you NEED to learn Port SecurityâŠâŠ.RIGHT NOW!! // FREE CCNA // EP 14
VloĆŸit
- Äas pĆidĂĄn 27. 05. 2024
- VIRTUALIZE your debit cards and protect your financial identity with Privacy: ntck.co/privacy
Watch the whole course: bit.ly/nc-ccna
Go deeper: ntck.co/ncccna
đ„đ„Join the NetworkChuck Academy!: ntck.co/NCAcademy
đđCan you complete the lab???: ntck.co/ncccna
This is CCNA Episode 14. Port security is a VITAL thing we must learn when becoming network engineers, especially when you have hackers running around using things like the Shark Jack from HAK5. In this video, Iâll show you the best practices for securing your switch ports on Cisco Switches and Unifi (Ubiquiti) switches.
đ„đ„Join the NetworkChuck membership: ntck.co/Premium
**Sponsored by Boson Software
It's time to get your CCNA!
---------------------------------------------------
âșWatch the whole course: ntck.co/ccnayt
âșCCNA Courseware: ntck.co/bscw (Boson) (Affiliate)
âșCCNA Lab: ntck.co/bccna (Boson NetSim) (affiliate)
âșCCNA Practice Exam: ntck.co/bnexccna (Boson ExSim) (affiliate)
âșCCNP Lab: ntck.co/bsenns (Boson NetSim) (affiliate)
âșCCNP Practice Exam: ntck.co/bsenex (Boson ExSim) (affiliate)
SUPPORT NETWORKCHUCK
---------------------------------------------------
âĄïžNetworkChuck membership: ntck.co/Premium
ââ COFFEE and MERCH: ntck.co/coffee
Check out my new channel: ntck.co/ncclips
đđNEED HELP?? Join the Discord Server: / discord
STUDY WITH ME on Twitch: bit.ly/nc_twitch
READY TO LEARN??
---------------------------------------------------
-Learn Python: bit.ly/3rzZjzz
-Get your CCNA: bit.ly/nc-ccna
FOLLOW ME EVERYWHERE
---------------------------------------------------
Instagram: / networkchuck
Twitter: / networkchuck
Facebook: / networkchuck
Join the Discord server: bit.ly/nc-discord
0:00 â© Intro
1:24 â© DISCLAIMER!!
1:43 â© how i can HACK your switch (SHark Jack)
4:07 â© What the Shark Jack needs
4:27 â© STEP 1 - Shutdown your ports (unused)
7:00 â© STEP 2 - BLACKHOLE VLAN!!
11:57 â© STEP 3 - Port Security
13:32 â© How to configure Port Security
AFFILIATES & REFERRALS
---------------------------------------------------
(GEAR I USE...STUFF I RECOMMEND)
My network gear: geni.us/L6wyIUj
Amazon Affiliate Store: www.amazon.com/shop/networkchuck
Buy a Raspberry Pi: geni.us/aBeqAL
#ccna #privacy #boson - VÄda a technologie
![[æŽçŹASMR]æŒçManyu&ć°çœBai æŻćæ€çSpa asmr](http://i.ytimg.com/vi/0TsXQ7z2Dh4/mqdefault.jpg)
Hey Chuck please complete this CCNA series...
I have started to see all your CCNA video.. it's fun to learn.
give up with CCNA and get to learn Mikrotik Router OS, 1000 times better and easier
@@mrnmrk6191 can you talk a bit about why it is better? just curious
@@mrnmrk6191 are you in the network berg chat often talking about MTKs? If so we have talked. I concur that Mikrotiks rock and def easy to learn, but the certs are harder to get and require a lot more. The CCNA is more widely accepted and currently respected, so while MTKs rule and I love them and use them myself on a few networks, I would not say the CCNA cert is something one should give up, some of the tik language, and most of other routers, are based on cisco so all around a good cert, it is better than a network + for sure. Once Mikrotik makes their certs affordable and not a required class to get it, then will jump on that cert wagon lol
MAC's are easily cloned. Which is why you need to pair up port security with 802.1x machine certificates
He mentions that at 21:19
You can spoof Mac addresses. So if you unplug a Pi from the switch, you might just take the Mac of that Pi and the mac filter is irrelevant. This is an inconvenience for the attacker, but be careful not to overstate the gained security there. Mac addresses are often just written on devices, otherwise just plug it into your own switch and read the mac from there. Furthermore, in a real life scenario, you run in a huge problem if an attacker gains direct physical access to the switch, but I guess everyone is already aware of that ;)
Overall nice content, thanks!
sticky ports my friend
@@rob7328 802.1x*
Security is all about layers. Usually when a device is hard linked to a port it provides a certain service. Sure you can spoof the mac address, but for a network printer I can disable most networking. I only have to open certain ports and when you spoof the MAC address, you can only do things that the device could, but nothing more.
