unicast reverse-path interface command
The unicast reverse-path interface command, verifies source address and source interface of all input traffic on an interface is in the routing table.
News
IPS signature creation
6000 BitTorrent File download signature was created by an IPS admin using creation tool
CS-MARS NetFLow
Zero-day attacks are types of attacks can be monitored and mitigated by CS-MARS using NetFlow data
Netflow zero-day scanning
Netflow be used to help identify a zero-day scanning worm because Netflow will show statistics can show a huge increase in traffic on a specific day
IOS command
Supporting load balancing configurations in which traffic can arrive via multiple interfaces, is the main reason for using the “ip ips deny-action interface” IOS command
PIX version 7.0 new features
Rate-Limiting Support for multiple virtual firewall Transparent firewall
The Common Criteria (CC)
The Common Criteria (CC) standard defines the international standard for evaluating trust in information systems and products
TACACS+
the aaa authentication login default group TACACS+ logal global configuration command: This login authentication method list is automatically applied to all lines except those that have a name method list
ISO 270001
In ISO 27001 ISMS certification audit/ post audit/ pre-audit are the main certification process phases required to collect information for ISO 270001
IPS 5.x signature fires
Deny Packet Inline – Product Alert describes the actions that can be taken when an IPS 5.x signaures fire
Catalyst Security features
ARP cache poisoing can be best prevented by using these catalyst security features: Dynamic ARP inspection (DAI) DHCP Snooping
Steps to enable SSH on an IOS router
Steps to enable SSH on an IOS router: Configure a hostname and a domain name Generate an SSH key pair
HTTP issues
HTTP can provide server identification. HTTP is often used to tunnel communication for insecureclients such as P2P
Block & Stream ciphers
Block & Stream ciphers are two main types of ciphers
SSL Record Protocol
SSL Record Protocol, is the SSL protocol that takes an application message to be transmitted, fragments the data into managable blocks, optionally compresses the data, applies a MAC, encrypts, adds a
NAC Framework solution
Acisco switch in a nac framework solution, statically authorization and maping devices to an access policy is the resulting action of issuing the device authorize command have in the (config-identify-prof)#
ASA and FTP
If the FTP client is configured for active FTP, the ASA partial configuration will enable the remote user to “get” and “put” FTP files
BHO (browser Helper Objects)
A BHO installation can be stopped using CSA rules. It is the best way to mitigate Browser Helper Objects (BHO) from being installed on your system
RFC 2827
RFC 2827 implements best practicies for IP Source Address Spoofing and Defeating Denail of Service Attacks with IP Source Address Spoofing.
CS-MARS/NetFLow
With NetFlow configured and several IPS, switches, routers and firewall devices imported into its database, CS-MARS will provide the following security features: Event correlation to help identify attacks/ identification of