Tuesday, December 21, 2010

How I Used Vitamin E Capsule On My Face

Securing THE CAMPUS INFRASTRUCTURE


Understanding and securing against mac layer attacks



What is
-will slow down the network -an attacker can not capture traffic Normally seen on That port

Mitigiation for mac flooding You can use port security in order to limited the number of mac address in to allow switch port.
In Addition, if a switch port is not interested in traffic is flooded to enoghu Use the following command:

switchport block unicast conditions:
- the attaccker must be connected to an access port of a switch
- the same switch must have at least one port in 802.1q trunk
-l 'attacker must belong to the Nativity set vlan on the trunk link As shown in Figure above, as soon as the Catalyst A receives the packet with two tags, as the first tag refers to the native vlan 10, interprets it as control information to be transmitted on the trunk link without any tag (for the definition of native VLAN traffic is untagged) for this reason, the first tag is removed. At this point the Catalyst B receives a packet with Vlan20 tag and then transmits it into the VLAN20. The attacker is then able to "inject" the info all'interno di una vlan in cui lui non appartiene.

VLAN hopping is a type of attack that allow to a malicious user to attack an user in a vlan.
By default all switches create a trunk port. An attacker can send a DTP frame in order to form a trunk with a switch, in this way the attacker is able to sniff all trunk traffic and so all vlan traffic allowed on the trunk.



An attacker can send malicious dtp frame also using an unauthorized cisco switch, in order to form a trunk link with an authorized switch and sniff all vlan traffic allowed on the trunk link. Usually, switches have port configured with auto negotiation turned on, so an attacker can send a DTP negotiation frame to form the trunk.
with double tagging VLAN hopping

In this case an attacker to forward frames through inaccesible vlan That Would Be Legitimate means, using double tagging.



Mitigating VLAN hopping

E 'enough to use as the native vlan vlan id id a "strange" and then make the pruning of the native vlan in the trunk.

Switch (config) # vlan 800
Switch (config-vlan) # name bogus_native Switch (config-vlan) # exit Switch (config) # interface GigabitEthernet 1 / 1 Switch (config-if) # switchport trunk encapsulation
dot1q Switch (config-if) # switchport trunk native vlan 800
Switch (config-if) # switchport trunk allowed vlan remove 800th
Switch (config-if) # switchport mode trunk

Although pruning is done on the native vlan on the link control info such as CDP, PAgP, DTP untagged traffic that is normally continue to be sent the link.
addition, the doors do not do not use should be disabled or be placed in a VLAN that is not "rotated" (that which is not allowed to intervlan routing).

DHCP Snooping

type of attack in which a device pretends to DHCP server and receives all DHCP request sent by the various host them, not just have to send the info out relished subnet, the gateway will send to the default-rouge that in this way and sniffer data ricevrà illegally. It solves this type of attack using the concept of trusted and untrusted port of a switch. On a trusted takes the DHCP reply will be accepted, while on a port no untrusted. The interface in this case, delete the package and into rcevuto errdisable mode. So the DHCP server are connected to ports on the trusted, so you know where you expect to receive DHCP reply.
Enable DHCP snooping with:
Switch (config) # ip dhcp snooping
By default, all ports are untrusted. The following instructions to make them trusted
Switch (config) # interface type mod / num
Switch (config-if) # ip dhcp snooping trust


Monday, December 20, 2010

Products For Broken Capillaries

Switched Port Analyzer

Following the scenario that will be used to show how to configure the SPAN.







Thursday, December 16, 2010

Can A Dog Take Mylanta



In order to keep trace of users activity and simplify security investigations, is possible to configure a centralized log system, through server, capable to record devices activity. Following basic step to gain that system.

