Cyber Blog

Get Started With Cisco DevNet

Get Started With Cisco DevNet 150 150 tiptechnologies_6agik4

Start by Building your lab your Lab on your PC.

Cisco DevNet

Source control systems like git or Subversion are a core part of the software development workflow.

Examples of shells include:
bash (or “Bourne-again shell”) is a common shell Mac, Linux and other “Unix-like” operating systems
cmd.exe is the native command line interpreter for Windows systems
PowerShell is a combination shell and scripting framework from Microsoft that has recently become open source and cross platform

git has become one of the most commonly used source control systems in the development
‘repos’ – Cisco DevNet are hosted in git repositories
leverage the git-bash shell that is included with git for Windows.

Node.js is a JavaScript runtime that is very popular for developers because of the JavaScript foundation providing a consistent language across web (sometimes called “frontend”) and application (sometimes called “backend”) development.
VS Code is ideal for JavaScript development, and has powerful and complete language support for Python, .NET, Java and other languages as well.
Find out more at https://code.visualstudio.com/.

Postman is a powerful REST API client that provides a set of capabilities for testing, exploring, and writing REST APIs.
ngrok is one of several possible tools that aims to solve this problem for developers. It is an application you’ll run on your environment, and it builds a connection path from the public internet to your local workstation

if you do not have AnyConnect, the open source alternative OpenConnect can be used.

Docker is not the only application container engine, and wasn’t even the first. But it is definitely the most popular one in use today,

Installation and setup
=========================

Navigate to git-scm.com/downloads.
Click the link for “Windows”
Consider changing the default text editor for Git to another option, if you have one available. For example, Notepad++

Open git-bash
within the terminal, run
git –version
Attempt to clone a repository from GitHub.
git clone https://github.com/CiscoDevNet/hello_network

Change to the hello_network directory that you cloned down in the last step.
cd hello_network

included in the repository is a bash shell script called hello_network.sh, run it to verify you have a functioning bash shell.
./hello_network.sh
# Expected Output
Hello Network!

Installing Python 3
====================

Navigate to www.python.org/downloads/windows/.

Click the link “Latest Python 3 Release – Python 3.6.9”.
In the list, download “Windows x86-64 executable installer” (If you are on 32 bit Windows download the x86 version).
Run the downloaded installation file taking the defaults with the following suggestions.
On the first page “Install Python 3.6.9” screen, check the box to “Add Python 3.6 to PATH” at the bottom of the screen.

Verify Python installation
============================
Note: If the following verifications do not work as expected, restart your computer to ensure the updated “PATH” variables are fully applied.

Open a git-bash terminal.
Verify Python 3 was correctly installed. (The py application is the “Python launcher for Windows” that provides an easy method on Windows to identify Python versions)
py -3 -V
# Expected Output
Python 3.6.9

Check the version set as the “Default Python Version”. (The default version is the version of Python that is executed when you enter python).
python -V
# Expected Output
Python 3.6.9

https://developer.cisco.com/learning/modules/dev-setup/dev-win/step/5

Note: To open an interactive Python interpreter you can typically just use the command python at the command prompt. Within git-bash you need to use the command python -i to explicitly start the interactive interpreter.

Python virtual environments
===============================
Before leaving the Python setup, you need to know how to create a Python virtual environment. Python virtual environments are a method of creating isolated “environments” where specific versions of Python can be installed along with independent sets of libraries and dependencies.

Virtual environment usage is very common and is recommended practice when working in Python, and most DevNet labs encourage you to create and work within virtual environments.

Create a Python 3 virtual environment using the venv module included with Python 3.

py -3 -m venv py3-venv
Now “activate” the environment. Look for the name of the virtual environment to be enclosed in parenthesis after activation.

source py3-venv/Scripts/activate
# Expected Output
(py3-venv)
IEUser@IE11Win10 MINGW64 ~/code
Now verify that python is now linked to Python 3

python -V
Python 3.6.9

Deactivate the virtual environment.

deactivate

Installing Node
===================
Navigate to nodejs.org/en/download/ and download the “Windows Installer.”
Run the downloaded installer taking the defaults.

Open a git-bash terminal.

