Using SPAN feature Switch port analyzer (SPAN) feature can be configured to allow a copy of traffic destined for another port to be sent out the SPAN port, thus allowing an attacted IDS sensor to capture a copy of traffic, as illustrated in figure below: Configuration example: monitor session 1 source interface gigabitethernet0/2 monitor session… [Read more…]
February 25, 2010
DHCP SNOOPING On a DHCP-enabled network, Attackers can connect their rouge DHCP server (or use hacking tools like gobbler) to perform further attack. When client broadcasts DHCP request, the DHCP response from spoofing DHCP server might assign the attacker’s IP address as client’s default gateway or DNS server. As a result, hacker can capture traffic… [Read more…]
February 24, 2010
Understanding Dot1x Port-based Authentication What is Dot1x Port-based Authentication IEEE 802.1x (802.1x) is a standards-based approach for providing port-based network access. 802.1x is a layer2 protocol that defines how Extensible Authentication Protocol (EAP) frames are encapsulated. 802.1x also defines hardware components, such as the figure below: Supplicant: PCs, laptops, other devices that support 802.1x standard.… [Read more…]
February 11, 2010
VLAN Hoping Attack VLAN Hopping Attack allows traffic from one Vlan to pass into another VLAN, without first being route. VLAN hopping can disable any security measures users may have in place on the device which maps routes between the VLAN’s. Hackers use VLAN hopping to capture sensitive information such as bank account details and… [Read more…]
February 4, 2010
CAM overflow attacks CAM – Content Addressable Memory Switch = Hub + CAM CAM table is built based-on Source Mac Address CAM table is not infinite in size CAM Overflow Attack ~ Mac flooding attack (tool as macof): Attacker floods a single port on the switch with a lot of frames that contain different source… [Read more…]
January 29, 2010
Configure Router to use external AAA Servers There are 3 main steps to remember: Task1: configure AAA network (make AAA client *routers here* and AAA servers *tacacs+ and/or radius* to communicate) Task2: setup users (on AAA server) Task3: Configure AAA and where to be applied —————————————————————— Examples configuration on Router: Aaa new-model Tacacs-server host 10.0.0.1… [Read more…]
January 29, 2010
Configure Authentication with Local Database AAA on a Cisco Router Keep in mind that there are 5 basic steps to configure Local Database AAA on a Cisco Router. Here is the 5 steps and examples commands: Task 1: Create local user Username Admin1 privilege 15 secret admin123 Task 2: Enable AAA on the router AAA… [Read more…]
January 29, 2010
Securing Administrative Access to Cisco Routers Some basic commands to secure administrative access to cisco Routers. * Set password enable Enable Secret or Enable Password * Console Terminal Line console 0 Login Password Enablepa55 Exec-timeout 2 30 Loggin synchronous * Virtual Terninal Line vty 0 4 Login Password VTYpa55 Exec-timeout 2 30 Loggin synchronous *… [Read more…]
February 25, 2010
0