1)Reference topology is:






2)SysLog will be usedn as server sys log, and you can find it at
syslog server
3)Ip address of the server is 192.168.255.24
SW1 (config) # logging host 192.168.255.24


5) State what level of log messages
SW1 (config) # logging trap 7

6) Test if everything is actually logged

SW1 # ping 192.168.255.24
Coming:









Spin Cycle Not Working On Maytag

Cisco syslog management through web

Link:


Profit

13 Months And Schedule

Radius / TACACS Server

http://www.freeccnaworkbook.com/labs/section-3-configuring-basic-cisco-device-security/lab-3-2-configuring -local-user-authentication-database /

Topics of this post is to create and use RADIUS and TACACS + server for AAA, user authentication and authorization. Local authentication method is used as backup if communication with the server fails.
AAA servers can be RADIUS or TACACS +
Example 1: local authentication database E 'possibbile enable authentication dot1x global or port-based authentication through the command:
control logic is to follow shortly:
1) I create a user that is stored locally on the database device Router (config) # tom username Cisco privilege 15 secret $ 123 2) Enable AAA authentication

Router (config) # aaa new-model enable
This single command enables AAA then, with the default application list to the VTY.
3) I create a list of authentication and indicates the authentication method, which can be for example "local" server based "Radius", "TACACS +"

Router (config) # aaa authentication login CONSOLE_AUTH local
4) implements the list of authentication to an access method, such as "line-console". "Vty"
Router (config) # line with 0 Router (config-line) # login authentication CONSOLE_AUTH


Example 2: authentication via TACACS + and local database in case the first fails

logic to follow:
-create a user, for example tom with password test and I owe it both locally and save on server TACACS +. At a time when access to an authentication check will be done first on the server and then locally. If you do not creassi this user on the local machine when iltentativo authentication to the server fails (eg because the server is down) then you might not ever utenticare.
Router (config) # tom username cisco privilege 15 secret


/ / TACACS + server Indivisuo Router (config) # tacacs-server host 1.1.1.1 key test


/ / Create the list of authentication and verification before on the server and then locally
Router (config) # aaa authentication login CONSOLE_AUTH group tacacs + local


/ / Apply the list to the access method: Router (config)
# line console 0 Router (config-line) # login authentication CONSOLE_AUTH



Wednesday, December 15, 2010

How To Replace The Shower Door Magnet

Links

http://www.theillien.com/Sys_Admin_v12/index.html


Cisco security book http://www .theillien.com/Sys_Admin_v12/index.html

PERL
http://www.techbooksforfree.com/perlpython.shtml GENERAL
http://ruzbookshelves.blogspot.com/2009/03/ebooks-pool.html

TCL http://www.invece.org/tclwise/more_on_procedures.html
IP journal: http://www.cisco.com/web/about/ac123/ac147/archived_issues/ipj_13-3/index. html

Tuesday, December 14, 2010

One Night In Paris Rick

GNS3 using the PC as a TFTP Server

Connect GNS3 to a PC interface prorpio
1) Create a loopback interface on your PC:
http://www.freeccnaworkbook.com/labs/section-1-getting-started-with-your -cisco-lab/lab-1-8-configuring-a-gns3-ethernet-nio-cloud / 2) We must disable the firewall on Windows 7

3) Install a TFTP server on your PC, for example SolarWinds 4) At this point it is possible for example to backup / restore configuration


Given the above topology, consider the following scenario:
-The TFTP server stores the file "test" that contains a configuration-


In this way I got to restore a previous configuration.


Friday, December 10, 2010

Toastmaster Recipe 1195

STP


Load Balancing using STP port priority

is a layer 2 protocol used to prevent layer 2 loops in collegamneto with multiple switches.
The election of the ports (designated, blocking, non-designated) takes into account several factors, including the priority of the ports. Playing with the priorities of the doors you get a load balancing of traffic between multiple VLANs. For example:





Obviously we have:





Or the traffic of the four VLANs properly balanced in the two trunk link.

There are two techniques you can use to get this: stp stp port priority and cost.
STP Port Priority

The scheme for the port fastethernet 0 / 1 S1:

PRIORITY
VLAN ---- ------- ----------- S1 4-2 16 3-5128 (default)
In this way, the door will be forwarding the traffic in vlan 4-2 and blocking traffic for VLANs 3-5.
S1 (config) # interface fastethernet 0 / 1 S1 (config-if) # vlan 2 spanning-tree port-priority 16
S1 (config-if) # spanning-tree vlan 4 port-priority 16


Check priorities:

S1 # show spanning-tree interface fastethernet 0 / 1 Vlan Role Sts

Cost Prio.Nbr
Type ---------------- ---- - - --------- -------- ------------------------------- -
VLAN0001 Desg FWD 19 128.1 P2p
VLAN0002 Desg FWD 19 1.16 P2p
VLAN0003 Desg FWD 19 128.1 P2p
VLAN0004 Desg FWD 19 1.16 P2p
VLAN0005 Desg FWD 19 128.1 P2p

