In networking, network assurance is the difference between having rules and knowing if they’re being followed. What is Network Assurance?This is how you check on your network traffic, make sure it’s going where it’s supposed to, and that all the devices on your network are playing by the rules you made for them.

Network assurance includes techniques, tools, and software that help you monitor your network traffic, manage and tweak devices, and configure special rules and protocols so that everything runs smoothly.

If you’re interested in learning about the ENNA exam, download the exam topic blueprint here.

ThousandEyes and Network Assurance 

While the certification primarily focuses on network assurance for enterprise networks, ThousandEyes plays a crucial role in the exam. Candidates should demonstrate their ability to determine the right monitoring strategy, recognize appropriate monitoring techniques, and configure integrations for alerts, API, OTEL, and more. Mastering skills such as deploying the right agent, configuring tests, and analyzing collected data is essential for success in the field.

Integration into CCNP Enterprise 

The ENNA specialist certification is now part of the CCNP Enterprise Professional-level certification. This integration recognizes the importance of network assurance as a pillar in the evolution of networking. The inclusion of ENNA in the CCNP Enterprise certification reflects the industry’s demand for specialized skills in enterprise networking. 

What is the Cisco ENNA Certification

As enterprise networks continue to grow and become more complex and prone to hidden inefficiencies and waste, the need for a network assurance specialist certification became clear. Hiring IT staff with the ENNA Network Assurance Specialist certification will be a priority for organizations whose networks depend on digital experience monitoring, end-to-end visibility, proactive monitoring, and automation solutions. Large-scale networks have high performance, network security and usability expectations, and the ENNA is designed to prove that a network professional knows how to meet them.

You can earn Cisco’s enterprise network assurance specialist cert by passing the 300-445 ENNA test once it’s available in May 2024. The 300-445 will also become one of the eight concentration exams you can take to qualify for the CCNP Enterprise. 

More info from Cisco: https://blogs.cisco.com/learning/meet-enna-the-new-cisco-enterprise-network-assurance-enna-specialist-certification

The post *NEW* Designing and Implementing Enterprise Network Assurance (ENNA) 300-445 appeared first on Todd Lammle, LLC.

Due to a flaw in solid-state drive (SSD) firmware, the SSD that is internal to the FPR9300 Supervisor module and FPR4100 Series security appliances will no longer respond after approximately 3.2 years of cumulative operation. After the first unresponsive event occurs, every subsequent power-cycle allows the SSD to operate for approximately six weeks of cumulative operation before the SSD will no longer respond again.

More information: http://www.cisco.com/c/en/us/support/docs/field-notices/720/fn72077.html?emailclick=CNSemail

The post FPR9300 and FPR4100 Series Security Appliances – Some Appliances Might Fail to Pass Traffic After 3.2 Years of Uptime appeared first on Todd Lammle, LLC.

The post cURL and libcurl Vulnerability Affecting Cisco Products: October 2023 appeared first on Todd Lammle, LLC.

The post HTTP/2 Rapid Reset Attack Affecting Cisco Products: October 2023 appeared first on Todd Lammle, LLC.

You can view the full video here –
https://youtu.be/10WfQNCu4Q4

The post No CCNA Exam changes for 2023 appeared first on Todd Lammle, LLC.

Background
A traceback and reload condition for the Cisco Secure Firewall 2100 Series security appliances might occur for applications that use the App-Cache process. The traceback and reload condition is due to a memory management issue that might occur for these applications.

In order to display a summary of applications that use the App-Cache process, enter the CLI command show memory app-cache. See the Cisco Secure Firewall ASA Series Command Reference or the Cisco Secure Firewall Threat Defense Command Reference for additional information.

Problem Symptom
The Cisco Secure Firewall 2100 Series security appliance reloads and indicates thread name ‘lina’ as the faulting thread.

