Author Archives: Geneva Sibanda

About Geneva Sibanda

I assist companies in the Areas of Network Infrastructure Design and Implementation: (from Windows Active Directory Security, networking, etc.).

How to Configure the Cisco Switch to Run SSH

For SSH to work, your Cisco switch needs an RSA public/private key pair. The VTY relies on SSH for its secure transport.

Follow these steps to set up your Cisco Switch to run SSH:

Switch#conf t
Enter configuration commands, one per line. End with CNTL/Z.
Switch(config)#hostname HO1
HO1(config)#ip domain-name
HO1(config)#crypto key generate rsa
% You already have RSA keys defined named
% Do you really want to replace them? [yes/no]:
HO1(config)#ip ssh version 2
HO1(config)#line vty 0 4
HO1(config-line)#transport input ssh
HO1#copy running-config startup-config
Destination filename [startup-config]?
Building configuration…


I am not responsible for any damage to your Cisco Catalyst Switch. If you point the finger at me for messing up your Cisco Catalyst Switch, I will definitely laugh at you.

How to Restrict VTY – SSH access to a specific IP

Controlling Access to a VTY via SSH to a specific IP helps improve security to your Cisco Switches or Routers.

You can control who can access the virtual terminal lines (vtys) to a router or Cisco Switch by applying an access list to inbound vtys.

Switch(config)#access-list 1 remark “Restrict SSH Access”
Switch(config)#access-list 1 permit host log
Switch(config)# line vty 0 4
Switch(config-line)#access-class 1 in
Switch#copy running-config startup-config
Destination filename [startup-config]?
Building configuration…

Perform the above steps when you want to control access to a vty coming into the Cisco router or Cisco Switch by using an access list.


I am not responsible for any damage to your Cisco Catalyst Switch. If you point the finger at me for messing up your Cisco Catalyst Switch, I will definitely laugh at you.

How to configure banner MOTD on Cisco switch

In this article I show you how to configure banner MOTD on Cisco switch.

To configure the message-of-the-day (MOTD) banner that displays when the user logs in to a Cisco 2900 Series switch, use the banner motd command.

Switch#conf t
Enter configuration commands, one per line. End with CNTL/Z.
Switch(config)#banner motd !
Enter TEXT message. End with the character ‘!’.


You must have explicit, authorized permission to access or configure this device. Unauthorized attempts and actions to access or use this system may result in civil and/or criminal penalties. All activities performed on this device are logged and monitored.


The above example shows how to configure a multiple-line MOTD banner.


I am not responsible for any damage to your Cisco Catalyst Switch. If you point the finger at me for messing up your Cisco Catalyst Switch, I will definitely laugh at you.

How to Initially Configure a Cisco Switch Tutorial

Configuring the Switch for the First Time.

This guide describes how to initially configure a Catalyst 2900 series switch.

To configure your switch you need a Cisco Console Cable, coupled with USB to 1 Serial (9 Pin) Port. This is totally dependent to the model of your Laptop.

Step 1: Connect to your Cisco Switch via Cisco Console Cable and the Console Interface.

Step 2: Configuration Your Switch Line and Console Ports.

You need to press ENTER and see the user EXEC prompt (Switch>)

Type enable to enter enable mode:
Switch> enable
The prompt changes to the enable prompt (#):
Switch# enable

Step 3: At the enable prompt (#), enter the configure terminal command to enter global configuration mode:
Switch# configure terminal
Enter configuration commands, one per line. End with CNTL/Z.

Step 4: At the global configuration mode prompt, enter the line console 0 to configure your switch Line and console Ports.

Switch(config)#line console 0
Switch(config-line)# exec-timeout 30 0
Switch(config-line)# password yourpasswordhere
Switch(config-line)#logging synchronous
Switch(config-line)#login local

Step 5: At the global configuration mode prompt, enter the line vty 0 4 to configure your switch Line.

Switch#conf t
Enter configuration commands, one per line. End with CNTL/Z.
Switch(config)#line vty 0 4
Switch(config-line)# exec-timeout 30 0
Switch(config-line)# password yourpasswordhere
Switch(config-line)# login local
Switch(config-line)# transport input ssh
Switch(config)#enable secret yourpasswordhere
Switch(config)#service password-encryption

Step 6: At the global configuration mode prompt, the VLAN interfaces must be configured with an IP address.