Check the installed node version.

node -v
# Expected Output
v8.11.1

Step 5: Text Editors and IDE
===============================
You probably don’t need two different IDEs…but you might enjoy taking Atom and Visual Studio Code for a side-by-side test run, so we’ve included installation instructions for each

Atom
=========
Installation
Navigate to atom.io

The site should detect your OS and offer you an appropriate download link

Run the downloaded installer taking the defaults

Verification
Once installation finishes, Atom should open and display the interface

Select “Yes, Always” to the question about registering the atom:// URI handler

Visual Studio Code
=====================
Installation
Navigate to code.visualstudio.com

The site should detect your OS and offer you an appropriate download link

Run the downloaded installer taking the defaults

Verification
Once installation finishes, open VS Code to display the main interface

In the upper left, select the Extensions view, search for “python” and install the top hit, i.e. the “Python” extension (by Microsoft)

Step 6: Development Tools and Clients
=========================================
Postman
Installation
Navigate to www.getpostman.com/apps.
Click the download link for “Windows”. (If you are using a 32 bit version of Windows, be sure to change the option.)
Run the downloaded installer taking the defaults.

Verification
Once the installation completes, Postman will open and allow you to sign-up or sign-in. You do NOT need to sign in to use Postman, you can simply click the link “Take me straight to the app. I’ll create an account another time.” to bypass login.

Test that you can make REST API calls with Postman with this fun “Dad Joke” API. Beside the lunch pad click the + sign… Enter https://icanhazdadjoke.com/ into the address bar. Click the “Headers” tab and add an entry for Accept with a value of application/json. Then click “Send” and enjoy your joke 🙂

ngrok Installation
====================
Navigate to ngrok.com/download.
Click the download link for “Windows”. (If you are using a 32 bit version of Windows, be sure to change the option.)
Open the zip file and extract it to the ngrok subdirectory under your user folder.

OpenConnect
=============
If you do not already have Cisco AnyConnect installed, you can install OpenConnect for an open source VPN client to use to connect to DevNet Sandboxes.

Installation
Navigate to the OpenConnect-GUI Releases page.
Download the latest Windows release.
Run the downloaded installer with the following suggestions.
On the “Install Options” page, “Add the openconnect-gui to the system PATH for all users.”
Also on the “Install Options” page, “Create openconnect-gui Desktop Icon.”
Verification
To fully verify OpenConnect installation you’ll need a VPN server to connect to. If you don’t have one handy, go on over to the DevNet Sandbox Catalog and reserve one of our possible sandboxes. Once the reservation is ready, you’ll be provided the VPN credentials to connect to.
Open the OpenConnect GUI, and create a “New profile.” Enter the VPN address as the “Gateway” and “Save & Connect”. You’ll then be prompted for your username and password.

You should now have an active VPN connection to your sandbox, and be able to reach the resources contained within your pod.

Step 7: Application Container Engine
===========================================
Docker
DevNet Express Cloud Collaboration for IT Pros participants can skip Docker installation

Installation
=============
Docker for Windows 10 leverages the Hyper-V feature of the operating system and requires you enable it before Docker for Windows will install and work.
Open the “Turn Windows features on or off” control panel.
Make sure both “Hyper-V Management Tools” and “Hyper-V Platform” are enabled under “Hyper-V”.
Changes to these settings will require a reboot of the workstation.
NOTE: While the Hyper-V feature is enabled on Windows 10, other hypervisor platforms like VirtualBox and VMware Workstation will NOT work.

Navigate to Install Docker Desktop on Windows.
================================================
https://docs.docker.com/docker-for-windows/install-windows-home/

Click “Download from Docker Hub” link. The new page is refreshed with “Docker Desktop for Windows” details.
Click “Get Docker” link to start download.
Run the downloaded installer taking the defaults.

Note:
Please make sure that you will turn ON the virtualization in the BIOS.
If any error occurs during Docker installation, refer to Docker troubleshooting page.

Verification
=============
Open a git-bash terminal.
Enter the following command to start a test container based on the “busybox” image.

docker run busybox

The container will start, and then stop showing no output. Verify it worked with the following command.

docker ps -a
# Sample Output
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
d9a3285ba957 busybox “sh” 20 seconds ago Exited (0) 15 seconds ago quizzical_bartik

http://cs.co/dev10

First, clone a repository
The Getting Started project is a simple GitHub repository which contains everything you need to build an image and run it as a container.