The same is repeated for all trunk ports in order to respect the logical pattern above

S1 # show spanning-tree interface FastEthernet 0 / 2 Vlan Role Sts Cost
Prio.Nbr
Type ---------------- ---- --- --------- --- -------------------------------- -----
VLAN0001 Desg FWD 19 128.2 P2p
VLAN0002 Desg FWD 19 128.2 P2p
VLAN0003 Desg FWD 19 2.16 P2p VLAN0004 Desg FWD 19 128.2 P2p VLAN0005 Desg FWD 19 2.16 P2p



Version

Several levrsione are introduced to stp:
1) Common Spanning Tree (CST), referred to as 802.1D in which a single instance of STP runs for the entire network

2) PVST + In this case there is a instance of STP for each VLAN in the network

3) Rapid STP, 802.1w as shown in which there is only one instance of STP with a convergence time high.
4) MST, Multiple Spanning Tree in which more 'with the same VLAN traffic requirements can be arranged in individual instances of STP.

Definitions

STP Bridge ID: + bridge priority MAC address
Default priority: 32.768
Port ID: port priority + port number
Path Cost: cumulative cost to reach the root switch from a switch interface from which you want calcorae cost


Timer Hello-messages -> 2 sec-
're Listening -> 15 sec-Learning
state-> 15 sec-
Listening + Learning = 30 sec -> Forwarding
delay = 20 sec-Max_Age_Timer


Thursday, December 9, 2010

Malaria Internal Body Systems

Brief Review CCNA: Router on a stick



Intervlan Switch using GNS3
refernce: Following post
show GNS3 configuration in order to have: a router-
run as a router-switch
run as PC

Topology is:




My target is to show:
-How to run as a router switch Configure a router as switch Router 3640 and configures with a NM-16SW.
As soon as you need to connect the switch with a PC or a router, you have to use "manual configuration" in GNS3, otherwise it will no possible to configure switch interface in trunk/access mode.






Now interface Fastethernet 0/0 and 0/1 can be configure in trunk and access mode respectively:






Intervlan Switch using external-router:packet-tracer



Very simple configuration example of inter-vlan routing using an external router. Topology consist of one router 2621 and one switch 2950. There are two Vlan's indicated as Vlan 2, Vlan3 following ip address scheme: -VLAN 2 (native)10.0.0.0/24
-VLAN 3 10.0.1.0/24
Target is to allow communication between Vlan's using an external router as L3 routing devices.
Follow the configuration's for switch and router:

interface FastEthernet0/1
switchport trunk native vlan 2
switchport mode trunk
switchport nonegotiate ! interface FastEthernet0/2 switchport access vlan 2 switchport mode access interface FastEthernet0/3 switchport access vlan 3
switchport mode access




Router:


hostname Router
ip dhcp excluded-address 10.0.0.1 ip dhcp excluded-address 10.0.1.1
!
ip dhcp pool vlan2
network 10.0.0.0 255.255.255.0
default-router 10.0.0.1
ip dhcp pool Vlan3
network 10.0.1.0 255.255.255.0
default-router 10.0.1.1
interface FastEthernet0/0.2
encapsulation dot1Q 2 native
ip address 10.0.0.1 255.255.255.0
!
interface FastEthernet0/0.3
encapsulation dot1Q 3
ip address 10.0.1.1 255.255.255.0


In the router configuration's note the two different address pool to allow a router to be a DHCP server for hosts.





Friday, December 3, 2010

How Can Congratulate Birthday Originally

Cisco Switching Methods: Multilayer switching concepts

MultiLayerSwitch often used instead of router to route inter-valn for purely economic issues. Swicth a multi layer has a higher density of ethernet ports of a router, may even have cost a third less and is only concerned with routing / switching inter-VLAN.
L3 switches are equipped with a specialized hardware chips called ASICs (Application-Specific Integrated Circuits) whose job it is to perform routing between the Ethernet ports, at high speed.



difference between L3 and Routing swiching


The process of routing IP packet can eseere divided into two processes:




-> Control Plane
in charge instead of simply making the routing of packets

The difference Switch between Router and L3 data plane is implemented as is. Inside the Control Plane, there is a general purpose CPU, programmed by different vendors, with the routing algorithms. E 'waving bright then the control plane is responsible for creating the routing tables and update them as soon as there is a change of topology. The Control Plane indicates where then rotate the packages. So Control Plane working in the "software". Conversely
the Data Plane indicates

rotate as the packages, then a far more 'simple, practically consists in making the rewrite of the MAC to be forward. Swicthes The difference between Router and L3 is right in the data plane: -routers implement the data plane within the CPU dedicated to the Control Plane, and then works in a software- the switches implement the data plane hardware through mode the ASIC. The routing is increasingly veòloce hardware than the software.



