, and the power consumption is minimal as compared to the dedicated appliances.

Another way Cisco caters to sustainable cybersecurity is by ensuring that the functionalities such as load balancing, packet broker functions, switching, and routing are all included in a single appliance.

Tables 3-4 highlight the difference between the traditional method and innovative new method for total power consumed for identifying malware in encrypted traffic:

Table 3. Traditional method power consumption

All the functionalities listed in Table 3 are now available in a single switch such as the Nexus NX 9300, which has the following power consumption:

Table 4. Power consumption using Cisco Nexus

This shows that there are alternate methods to detect malware within encrypted layers which are more sustainable, efficient, and less expensive compared to traditional deployments.

Source: cisco.com

Continue reading

O-RAN Plugfest 2021: Making 5G Adoption Cost-Effective for Brownfield Providers

5G adoption is causing mobile networks to grow at unprecedented rates. This brings with it significant new business opportunities but can also increase the complexity and cost of deployment and operations. An intelligent, programmable network enables communication service providers to take advantage of the growth that 5G offers while streamlining their operations to maximize return on investment.

Cisco is addressing these challenges head-on with our industry-leading NCS 500 portfolio. New enhancements enable simultaneous support of both traditional architectures RAN and open, virtualized RAN, with full interoperability.

Challenges for Brownfield Operators

Using an open architecture provides many cost benefits to service providers, leveraging a Commercial Off-the-Shelf (COTS) based infrastructure, automation features, and an open ecosystem to promote a competitive market.

While it is relatively easy for greenfield service providers to adopt 5G open RAN interfaces and architectures, it is extremely difficult for brownfield operators who have already widely deployed 4G.

One of the main challenges for brownfield operators is the lack of interoperability available when using legacy RAN interfaces with an open RAN solution. Replacing all existing 4G CPRI radios in the network with eCPRI based radios is not feasible, which makes adoption of an open RAN and DU virtualization very difficult.

When 4G and 5G are being deployed in the same cell site but running on two different architectures (proprietary 4G eNB and virtualized open 5G DU), it is cost-prohibitive for the provider.

Brownfield Interoperability

Cisco has been working with various Standard Development Organizations (SDO) to define an open and fully interoperable 5G RAN architecture.

Through collaboration, we were able to create a solution that could seamlessly integrate legacy radios on Cisco’s Converged SDN Transport architecture, while also standardizing the specifications to make it fully interoperable.

As a contribution to the O-RAN ALLIANCE, we drove the creation of an open Fronthaul gateway specification (O-RAN.WG7.FHGW-HRD.0-v02.00) to address deployment challenges for brownfield providers. This specification allows legacy CPRI based radios to communicate with open RAN 7.2x eCPRI based DU.

Cisco NCS 540 Fronthaul Routers, a key element to the Converged SDN Transport architecture, provide an open and programmable solution to host RAN network functions like Fronthaul Gateway (FHGW) and RAN resource configuration.

O-RAN PlugFest in India

We were able to demonstrate this successful integration during the O-RAN Global PlugFest 2021 hosted by Bharti Airtel in India. Through our multivendor demo, Cisco NCS 540 platform hosted the FHGW network function provided by VVDN technologies and verified the solution using Keysight Open RAN Studio and Signal Analyzer.

Fig: O-RAN PlugFest demo setup at Bharti Airtel

Cisco’s solution approach is vendor agnostic, helping service providers to consolidate functions, optimize network inventory, and reduce the cost of deployment.

FHGW allows seamless integration of legacy radios to ORAN 7.2x DU enabling operators to adopt ORAN architecture for existing 4G networks. Although the FHGW is deployed at the cell site, it can provide approximately nine times the optimization to transport bandwidth in a centralized RAN architecture.

Open hardware and API definition helps overcome proprietary dependencies of RAN functions and allows seamless integration in a multi-vendor environment.

A programmable platform promotes innovation and protects investment. The same platform can be programmed to function as a Fronthaul MUX / De-MUX for shared cell deployment.

Joint European O-RAN and TIP PlugFest

Cisco also participated in the O-RAN European PlugFest 2021 hosted by TIM OTIC laboratory in Torino, Italy. We were challenged to build two end-to-end, interoperability solutions leveraging multi-vendor O-DU / O-CU radio software components and O-RU elements for both 4G (LTE B7) and 5G (n3, n78).