I'm an old-school administrator. By default I block/deny everything and than I open up the things I need. It is not user friendly and when something needs to be connected, I takes some time (sometimes several hours) to setup everything. This concept is working for me for over 25 years going back to my Netware days.
Given enough time, opportunity and resources everything can be hacked. If someone is specifically targeting you, there is usually very little you can do about that. But by securing your switch in a proper way, you can guard against 99% of the attacks out there...
not to mention that in his example, the sharkjack has already cloned the MAC of the existing raspberry Pi. which makes his example terrible.
@@mathbee It's not cloned. The last two digits of the MAC were indeed different. The Pi was d9, the sharkjack was a9.
The most common approach is: a lock on the doors and security personnel
The next step is authentication of each deive on the port 802.1X.
The next step is IPSec.
This series has been massively helpful. I know you are crazy busy running a community and a business, but I would really love to see this series completed
@14:03 If youâre gonna blur out your switchâs IP address, you should probably blur it out completely⊠;)
Wouldnât you have to be connected locally to do anything with that IP?
@@tnet1516 any insight into the internals of another network can be of use. especially being his core switch.
@@AngryMarkFPV I definitely see it not being ideal but I believe even the DoD doesnât label IP addresses as anything other than unclassified unless combined with subnet mask and maybe even something else.
@@AngryMarkFPV Not really. It's a private IP address and without knowing the inside global address there's not much you can do with it. Even then there would have to be some NAT/PAT for that address as well. Which raises the question why he even blurred it to begin with.
@@jolss0 its a best practice. @AngryMarkFPV said it the best, any insight to his network could be dangerous. We also don't know how often his network comes under attack, how much info somebody has collected etc.. Just better to blur it out.
Hey Chuck, First.... I love your channel and your teaching style is superb! Second, When do you think EP 15 might be coming? I'm hungry for more !
You're *REALLY* better than education channels. Thanks for information maan
1000%
I think you do a really good job when it comes to fast paced dictation, most people stumble over their thought processes or skip steps, you stayed on track the whole time while making it enjoyable to learn. I wish all IT channels were as entertaining and captivating as yourself when it comes to teaching new users. Keep up the good work sir, subbed.
I'm 3 months into getting my bachelor's in cybersecurity. So glad I found your channel. You explain things very well and it helps me out. Thank you.
Port-security is for small installations only. As you mentioned in the end of the video, much better ways are 802.1X (or MAB for dumb devices). I am in the RADIUS database - I get access to a VLAN I am assigned to. I am not - I don't get access at all being dropped to quarantine VLAN. Simple, flexible and can be handled by a small number of engineers in a large network. Profiling by Cisco ISE/FortiNAC/etc. is a next-gen feature but a bit expensive.
I work for a large company with many thousands of network devices, and we still use Port Security. Although not for security purposes per se, we mainly use it for stopping the usage of unmanaged switches on the network.
@@diablo4223 we have about 600 switches. Why not to use single-host or multi-domain auth mode? They also limit the number of devices that can authorize on a single port.
I love this!! I have to work with customers all the time where I have to tell them, "I'm gonna send the ticket to the network team and tell them to do a shut/no-shut on the port." I had an *idea* of what was going on behind the scenes, but it's so stinking cool to see it play out on screen like this!!! Thank you so much for what you do!!!
Thank you for doing it this way! Learning how to do the stuff is one thing. But seeing what its like "being attacked" looks like and blocking the attack looks like!
Loving this free CCNA course you've been doing. The way you talk about it you can tell your passionate and it makes it much easier to watch. Will you be doing a video on configuring IP addressing for data center's/offices?
Thank you for popping up in my feed today!
I have been slacking off on studying and pushing my way into the IT universe after getting shot down after 4 rounds of interviews for my first IT job. But your videos do a great job of keeping me on focus and how fun it can be!
Thank you much and I appreciate all your work on your channel!
Dude, there is no one, absolutely no one on youtube with better network related content. I do hope you are getting rich from it and thank you, thank you a lot
I'm currently in OS Software and computer hardware, and Networking, but security is next once I re-learn all the stuff I forgot in my 20's. Can't believe how much I still know and is actually still relevant some 10+ years down the line. Did port security and observation old-school for so many years, a keychain shark seems too easy. I want one!
