you NEED to learn Port Security…….RIGHT NOW!! // FREE CCNA // EP 14

  Рет қаралды 639,471

NetworkChuck

NetworkChuck

Күн бұрын

Пікірлер: 896
@losttownstreet3409
@losttownstreet3409 3 жыл бұрын
The most common approach is: a lock on the doors and security personnel The next step is authentication of each deive on the port 802.1X. The next step is IPSec.
@C0LPAN1C
@C0LPAN1C 2 ай бұрын
Physical and perimeter security is king.
@WaterKing9
@WaterKing9 2 жыл бұрын
This series has been massively helpful. I know you are crazy busy running a community and a business, but I would really love to see this series completed
@frankhabermann9083
@frankhabermann9083 3 жыл бұрын
You can spoof Mac addresses. So if you unplug a Pi from the switch, you might just take the Mac of that Pi and the mac filter is irrelevant. This is an inconvenience for the attacker, but be careful not to overstate the gained security there. Mac addresses are often just written on devices, otherwise just plug it into your own switch and read the mac from there. Furthermore, in a real life scenario, you run in a huge problem if an attacker gains direct physical access to the switch, but I guess everyone is already aware of that ;) Overall nice content, thanks!
@rob7328
@rob7328 3 жыл бұрын
sticky ports my friend
@KL-lt8rc
@KL-lt8rc 3 жыл бұрын
@@rob7328 802.1x*
@2Fast4Mellow
@2Fast4Mellow 3 жыл бұрын
Security is all about layers. Usually when a device is hard linked to a port it provides a certain service. Sure you can spoof the mac address, but for a network printer I can disable most networking. I only have to open certain ports and when you spoof the MAC address, you can only do things that the device could, but nothing more. I'm an old-school administrator. By default I block/deny everything and than I open up the things I need. It is not user friendly and when something needs to be connected, I takes some time (sometimes several hours) to setup everything. This concept is working for me for over 25 years going back to my Netware days. Given enough time, opportunity and resources everything can be hacked. If someone is specifically targeting you, there is usually very little you can do about that. But by securing your switch in a proper way, you can guard against 99% of the attacks out there...
@mathbee
@mathbee 3 жыл бұрын
not to mention that in his example, the sharkjack has already cloned the MAC of the existing raspberry Pi. which makes his example terrible.
@Nailzy1985
@Nailzy1985 3 жыл бұрын
@@mathbee It's not cloned. The last two digits of the MAC were indeed different. The Pi was d9, the sharkjack was a9.
@nocomment296
@nocomment296 3 жыл бұрын
Hey Chuck please complete this CCNA series... I have started to see all your CCNA video.. it's fun to learn.
@mrnmrk6191
@mrnmrk6191 2 жыл бұрын
give up with CCNA and get to learn Mikrotik Router OS, 1000 times better and easier
@curon_licentia
@curon_licentia 2 жыл бұрын
@@mrnmrk6191 can you talk a bit about why it is better? just curious
@ghostmedic2009
@ghostmedic2009 2 жыл бұрын
@@mrnmrk6191 are you in the network berg chat often talking about MTKs? If so we have talked. I concur that Mikrotiks rock and def easy to learn, but the certs are harder to get and require a lot more. The CCNA is more widely accepted and currently respected, so while MTKs rule and I love them and use them myself on a few networks, I would not say the CCNA cert is something one should give up, some of the tik language, and most of other routers, are based on cisco so all around a good cert, it is better than a network + for sure. Once Mikrotik makes their certs affordable and not a required class to get it, then will jump on that cert wagon lol
@demandredlfc4180
@demandredlfc4180 3 жыл бұрын
Port-security is for small installations only. As you mentioned in the end of the video, much better ways are 802.1X (or MAB for dumb devices). I am in the RADIUS database - I get access to a VLAN I am assigned to. I am not - I don't get access at all being dropped to quarantine VLAN. Simple, flexible and can be handled by a small number of engineers in a large network. Profiling by Cisco ISE/FortiNAC/etc. is a next-gen feature but a bit expensive.
@diablo4223
@diablo4223 3 жыл бұрын
I work for a large company with many thousands of network devices, and we still use Port Security. Although not for security purposes per se, we mainly use it for stopping the usage of unmanaged switches on the network.