Switch#conf t
Enter configuration commands, one per line. End with CNTL/Z.
Switch(config)#interface vlan 1
Switch(config-if)#ip address
Switch(config-if)#no shutdown
Switch(config)#ip default-gateway
Switch(config)#username sibanda password 7 yourpasswordhere
Switch#copy running-config startup-config

This example shows how to use the show running-config command to confirm the configuration of the
static route:
Switch# show running-config
Building configuration…

To be continued…


I am not responsible for any damage to your Cisco Catalyst Switch. If you point the finger at me for messing up your Cisco Catalyst Switch, I will definitely laugh at you.

NQF Levels

National Qualifications Framework NQF Levels

All qualifications are graded on the NQF (National Qualifications Framework), so you’ve probably seen mention of the NQF before.

The objectives of the NQF are to:

    • Create an integrated national framework for learning achievements
    • Facilitate access to, and mobility and progression within education, training and career paths
    • Enhance the quality of education and training
    • Accelerate the redress of past unfair discrimination in education, training and employment opportunities
    • Contribute to the full personal development to each learner and the social and economic development of the nation at large

SAQA is responsible for running the National Qualifications Framework, or NQF. The NQF originally consisted of eight levels but was later increased to ten levels. The NQF levels run from Adult Basic Education and Training all the way up to doctoral degrees.

NQF Level Qualification Type
10 Post-doctoral research degrees


9 Masters degree
8 Professional qualifications
Honours degrees
7 Diplomas

National 1st Degrees

6 Higher Certificates
5 National certificates and
Occupational Awards
4 Grade 12
3 Grade 11
2 Grade 10
1 Grade 9
Abet level 4
GET certificate


How to change the Hostname on a CentOS 7 server via the command line (SSH)

By default, your server is started with the server’s given name as the hostname. Some software, requires a valid Fully Qualified Domain Name (FQDN) for the hostname to be used during their DNS resolution. This article describes how to change a server hostname in CentOS.

Step 1 – Login to your server as a user with root privilege.

[root@en-030 ~]#

Step 2 – Check current hostname:

[root@en-030 ~]# hostname -f

Step 3 – Now here’s the magic command to change default CentOS 7 hostname without having to reboot your server: by running the command line below:

[root@en-030 ~]# hostnamectl set-hostname --static

Step 4 – You may also want to find out status of your server and its hostname using hostnamectl command:

[root@en-030 ~]# hostnamectl status

Your output should look something like this:

[root@en-030 ~]# hostnamectl status
   Static hostname:
         Icon name: computer-server
           Chassis: server
        Machine ID: da8c65185c6b43ee9312d647d153b8fc
           Boot ID: c50ca6a8ecb742079a7a0ef358a2c27e
  Operating System: CentOS Linux 7 (Core)
       CPE OS Name: cpe:/o:centos:centos:7
            Kernel: Linux 3.10.0-693.2.2.el7.x86_64
      Architecture: x86-64

It recommended that static name match the fully-qualified domain name (FQDN) used for the machine in DNS.


Congratulations! you have successfully configured hostname on CentOS 7 server via command line. You can now easily resolve fully qualified domain name (fqdn) server. Try it out today! Feel free to comment me if you have any questions.

Installing PowerDNS (With MySQL Backend) on Debian

PowerDNS is a DNS server, written in C++ and licensed under the GPL. It runs on most Unix derivatives. PowerDNS features a large number of different backends ranging from simple BIND style zonefiles to relational databases and load balancing/failover algorithms. A DNS recursor is provided as a separate program.

Installation of the PowerDNS Authoritative server on UNIX systems can be done in several ways:

Install updates:

# apt-get install --fix-broken && apt-get update -y && sudo apt-get upgrade -y && apt-get dist-upgrade -y && apt-get autoremove -y 

Installing MySQL

In order to install MySQL, we run

# apt-get install mysql-server mysql-client 

We want MySQL to listen on all interfaces (this is important for MySQL database replication!), not just localhost, therefore we edit /etc/mysql/my.cnf and comment out the line bind-address =
vi /etc/mysql/my.cnf

Then we restart MySQL:

# service mysql restart 

Now check that networking is enabled. Run

# netstat -tap | grep mysql 

The output should look like this:

root@NS01~# netstat -tap | grep mysql
tcp        0      0 localhost:mysql         *:*                     LISTEN      952/mysqld 

Installing PowerDNS

To install PowerDNS, we run

# apt-get install -y pdns-server pdns-backend-mysql 

You will be prompted to configure the MySQL backend. We will perform this process manually in a moment, so use the arrow keys to select , and press ENTER to finish the installation.