In both cases, the NCS 540 Series Router was used to provide packet-based fronthaul to connect O-RU to O-DU and to distribute timing and synchronization taken from the TIM network to O-RU using PTP and SyncE protocols according to the O-RAN LLS-C3 model.

We successfully demonstrated compliance to O-RAN transport characteristics in multivendor environments including time synchronization, packet fronthaul, latency and jitter, telemetry, and packet-based fronthaul network automation.

Powering Open, Virtualized RAN in Brownfield Deployments Today

As service providers continue to deploy 5G, the benefits of adopting a virtualized RAN are becoming increasingly evident. By providing secure and zero-touch infrastructure over a resilient transport architecture, we can simplify the deployment of virtualized DU servers at cell sites.

Virtualized infrastructure requires the following interfaces for management and zero-touch operations:

1. Out of Band (OOB) interface for server management and infrastructure onboarding

2. The management interface for server, radio, and virtual DU OAM

3. Management interfaces for Kubernetes or virtual machine infrastructure and container management.

Secure infrastructure using well-defined quality of service (QoS) is key to ensuring traffic protection and traceability in a multivendor environment. Cisco NCS 540 Series Routers are based on proven hardware and software, which is necessary to provide a secure environment for cell site virtualization.

A mature QoS architecture provides traffic separation and defined service protection. Secure and encrypted algorithms support SSH, AAA, DHCP, ZTP, SNMP, IPv4/IPv6, MACsec, IPsec, gRPC, MPP, and rich access control list features.

Cisco secure zero-touch provisioning enables a secure automation framework not only for the router but also for virtualized DU and open Radio deployment at the cell site.

Programmability and Automation

Cisco offers a flexible and programmable architecture that service providers can begin to take advantage of today. With rich streaming telemetry support, networks can be monitored with streamed configuration and operational telemetry data on a centralized data virtualization tool. The platform provides extensive support for YANG and IETF Models, and OpenConfig.

With open management interfaces and APIs, we can enable end-to-end network management functions through the operational lifecycle of the brownfield cell site. Cisco offers off-the-shelf and customized Cisco Network Services Orchestrator (NSO) function packs to automate the provisioning of each mobile network domain including radio, virtualized functions, and transport.

Committed to Continued Innovation

Cisco continues to focus on technological enhancements that will help brownfield service providers reduce deployment costs. By providing a transport infrastructure that is open, programmable, secure, and verified against standards, we are empowering providers to seamlessly adopt virtualization and open, disaggregated RAN solutions in multivendor environments.

Source: cisco.com

Continue reading

Wi-Fi 6E: Changing the game for Sports and Entertainment venues

We hear a lot about how Wi-Fi 6E is going to change the way we work and play. With the ability to achieve higher throughput and lower latency due to more frequency availability and less congestion, combined with better security, Wi-Fi 6E has given us a new playbook of applications and use cases.

As a Distinguished Engineer in Cisco’s CX CTO organization, I spend a lot of time working within large public venues such as sports stadiums and music festival/concert venues to connect fans and create exceptional wireless experiences. I have the pleasure of working with professional sports leagues, Olympic Organizing Committee, U.S. Open, Live Nation, Clair Global and so many others to design, architect, and deliver networks capable of supporting the needs of tens of thousands of excited fans.  As an avid sports and music fan myself, it makes work fun!

Wi-Fi 6E connecting fans like never before

With the advent of Wi-Fi 6, we were able to make a huge difference in the efficiency and overall quality that Wi-Fi enabled venues provide to their guests. With the entry of Wi-Fi 6E, we take advantage of the same technologies and protocols but add the new 6 GHz band. This brings in stronger encryption (mandatory WPA3), better reliability, and most of all increased efficiency which leads to greater throughput. The E in Wi-Fi 6E is representative of the 6GHz band which further extends available spectrum and channels, providing much more space for devices. With its ability to carry more data than both 2.4 and 5 GHz, the 6GHz band allows fans to flawlessly stream and share their favorite moments.

