Skip to Content

Security

Free E-Learning...eh...E-Reading...eh...something

I guess the big news of this is that it's FREE...as it should be :). Cisco has started to develop some quick training describing how to enable features on the ASA/PIX firewall. Some of the topics are neat..."How to set up Packet Tracers" "How to set up SSL VPNs." The modules DO actually describe how to do these things if you can bear the pain of listening to a computer generated voice reading a script someone wrote. Sure isn't as good as the Cisco training available from Jeremy Cioara on CBTNuggets (ehem...shameless plug). It sounds like the voice that announces the names in my airport...Anyhow, the link to this training is here!

Configuring a Cisco Router to Accept VPN Connections

This blog has been a long-time-coming as someone asked me quite some time ago to post the simplest way to accomplish this (for a home environment). I hate to admit this, but my home PC (where I get all my email) was hacked since I allowed Microsoft's Remote Desktop Protocol (RDP) and VNC from anywhere on the Internet (very bad idea). That was the end of that - now VPN connections are required to get to my home PC. Well, the simplest way to configure a VPN on a router is to use the Cisco SDM...but Real Cisco Techs™ use the command line :). So here we go:
VPN.jpg

It's Even Better: Cisco's Output Interpreter

A Cisco tech support email I received last week mentioned the ol' Cisco Output Interpreter utility on their website. This utility analyzes the output of various show / debug commands to decrypt their meaning and point out configuration or hardware errors on your router. I remember trying out the Output Interpreter a few years back and not being very impressed, but thought I'd give it a shot today.
I ran a "show tech-support" command on one of my routers and pasted it into the Cisco Output Interpreter...WOW! Has this utility improved. Not only did it mention that I was getting many buffer drops, but also had multiple security improvement recommendations (which I'll be implementing later today). The best part about it was this:

What's New in CallManager 5.X?

This post has been a long time in coming, but after Cisco Networkers 2006, I thought I'd put together the high points of the changes that are appearing in Cisco CallManager 5.X versions. Bullets always work best for me!

  • Underlying Operating System – this is, by far, the biggest change to Cisco CallManager. Cisco has moved the software to an appliance model (I'm sure some industry pressure forced this). The CallManager runs on top of the RedHat Linux operating system; however, you will have no direct access to the operating system. What does this do?
    • Easier installations & upgrades
    • Increased security and reliability
    • You can only access the CallManager via Cisco approved tools & interfaces

Security Tools Galore

I'm working on recording a security video series right now and came across this link: http://www.insecure.org/tools.html. Can we say ROCK ON?!? This is a list of the top 75 security tools you can use to audit your network. This is guarentees at least two months of tinkering around with these widgets. My top 5 are:
#1 Ethereal (the ol' standby)
#2 Nessus (be your own auditing company)
#3 NMap (port scanning galore)
#4 Netcat (port redirection & general hacking widget)
#5 Snort (free IDS)

Cisco SAFE Documentation

I'm telling you, there's no better fireside reading than the Cisco SAFE documentation...I'm SERIOUS! I've never seen whitepapers that are written casually enough to keep your attention but technically enough to be useful. So here's my favorites:

Cisco SAFE: Wireless Network Security in Depth, Second Edition

Cisco SAFE: Guarding Against Layer 2 Attacks (I REALLY like this one - one of my favorites)

Cisco SAFE: VPN Best Practices

Not only a brief overview of the concepts, but lots of great configs in there too...

Syndicate content


by Dr. Radut