Don’t let your network be hindered by vestiges of Proxy ARP

When encountering unusual network problems, a good culprit to check for is settings for any network topology or feature that you’re not currently using. One common is example is having Proxy ARP enabled when you don’t really need it. This setting may be a vestige from earlier times; for example, Proxy ARP was more common…

Details

An easy way to search long running-config results

When viewing a router’s or switch’s configuration with “show running-config,” sometimes the output may be so long that the information you’re seeking could be like a needle in a haystack. One easy trick to search through the configuration is to generate a log file. For example, if connecting through PuTTY, click on Session | Logging,…

Details

Provision bandwidth flexibly with Cisco WAN Automation Engine

Changing levels of networking service may typically require extensive hardware and configuration changes. However, software-defined networking (SDN) can make provisioning of bandwidth much more flexible. One of Cisco‘s offerings in this area is Cisco WAN Automation Engine. This allows custom-built software or third-party applications to automate or query network features through RESTful APIs. One potential…

Details

Beware Unified CDM’s backdoor vulnerability

In July, 2014, Cisco released a security advisory about Cisco Unified Communications Domain Manager (CDM). An SSH key intended to give Ciscosupport representatives access was hard-coded into the software. A hacker could reverse engineer the key from the software, thereby gaining root-level access to all installations worldwide. This vulnerability affects Cisco Unified CDM Application Software…

Details

A maintainable way to avoid rogue devices

It’s important to ensure that rogue devices aren’t connected to your switches and routers, but some ways of doing this are more maintainable than others. For instance, although you could ensure that only the correct devices are connected by using a MAC address access list, doing so may cause you headaches down the road when…

Details

Conduct online meetings without plugins or downloads

While many platforms for online meetings exist, including Cisco WebEx, GotoMeeting, Skype, and Google’s free Hangouts software, one of the frustrations many users experience is the requirement to install plugins or other software prior to the meeting. The beginnings of meetings can get delayed, or users may miss the first several minutes, because someone is…

Details

Guard against DoS with embryonic connection limits

One strategy for preventing denial-of-Service (DoS) attacks is to limit the number of embryonic connections. These are TCP connections where the handshake hasn’t been completed yet. DoS attacks may attempt to flood an interface with TCP SYN packets, initiating the handshake but not completing it. On ASA, you can limit the number of allowed embryonic…

Details

Free tools to scan devices on your network

Whether for security or inventory purposes, or if you’re getting acquainted with a new network, it’s important to find out what devices are on it. There are a number of software tools that can scan the network and let you know which devices are broadcasting. Two free ones are Wireshark (www.wireshark.org) and SoftPerfect Network Scanner…

Details

When anti-virus isn’t enough

While anti-virus software remains an important component of an overall defense strategy, the whole concept behind it is potentially problematic because any set of anti-virus definitions is always one step behind the latest threats. Various companies have explored ways to improve on the anti-virus concept to provide more real-time protection. One such company that’s highly…

Details

A free tool to assess your SSH risk

While the Heartbleed bug brought security around SSH into public consciousness, there are actually a number of other potential vulnerabilities that can occur if SSH isn’t implemented properly in your network. Some of these vulnerabilities may also affect compliance with security standards you might need to meet. To test for possible security problems with SSH…

Details