Chain of evidence in forensics
In the chain of evidence in the context of security forensics, the concept that evidence is controlled and accounted for as to not disrupt its authenticity and integrity.
News
RFC 2827
RFC 2827, defeats DOS attacks which employ IP source Address Spoofing
TLS
PEAP provides authentication for the EAP exchange using TLS.
Radius
Sends and recieves posture information to and from the policy server using the RADIUS protocol is a function of a Cisco router acting as a network access device (NAD) in
ACL config
as-path access-list regular expression should be applied on 2@ to only allow updates originating fom AS65501 or autonomous systems directly attached to AS65501: ^65501_[0-9]*$
DES facts
DES uses 64bit keys, although the effective key length is only 56 bits The decryption operation for both DES and 3DES is the same as the encryption operation.
Deffie Hellamn key exchange
A DH key exchange is an algorith that utilizes asymetic cryptographic keys. The DH key exchange is used to establish a shared secret over an insecure medium during an IPSEC
AH transport mode packet structure
|orgin IP Header|AH|IP payload|
RFC 791
An attacker is attempting to Telnet a specific host secured behind a firewall rule tht only allows inbound connections on TCP port 25. The aspect of RFC 791 (internet Protocol)
FTP passive mode
Using FTP passive mode, after the client opens the command channel (port 21) to the ftp server and requests passive mode, the next step will be: The FTP server allocates
Spanning Tree Trouble shooting
During STP troubleshooting, you determined that the problem is caused by a user connecting a rogue switch to an access port, and that rogue switch becoming the root bridge. Enable
CSA network shield
CSA network shield, drops malformed IP packets.
Compare and contrast Qualitative and quantitative Risk
Quantitative Risk Analysis: requires complex calculations is easier to automate and evlauate uses verifiable and objective metrics. Qualitiative Risk Analysis involves high degree of guess work. Uses the opinions of
Continue reading…Compare and contrast Qualitative and quantitative Risk
Cisco Clean Access
Cisco Clean Acess ensures that computers connecting to you network have Appropriate Security application and patch levels.
IPS risk rating
The IPS risk Rating for an IPS sig is calulating using 4 components: Target Value Rating Alet severity rating Signature Fidelity Rating Attack relevancy Rating
Port#
NAT-T UDP port 4500 IKE UDP port 500 AH TCP port 51 ESP TCP port 50
TKIP added these Algorithms to the 802.11
TKIP added these algorithms/cryptograpic primatives to the 802.11 spec: Key mixing Anti-replay sequence counter Message integrity check
SSH
*configure the host nam of the router. configure the default IP domain that the router will use are 2 things you must do on the router before generating an ssh key with the “crypto key generate
TLS sessions
Server sends-Hello to Client Listing all of its supported cipher sites are not steps in setting up a TLS session.
active-active failover on the ASA
Active-active failover is available only for system running in multiple context code