Now we connect to MySQL:

# mysql -u root -p 

Type in your MySQL root password, and you should be on the MySQL shell. On the MySQL shell, we create a database for PowerDNS:


 grant all privileges on powerdns.* to power_user@localhost identified by 'TypeYourPasswordHere';


Now we create the tables needed by PowerDNS...

use powerdns;

CREATE TABLE domains (
  id                    INT AUTO_INCREMENT,
  name                  VARCHAR(255) NOT NULL,
  master                VARCHAR(128) DEFAULT NULL,
  last_check            INT DEFAULT NULL,
  type                  VARCHAR(6) NOT NULL,
  notified_serial       INT DEFAULT NULL,
  account               VARCHAR(40) DEFAULT NULL,
) Engine=InnoDB;

CREATE UNIQUE INDEX name_index ON domains(name);

CREATE TABLE records (
  id                    INT AUTO_INCREMENT,
  domain_id             INT DEFAULT NULL,
  name                  VARCHAR(255) DEFAULT NULL,
  type                  VARCHAR(10) DEFAULT NULL,
  content               VARCHAR(64000) DEFAULT NULL,
  ttl                   INT DEFAULT NULL,
  prio                  INT DEFAULT NULL,
  change_date           INT DEFAULT NULL,
  disabled              TINYINT(1) DEFAULT 0,
  ordername             VARCHAR(255) BINARY DEFAULT NULL,
  auth                  TINYINT(1) DEFAULT 1,
) Engine=InnoDB;

CREATE INDEX nametype_index ON records(name,type);
CREATE INDEX domain_id ON records(domain_id);
CREATE INDEX recordorder ON records (domain_id, ordername);

CREATE TABLE supermasters (
  ip                    VARCHAR(64) NOT NULL,
  nameserver            VARCHAR(255) NOT NULL,
  account               VARCHAR(40) NOT NULL,
  PRIMARY KEY (ip, nameserver)
) Engine=InnoDB;

CREATE TABLE comments (
  id                    INT AUTO_INCREMENT,
  domain_id             INT NOT NULL,
  name                  VARCHAR(255) NOT NULL,
  type                  VARCHAR(10) NOT NULL,
  modified_at           INT NOT NULL,
  account               VARCHAR(40) NOT NULL,
  comment               VARCHAR(64000) NOT NULL,
) Engine=InnoDB;

CREATE INDEX comments_domain_id_idx ON comments (domain_id);
CREATE INDEX comments_name_type_idx ON comments (name, type);
CREATE INDEX comments_order_idx ON comments (domain_id, modified_at);

CREATE TABLE domainmetadata (
  id                    INT AUTO_INCREMENT,
  domain_id             INT NOT NULL,
  kind                  VARCHAR(32),
  content               TEXT,
) Engine=InnoDB;

CREATE INDEX domainmetadata_idx ON domainmetadata (domain_id, kind);

CREATE TABLE cryptokeys (
  id                    INT AUTO_INCREMENT,
  domain_id             INT NOT NULL,
  flags                 INT NOT NULL,
  active                BOOL,
  content               TEXT,
) Engine=InnoDB;

CREATE INDEX domainidindex ON cryptokeys(domain_id);

CREATE TABLE tsigkeys (
  id                    INT AUTO_INCREMENT,
  name                  VARCHAR(255),
  algorithm             VARCHAR(50),
  secret                VARCHAR(255),
) Engine=InnoDB;

CREATE UNIQUE INDEX namealgoindex ON tsigkeys(name, algorithm);

When using the InnoDB storage engine, we suggest adding the following lines to the 'create table records' command above:

CONSTRAINT `records_ibfk_1` FOREIGN KEY (`domain_id`) REFERENCES `domains`

Or, if you have already created the tables, execute:

ALTER TABLE `records` ADD CONSTRAINT `records_ibfk_1` FOREIGN KEY (`domain_id`)

Configure PowerDNS

We have to configure PowerDNS to use our new database.