This advisory can be found at the following link:
https://www.cisco.com/c/en/us/support/docs/field-notices/724/fn72468.html

The post Field Notice: FN – 72468 – ASA and Firepower Software: Some Applications Might Cause Traceback and Reload on Cisco Secure Firewall 2100 Series Security Appliances – Software Upgrade Recommended appeared first on Todd Lammle, LLC.

This vulnerability is due to a weakness in the encryption method used for the backup function. An attacker could exploit this vulnerability by leveraging a static key used for the backup configuration feature. A successful exploit could allow the attacker to decrypt sensitive information that is stored in full state and configuration backup files, such as local user credentials, authentication server passwords, Simple Network Management Protocol (SNMP) community names, and other credentials.

This advisory can be found at the following link:
https://www.cisco.com/c/en/us/support/docs/csa/cisco-sa-ucsm-bkpsky-H8FCQgsA.html

The post Cisco FXOS Software and UCS Manager Software Configuration Backup Static Key Vulnerability appeared first on Todd Lammle, LLC.

Background
The Distributed Component Object Model (DCOM) Remote Protocol is a protocol that is used in communication between the ISE Primary Passive ID node and the Domain Controller that shares the authentication events with ISE. Hardening changes in DCOM through Windows Server KB500442 or later were required to address vulnerability CVE-2021-26414. After the vulnerability is fixed, ISE will lack permissions to fetch the specific Kerberos events that are necessary for Passive ID services when the WMI provider is used.

Problem Symptom
After any Windows Server update that contains the fix for CVE-2021-26414 is installed, Passive ID services that use the WMI provider will fail. The domain controller side will display an error message similar to this:

Next error: “The server-side authentication level policy does not allow the user DOMAIN\username SID (S-X-X-X-X-X-X-X) from address xxx.xxx.xxx.xxx to activate DCOM server. Please raise the activation authentication level at least to RPC_C_AUTHN_LEVEL_PKT_INTEGRITY in client application”

This advisory can be found at the following link:
https://www.cisco.com/c/en/us/support/docs/field-notices/724/fn72466.html

The post Field Notice: FN – 72466 – Identity Services Engine – Passive ID WMI Provider Fails After Windows Server KB500442 Installation – Configuration Change Recommended appeared first on Todd Lammle, LLC.

Cisco spoke with Martin Schirrmacher regarding these challenges and how Cisco technology uses these devices connected securely.

Read the full article here –
https://newsroom.cisco.com/c/r/newsroom/en/us/a/y2023/m02/you-are-now-free-to-roam-devices connectedabout-the-cabin.html

The post High performance connectivity on your next flight appeared first on Todd Lammle, LLC.

In Cisco IOS XE Release 17.11.1 and later, RSA keys less than 2048 bits are denied for use with SSH by default due to its weak cryptographic properties. Cisco recommends to use stronger RSA keys that are at least 2048 bits. In order to continue to use RSA keys less than 2048 bits for SSH, explicit configuration is required. Without such a configuration change, SSH service on the device is disabled and SSH sessions to the device will fail. This results in loss of remote access to the device through SSH.

Background
In Cisco IOS XE Release Bengaluru 17.6.1 and later, configuration of RSA keys less than 2048 bits for SSH generates a warning about a RSA key size compliance violation, but it does not impact SSH operations to the device. This warning message is displayed when a weak RSA key pair is used for SSH.

%SSH-5-SSH_COMPLIANCE_VIOLATION_RSA_KEY_SIZE: SSH RSA Key Size compliance violation detected. Kindly note that the usage of keys smaller than 2048 bits will be deprecated in the upcoming releases. Please revise your key configuration accordingly to avoid service impact.

In Cisco IOS XE Release 17.11.1 and later, RSA keys less than 2048 bits are denied by default and require explicit configuration to be allowed.

This advisory can be found at the following link:
https://www.cisco.com/c/en/us/support/docs/field-notices/725/fn72511.html

The post Field Notice: FN – 72511 – RSA Keys Less Than 2048 Bits Are Not Supported for SSH in Cisco IOS XE Release 17.11.1 and Later – Workaround Provided appeared first on Todd Lammle, LLC.