@demandredlfc4180
@demandredlfc4180 3 жыл бұрын
@@diablo4223 we have about 600 switches. Why not to use single-host or multi-domain auth mode? They also limit the number of devices that can authorize on a single port.
@michielvandewijgaart8858
@michielvandewijgaart8858 3 жыл бұрын
As a 35 plus years network admin I really like the way you present this topic. It’s making me enthousiastic about my job all over. Thanks for that!
@Deliquescentinsight
@Deliquescentinsight 3 жыл бұрын
Try it at 63, jaded to the max...Chuck is inspiring I agree
@thiagodcano
@thiagodcano Жыл бұрын
Dude, there is no one, absolutely no one on youtube with better network related content. I do hope you are getting rich from it and thank you, thank you a lot
@natedavis2559
@natedavis2559 3 жыл бұрын
For future readers. NMAP is not an attack. NMAP is a type of active enumeration, and there are a lot of legitimate use cases for the usage of NMAP in network/system operations. Including debugging.
@diablo4223
@diablo4223 3 жыл бұрын
I had originally thought this too. I suppose in the context of nmapping someone elses network unauthorized, it could be considered an attack, but I agree with you on this one.
@garystinson1060
@garystinson1060 2 жыл бұрын
Hey Chuck, First.... I love your channel and your teaching style is superb! Second, When do you think EP 15 might be coming? I'm hungry for more !
@kenGPT
@kenGPT 3 жыл бұрын
MAC's are easily cloned. Which is why you need to pair up port security with 802.1x machine certificates
@deadcatthinks6725
@deadcatthinks6725 3 жыл бұрын
He mentions that at 21:19
@utiniposungu1221
@utiniposungu1221 5 ай бұрын
Have you watched the whole video? He mentioned this...
@sebastiannielsen525
@sebastiannielsen525 3 жыл бұрын
Chuck, a good tip with working on multiple ports at once in cisco is interface range then you can put the range of ports you need to change and do it all with one command
@NinjapcCSGO
@NinjapcCSGO 3 жыл бұрын
I think you do a really good job when it comes to fast paced dictation, most people stumble over their thought processes or skip steps, you stayed on track the whole time while making it enjoyable to learn. I wish all IT channels were as entertaining and captivating as yourself when it comes to teaching new users. Keep up the good work sir, subbed.
@lastomocha
@lastomocha 3 жыл бұрын
You're *REALLY* better than education channels. Thanks for information maan
@tonyduong6159
@tonyduong6159 3 жыл бұрын
1000%
@twinklingwater
@twinklingwater 2 жыл бұрын
Reading the title I was expecting something about 802.1x. Well, too bad. One thing to mention, though: MAC-Filtering is easily subverted as the MAC address can be changed using standard tools. So if you happen to disconnect a device to use its port, just connect the device to your own machine. Wait a moment for the DHCP-request which will contain the device's MAC. Then use the gathered MAC address on your own hardware. Simple as that.
@therobb5738
@therobb5738 3 жыл бұрын
I'm currently in OS Software and computer hardware, and Networking, but security is next once I re-learn all the stuff I forgot in my 20's. Can't believe how much I still know and is actually still relevant some 10+ years down the line. Did port security and observation old-school for so many years, a keychain shark seems too easy. I want one!
@clevtrev96
@clevtrev96 3 жыл бұрын
@14:03 If you’re gonna blur out your switch’s IP address, you should probably blur it out completely… ;)
@tnasty15
@tnasty15 3 жыл бұрын
Wouldn’t you have to be connected locally to do anything with that IP?
@AngryMarkFPV
@AngryMarkFPV 3 жыл бұрын
@@tnasty15 any insight into the internals of another network can be of use. especially being his core switch.
@tnasty15
@tnasty15 3 жыл бұрын
@@AngryMarkFPV I definitely see it not being ideal but I believe even the DoD doesn’t label IP addresses as anything other than unclassified unless combined with subnet mask and maybe even something else.
@jolss0
@jolss0 3 жыл бұрын
@@AngryMarkFPV Not really. It's a private IP address and without knowing the inside global address there's not much you can do with it. Even then there would have to be some NAT/PAT for that address as well. Which raises the question why he even blurred it to begin with.
@MonsiourPotatoHead
@MonsiourPotatoHead 3 жыл бұрын
@@jolss0 its a best practice. @AngryMarkFPV said it the best, any insight to his network could be dangerous. We also don't know how often his network comes under attack, how much info somebody has collected etc.. Just better to blur it out.
