My Netwok Dictionary

The configuration and management of a Cisco PIX have logic similar to that of the IOS on the router and the same commands tend, with new releases to look alike.

Especially with the release 6.x, were introduced to the IOS commands common but has been maintained compatibility with older equivalent.

As in any multiuser OS, there are regular and privileged users (enabled). It becomes the root of a Pix with:
Pix> enable
Pix# The prompt changes from> to #
From here you enter configuration mode:
configure terminal
You save the configuration in memory resident (NVRAM, FLASH…) with:
write memory
It displays the current configuration:
write terminal or show running-config
You can view the log messages (to be activated configuration may remain in a local buffer (occupying memory), or logged on syslog remote server) with:
show logging Read the rest of this entry »

With the Address Resolution Protocol (ARP) can determine IP hosts MAC address to an IP address. This mapping is stored in the ARP cache. An attacker can try using falsified ARP frames to manipulate these Zuordnugn. He may be either a man-the-middle attack in conduct or communication in the network interfere. This type of attack, known as ARP spoofing and ARP poisoning. Read the rest of this entry »

Security was one of the first features for securing network ports. Access to the network via this address controlled. The MAC can access port to specific MAC addresses or a number of addresses to be limited.

In violation of a defined traffic rules can be filtered (violation protect or restrict) or the interface will be disabled (shutdown violation). Read the rest of this entry »

Introduction

With Authentication Proxy, users can log into the network or access the Internet via HTTP.
User profiles are automatically obtained from a server TACACS +, which we assume is already configured. (Cisco Secure Access Control Server)
It is assumed that the server TACACS + is the same LAN client and that a user is configured CSACS Default Group, with username and password.

Configure AAA

To configure AAA, the steps are:

a. On the router in global configuration mode:
Router # configure terminal Read the rest of this entry »

Let’s see how to protect our home LAN by configuring a Cisco firewall, or PIX 501 (see image below).

First we set the name and the security level associated to the external and the internal interface we are using (after entering the configuration mode by typing commands and then ena conf t):

pixfirewall (config) # nameif ethernet0 outside security0
pixfirewall (config) # nameif inside Ethernet1 security100

As you can see, we call interface ethernet0 “outside” and to it we associate the level of security “security0. A similar concerns interface Ethernet1. Read the rest of this entry »

PIX Security Appliance RSSI. Cisco PIX security applications can enforce policies on users and applications. Cisco PIX can protect against many different networks and Internet-based attacks. Cisco PIX provides secure connectivity, using methods such as SSHv2 Secure Shell and two virtual private networks VPNs.

It’s pretty easy to install.

Cisco PIX can provide VoIP Voice over Internet protocol secure.
Internet Protocol Security IPSec can be installed for VPN. Read the rest of this entry »

The article is aimed to learn the existence of a command by which to verify the MD5 hash IOS added to our system.

MD5 hash

MD5 is an algorithm used to create a 128-bit hash function, the usefulness of this test is to perform an integrity check on the file, so that we can be sure that the file has been corrupted by errors during the transfer, or that has been specially modified with malicious code.

Hands-on
When we download IOS, we go for the MD5 hash calculation on the local, let’s say that the IOS is “soho97-k9oy1-mz.123-7.T3.bin” The resulting hash is “e1588a2bda3583feb9188933d265ba11. Read the rest of this entry »

To increase the security level of our router is of course possible to use passwords but also the so-called Privileged Levels.

Passwords
Regarding the password there are two types: Line Enable Password and Password. The Enable password is the password needed to switch state of Privileged Mode while the Line Password protect against unauthorized access as the console port, auxiliary port and telnet.

The Enable Password

We can set the Enable password in two ways: a safe and a no. But should address both:

Router # conf t
Enter configuration commands, one per line. End with CNTL / Z.
Router (config) # enable password test
Router (config) # Read the rest of this entry »

This lab is to implement security policies in the network by using access lists (ACLs).
Please note that these solutions are not the only applicable: as often happens in the world of computing and telecommunications, there may be several solutions to the same problem.

Using access list extended

RTD (config) # access-list 100 permit tcp 192.25.0.0 192.168.1.1 0.0.0.0 eq telnet 0.0.0.127
RTD (config) # access-list 100 deny tcp 192.25.0.0 0.0.0.255 eq telnet Any
RTD (config) # access-list 100 permit ip any any
RTD (config) # interface Ethernet0
RTD (config-if) # access-group 100 in ip

An agreement stipulates that the Cisco Extended Access List is applied as close as possible to the source of traffic to monitor. Read the rest of this entry »

Broadcast storms can easily disrupt entire networks. They spread a layer 2 broadcast domain on the inside out. This can flat networks the entire network to be in, or in modern networks, a VLAN. A broadcast storm can disturb Router (high CPU load) and thus lead beyond the boundaries of a VLAN to disturbances.

The typical pays for a broadcast tower is the little switch in the office or on the conference table. Is there a mistake loop (Loop patched), this switch to the traffic generator.

The red wire on the small 3Com switch creates a loop on the second Layer The switch floods by the central switches on the green cable with all the broadcasts, multicasts and unicasts an unknown recipient. Read the rest of this entry »