In general, when a router receives a package and must forword performs the following operations: 1) To determine if the destination is reached 2) Determine the next-hop and output interface of the package
3) Make the rewrite of the MAC, or replace the source address and destination of the packet at Level 2 received, with its own MAC and the MAC of the next hop (for this purpose using an ARP request)
packages using a router forwarding to:

-Fast-Switching Process switchng (Interrupt Context Switching) -CEF (Interrupt Context Switching)

Process switching


E 'the traditional method used in the past, supported by all devices and all of the IOS, now used only for throubleshooting.
The router receives the packet, performs the analysis of the destination IP address, figure out where to send the packet, performs the MAC rewrite, recalculates the CRC and sends the package, all of this software.
It 's a method that consumes so much CPU is used only for this reason being throubleshooting.
Now, if you have Process Switching: The decision to
-forwarding and info used to make the rewrite of the MAC are taken and read or RIB table (Route Information Table) or ARP cache
-package and switch to sull'IOS a process running on the router and that does not stop when involved in another process running on the router then itself.



Interrupt Context Switching

is another switching methods used by Cisco routers. In this case, the MAC rewrite info is read from a cache and also the task of packet forwarding stops processes running at that time sull'ios.

cache is built according to the following methods:

-CEF-switching Fast
Fast switching (based on route caching)


the MLS that have aspects of both L2 L3, in principle used the philosophy "route one, swicth many. The fast
swicthing uses the concept of flow, which is a set of packages that belong to the same Protocol and that have the same source and same destination. The route processor receives the first packet, makes a routing decision and forwards. The switch engine look at the package forward and if he can "see" the packet that arrives or is sent from router to router, then intervenes and is used as a shortcut path for forward future packets in this stream. This is an example of route caching

.
Then the first packet and forward in the next software in hardware.
When the route processor receives a packet and decides to forward, a cache write this info table (hardware forwarding table, contained in 'ASIC) and all future packets on this flow are switch via hardaware.
The important concept is that until you get the package to the router, the router is unable to populate the cache hardware.
Topology-based switching


This method is based on CEF

route caching differs from the fact that in this case, the cache table (FIB and Adiajency Table) created in hardware are populated based on route table and arp table, without the need to populate them after forwarding the first received packet. Thus, unlike the route caching, all packages are Forward in hardware. To understand the advantage over the route caching is enough to think that in the latter If, for any stream created (VoIP phone, connection FTP, HTTP request etc,) is always the first packet forwarding to a software! And 'this can create slow compared to hardware forwarding.

The key concept is that the Control Plane and Data Plane are perfectly separated by ASIC, and then both are implemented in hardware.

FIB Table



TABLES USED IN SWITCHING

Can Prenatal Vitamins Cause Hard Stools

Acronyms

PFC (Policy Feature Card)

It 's a supervisor "daughter-card" which contains ASICs that deals with switching function (ASIC -> Jobs at the hardware level, high speed)

Thursday, December 2, 2010

Buck Stove Fan Problems

Network Monitoring: IPSLA, SNMP

for network management are the following operations to be performed on a network: configuring, monitoring, throubleshooting.


SNMP protocol is an example of management and is the most commonly used within an IP network. It consists essentially of three components: -A manager is the devices (PC or router) is used to display the result of monitoring. You can use several tools for displaying results, such as HP-Opem View
an agent is the device (access servers, routers, switches) to monitor
-A protocol used for communication between agent and server (SNMP)
Funzionamemto:
The agent "picks" of info that are then stored locally thanks to the MIB
The manager, when they want to require the info and info is being transmitted between agents and managers through the use of SNMP.
addition to this pool with some frequency by the manger, there is the possibility to activate a trap or information sent by the agent directly to the manager, for example when some event is triggered.