@somethingungodly5786
@somethingungodly5786 3 жыл бұрын
I'm 3 months into getting my bachelor's in cybersecurity. So glad I found your channel. You explain things very well and it helps me out. Thank you.
@vng-alien
@vng-alien 2 жыл бұрын
This video right here got me into the it "space" 1 year ago during covid, now im almost done with my A+ and going to start my linux+ soon. Love you chuck...
@TheGarpttsr
@TheGarpttsr 3 жыл бұрын
Chuck, A couple quick questions about the Shark Jack, 1. Where dies it get its power? Is it PoE or does it have a battery? 2. Could you have it grab MAC addresses connected? Like use a coupler, grab the mac(s) of a device/cable you are unplugging, then spoof that MAC via a script config? BTW: I love your videos, i have been digesting your whole channel and your way of teaching is similar to my own. It is obvious that you love and live what you do. Keep it up.
@j7a1k1e
@j7a1k1e 3 жыл бұрын
The shark jack generates a random MAC address on boot so restricting it's MAC wouldn't be helpful as it will be different next time you plug it in. There is also a way to connect it to a device that is on the network, determine the devices MAC and change its own to match. In effect, you can unplug a cable, plug the cable into the shark jack then unplug it and plug the shark jack into the network port. That bypasses all securities covered here.
@superdelicioustaco
@superdelicioustaco 3 жыл бұрын
That's hilarious I gotta try this
@mtnsolutions
@mtnsolutions 2 жыл бұрын
Watched this the day you uploaded it and was baffled. Committed to studying CCNA in the meantime and I’m sponging what you’re spilling here. Thanks
@razredge68
@razredge68 3 жыл бұрын
Another cool thing you can use the Shark Jack for is making a rogue DHCP server. This is good for learning how to configure DHCP snooping and dynamic ARP inspection.
@xaero212
@xaero212 3 жыл бұрын
any tutorial on that topic that you can share, please?
@kayyumforu
@kayyumforu Жыл бұрын
Why have you left us in the middle of this CCNA journey! It's been 2 years we are still waiting for EP 15!!
@gag_singh
@gag_singh Жыл бұрын
not sure about EP15 or others, but his page has this playlist for the entire free ccna course: kzbin.info/aero/PLIhvC56v63IJVXv0GJcl9vO5Z6znCVb1P
@jw9410
@jw9410 2 жыл бұрын
Natural born teacher. I love the way you teach. You make hard things look easy.
@kens9124
@kens9124 3 жыл бұрын
I have been doing networking for about 6 years, but never got a CCNA. Never thought I could do the cert. Your videos make me think I can. Thank you and keep doing the fine work you do
@chibudomeledu1941
@chibudomeledu1941 10 ай бұрын
What did cert did you use to get your current job?
@NickBarrett
@NickBarrett 3 жыл бұрын
Thank you for doing it this way! Learning how to do the stuff is one thing. But seeing what its like "being attacked" looks like and blocking the attack looks like!
@mctomspdo
@mctomspdo 3 жыл бұрын
Since we barely change anything in our office, and everything is labels, and the Server room does allow this: All the non used Ethernet plugs are just not connected to anything. The connection on the patch pannels are emtpy, only the ones with a Device normally being on the plug are actually connected in the Server room
@NetworkChuck
@NetworkChuck 3 жыл бұрын
VIRTUALIZE your debit cards and protect your financial identity with Privacy: ntck.co/privacy Watch the whole course: bit.ly/nc-ccna Go deeper: ntck.co/ncccna 🔥🔥Join the NetworkChuck Academy!: ntck.co/NCAcademy 🔎🔎Can you complete the lab???: ntck.co/ncccna This is CCNA Episode 14. Port security is a VITAL thing we must learn when becoming network engineers, especially when you have hackers running around using things like the Shark Jack from HAK5. In this video, I’ll show you the best practices for securing your switch ports on Cisco Switches and Unifi (Ubiquiti) switches. 🔥🔥Join the NetworkChuck membership: ntck.co/Premium **Sponsored by Boson Softwarekzbin.infogaming/emoji/7ff574f2/emoji_u1f525.png
@lus33r
@lus33r 3 жыл бұрын
Yessss!!
@ShivanMahadeo
@ShivanMahadeo 3 жыл бұрын
Thank you for posting!!!