Install Git if you don’t have it already.

git clone https://github.com/docker/getting-started.git

Now, build the image
A Docker image is a private file system just for your container. It provides all the files and code your container needs.

cd getting-started
docker build -t docker101tutorial .

Run your first container
Start a container based on the image you built in the previous step. Running a container launches your application with private resources, securely isolated from the rest of your machine.

docker run -d -p 80:80 –name docker-tutorial docker101tutorial

Now save and share your image
You must be signed in to Docker Hub to share your image.
https://hub.docker.com/

 

The next step will be to access this link – https://developer.cisco.com/learning/tracks

using your cisco account. If you dont have one already, create a free Cisco account.

Top 10 Web Application Security Risks

Top 10 Web Application Security Risks tiptechnologies_6agik4

Top 10 Web Application Security Risks

  1. Injection
  2. Broken Authentication
  3. Sensitive Data Exposure

Network and Data Science BootCamp July-Sep 2020

Network and Data Science BootCamp July-Sep 2020 tiptechnologies_6agik4

Would you like to learn about Network Automation, Data Science, use Data for prediction, detection and much more…

Join us in our BootCamp in July.

 

Cyber Security and AI Training – Free Webinar

Cyber Security and AI Training – Free Webinar tiptechnologies_6agik4

The Benefits of Cyber Security and AI

The Benefits of Cyber Security and AI tiptechnologies_6agik4

Do you want to learn about the endless opportunities in Cyber Security and AI?  Do you want to learn the concepts of cryptography and how it works within a small, medium or large organization? Do you want a free global certificate to start off a career in Cyber security? Then follow the link, and register…

https://tiptechnologies.co.uk/the-benefits-of-cyber-security-and-ai/

IAM – 16/05/2019

IAM – 16/05/2019 tiptechnologies_6agik4

With Cloud IAM you can grant granular access to specific GCP resources and prevent unwanted access to other resources. Cloud IAM lets you adopt the security principle of least privilege, so you grant only the necessary access to your resources.

Step-by-step guide through the ISO 27001 / ISO 22301 Certification Audit – 17/05/2019

Step-by-step guide through the ISO 27001 / ISO 22301 Certification Audit – 17/05/2019 150 150 tiptechnologies_6agik4

Audits are a key component of becoming ISO 27001 / ISO 22301 certified, and your initial certification is a crucial step in detecting whether all the main elements of the management system are in place.

However, for many information security or business continuity managers and consultants, this process raises many questions.

For more info… contact osazee@tiptechnologies.co.uk

Concepts related to identity – 19/05/2019

Concepts related to identity – 19/05/2019 150 150 tiptechnologies_6agik4

In Cloud IAM, you grant access to members. Members can be one of the following types:

    Google account

    Service account

    Google group

    G Suite domain

    Cloud Identity domain

Download the doc here – https://cloud.google.com/iam/docs/overview

For more info… contact osazee@tiptechnologies.co.uk

Web application Vulnerability – 20/05/2019

Web application Vulnerability – 20/05/2019 150 150 tiptechnologies_6agik4

Web application Vulnerability is major puzzle in the security posture of an organization. The codes that run the application is the major focus of security.

Even though an organization is technically/logically well protected against OWASP_Top_10 vulnerabilities, there will be security gaps that only the organization’s security culture can fill.

Open Web Application Security Project (OWASP) Top Ten 2017 Project:[dt_sc_animation effect=”wobble” delay=”1″] Add Content to Animate [/dt_sc_animation]

     Top 10

            A1:2017-Injection

            A2:2017-Broken Authentication

            A3:2017-Sensitive Data Exposure

            A4:2017-XML External Entities (XXE)

            A5:2017-Broken Access Control

            A6:2017-Security Misconfiguration

            A7:2017-Cross-Site Scripting (XSS)

            A8:2017-Insecure Deserialization

            A9:2017-Using Components with Known Vulnerabilities

            A10:2017-Insufficient Logging&Monitoring

https://www.owasp.org/index.php/Category:OWASP_Top_Ten_2017_Project

Do you need help with your security posture? Contact us on osazee@tiptechnologies.co.uk.