SNMP Community string is a password set on the agent, that allows the manager to access ("Access-Level") to the MIB according to different modaltà:

-Read-only-Read-write: the manager has full access to the MIB, but can not change the community string
-Read-write -all: The manager can do everything (read, write mib, change community string)
configuration steps:
1) the community string is set on the agent and the associated access-lievel " S ( config) # snmp-server community ro readmeCommunity
S (config) # snmp-server community rw writemeCommunity

2) Can I enable the agent to inform the manager of information, for example, if something happens:

S (config ) # snmp-server trap {enable through the MIB browser, the manager has the ability to query on the agent to view the information.
For example you can use the following MIBs: MIB

Tree.router_std MIBs.iso.org.dod.internet.mgmt.mib-2.system.sysDescr
(ref: http://www.webnms.com / cagent / help / technology_used / c_snmp_overview.html # mib)
to see, for example, the IOS version on router "Medway, ME."
In this particular case, the manager sends a request of Get to the agent, and is then able, through MIB Browser displays the value or the request sent.



Reference Cisco http://www.cisco.com/public/sw-center/netmgmt/cmtk/mibs.shtml



Example with GNS3

Here is a LAB that is used:
- the agent is a router 3640, which IOS is c3640-mz.124-16a-jk9o3s
- while the manager is installed MibBrowser on my local PC
- clearly there is full visibility between the router and my PC


Step 1: Choose the

Cisco MIB provides MIB according to the device that you want to do the management.
For example, in our case, I have a 3640 with a particular IOS. From the site http://tools.cisco.com/ITDIT/MIBS/MainServlet?ReleaseSel=3407&PlatformSel=81&fsSel=0 you can select the MIB associated with your device, the version IOS and feature set supported. Once you select the MIB of interest, I have saved locally and then loaded on mibbrowser





At this point you can query the agent using the Mib Browser.
The topology of reference is:



The interface of the router has the ip address 192.168.255.29, and then in the mib MibBrowser will call for pointing to this address.



IP SLA

Network Management Tool used for, or verify that the network is working properly for example.
With IP SLA is an agreement between the service provider and the company holding network, quality of service provided by the service provider and perceived by the user. The network administrator can monitor the network, and verify that the agreement is ripsettato ISP, or track to take proactive action on any problems of the network. IP SLA measures are: -jitter, latency, packet loss -RTT, Round Trip Time
IP SLA configuration implies the configuration of a source that monitors and another device configured as a responder who is "monitored".

The device that acts as IP SLA Source sends probe to which the responder must clearly respond. These probes are then used to calculate the measures deiderate (jitter, RTT, packet loss etc)

The responder can be qualiasi IP system, but if it is a Cisco device properly set as responders, the measure will be more accurate. Before starting the actual measurement of scmbio relished there is a source of info and IP SLA responder referred to as Control Protocol (UDP port 1967).
Configurations:
-Source:
Define the identifier ip-sla-
Define the operation and address of the target
-Define the frequency-
Define the measure when it starts -Define the possible reaction
Typically, the source collects the necessary info, stores it in the MIB which can then be read via SNMP. If
to monitor specific S3 S4 S3 and S4 should be monitored.
Solution Plan 1: S3 S4 monitors
Source-> Responder S3-> S4 Operation -> icmp echo, an operation used to measure the time interval between an echo from a source and a reply by any device into an IP address (in this case do not have to configure the responder)
S3 (config) # ip sla 1
S3 (config-ip-sla) # icmp-echo "ip address of any interface of the switch S4"
/ / It's like if I did a ping interface

Solution Plan 2: S3 S4 monitors Source-> Responder S4-> S3 S4

(config) # ip sla 1
S4 (config-ip-sla) # icmp-echo "ip address of any interface of the switch S3" IP SLA Operation
Before starting the monitoring, there is a kind of synchronization between source and responder, follow the steps listed below: 1) The source sends an IP SLAs control message indicating the operation that also want to use UDP port 1967. The control message contains the protocol, port, and the operation defined on the source router.
-MD5 is enabled even if the checksum is sent
-You can also enable authentication: if it fails the first destination responder sends a message authentication failaure
-If a response is not received by the responder, the source always tries to resend the message.
2) The responder sends a confirmation message when it receives the invitation and is set to listen on the specified port
3) If the answer is OK, the source starts to send probe packets
4) The responder responds