@creepymcpeepers
@creepymcpeepers 3 жыл бұрын
Goveaway
@desipher
@desipher 3 жыл бұрын
Cool thank you and thanks for the educational videos!
@bliblabl8149
@bliblabl8149 3 жыл бұрын
What if the attacker determines the MAC-Address from the allowed device, and sets the MAC-Adress to it's hacking device? MAC-Address can be changed I think. Is there any way to handle this?
@darrencoutts6227
@darrencoutts6227 2 жыл бұрын
Would love to see more of this series. I have found it really interesting and really enjoy the way you present the information.
@Aussie.Lassie
@Aussie.Lassie Жыл бұрын
I absolutely love everything about your content! Just how clean your explanations are and how much detail you go through using visual aid. As a visual learner, your videos are absolutely Paradise to me! Also, your comment about being in a black hole with no friends and you're sad reminds me of Loki when he says, "Yes, very sad...Anyway..." LOL!
@Еремен
@Еремен Жыл бұрын
You are such an underratedly effective teacher of this stuff
@willhudgins
@willhudgins 2 жыл бұрын
I need to configure port security on a Cisco switch this week and you just happen to have a quick tutorial. Perfect! Thank you.
@BlitzFingers
@BlitzFingers 5 күн бұрын
Perfect! I needed to lock down some ports around my home where I have a few APs. This was just what I needed to know.
@cb49999
@cb49999 3 жыл бұрын
This is all great info, your content is awesome! One thing I might add though: If you unplug the raspberry pi and plug it directly into the shark jack, the shark jack can clone the RPi's Mac address, which would allow the shark jack to bypass port security by providing the same Mac address as the legitimate raspberry pi.
@JohnDoe-dj3xh
@JohnDoe-dj3xh 3 жыл бұрын
here's how I protect my network ports: my switch is in a rack that is physically locked. you would need a key to the rack to even plug that in. the only cables running to outside the server will only issue an IP address to the device with the mac address corresponding to the device that should be plugged into it. honestly, to me, that is secure enough to prevent most attacks. sure you could find the computer's mac address and spoof it then disconnect the computer and attach the sharkjack to the cable with a little adapter, but that is honestly more trouble than its worth and requires prolonged uninterrupted access to my PC
@juliajv9009
@juliajv9009 3 жыл бұрын
Thank you for the course! Will you proceed with it ? Will we get new EPs ?
@josue6131
@josue6131 3 жыл бұрын
I know like nothing talked about in any of your videos but I have amazing interest in cyber security and everything you talk about
@networkchucksupport1705
@networkchucksupport1705 3 жыл бұрын
Contact our support team on Instagram @Networkchucksupport to join our tutorial classes
@joebywan
@joebywan 3 жыл бұрын
With the situation you mentioned having someone unplug your existing device and plug in theirs is defeated just by them plugging the device into theirs, harvesting the other mac address & then modifying theirs to match it before connecting to the switch.
@j.kaimori3848
@j.kaimori3848 3 жыл бұрын
Hypothetically then you need the device password that you plugged into.
@joebywan
@joebywan 3 жыл бұрын
@@j.kaimori3848 not to do a basic arp request
@deakon-rl9wi
@deakon-rl9wi 2 жыл бұрын
I had old port servers from like 1998 that were Linksys that I went through and learned alot!! Especially after I revamped them on today's newer 5G network back in 2012 when I was re mapping digital security infrastructure and tracking finances.
@franckygl
@franckygl Жыл бұрын
Thanks man, Cisco auto learning makes it soooo complicated to digest while your course is easy to follow and understand!
@picassoimpaler3243
@picassoimpaler3243 3 жыл бұрын
Thank you for popping up in my feed today! I have been slacking off on studying and pushing my way into the IT universe after getting shot down after 4 rounds of interviews for my first IT job. But your videos do a great job of keeping me on focus and how fun it can be! Thank you much and I appreciate all your work on your channel!
@RedAzukiCake
@RedAzukiCake 3 жыл бұрын
If someone has physical access to your network, it's trivial to unplug a device, look at the MAC address on the label of the device and spoof it in the interface settings of the attacker's device. Port Isolation and ACLs is the correct way to secure a switchport.