Chuck, a good tip with working on multiple ports at once in cisco is interface range then you can put the range of ports you need to change and do it all with one command
I absolutely love everything about your content! Just how clean your explanations are and how much detail you go through using visual aid. As a visual learner, your videos are absolutely Paradise to me! Also, your comment about being in a black hole with no friends and you're sad reminds me of Loki when he says, "Yes, very sad...Anyway..." LOL!
I have been doing networking for about 6 years, but never got a CCNA. Never thought I could do the cert. Your videos make me think I can. Thank you and keep doing the fine work you do
What did cert did you use to get your current job?
I need to configure port security on a Cisco switch this week and you just happen to have a quick tutorial. Perfect! Thank you.
Would love to see more of this series. I have found it really interesting and really enjoy the way you present the information.
Chuck, I don't know how you do it but I've been going to school for IT for about 2 years now and every time i start a new class you cover something about that subject. Thanks for your guidance you make some of the subjects easier to understand!
Watched this the day you uploaded it and was baffled. Committed to studying CCNA in the meantime and Iâm sponging what youâre spilling here. Thanks
As a 35 plus years network admin I really like the way you present this topic. Itâs making me enthousiastic about my job all over. Thanks for that!
Try it at 63, jaded to the max...Chuck is inspiring I agree
For future readers. NMAP is not an attack. NMAP is a type of active enumeration, and there are a lot of legitimate use cases for the usage of NMAP in network/system operations. Including debugging.
I had originally thought this too. I suppose in the context of nmapping someone elses network unauthorized, it could be considered an attack, but I agree with you on this one.
This video right here got me into the it "space" 1 year ago during covid, now im almost done with my A+ and going to start my linux+ soon. Love you chuck...
What happened to the rest of the course?
This was really interesting, parts of this I used for years, other things I had little knowledge about but you explained those things in a level that I understand. I not work with it, just an nerdy hobbyist.
With your videos I have to rebuild my home network and play with the security stuff đ
Keep up the good work
Why have you left us in the middle of this CCNA journey! It's been 2 years we are still waiting for EP 15!!
not sure about EP15 or others, but his page has this playlist for the entire free ccna course: czcams.com/play/PLIhvC56v63IJVXv0GJcl9vO5Z6znCVb1P.html
Natural born teacher. I love the way you teach. You make hard things look easy.
what a kick ass series man thank you so much for these! looking forward to the next video!
Keep these babies coming! Thanks for the videos!
Your videos make the seemingly daunting task of playing with the CLI on a Cisco switch surprisingly easy!!! Thank you.
Thanks man, Cisco auto learning makes it soooo complicated to digest while your course is easy to follow and understand!
I personally didn't learn anything new, but this was a good episode. I've never heard blackhole VLAN, everyone I've met in the industry for me personally has called it a quarantine VLAN. Port security is very important, thank you for sharing with everyone!
Nice flex on your Cisco skills. Loving this content! Thanks for putting this together. Cisco VLANS next??
You are such an underratedly effective teacher of this stuff
I love your content! I currently work in IT and you make me want to be better!
"Golden Snitch" What a fantastic name for a Switch!đ
Chuck being a Potterhead
Golden Snitch, Golden Switch
@@just_some_bigfoot_hacking_you bot
@@just_some_bigfoot_hacking_you bot
@@just_some_bigfoot_hacking_you bot
Hi Chuck , I'm a huge fan and get very excited whenever your video comes
Chuck for president! Subscribed love the vibes and content
This is all great info, your content is awesome! One thing I might add though: If you unplug the raspberry pi and plug it directly into the shark jack, the shark jack can clone the RPi's Mac address, which would allow the shark jack to bypass port security by providing the same Mac address as the legitimate raspberry pi.
I love this video. Great job explaining. Keep âem coming
You explain everything so nicely. I have never understood this concept before you.
Thank you for the information. I enjoy your CZcams videos.
Looking forward to the next episode. Glad your brother will be helping out now!
You are very good at teaching.... very practical
Thank you for the course! Will you proceed with it ? Will we get new EPs ?
I believe thatâs how a bank near me got robbed about 5-7 years ago. Guy plugged into an open phone jack and hacked the security system and on a holiday they went in and nobody knew until they returned for work.
more ccna i been waiting the longest
favorite dialog of chuck : Let,s hack youtube today ethically ,off courseđ„đ„đ„đ„đđ
Awesome learning CCNA. Lets continue. Thanks for privacy and port security.
Love these videos and I'm learning a ton and applying to my home network. When will there be an episode on trunk port security?
Thank you man this is good content .. im following network engineering and cyber security degree ..these videos good for studies and for additional knowledge ..keep up the good stuff
So good, dude. You're an amazing teacher.
Great video! Exited for more videos in this course! When will more videos in this course come out? ;-) Cant wait
Love the channel huge help to my choices my mental health and brain function , thanks
next video needed Thanks Chuck!