OFDMA and Uplink MU-MIMO

Wi-Fi 6/6E makes use of Orthogonal Frequency-Division Multiple Access (OFDMA) and introduces Uplink Multiple-Input, Multiple-Output (UL MU-MIMO). These technologies provide the ability to deliver simultaneous bidirectional communication between Wi-Fi 6/6E access points and clients.  While MU-MIMO has been around since Wi-Fi 5, the ability to have clients utilize this on the uplink is new to Wi-Fi 6/6E.  This means more simultaneous users getting a better experience because the network can prioritize and schedule traffic and applications.

This is particularly important to the large stadiums and concert venues I spend a lot of time in. Uplink traffic typically far exceeds the downlink due to the number of connected users taking photos and videos and having those instantly uploaded to the cloud.  See below graphic from a recent event in a large stadium where the uplink traffic more than doubled the downlink traffic.

1200 MHz of wide-open spectrum

Wi-Fi 6E includes up to 1200 MHz of additional spectrum in the 6GHz band. The additional spectrum adds a ton more space for devices with plenty of channels. This helps us avoid the excessive collisions and contention for airtime that has become normal in these types of venues. In case you’re not aware, contention and collisions cause slow response times, introduce latency, disconnect devices from the network, and ultimately, drive less than positive experiences. Now apply this to large sports venues and music festivals and you can see how the additional spectrum allows fans to flawlessly stream and share their favorite moments without interruption.   It’s like adding a ton of additional lanes to a congested highway!

Something to keep in mind, some countries, such as the U.S. and Canada are allocating the entire 1200 MHz while others, only a portion. The below map is current from the date of this posting:

Source: Wi-Fi Alliance  https://www.wi-fi.org/countries-enabling-wi-fi-6e

OpenRoaming and Wi-Fi 6E: seamless and fast

Many of Cisco’s customers, especially those that specialize in entertainment, are jumping onto the OpenRoaming train. OpenRoaming, a technology developed by Cisco and standardized by the Wireless Broadband Alliance, enables seamless and secure connectivity to participating networks. Events such as Live Nation’s BottleRock and the USGA’s U.S. Open, to name a few, use OpenRoaming to automatically connect thousands of attendees to the Wi-Fi network without the use of usernames or passwords. Add in Wi-Fi 6E and its ability to support faster speeds and more devices, and you have the recipe for exceptional guest Wi-Fi experiences.

All in all, Wi-Fi 6E at large venues is a game changer that enables more devices to connect with less contention for space, increased speed, better reliability, and more robust security. It’s a match made in IT heaven.

Stay tuned for more on Wi-Fi 6E!

Source: cisco.com

Continue reading

Top Tips to Pass CCNP Enterprise 350-401 ENCOR Exam

With the constant evolution in technology, every organization worldwide requires an IT professional to help them remain at the top of the most advanced trends, increase their security, and boost overall performance. If you are presently creating your career in IT, you know how difficult it can be to obtain a Cisco certification. Yes, having one of these will unlock plenty of professional opportunities for you, but not every person tends to do this. The following section will focus on the CCNP Enterprise 350-401 ENCOR exam and explain everything you require to know.

CCNP Enterprise 350-401 ENCOR Exam Information

After passing the CCNP ENCOR exam, an applicant will hold the skills of troubleshooting, configuring, and operating wireless and enterprise wired networks. It is why this exam measures one’s skill in infrastructure, architecture, virtualization, automation, network assurance, and security.

The exam comprises 90 to 110 questions. The questions type is multiple-choice, and the exam takers have 120 minutes to answer them. You have to obtain 750-850 to pass the exam.

When it comes to candidates eligible for this exam, they require to hold relative knowledge and experience working on Cisco networks. It is why it is suggested that applicants hold some working experience. This isn’t a formal requirement, but it will be helpful if they are already familiar with the fundamentals. This CCNP ENCOR certification is the best fit for System Engineers and Integrators, Network Consultants, and Cisco Channel Partners. If you don’t hold this knowledge, you will first need to acquire all the skills evaluated on the CCNP Enterprise certification.

Top Tips to Pass CCNP Enterprise 350-401 ENCOR Exam

Let’s explore some tips for this Cisco exam preparation. Cisco certification exam passing ratio is very less, indicating that you will have to invest a lot of time and effort. It will expect you to dedicate four to five months for exam preparation. Yes, we perceive how frightening this may look, which is why you should enforce the following tricks.