@SB-qm5wg
@SB-qm5wg 3 жыл бұрын
That's a whole lotta work if you work for a big company. vlans, firewalls, nat, with planning is the way to go. Especially if you work with places that require _change windows_
@danielanderson9052
@danielanderson9052 3 жыл бұрын
This is especially important for residential homes that have multiple Surveillance cameras outside house that can easily be knocked off to gain network access. Best practice dictates having multiple cameras recording other cameras in case they get vandalized.
@MichaelMichael-kv4gp
@MichaelMichael-kv4gp 3 жыл бұрын
If someone with a shark jack is at your switch and you have turned off all unused ports..... just unplug something in use and bam problem solved. Becky in accounting will complain for 5 min that she lost internet then go on a coffee break while you do your thing.
@manny-
@manny- 3 жыл бұрын
"Golden Snitch" What a fantastic name for a Switch!😂
@just_some_bigfoot_hacking_you
@just_some_bigfoot_hacking_you 3 жыл бұрын
Chuck being a Potterhead
@loganjoy-koer5936
@loganjoy-koer5936 3 жыл бұрын
Golden Snitch, Golden Switch
@bobnoob1467
@bobnoob1467 3 жыл бұрын
@@just_some_bigfoot_hacking_you bot
@bobnoob1467
@bobnoob1467 3 жыл бұрын
@@just_some_bigfoot_hacking_you bot
@bobnoob1467
@bobnoob1467 3 жыл бұрын
@@just_some_bigfoot_hacking_you bot
@ricorodriguez3579
@ricorodriguez3579 3 жыл бұрын
What happened to the rest of the course?
@LuisMaldonado-ej5bg
@LuisMaldonado-ej5bg Ай бұрын
He did it again
@joejohn5398
@joejohn5398 7 ай бұрын
I believe that’s how a bank near me got robbed about 5-7 years ago. Guy plugged into an open phone jack and hacked the security system and on a holiday they went in and nobody knew until they returned for work.
@freakdude162002
@freakdude162002 3 жыл бұрын
you did port isolation on the Unifi switch but on the Cisco switch to do port isolation you could have done "switchport protected" as well
@mustfaal-hasanat1376
@mustfaal-hasanat1376 3 жыл бұрын
Has this series finished ? It has been 4 months since the last video 😔😢 Seriously .. you're the best instructor I've ever seen 🌹👍 Hope you complete the series very soon 😊
@shashanksingh9427
@shashanksingh9427 3 жыл бұрын
favorite dialog of chuck : Let,s hack youtube today ethically ,off course🔥🔥🔥🔥😂😂
@BrashTV
@BrashTV 6 ай бұрын
You're a king Chuck!
@lordcarnorjax8599
@lordcarnorjax8599 3 жыл бұрын
One thing Chuck forget to mention, how to clear the sticky MAC address. Use the command "no switchport port-security mac-address sticky [mac-address]". Also if you're using "switchport port-security mac-address sticky" make sure you shutdown any unused ports on the switch or black hole / quarantine them. Quarantine works better, especially if the network cabling labelling is poor, because it still learns the MAC and then you just change the VLAN & label the port. Otherwise the first person to plug something in, maybe nefarious, will just be allowed on the network. While this topic covers basics of port security, it's only using MAC addresses for security which can be spoofed. This is a great learning concept but as shown has limited uses in a real environment. If you want proper port security & secure Wi-Fi, 802.1x with certificates is the only way to go and that's very large and technically deep topic especially when you throw Cisco ISE in the mix. ISE is a beast thats a course all on it's own.
@andreasfrank5568
@andreasfrank5568 3 жыл бұрын
In an enterprise environment i would prefer RADIUS authentication, verifying the user/and or the certificate of the enterprise computer. And i would rather have it default to a Guest VLAN limited to specific applications/ports but with internet access so the user is able to contact IT-support. As others have mentioned MAC-spoofing is quite easy to workaround but limiting devices on your port to 1-2 is definitely good practice.
@KL-lt8rc
@KL-lt8rc 3 жыл бұрын
Yes, that is the more modern and accepted solution. 'Port security' is pretty out of date by this point, and not going to stop much. But it's still a good topic to cover for beginners.
@aashita6850
@aashita6850 Жыл бұрын
You explain everything so nicely. I have never understood this concept before you.
@ballroomdancer2010
@ballroomdancer2010 2 жыл бұрын
It's been about 6 months since the last CCNA video. When are we going to get more of this course? I love how you explain things. Without this course, I've been forced to go somewhere else to try to learn for my CCNA and it's not really working well for me. Please. We need more of this course.