First, remove the existing configuration files:

# rm /etc/powerdns/pdns.d/*

Now we can create the MYSQL configuration file:

# vi /etc/powerdns/pdns.d/pdns.local.gmysql.conf 

Enter the following data into the file. Remember to add your own database settings for gmysql-dbname, gmysql-user, and especially gmysql-password.

# MySQL Configuration file



Restart PowerDNS to apply changes:

# service pdns restart 

Check if PowerDNS is listening:

#netstat -tap | grep pdns

Check if PowerDNS responds correctly:

#dig @

You should see an output similar to:

root@NS01:~# dig @

; <<>> DiG 9.9.5-9+deb8u13-Debian <<>> @
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 18854
;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1
;; WARNING: recursion requested but not available

; EDNS: version: 0, flags:; udp: 1680
;.                              IN      NS

;; Query time: 1 msec
;; WHEN: Wed Sat 09 09:10:04 SAST 2017
;; MSG SIZE  rcvd: 28

NB: You won't encounter the following error if you follow this guide:

pdns[23281]: Backend reported permanent error which prevented lookup (GSQLBa.

The installation is not finished...I do not issue any guarantee that this will work for you! but worked for me.

comes with ABSOLUTELY NO WARRANTY, to the extent permitted by applicable law. This is free software, and you are welcome to redistribute.


SimpliVity Data Virtualization Platform Architecture

Simplify and scale your data center infrastructure through SimpliVity data virtualization platform using hyper-convergence.

SimpliVity is accelerating its technology leadership in hyper-converged infrastructure space, definitely a killer technology and a major disruptive solution in the evolution of converged infrastructure. With SimpliVity, the hyper-converged technologies is a really change the game.

Are you considering a move to public cloud?

For a lot of companies the cloud does make sense. From a cost perspective, design is a few configurations steps, installation less than an hour, the ease to use the SimpliVity hyperconverged solution reduce the management task essential to the VM level, operational costs are lower. You scale-out fast and non-disruptive.

To truly simplify IT in post-virtualization data centers, the “data problem” must be addressed.

SimpliVity’s Data Virtualization Platform delivered on hyperconverged infrastructure simplifies IT and operations, and uniquely enables data mobility and efficiency. SimpliVity reduces IOPS, capacity and bandwidth requirements, and provides native data protection, eliminating additional hardware and tools—resulting in a 300% TCO savings.

OmniStack with Cisco Unified Computing System

SimpliVity’s OmniStack is the industry’s first and only globally-federated and hyperconverged solution that supports Cisco Unified Computing Systems. Designed and optimized for the virtual environment, each OmniStack solution delivers server, storage, and networking services, as well as dramatic improvements to the management, protection, and performance of virtualized workloads—all at a fraction of the cost and extreme reduction in complexity compared to today’s traditional infrastructure technologies

To be continued…

Figthing Back Against: Ransomware

Understanding: Ransomware and how to protect against ransomware attacks.

Ransomware is a type of malware that holds your computer hostage.

Prevention is good, Protection is better, Back up is a must

Ransomware is a malicious software virus that infects a computer, network or data. During the infection, your computer will either be locked or your data encrypted, held hostage, and the only way you can regain access is by paying a “ransom”. Ransom is typically demanded in Bitcoin, a largely anonymous currency, which is often used in cyber black markets. Ransomware is classified as a “denial of access” attack, denying the victim access to the electronic device or data stored on the device until a ransom is paid.

Distributing ransomware is a criminal activity, and even though the technology it utilises is quite sophisticated, the prevalence of ransomware hinges on the exploitation of the human element – as do most criminal activities. Malware such as ransomware is not a new phenomenon, but it has become increasingly widespread and invasive in recent years.

Data backup is absolutely essential

Who is targeted by ransomware, Business and Larger Organisation are all exposed at the same risks as individual home users ransomware doesn’t discriminate.

There are four ways that ransomware could infect your computer:

1. Spam Emails

Firstly spam emails can be used to mislead unsuspecting users into opening infected email or email attachment, and it will activate upon installation.

