Engineering Terms

Question 1

BE6K

Answer 1

Cisco Phone Server Business Edition 6000
Physical Server with Cisco logo on it that runs VMWARE with Linux servers typically CUCM CUC and CUPS

Question 2

CUCM

Answer 2

Cisco Unity Call Manger Server - Primary Phone Server where phones and teleconference equipment can register too for call routing
This is a virtual server appliance that can be accessed via the web, SSH or through VMware ESXi web interface.

Question 3

CIMC / iDRAC / iLO

Answer 3

Management interfaces for different vendors server hardware
CIMC - Cisco Integrated Management Controller (Web Interface)
iDRAC - Integrated Dell Remote Access Controller (Web Interface)
iLO - HP Integrated Lights Out (Web Interface)

This allows remote access to Servers when access to the Operating system is not possible or even when the server is in an off state.
Basic hardware health status can be obtained from the web interface as well as more advanced tools for RAID configurations in newer versions.

Question 4

NAS

Answer 4

Network Attached Storage

NuWave uses a product called Synology
Synology only allow access through an locally host web interface that runs off Linux.
Synology offers tools to locate NAS units on the local network.
Synology units come with a 2 year warranty and NuWave recommends you replace them every 2-5 years depending on the nature of its contents
All NAS units utilize RAID and most utilize RAID 6 which offers the ability for up to two drives to fail concurrently without cause any data loss.
Almost all Synology NAS units at NuWave use ISCSI to connect to windows servers to be used for a disk drive where local backups are being stored from Veeam.

Often in larger units (12 bays or more) Solid state drives are utilized in bay 1 and 2.

Question 5

SAN

Answer 5

Storage Area Network

NuWave user a product called HPE Nimble (HPE is HP Enterprise)

SAN are direct attached Storage for VMWare installations. The Storage is directly attached to VMWare and appears as local storage.

Additionally Nimble has SLA of 4 hours on hard drive failure including a tech to replace the bad unit.

Traditionally Nimble SAN’s are High Availability and run on all or some Solid State Drives

Question 6

SSH

Answer 6

Secure SHell Protocol
Used when connecting to various Servers and Networking equipment.

SSHv1 is deprecated
SSH uses ciphers to encrypt traffic over a network or over the internet.

SSH is typically used for connecting to a Cisco Catalyst Switch or a Cisco ASA as they can only be configured via SSH

Question 7

ASA

Answer 7

Cisco Adaptive Security Appliance
Traditional Cisco Firewall

Firewalls are also known as an Edge device as in the edge of the internal network.

The ASA performs NAT (Network address translation: External IP –> Internal IP and vice versa)

Question 8

ASA

Answer 8

Cisco Adaptive Security Appliance
Traditional Cisco Firewall

Firewalls are also known as an Edge device as in the edge of the internal network.

The ASA performs NAT (Network address translation: External IP –> Internal IP and vice versa)

Question 9

POE

Answer 9

Power Over Ethernet

Used to power devices over the existing ethernet network connection. Typically POE is a feature that is included with a network switch and is used to power phones, access points, or IP Cameras.

A POE Injector can be used in an environment where the switch does not put out POE power. The Injector is used inline with existing Ethernet and only requires a regular power cord.

There are many version of POE but most utilize POE Class 3 (15.4w) or Class 4 (30w)

It is important to note that some low end models and older cisco catalyst Switches can not power every port with POE as the Switch power supply cannot supply enough wattage for all ports concurrently.

Question 10

ISP

Answer 10

Internet Service Provider

Question 11

STP

Answer 11

Spanning Tree Protocol

Used for avoid redundant paths or loops on a network. Switch A is connected to Switch B via two separate connection. One of the two ports is Forwarding while the other is Blocking. If the Forwarding port becomes disabled the Blocking port should listen and learn to become the new forwarding path.

Became a standard the year Rob was born in 1985 but was not adopted fully until much much later.

CAUTION - be very careful when working on older equipment. This networking flaw was often contributed to early internet outages.

Question 12

Meraki MX

Answer 12

Meraki Firewall / Security Appliance / Edge Device (The original Cisco icon for a router was a circle with a X on it)
Capabilities include:
NAT
SDWAN or Site to Site VPN
Content Filtering
VLANs and Routing
DHCP and DNS
Client VPN or Meraki Anyconnect
Traffic Shaping
Threat Detection (IDS and AMP)
Inbound and outbound Traditional Firewall blocking as well as Layer 7 Firewall Filtering.