@babyguitar1404
@babyguitar1404 2 жыл бұрын
So the course is not complete?
@ballroomdancer2010
@ballroomdancer2010 2 жыл бұрын
@@babyguitar1404 correct. There's a lot more we need to know for the ccna.
@leonstone3443
@leonstone3443 11 ай бұрын
where have you gone to complete? im looking for a more up to date series
@ballroomdancer2010
@ballroomdancer2010 11 ай бұрын
@@leonstone3443 doesn't look like Network Chuck is going to be completing this series. I went to CBT Nuggets.
@bgdogy
@bgdogy 3 жыл бұрын
With sticky mode, if you don't write the config, a reboot erases the learned MAC and you can plug any device in. Also good practice to give your VLANs a description, especially when doing very large networks.
@simondian6380
@simondian6380 2 жыл бұрын
Hey Team! I've noticed this is the last episode of the series and there's more. Love these episodes as I'm looking to take my CCNA. Thank you!!
@obonyomalcolm5241
@obonyomalcolm5241 2 жыл бұрын
all the best champ
@timo_schwich
@timo_schwich 3 жыл бұрын
Easily install a nac like arp-guard, macmon, … and let them keep your network secure. Much more easier
@yosefGames
@yosefGames 3 жыл бұрын
In principle a security detail is intended to prevent an acre's access through a switch that he is trying to infiltrate an organization or something pretty good security detail but there are still methods that an acre can bypass the security detail
@ChrisBenjamins
@ChrisBenjamins Жыл бұрын
First thing that came to my mind is via MAC Spoofing/cloning.
@jcbenge08
@jcbenge08 3 жыл бұрын
I love this!! I have to work with customers all the time where I have to tell them, "I'm gonna send the ticket to the network team and tell them to do a shut/no-shut on the port." I had an *idea* of what was going on behind the scenes, but it's so stinking cool to see it play out on screen like this!!! Thank you so much for what you do!!!
@ThexAlien
@ThexAlien 3 жыл бұрын
I personally didn't learn anything new, but this was a good episode. I've never heard blackhole VLAN, everyone I've met in the industry for me personally has called it a quarantine VLAN. Port security is very important, thank you for sharing with everyone!
@ketatgenhorst
@ketatgenhorst 3 жыл бұрын
Certain DHCP servers set certain options, so it is also possible to do OS Fingerprinting via DHCP offers.
@Mikeyy1985
@Mikeyy1985 3 жыл бұрын
Chuck, I don't know how you do it but I've been going to school for IT for about 2 years now and every time i start a new class you cover something about that subject. Thanks for your guidance you make some of the subjects easier to understand!
@Meatball.
@Meatball. 3 жыл бұрын
Dude i love ur vids, from a tutorial stand point and just watching to learn topics or just enjoy to them.
@networkchucksupport1705
@networkchucksupport1705 3 жыл бұрын
You can message our support team on Instagram @Networkchucksupport if you are interested in learning more
@Nathan15038
@Nathan15038 11 ай бұрын
I'm glad that you give use the run down and course for free so at lest we have some knowledge of how to secure a port
@C0mmander
@C0mmander 3 жыл бұрын
You could readout the macid of the device you unplug and then spoof it on your device that you plug in.
@PigMan9080
@PigMan9080 3 жыл бұрын
Have been using 802.1x wired security
@tymekmm215
@tymekmm215 3 жыл бұрын
Nice device, I wish to have it in the past :) Btw. You can't secure port in switch if somebody will connect pass trough port device which will listening everything which going over port :) like "man in the middle" :) It can learn MAC address and later block device behind and make itself as this device using discovered MAC address, only certificates can help in this scenario Great video.
@vaishalivg
@vaishalivg 3 жыл бұрын
That's it with the CCNA? Or some more later? Plssss make a Udemy course on CCNA CCNP - the whole topics .. u teach na.. it's so nice to have a teacher like this 🔥🔥
@marcorz9549
@marcorz9549 2 жыл бұрын
Next video is called: What is an ip address? Ep 1
@noelwilson5253
@noelwilson5253 3 жыл бұрын
more ccna i been waiting the longest
@secinject814
@secinject814 3 жыл бұрын
I ordered a Shark Jack recently and I'm super stoked to test it out on some ethical plugs, look pretty awesome.