Concentrate on the CCNP ENCOR Exam Topics

The first thing you have to do is find the complete list of CCNP ENCOR exam topics. Finding this syllabus is moderately simple. You just need to google search, and several results will give you. But without doubt, you should only visit Cisco’s official page and other trusted websites.

 Each of the topics is marked by percentage, so you will understand which requires more time and focus. You should study all of them.

Create a Study Schedule to Organize Your Studies

The key to passing this 350-401 ENCOR is organizing your studies. We understand that we have possibly devastated you a bit, but you will be good if you have sufficient time to commit yourself to this task and plan out every study session. So, make sure to investigate when the date of the exam is, and therefore, this is the first thing you have to learn.

Furthermore, think about your everyday life, and find a few hours a day to study. Yes, this can be a challenge if you have a full-time job and a large family, but you have to do it. Even two hours per day will be sufficient. But, keep in mind that you require to concentrate completely, which means no disturbances. Make a realistic study schedule and follow it no matter the temptation.

Collect the Relevant Study Resources

The next step to take in your CCNP ENCOR exam preparation is obtaining essential study resources. You should start with the Cisco 350-401 study guide. And make sure you read it at least two times. This study guide will equip you with all the essential information about the exam and includes exam questions.

Best Study Resources for Cisco 350-401 ENCOR Exam Prep

Moreover, it may also be great to make short notes after going over each topic. Some people don’t like this approach, but it can be helpful. Not only will you be able to determine how much you have grasped, but these notes will be a superb tool for the final revision.

Cisco 350-401 ENCOR Practice Test

Taking the CCNP ENCOR practice test is the best way to gauge your learning. You can find many websites providing online practice tests for Cisco exam preparation, such as NWExam.com. At the same time, you can perform practice tests to gauge your skills during the whole process of prepping. This way, you will comprehend whether you have to go over definite topics again.

Online Training Courses

If it appears to you that you cannot be prepared for this exam by self-studying approach or simply that you won’t be very effective on your own, there are always online courses you can take up. Yes, you will have to pay some money for online training courses, but keep in mind that they will ultimately pay themselves off. You will get a tone of other study resources and collaborate with experts who will help you master every tough topic.

Online Communities

If you like to study in a group, there are a large number of online communities and blogs where you will get in touch with people who are preparing for the same exam as you are. You can connect with other applicants to study and solve each other's doubts. What’s more, this way, you will also meet the professionals and people who have passed Cisco 350-401 ENCOR exam, so you will get first-hand information.

Conclusion

Passing the 350-401 exam and achieving the chosen Cisco certification helps you boost your career. Becoming Cisco certified will allow you to get better-paid jobs in international organizations due to your new coveted skills.

Continue reading

[New] Cisco 300-735 CCNP Security Questions and Answers with 300-735 Exam Topics

 

Cisco 300-735 SAUTO Exam Description:

The Automating and Programming Cisco Security Solutions v1.0 (SAUTO 300-735) exam is a 90-minute exam associated with the CCNP Security, Cisco Certified DevNet Professional, and Cisco Certified DevNet Specialist - Security Automation and Programmability certifications. This exam tests a candidate's knowledge of implementing Security automated solutions, including programming concepts, RESTful APIs, data models, protocols, firewalls, web, DNS, cloud and email security, and ISE. The course, Implementing Cisco Security Automation Solutions, helps candidates to prepare for this exam.

Cisco CCNP Security 300-735 Exam Overview:

• Exam Name- Automating and Programming Cisco Security Solutions
• Exam Number- 300-735 SAUTO
• Exam Price- $300 USD
• Duration- 90 minutes
• Number of Questions- 55-65
• Passing Score- Variable (750-850 / 1000 Approx.)
• Recommended Training- Implementing Automation for Cisco Security Solutions (SAUI)
• Exam Registration- PEARSON VUE
• Sample Questions- Cisco 300-735 Sample Questions
• Practice Exam- Cisco Certified DevNet Specialist Security Automation and Programmability Practice Test
  

Must Read:-

1. How to Breeze Through CCNP Security 300-735 SAUTO Exam?
2. Tips to Get Flying Score in CCNP Security 300-735 SAUTO Exam

Practice Now:-

Continue reading