I ordered a Shark Jack recently and I'm super stoked to test it out on some ethical plugs, look pretty awesome.
Great videos Chuck !
Another cool thing you can use the Shark Jack for is making a rogue DHCP server. This is good for learning how to configure DHCP snooping and dynamic ARP inspection.
any tutorial on that topic that you can share, please?
Hey Team!
I've noticed this is the last episode of the series and there's more.
Love these episodes as I'm looking to take my CCNA.
Thank you!!
all the best champ
Love this video. I practiced with Cisco Packet Tracer
I know like nothing talked about in any of your videos but I have amazing interest in cyber security and everything you talk about
Contact our support team on Instagram @Networkchucksupport to join our tutorial classes
Crazy video waiting to help us build a mail server. Thanks Chuck!!
"Put it in VLAN 666!"
That comment has earned you my sub! Also, thank you for teaching this. Physical security is one of the things that I love seeing at the places I've worked (and hate when there is none). I've seen switches plugged into wall jacks that were left out in the open and since earning my BAS in IS&C, that is vexing!
Also "swi po mac sticky" is a great command to run on cisco ports to ensure that no "new" devices get swapped for the one that is set for the port!
but he didn`t name the vlan, im suffering..
And pls keep on making such videos...NEVER STOP !! AWESOME CONTENT
Hey Network Chuck, I hope you can start working on this course again. This course is extremely valuable!!!
This is pretty awesome. I understand the process and how to do it but the Cisco syntax is not something I use often so it's very hard to get it to stick. Plus, the Privacy VCards is a great idea to protect your identity and not have your primary card set up for automatic payments when you don't know if you can cover something you may have forgot about.
Your method is great man!
I'm glad that you give use the run down and course for free so at lest we have some knowledge of how to secure a port
Thanks for the tutorials
Another excellent video great work looking forward to the next video
Amazing đ wish you all the best â€
thanks for all information, it is very useful â
Dude i love ur vids, from a tutorial stand point and just watching to learn topics or just enjoy to
them.
You can message our support team on Instagram @Networkchucksupport if you are interested in learning more
Great video as always, wish you would have covered "errdisable recovery cause all" saving the babysitting of having to shut, no shut ports to recover from err-disable. Maybe you'll get into that in a future episode. Looking forward to spanning-tree and DHCP snooping trust. Well done.
This was one of your more useful videos that I've watched; more advanced content plz!
Cheers Mate. That was Awesome.
Awesome video, than you so much!!
Thanks for the great video. Keep up the good work!!
Loved it! Excited for more videosđ
Awesome my man. First video I've seen by you and I love the delivery. I use this often to limit those tinkerers that are often hired. This is an important tool to know about.
If someone with a shark jack is at your switch and you have turned off all unused ports..... just unplug something in use and bam problem solved. Becky in accounting will complain for 5 min that she lost internet then go on a coffee break while you do your thing.
Has this series finished ? It has been 4 months since the last video đđą
Seriously .. you're the best instructor I've ever seen đčđ
Hope you complete the series very soon đ
Network Chuck, you absolute BEAST OF AN ENGINEER.........!!!!!đđđđ
I had old port servers from like 1998 that were Linksys that I went through and learned alot!! Especially after I revamped them on today's newer 5G network back in 2012 when I was re mapping digital security infrastructure and tracking finances.
I love chucks videos every one is a learning curve great content chuck
Reading the title I was expecting something about 802.1x. Well, too bad.
One thing to mention, though: MAC-Filtering is easily subverted as the MAC address can be changed using standard tools. So if you happen to disconnect a device to use its port, just connect the device to your own machine. Wait a moment for the DHCP-request which will contain the device's MAC. Then use the gathered MAC address on your own hardware.
Simple as that.
Great t-shirt! Great video!
Love your office!
Finally a CCNA video. Chuck please answer this question. Is CBT Nuggets CCNA and BOSON courseware enough study material to know about the contents ?
Thanks for information!đ€
Great video. Looking forward to the VLAN videos.
Your the man, thanks for the lessons dude! you Rock!
Good stuff as always
It's been about 6 months since the last CCNA video. When are we going to get more of this course? I love how you explain things. Without this course, I've been forced to go somewhere else to try to learn for my CCNA and it's not really working well for me. Please. We need more of this course.
So the course is not complete?
@@babyguitar1404 correct. There's a lot more we need to know for the ccna.
where have you gone to complete? im looking for a more up to date series
@@leonstone3443 doesn't look like Network Chuck is going to be completing this series. I went to CBT Nuggets.
great video Mr chuck
i love that can a personal person do this