2. Infected removable drives

Secondly it spreads by infected removable drives, the ransomware is created to install automatically when the drive is plugged in and can spread through a network to other machines.

3. Trojan Horse

Thirdly, is using a Trojan horse. The malware attaches to a legitimate application often downloaded from a questionable.

4. Compromised Webpages

Lastly, compromised webpages, some websites can be infected by ransomware by simple browsing to them without clicking to anything can exposed your computer, if attacked immediately disconnect your computer from the network or internet, format all infected drives and recover your data from clean resent backup.

How to protect your PC from ransomware attacks

Remember, Prevention is good, Protection is better, Back up is a must!

It’s always beneficial to plan for the worst case scenario. We can assist you with tested and practical online backup solution – Starting From R100 p/m. You can protect data Up to (4GB).

COS2626: Assignment 02: Semester 2

COS2626: Assignment 02: Semester 2: October 2015

Question 1

The following questions are based on wireless networking.

1.1 Define the term wireless spectrum.

The wireless spectrum is a continuum of the electromagnetic waves used for data and voice communication.

1.2 Describe the CHARACTERISTICS wireless transmissions have in common with wired transmissions.

Use of the same layer 3 and higher protocols.
Just as with wired signals, wireless signals originate from electrical current traveling along a conductor.

1.3 Describe the DIFFERENCE between wireless and wired transmissions.

The nature of the atmosphere makes wireless transmissions vastly different from wired transmission. Because the air provides no fixed path for signals to follow, signals travel without guidance. This is in contrast to guided media that do provide a fixed signal path.

1.4 Explain why wireless networks are not laid out using the same topologies as wired networks.

Because they are not bound by cabling paths between nodes and connectivity devices, wireless networks, are not laid out the same topologies as wired networks.

1.5 Which WLAN (Wireless Local Area Network) architecture is depicted in the following diagram?

An ad hoc WLAN. In an ad hoc WLAN, wireless nodes or stations, transmit directly to each other via wireless NICS without an intervening connectivity device.

1.6 Explain the ADVANTAGE of having WLANs support the same protocols (for example, TCP/IP) and operating systems (for example, UNIX, Linux, or Windows) as wired LANs.

This compatibility ensures that wireless and wired transimission methods can be integrated on the same network.

1.7 Describe the use of CSMA/CA (Carrier Sense Multiple Access with Collision Avoidance) to access a shared medium.

Note the significance of using ACK packets to verify every transmission.

802.11 standards specify the use of CSMA/CA (Carrier Sense Multiple Access with Collision Avoidance) to access a shared medium.

Using CSMA/CA, before a station begins to send data on an 802.11 network, it checks for existing wireless transmission. If the source node detects no transmission activity an the network, it waits a brief, random amount of time, and then sends its transmission. If the source does detect activity, it waits a brief period of time before checking the channel again. The destination node receives the transmission and, after verifying its accuracy, issues an acknowledgment (ACK) packet to the source. If the source receives this acknowledgment, it assumes the transmission was properly completed. However, interference or other transmissions on the network could impede this exchange. If, after transmitting a message, the source node fails to receive acknowledgment from the destination node, it assumes its transmission did not arrive properly, and it begins the CSMA/CA process anew.

Question 2

Match each statement with the correct term below. Write only the number of statement and the corresponding term, e.g. 2.1-a

2.1 Displays TCP (Transmission Control Protocol) /IP (Internet Protocol) statistics and details about TCP/IP components and connections on a host.
2.2 This command provides not only the host’s IP address, but also the primary DNS server name and address that holds the record for this name.
2.3 Useful only on networks that run Windows-based operating systems and NetBIOS.
2.4 Both in its simplest form and when used with one or more of its simplest switches, this utility can provide more detailed information than nslookup.
2.5 The TCP/IP administration utility for use with Windows operating systems.
2.6 Allows you to view a host’s routing table.
2.7 Used if an administrator already know a host’s name and wants to learn its IP address.
2.8 The TCP/IP configuration and management utility used on UNIX and Linux systems.
2.9 Uses ICMP (Internet Control Message protocol) ECHO requests to trace the path from one networked node to another, identifying all intermediate hops between the two nodes.


a. ipconfig utility
b. ifconfig utility
c. netstat utility
d. nbstat utility
e. host utility
f. dig utility
g. nslookup utility
h. route utility
i traceroute utility


2.1 C
2.2 g or f
2.3 d
2.4 f or g
2.5 a
2.6 h
2.7 e
2.8 b
2.9 i

Question 3

Study the following diagram depicting the elements of virtualization. Identify components ‘A’, ‘B’ and ‘C’ respectively.

