security policy
The company’s business objective should be the key driver for a company security policys creation implementation and enforcement
News
DHCP “starvation” attack
Exhausting the address space available on the DHCP servers so an attacker can inject their own DHCP server addresses for malicious reasons, describes the DHCP “starvation” attack
Cisco’s IOS authentication proxy
With Cisco’s IOS authentication proxy feature, users can initiate network access via three protocols: Http/https FTP Telnet
ASDM on the ASA platform
SDM on the ASA platform is executed as: A java applet running in the context of your browser or a stand alone application using the java run-time enviroment.
Cisco Security Agent system state conditions
When configuring system state conditions with the Cisco security Agent, the resulting action when configuring more than one system state condition is all specified state conditions are used as part
Continue reading…Cisco Security Agent system state conditions
PAT
PAT rewrites ports and source addresses
ASA (nat control)
The command “nat control” on the ASA, requires traffic originating from the inside interface to match a NAT transiation rule to pass through the firewall on the outside interface
Switch port Security Stick command
the function of the switch(config-if)# switch port port security mac address stick command allows the switch to dynamically learn the MAC addresses on the switchport and the MAC address will
switch port mode VLAN config
Client without an 802.1x supplicant connecting to port fa0/1 will be assigned to the vlan 10
IPSEC PORTS
The following ip protocols and ports are commonly used in Ipsec portocols TCP ports 50, 51 UDP ports 500 and 4500
Cisco Clean Access
Cisco Clean Access ensures that computers connecting to your network have appropriate security applications and patch levels.
CSA quarantine lists
Low and slow reconnaissance scans used to gain information about a system to see if it is vulnerable to an attack can be stopped with CSA quarantine lists
RFC 2827 ingress filtering
RFC 2827 ingress filtering is used to help prevent Source IP spoofing.
SCEP protocol – enrolling a router to a CA server
When enrolling a Cisco IOS router to a CA server using the SCEP protocol, the following is NOT a required step. Import the server certificate to the router using TFTP
DES & 3DES Key Lengths
Key Lengths: DES 56bits 3DES 168 bits.
Symmetric & Asymmetric ciphers
Symmetric ciphers are faster to compute Asymmetric ciphers use public and private keys
SYN cookies
No State is kept on the server machine and is embedded in the systems Initial Sequence Number (ISN)
IPS device in a single interface VLAN-pairing mode
When an IPS device in a single interface VLAN-pairing mode fires a signature from the normalizer engine and TCP based packets are dropped: There was no information in the IPS
Continue reading…IPS device in a single interface VLAN-pairing mode
IPS Signature Characteristics
Signature: scans packets looking for a match to known patterns- DB needs update Anomly: tends to report more false positive alarms- can detect zeroday exploits
CS-MARS working with IOS features
CS-MARS works with the NetFlow IOS feature to accomplish anomaly detection