@thomasnelson9804
@thomasnelson9804 3 жыл бұрын
Loving this free CCNA course you've been doing. The way you talk about it you can tell your passionate and it makes it much easier to watch. Will you be doing a video on configuring IP addressing for data center's/offices?
@RobertGomezN7
@RobertGomezN7 3 жыл бұрын
"Put it in VLAN 666!" That comment has earned you my sub! Also, thank you for teaching this. Physical security is one of the things that I love seeing at the places I've worked (and hate when there is none). I've seen switches plugged into wall jacks that were left out in the open and since earning my BAS in IS&C, that is vexing! Also "swi po mac sticky" is a great command to run on cisco ports to ensure that no "new" devices get swapped for the one that is set for the port!
@ohlord1285
@ohlord1285 3 жыл бұрын
but he didn`t name the vlan, im suffering..
@emanuelmorales1633
@emanuelmorales1633 Жыл бұрын
If going for CCNA which would be better Boson or IT Pro TV?
@jmr
@jmr 3 жыл бұрын
Makes me want a good switch for my home network.
@ethanedwards8296
@ethanedwards8296 3 жыл бұрын
I bought a C3750 for cheap on EBay, amazing switch, would recommend.
@jmr
@jmr 3 жыл бұрын
@@ethanedwards8296 That's a lot more then I need but it makes me smile just looking at it. Thanks for the recommendation I may just buy one.
@Ryan78900
@Ryan78900 3 жыл бұрын
@@jmr haha :)
@dpool7416
@dpool7416 2 жыл бұрын
Are there going to be any more? It's been 6 months.
@babyzworld9061
@babyzworld9061 Жыл бұрын
when is next episode coming shirrrrrrrr!
@Kevin-cw8of
@Kevin-cw8of 3 жыл бұрын
Chuck is our IT Santa
@hasankc1912
@hasankc1912 3 жыл бұрын
I think you leaked your SSH IP address in the MAC address security part of the video? the blur didnt last long enough 14:02
@ItsDrike
@ItsDrike 3 жыл бұрын
yeah, but it's only a local ip, there was no real need to even blur it, unless you're on his local network that IP is useless
@hasankc1912
@hasankc1912 3 жыл бұрын
@@ItsDrike yea, the fact it was blurred in the first place made me think he'd wanna know
@tymekmm215
@tymekmm215 3 жыл бұрын
this is internal network ip :)
@_Omni
@_Omni 3 жыл бұрын
🤦‍♂️🤦‍♂️🤦‍♂️🤦‍♂️
@_antoniocouto
@_antoniocouto 3 жыл бұрын
You should have a list with all your CCNA videos.
@flippinbutterr4403
@flippinbutterr4403 3 жыл бұрын
Shark jack is pretty cool, can't wait for the rubber ducky vid tho 😁👍
@ardentdfender4116
@ardentdfender4116 2 жыл бұрын
It’s been several months since we last had a Free CCNA course uploaded with this one being the last in that series. Are we getting any more Chuck?
@fosres
@fosres 2 жыл бұрын
Awesome video. Setting up a VLAN can later help a network admin to setup a VPN to your business infrastructure.
@johngartrell9714
@johngartrell9714 2 жыл бұрын
Looking forward to the next episode. Glad your brother will be helping out now!
@dreuwmaddocks1118
@dreuwmaddocks1118 2 жыл бұрын
Network Chuck, you absolute BEAST OF AN ENGINEER.........!!!!!😌😌😌😌
@j.r._7416
@j.r._7416 3 жыл бұрын
Nice flex on your Cisco skills. Loving this content! Thanks for putting this together. Cisco VLANS next??
@Uncle_Buzz
@Uncle_Buzz 11 ай бұрын
So good, dude. You're an amazing teacher.
@javianbrown8627
@javianbrown8627 2 жыл бұрын
This just makes me curious about other cool tech we can put on our key rings that are useful for IT guys, even for those who do this stuff as a hobby
@robwideman2534
@robwideman2534 3 жыл бұрын
I was thinking... he hasn't talked about VLANs yet but he is going to talk about Dot1x? nah, just port security. Very good for the folks just getting started.