Important note. Meraki does not make a unit called a Router as the features of a traditional router are instead shared by the MX and a Lawyer 3 MS

Question 13

Meraki MS

Answer 13

Meraki Switch

Some variations
- Layer 2
- Layer 3
- Stacked Switch that can also be layer 2 or 3

Question 14

Meraki MR

Answer 14

Meraki Radio
Wireless Access point and Wireless bridges

Question 15

Meraki MV

Answer 15

Meraki Video

IP camera with built in storage (NO external video Server or storage required)

Question 16

Meraki SM

Answer 16

Meraki Systems Manager
Also known as Meraki MDM

Works really well with Apple products as it was originally designed. Works ok with windows devices like laptops.

This product was replaced in out product catalog by Microsoft Intune in 2020 although it still can be sold.

Question 17

MDM

Answer 17

Mobile Device Management
We use or manage these products for various clients and customers
Intune/ Meraki SM / Addigy / JAMF

Question 18

SEIM / SOC

Answer 18

SIEM: Security Incident Event Management and is different from SOC, as it is a system that collects and analyzes aggregated log data.

SOC: Security Operations Center and consists of people, processes and technology designed to deal with security events picked up from the SIEM log analysis

NuWave uses Artic Wolf this and is part of the NuWave 360 Advanced Security Plan.

Question 19

IDS

Answer 19

Intrusion Detection System

Often referred to as Intrusion Detection and or Prevention

IDS is part of Meraki Threat Detection

Meraki Threat Detection also utilizes AMP (Advanced Malware Protection)

Question 20

AMP

Answer 20

Advance Malware Protection

This tool inspects files download over the internet from the outside to the inside of the network based on threat intelligence from the AMP Cloud. The AMP Cloud is managed by Meraki.

Question 21

VLAN

Answer 21

Virtual Local Area Network

Segmented Network that operates on the same hardware and functions the same as a LAN. VLANs also often have different subnets and allow for additional security. VLAN access restrictions are done through Access Control lists on a firewall or router. NuWave has a recommended numbering schema for VLANs. See best practices in IT GLUE.

Breakout VLANs are used to take a single ISP handoff and split it out into multiple edge devices with different edge IP addresses

Question 22

Anti-Virus / Basic Endpoint Security

Answer 22

NuWave uses Bit Defender deployed through RMM. Bit defender is better than windows defender but not as good as EDR Endpoint Detection and Response

Question 23

EDR

Answer 23

Endpoint Detection and Response

NuWave uses Sentinel One and it requires an agent be installed on every protected PC.

Question 24

Endpoint Security & DNS Filtering

Answer 24

Cisco Umbrella (Formerly known as OPEN DNS)

Localized content filtering for web browsers and internet. This application allows for content filtering while users are not in the office on company owned devices.

OPEN DNS is now a free tool that Cisco offers to consumers. Simply point your device or firewall at 208.67.222.222 and 208.67.220.220.

Question 25

Email Encryption

Answer 25

NuWave uses ZIX to allow users to send emails securely. It can be sold be user or per organization.

Zix emails send the recipient an email saying they have received a secure email and to retrieve the email they must follow the link. The link is safe and once there they must create a zix account and verify their email via a email with a code before they can read the email and download any attachments from the zix portal.

Ih the recipient also has zix the email will be automatically decrypted and sent as normal email since the recipient is a known trusted recipient.

Question 26

Anti-spam / Email Filtering

Answer 26

NuWave uses AppRiver for their SPAM filter.

AppRiver MX Records are the preferred delivery point for emails. Once processed by AppRiver the emails are then forwarded to the exchange server or Office 365 hosted Exchange.

Typically id AppRiver is in use the Exchange server or Office 365 hosted Exchange Server block all incoming Addresses except those that AppRiver uses to send email out.

Question 27

Aironet WAP/WLC

Answer 27

Cisco Wireless Access Point and Wireless Lan Controller

Still in production but slowly being phased out by Meraki Wireless

Question 28

Microsoft Autopilot

Answer 28

Used to Deploy devices connected to Intune and Azure Active Directory.

Example: Employee gets shipped a new PC direct from manufacturer. They need only start it up connect to the internet (WiFi) and login once and wait 2-4 hours for it to self configure with apps and tools they need to do their job.

Not 100% functional but still very very useful in regards to time saving setting up a new PC.

Question 29

UPS

Answer 29

Uninterruptible Power Supply

Battery backup used for Servers, Networks, and ISP equipment. Also some companies will elect to use them for desktops to prevent data loss due to power outage.

NuWave Sells APC products but also still support Liebert product as they go end of life we are replacing them with APC.

NuWave also highly recommends APC models that include network monitoring and environmental sensors such as temp and humidity.

APC utilize software to then safely shut down servers before the battery runs out.

Typically an APC unit will notify the end user of powerless immediately and continue to run until only 10% power remains on the battery before initiating the shutdown process.

Question 30

Application Whitelisting and Control

Answer 30

Threat locker

Allows users to block any and all applications that are not on an approved list. This list is built over the coarse of a month of learning what programs a company uses.