A: Hypervisor
B: Virtual machines (Geusts)
C: Physical computer (host)

Question 4

Study the following diagram depicting a VPN (Virtual Private Network) connection and answer the questions that follow.

4.1 Define a VPN.

VPNs are wide area networks that are logically defined over public transmission systems.

4.2 What are TWO important considerations when designing a VPN?

Interoperability and security.

4.3 What does the letter ‘A’ in the diagram represent?


Question 5

Name and discuss FIVE factors that cloud computing is distinguished by.

1. Self-service and on demand – Services, applications and storage in a cloud are available to users at anytime, upon the users request.
2. Elastic – The term elastic in cloud computing means that services and storage capacity can be quickly and dynamically – sometimes even automatically – scaled up or down.
3. Support for multiple platforms – Clients of all types, including smartphones, laptops. desktops, thin clients and tablet computers can access services, application and storage in a cloud, no matter what operating system they run or where they are located, as long as they have a network connection.
4. Resources pooling and consolidation – In the cloud, as on host computers that contain multiple virtual machines, resources such as disk space, applications and services are consolidated. That means one cloud computing provider can host hundreds of web sites for hundreds of different customers on just a few servers.
5. Metered services – Whether the cloud provides applications, desktops, storage, or a service, its use is measured. A service provider may limit or charge by the amount of bandwidth, processing power, storage space, or client connections available to customers.

Question 6

The following questions are based on security policies.

6.1 Define a security policy.

A security policy identifies your security goals, risks, levels of authority, designated security coordinator and team members, responsibilities for each team member and responsibilities for each employee.

6.2 Name THREE typical goals for security policies.

Ensure that authorised users have appropriate access to the resources they need.
Prevent unauthorised users from gaining access to the network, systems, programs, or data.
Prevent accidental damage to hardware or software.

6.3 Name FOUR possible subheadings for the policy outline.

Password policy, software installation policy, network access policy, e-mail use policy etc.

6.4 A security policy should define what confidential means to the organization. Define term confidential.

In general, information is confidential if it could be used by other parties to impair an organization’s functioning, decrease customer’s confidence, cause a financial loss, damage an organization’s status or give a significant advantage to a competitor.

Question 7

7.1 Define the term backup

A backup is a copy of data or program files created for archiving or safekeeping.

7.2 Define the term optical media and provide examples.

Optical media is a type of media capable of storing digitised data and that uses a laser to write data to it and read date from it. Examples of optical media include all type of CDs, DVDs amd Blu-Ray discs.

7.3 Name THREE DISADVANTAGES of optical media.

1. Because of their modest storage capacity, recordable DVDs and BLu-ray discs may be an adequate solution for home or small office network, but they are not sufficient for enterprise networks.
2. Another disadvantage to using optical media for backups is that writing data to them takes longer than saving data to some other types media, such as tapes or disk drives, or to another location on the network.
3. In addition, using optical media requires more human intervention than other backup methods.

7.4 Describe how tape backup might be implemented on both small and large networks.

On a relatively small network, stand-alone tape drives might be attached to each server. On a large network, one large, centralized tape backup device might manage all of the subsystems’ backups.

7.5 Describe how to perform network backups if an organization does not have a WAN or a high-end storage solution.

If your organization does not have a WAN or a high-end storage solution, you might consider online backups. An online backup, or cloud backup, saves data across the internet to another company’s storage array. Usually, online backup requires you to install their client software. You also need a (preferably high-speed) connection to the internet.

7.6 Describe the Grandfather-Father-Son backup rotation scheme.

When planning your backup strategy, you can choose from several standard backup rotation schemes. The most popular of these schemes, called Grandfather-Father-Son uses daily (son), weekly (father) and monthly (grandfather) backup sets. Three types of backups are performed each month: daily incremental (every Monday through Thursday), weekly full (every Friday) and monthly full (last day of the month).