@parthsarathi6948
@parthsarathi6948 2 жыл бұрын
Hi Chuck , I'm a huge fan and get very excited whenever your video comes
@stvnseegal
@stvnseegal 3 жыл бұрын
I NEED to decide what I want right now and stop being told what I need to do
@LiEnby
@LiEnby 2 жыл бұрын
My immediate thought- you could create a device that you can plug a network cable into, it *does network stuff* and logs the mac address, then you can plug it into the port on your switch, and it will report that mac address to your network, thus bypassing the security about 801.x, i wonder if you can just plug that device into your own network, and capture the password it sends, or maybe perform a man-in-the-middle attack, *in hardware* where it logs in automatically. then you just send whatever you want after that haha
@Dumpstermuffin1
@Dumpstermuffin1 Жыл бұрын
I've seen so many CCNA youtube videos in which a boring guy gives a lecture in a monotone voice. Network Chuck on the other hand makes his videos so entertaining
@talbizle
@talbizle 2 жыл бұрын
I..need..more..NetworkChuck..CCNA!
@MikeHarris1984
@MikeHarris1984 3 жыл бұрын
I use 802.1x where my PKI issues internal certs and the Network Access Control (NAC) verifies the PKI cert and if it doesn't match or non issued, it dumps into a public vlan that is external internet isolated only.
@monkeyspanksback
@monkeyspanksback 3 жыл бұрын
Quick tip. Use the command int range fa0/10-13 to add those ports to vlan 666 in one shot
@davidsharp9166
@davidsharp9166 3 жыл бұрын
I worked for a while and that job had me on a massive campus, there port security had a weakness I've never seen before and this was plug in and let it sit there for a couple of hours. Eventually the system would allow you on. Must of been a "Sticky", based system
@iiN1GH7M4R3ii
@iiN1GH7M4R3ii 3 жыл бұрын
what a kick ass series man thank you so much for these! looking forward to the next video!
@morosis82
@morosis82 3 жыл бұрын
Not a pen tester, but couldn't you just have another device you connect to the RPi in this case that allows the SharkJack to spoof the Mac address?
@bren.r
@bren.r 3 жыл бұрын
Yep - was just going to say this.
@morosis82
@morosis82 3 жыл бұрын
If it were me, from a software guy perspective, I'd have a heartbeat or healthcheck going on the device connected, perhaps with credentials or some sort of key, that automatically shifts the port to an admin vlan if something connects that doesn't respond. Means nothing can connect and find anything useful (admin vlan would be almost a black hole), but allows admin to connect remotely and debug the machine if it truly is a fault.
@wavemakersdj
@wavemakersdj 3 жыл бұрын
A lan tap would do this very easily, and could even be used in combination with the shark jack. These are crude security measures, but if someone is jacking into your ports, you're going to need 802.1X with strict certificate management and no MAB devices allowed to really have the best chance of things staying secure on your wires.
what is an IP Address? // You SUCK at Subnetting // EP 1
18:45
NetworkChuck
Рет қаралды 1,8 МЛН
DO NOT design your network like this!! // FREE CCNA // EP 6
19:36
NetworkChuck
Рет қаралды 3,4 МЛН
Quilt Challenge, No Skills, Just Luck#Funnyfamily #Partygames #Funny
00:32
Family Games Media
Рет қаралды 55 МЛН
Beat Ronaldo, Win $1,000,000
22:45
MrBeast
Рет қаралды 158 МЛН
coco在求救? #小丑 #天使 #shorts
00:29
好人小丑
Рет қаралды 120 МЛН
fiber optic cables (what you NEED to know) // FREE CCNA // EP 13
19:08
Access ANY Network (remotely)
22:02
NetworkChuck
Рет қаралды 178 М.
why Power over Ethernet (PoE) is amazing!! // FREE CCNA // EP 12
19:39
30 Windows Commands you CAN’T live without
14:35
NetworkChuck
Рет қаралды 2,4 МЛН
Massive News! Free Network Simulation Tool for Everyone! (Cisco CML)
16:52
5 Steps to Secure Linux (protect from hackers)
23:15
NetworkChuck
Рет қаралды 748 М.
You need a NAS RIGHT NOW!! (How I run my Hybrid-Cloud YouTube business)
22:43
let's hack your home network // FREE CCNA // EP 9
30:16
NetworkChuck
Рет қаралды 4 МЛН
we ran OUT of IP Addresses!!
16:49
NetworkChuck
Рет қаралды 2,1 МЛН
Quilt Challenge, No Skills, Just Luck#Funnyfamily #Partygames #Funny
00:32
Family Games Media
Рет қаралды 55 МЛН